# Availability and Boundary Conformance Vectors (v1) This document defines deterministic vectors for org-boundary enforcement and availability classes. ## Vector Group AB1: Org Boundary Binding 1. `AB1-001` workspace_within_org_root_allows_paid_action - Given workspace `W1` bound to `org_root_id=ORG_A` - And suite entitlement for `ORG_A` is active - When paid action is requested inside `W1` - Then action is allowed (subject to other gates) 2. `AB1-002` workspace_boundary_mismatch_blocks_paid_action - Given workspace `W2` bound to `ORG_B` - And requester entitlement bound only to `ORG_A` - When paid action is requested in `W2` - Then action is blocked with `boundary_mismatch` 3. `AB1-003` delegated_actor_no_boundary_transfer - Given human from `ORG_A` delegated role in `ORG_B` - And no active suite entitlement for `ORG_B` - When paid action is requested - Then action is blocked with `target_org_suite_required` ## Vector Group AB2: Connected Access Class 1. `AB2-001` connected_active_with_fresh_heartbeat - Given `access_class=connected` - And lease heartbeat age inside policy window - Then availability state is `ACTIVE` 2. `AB2-002` connected_enters_grace_after_missed_heartbeat - Given `access_class=connected` - And heartbeat missed past active window but inside grace window - Then state is `GRACE` - And paid execution remains allowed 3. `AB2-003` connected_continuity_blocks_growth_actions - Given `access_class=connected` in `CONTINUITY` - When attempting growth action (new member/workspace/tool install/worker spawn) - Then request is blocked with `continuity_growth_blocked` 4. `AB2-004` connected_parked_blocks_paid_execution - Given `access_class=connected` in `PARKED` - When paid action is requested - Then action is blocked with `entitlement_parked` - And read/search/export remains allowed ## Vector Group AB3: Sovereign Access Class 1. `AB3-001` sovereign_active_offline_with_valid_capsule - Given `access_class=sovereign` - And local entitlement capsule is valid - And no network connectivity - Then state remains `ACTIVE` 2. `AB3-002` sovereign_transitions_on_capsule_expiry - Given `access_class=sovereign` - And capsule renewal evidence ages past active window - Then state transitions `ACTIVE -> GRACE -> CONTINUITY -> PARKED` by policy thresholds 3. `AB3-003` sovereign_offline_renewal_restores_active - Given `access_class=sovereign` in `CONTINUITY` or `PARKED` - When signed offline renewal package is applied and verified - Then state becomes `ACTIVE` ## Vector Group AB4: Offboarding and Token Revocation 1. `AB4-001` offboarded_human_cannot_get_new_action_token - Given human delegation revoked at time `T` - When requesting new paid action token after `T` - Then token issuance is denied 2. `AB4-002` offboarding_does_not_remove_local_read_access_snapshot - Given org access revoked and local data retention policy active - When user opens local history view - Then read/search/export policy behaves per retention rules without re-enabling paid execution ## Vector Group AB5: Admin Plane Ownership Gating 1. `AB5-001` only_root_owner_can_open_support_channel - Given principal role `workspace_member` - When calling support/admin channel endpoint - Then response is denied with `contact_your_org_admin` 2. `AB5-002` root_owner_receives_admin_health_events - Given principal role `org_root_owner` - When health/config/update admin events are emitted - Then events are visible in owner stream - And not visible in member-only streams 3. `AB5-003` member_cannot_mutate_admin_configuration - Given principal role `workspace_member` - When attempting org-level config mutation - Then request is denied ## Pass Criteria Build is conformant only when all vectors pass. ## Fail-Closed Rule Unknown boundary binding, unknown availability state, or unverifiable renewal evidence must block paid execution by default.