Ajar Protocol
Reference

Scope Registry v1

Normative source: docs/03-PROTOCOL-SPEC.md sections 5 and 8.1.

Normative source: docs/03-PROTOCOL-SPEC.md sections 5 and 8.1.

A scope is a dotted permission string carried in a Mandate and required by an Action. A scope grants the exact named scope and any child scope only when it ends in .*.

Matching Rules

Given a mandate scope M and an action-required scope R:

  1. M == R matches.
  2. M ending in .* matches every R consisting of M's segments before .* followed by one or more additional segments.
  3. Wildcards are suffix-only. commerce.*.ticket is invalid.
  4. Any matching entry in constraints.forbidden overrides an allowed scope.
  5. x-<vendor>.* scopes are private extensions and never match core scopes.

Matching is segment-wise, never a raw string prefix: commerce.purchase.* does not match commerce.purchaseextra.x, and it does not match the bare parent commerce.purchase.

Examples:

Mandate scopeRequired scopeVerdict
commerce.purchase.*commerce.purchase.transportallow
commerce.purchase.*commerce.purchase.transport.railallow
commerce.purchase.*commerce.purchasedeny
commerce.purchase.transportcommerce.purchase.transportallow
commerce.purchase.transportcommerce.purchase.eventdeny
content.read.*content.write.commentdeny
data.export.* with forbidden data.export.userdata.export.userdeny

Core Scopes

ScopeSemanticsTypical risk
content.read.pageRead a single semantic View for a content URLR0
content.read.indexRead View Index metadata and chunk hashesR0
content.read.searchSearch declared site contentR0
content.read.productRead product or catalog factsR0
content.read.priceRead price and availability factsR0
content.write.commentCreate a user-visible comment or reviewR2
content.write.draftCreate a private draft owned by the principalR1
commerce.cart.readRead cart stateR0
commerce.cart.modifyAdd, remove, or update cart itemsR1
commerce.quote.createGenerate a quote without reservation or chargeR0
commerce.hold.createHold inventory temporarilyR1
commerce.purchase.transportBuy travel or transport inventoryR3
commerce.purchase.goodsBuy physical or digital goodsR3
commerce.purchase.eventBuy event tickets or admissionsR3
commerce.cancel.orderCancel an existing orderR2
commerce.refund.requestRequest refund or return workflowR2
communication.message.sendSend a message, email, or notificationR2
communication.subscription.modifyChange mailing or alert subscriptionsR1
account.profile.readRead account profile dataR0
account.profile.updateUpdate account profile fieldsR2
account.auth.sessionCreate or modify an authenticated sessionR3
data.export.userExport principal-owned user dataR2
data.delete.userDelete principal-owned user dataR2
data.consent.modifyChange data-sharing or training consentR2

Extension Procedure

New core scopes require an AEP. Private scopes MUST start with x-<vendor>. and include a stable owner contact in the manifest or implementation docs.

On this page