The Knox event taxonomy.

Stream session begins.

Stream session ends normally.

Stream session terminated by moderation or system.

Chat message anchored against the stream.

Broadcast capability token issued.

Ring-in request received against an active stream.

Ring-in promoted to live participant.

Ring-in interaction completed.

Moderator override applied to a stream or interaction.

Mary compliance shepherd renders an approve / hold / reject decision.

Vendor account creation.

Vendor accepts terms of service.

Generic vendor lifecycle action with structured action field.

Outbound SMS dispatched (magic-link or notification).

Vendor subdomain slug provisioned.

Vendor onboarding intent captured.

Certificate-of-analysis document validated.

Vendor state-license record validated.

Vendor approved by Mary compliance shepherd.

Mary-METRC daily reconciliation sweep draft anchored with reconciler digest and report hashes.

Vendor review determination recorded for a Mary-METRC sweep.

Scheduled all-vendor Mary-METRC sweep run completed (counts of attempted / succeeded / failed).

AI-generated vendor storefront configuration emitted.

Vendor product record uploaded.

Vendor product batch published to the catalog.

Vendor connects a payment gateway.

Vendor transaction observed for audit-permanence record.

Counter-party dossier report emitted.

Surveillance agent observation emitted.

Continuous-monitoring baseline registered.

Delta from continuous-monitoring baseline detected.

Continuous-monitoring periodic report emitted.

Registry-discovery expansion report emitted.

Collusion-detection agent report emitted.

Agent-discovery observation against a public registry.

Classical or post-quantum detached signature verified and anchored.

Post-quantum key encapsulation operation anchored (FIPS 203 ML-KEM).

Cryptographic key revoked.

Cryptographic key wipe signaled to operator surface.

Specific scope of a cryptographic key revoked.

Knox data-encryption key issued.

Knox key rotated under scheduled or triggered policy.

Data-encryption operation anchored under AES-256-GCM.

Data-decryption operation anchored with Bitcoin-anchored, tamper-evident receipt.

Generic attestation record.

Artifact sealed under Bonis Attestation Protocol v1.

Measured-boot integrity verification anchored.

Inbound contact-form submission anchored.

Licensee record discovered from a public registry.

Licensee record claimed by the licensee.

Enterprise fast-lane request anchored.

Knox agent run started.

Knox agent run completed.

Knox agent run failed.

Agent persistent-memory write.

Agent persistent-memory read.

Agent persistent-memory edit.

Agent persistent-memory redaction.

Agent persistent-memory export.

Agent persistent-memory policy change.

Agent transaction offer.

Agent transaction acceptance.

Agent transaction settlement.

Agent transaction dispute opened.

Agent transaction reversed.

Agent transaction policy change.

Agent authority revoked.

Agent signing key rotated.

Agent policy revoked.

Data-deletion certification record.

Security incident reported (72-hour federal reporting clock).

Security incident status update.

Government data access record.

Material change notice to a federal counterparty.

Driver-AI handover event (either direction).

Driver intervention against AI control.

AI perception event recorded.

AI driving decision recorded.

AI driving policy change deployed.

AI driving subsystem attestation.

Agent invokes an MCP tool.

MCP tool returns a response to the agent.

Agent fetches a resource from an MCP server.

Agent invokes a prompt template from an MCP server.

MCP server attestation recorded.

MCP-side policy change recorded.

Site Operations Bureau audit receipt anchored.

Gateway-side code fingerprint at execution moment.

Gateway-side input commitment.

Gateway-side output commitment.

Gateway agent attestation.

Gateway-side side-effect record.

Spatial-evidence scene capture anchored.

Vendor creates a marketplace product listing.

Vendor uploads a product certificate-of-analysis.

Buyer places an order against a vendor product.

Pre-call receipt for any vendor inference (vendor name, model, correlation id).

Post-call receipt with content commitment hash, latency, and token usage.

Vendor inference failure receipt with error message.

Cross-check anchor when peer models converge with the primary above the consensus threshold.

Cross-check anchor when any peer model falls below the consensus threshold against the primary.

Anchor emitted when an ALPR system commits an observation (plate text, vehicle composite features, confidence) with chain-of-evidence pointer to the originating sensor and authority record.

Anchor emitted when a vendor hot-list match propagates toward an officer-facing alert; carries a cross-validation reference to the originating authority record (warrant, BOLO, data-entry source) so downstream verification has a chain.

Driver-side anchor for dashcam, phone audio, or stop-record commitment hash so the driver has FRE 902(13)/(14)-admissible chain-of-control evidence across multiple stops.

Anchor emitted on every contact attempt with court / dispatch / vendor / agency to clear an alert known to be wrong; pattern-of-attempts becomes provable, not just one-off.

Anchor emitted when (and IF) the multi-agency network finally propagates a correction from the originating authority record outward to all caching agencies.

Anchor emitted when an in-cab biometric capture event is observed (camera frame committed to inference, audio buffer committed to inference, fingerprint or eye-state read). Carries capture modality, time window, and a feature-hash commitment so the captured data itself is never anchored, only the fact of capture.

Anchor emitted when an in-cab audio inference completes (lip-reading, speech-to-text, speaker classification, emotion classification). Carries inference type, confidence, and an opaque inference-output commitment so the inference text is never anchored, only the fact and confidence of inference.

Anchor emitted when a captured biometric feature is matched against a downstream database (manufacturer ID, third-party watchlist, fleet roster). Carries database identifier class, lookup outcome class, and a query-hash commitment so the queried features are never anchored, only the fact of lookup and the outcome class.

Anchor emitted when an occupant consent state changes (granted, withdrawn, scope-narrowed, scope-expanded). Carries the prior state, the new state, the scope delta, and the actor that initiated the change so the consent-record-trail is independently reconstructable from the chain.

Anchor emitted when captured biometric data, inference output, or downstream lookup result is disclosed to a third party (manufacturer cloud, regulator, law-enforcement subpoena, civil discovery, insurance carrier). Carries disclosure recipient class, legal basis class, and a disclosure-bundle commitment so the disclosure trail is independently reconstructable from the chain.

Knox Forensics network-marker AI-attribution result anchored (Layer 1 rule-based classification against the publicly-citable LLM-SDK JA3/JA4 fingerprint registry; carries classifier version, registry entry id, confidence class, and an opaque feature-hash commitment).

Knox Forensics registry entry superseded; prior bundles citing the entry become discoverable by registry-entry-id reverse-lookup so legal durability of historical attributions is preserved.

Vendor-scoped marketplace activity statement generated and anchored — informational order-flow record under the TerraVault no-money-touch posture. Carries canonical-payload SHA-256, anchor sequence, and vendor identifier; never carries customer money flow.

Per-key usage-audit anchored — anchor count, first and last anchor timestamps, and per-event-type breakdown for a Knox API key over an audit window. Used to ground doctrine pivots in measurable, third-party-verifiable evidence.

Long-form Bonis Journal article published and anchored — canonical Markdown SHA-256, slug, datePublished, and article URL. Subsequent anchors of the same slug chain via previousHash so the article's edit history is independently reconstructable.

Periodic Customer Identification Program review for an existing customer relationship completed and anchored — review period covered, risk tier, beneficial-owner refresh status, exception findings if any, and disposition. Cadence varies by risk tier per the bank's BSA program.

Periodic Enhanced Due Diligence review for a higher-risk customer relationship completed and anchored — risk-rationale, transaction-pattern review findings, source-of-funds re-verification, ongoing monitoring posture, and disposition.

Suspicious-activity-monitoring alert disposition recorded — alert source (system or human-generated), alert criteria triggered, investigation findings, disposition (cleared / escalated / SAR-routed), and reviewer identifier.

Suspicious Activity Report drafted (pre-filing) and anchored — narrative draft, suspicious-activity category, subjects, transactions, and assigned filer. Anchoring the draft creates a tamper-evident record of the pre-review state.

Suspicious Activity Report filed with FinCEN and anchored — BSA E-Filing acknowledgement identifier, filed narrative SHA-256, filing timestamp, and assigned analyst. Independent of the BSA E-Filing system; this is the bank-side record-of-filing.

Continuing-activity SAR filing for ongoing patterns recorded. Per FinCEN guidance, continuing-activity SARs are required at periodic intervals for ongoing relationships under suspicion. Anchored payload includes BSA E-Filing identifier, prior-SAR linkage, narrative-update SHA-256, and review-period covered.

Examiner-facing audit pack generated for a time-bounded chain segment. v1 shipped payload (2026-05-11): structured event ledger with chain-integrity proof linking each event to its predecessor, FRE 902(13)/(14) certificate, manifest SHA-256, and verification-instructions step-walking the examiner through the canonical Knox chain-anchor OpenTimestamps verification path. Per-event Merkle inclusion proof and per-event raw .ots proof retrieval are scheduled for v1.1. Generation event records segment bounds, event-count, bundle manifest SHA-256, and bundle ZIP SHA-256.

Audit pack exported for examiner consumption — export channel, recipient identifier, pack SHA-256, redaction-policy applied at export, and exporter identifier. Bank applies redaction policy at the post; only fields the bank chooses to surface leave the bank's environment.

Periodic BSA / AML compliance program review completed and anchored — review period covered, controls reviewed, exceptions noted, remediation status, and board-meeting minutes link or hash. Cadence configured to the bank's audit calendar.

BSA-related audit-committee meeting anchored — meeting date, BSA-program-review item discussed, decisions reached, and minutes link or hash. Captures the program-level oversight cycle alongside the program-review event itself.

Bank-side IT/InfoSec controls evidence recorded — controls scope, evidence-type (policy attestation / procedure execution / system-state snapshot), evidence SHA-256 or link, and recording analyst. Vocabulary namespaced separately from BSA events.

Periodic access review completed for a defined system or role population — review-cycle window, populations reviewed, access-changes proposed, approver, and disposition. SOC 2 Common Criteria CC6 evidence.

Information-security incident response action logged — incident identifier, action-type (detection / containment / eradication / recovery / post-incident), action timestamp, responder, and outcome. SOC 2 Common Criteria CC7 evidence.

Change-management change approved — change identifier, change-scope, approver, approval timestamp, risk-assessment outcome, and rollback plan link or hash. SOC 2 Common Criteria CC8 evidence.

Cannabis-related-business onboarding session initiated — applicant identifier, applicant entity-type, prospective bank relationship, and Mary-session identifier.

Onboarding document received from CRB applicant — document-type (state license / EIN / articles / lease / COI / beneficial-owner KYC / financial statement / business plan), document SHA-256, applicant identifier, and timestamp.

OFAC sanctions-list pre-screen completed for an applicant subject (entity, beneficial owner, or counterparty) — subject identifier, OFAC SDN list snapshot date, screening-engine version, screening result (clear / flagged-for-officer-review), and Mary-session identifier.

State cannabis-license verification completed via state cannabis-control-commission API or public license-lookup — license number, license type, issuing state, status (active / probationary / expired / revoked), license period covered, and verification source.

Beneficial-owner KYC completed for an applicant beneficial owner (per FinCEN beneficial-ownership rule) — owner identifier, identification documents collected, OFAC pre-screen result, and Mary-session identifier.

Onboarding file packaged and handed off to the bank's CRB Onboarding Officer for intake review — applicant identifier, document-checklist completion status, screening summary, ambiguities flagged for human review, package SHA-256, and bank-officer recipient. Officer makes the onboarding decision; Mary surfaces; officer decides.

Owner-held key material provisioned and anchored — owner identifier (opaque ref), key shape code (hardware HSM / hardware FIDO2 / passphrase Argon2id / hybrid passphrase + hardware), record version, provisioning attestation hash, anchored at.

Owner-held key material rotated — owner identifier (opaque ref), previous record version, new record version (strictly greater than previous, monotonic per owner), rotation reason code (scheduled / compromise-suspected / recovery-completed / regulatory-required / other-documented), anchored at.

Per-operation ephemeral key step anchored — operation identifier (opaque ref), party A ephemeral pubkey hash, party B ephemeral pubkey hash (must differ from party A), step sequence, anchored at.

Decision payload encrypted under owner-held key material and chain-anchored — operation identifier (opaque ref), decision-emitting module identifier (opaque ref), payload hash, encrypted-session-key hash, operation signature hash, anchored at.

Owner-side decrypt request initiated for a historical operation — operation identifier (opaque ref), owner identifier (opaque ref), decrypt-request identifier, anchored at.

Owner-side decrypt operation completed successfully — operation identifier (opaque ref), decrypt-request identifier, decrypted at.

Owner-side decrypt operation failed — operation identifier (opaque ref), decrypt-request identifier, failure reason code (wrong-owner-key / tampered-payload / chain-anchor-mismatch / record-version-mismatch / other-documented), failed at.

Anomaly detection signaled suspected compromise of independent signing parties — anomaly identifier (opaque ref), detection signal code (signature-quorum-anomaly / unexpected-step-sequence-pattern / out-of-band-attestation-drift / other-documented), severity band (low / medium / high / critical), anchored at.