API: Standing and mandates

Capability state: every operation in this file is staging-durable (Koerper-ingress fixture). Standing claim, evaluation, grant, revocation, and mandate delegation/revocation are recorded in durable M7 state but refuse production admission and never let HumanAuth presence alone create standing. See 022 gap report for the broader Koerper-ingress surface.

The standing-and-mandates cluster covers the company authority intake surface — the operations that take a person from “presence-verified human” to “named office of a company” and that delegate scoped acting authority to another principal.

Two coupled lanes:

Standing lane — standing.claim records a claim of office (with optional HumanAuth presence), standing.evaluate decides whether the cited authority evidence is sufficient, standing.grant records the resulting fixture standing lifecycle, and standing.revoke records its revocation. Standing is created from authority evidence — never from HumanAuth presence alone.
Mandate lane — mandate.delegate records a fixture mandate from a principal to a delegate over a named act scope and readable lens, requiring a HumanAuth presence receipt; mandate.revoke records the revocation. Mandate delegation reuses standing — it does not create new standing.

Boundary assertions made explicit by the handlers:

standing.claim refuses create_standing_from_presence: true with standing_presence_cannot_create_authority.
standing.grant refuses without a standing_evaluation ref.
mandate.delegate requires a known human_presence_receipt and asserts standing_created: false in the response.

`standing.claim`

Claim standing as fixture evidence while keeping HumanAuth presence separate.

POST /v1/standing/claim
state: staging-durable
sdk_role: claim standing as fixture evidence while keeping HumanAuth presence separate
request_record: CloudStandingClaimRequest
responses: standing_claim | refusal | receipt

Request

interface StandingClaimRequest {
  tenant: GestaltRef;
  actor: GestaltRef;
  company: GestaltRef;
  office: string;
  evidence: GestaltRef[];
  human_presence_receipt?: GestaltRef;
  create_standing_from_presence: boolean;  // refused if true
  fixture: boolean;                         // must be true
}

Response

{
  "operation": "standing.claim",
  "outcome": "admitted",
  "body": {
    "standing_claim": "standing_claim:...",
    "status": "claimed",
    "standing_created": false,
    "human_presence_creates_standing": false,
    "durable_state": {...},
    "production_admission": false
  },
  "receipt": {...}
}

standing_created: false and human_presence_creates_standing: false are explicit boundary assertions. The handler refuses with standing_presence_cannot_create_authority if create_standing_from_presence is true.

SDK example

const claim = await client.standingClaim({
  tenant: "tenant_node:rheinwerk_calibration",
  actor: "human_person:anna",
  company: "company_geist:rheinwerk_calibration",
  office: "Geschaeftsfuehrer",
  evidence: ["evidence_bundle:anna_register_standing"],
  create_standing_from_presence: false,
  fixture: true,
});

`standing.evaluate`

Evaluate fixture standing evidence before any grant lifecycle record.

POST /v1/standing/evaluate
state: staging-durable
sdk_role: evaluate fixture standing evidence before any grant lifecycle record
request_record: CloudStandingEvaluateRequest
responses: standing_evaluation | refusal | receipt

Request

interface StandingEvaluateRequest {
  tenant: GestaltRef;
  standing_claim: GestaltRef;
  evidence: GestaltRef[];
  human_presence_receipt?: GestaltRef;
  fixture: boolean;                  // must be true
}

Response

{
  "operation": "standing.evaluate",
  "outcome": "verified",
  "body": {
    "standing_evaluation": "standing_evaluation:...",
    "standing_claim": "standing_claim:...",
    "decision": "grantable_fixture",
    "grantable": true,
    "durable_state": {...},
    "production_admission": false
  },
  "receipt": {...}
}

When evidence is empty the handler returns outcome: "pending" with decision: "evidence_missing" and grantable: false — there is no refusal in that case, just a pending evaluation.

SDK example

const evaluation = await client.standingEvaluate({
  tenant: "tenant_node:rheinwerk_calibration",
  standing_claim: "standing_claim:m21_fixture",
  evidence: ["evidence_bundle:anna_register_standing"],
  fixture: true,
});

`standing.grant`

Record fixture standing grant lifecycle after evaluation evidence.

POST /v1/standing/grant
state: staging-durable
sdk_role: record fixture standing grant lifecycle after evaluation evidence
request_record: CloudStandingGrantRequest
responses: standing_grant | refusal | receipt

Request

interface StandingGrantRequest {
  tenant: GestaltRef;
  standing_claim: GestaltRef;
  standing_evaluation?: GestaltRef;  // required; refused if missing
  actor: GestaltRef;
  company: GestaltRef;
  office: string;
  powers: string[];
  human_presence_receipt?: GestaltRef;
  fixture: boolean;                  // must be true
}

Response

{
  "operation": "standing.grant",
  "outcome": "admitted",
  "body": {
    "standing": "standing_grant:...",
    "status": "active",
    "standing_created_by_human_presence": false,
    "durable_state": {...},
    "production_admission": false
  },
  "receipt": {...}
}

The handler refuses with standing_evaluation_required if standing_evaluation is missing, and asserts that this standing is created by authority evidence rather than HumanAuth presence.

SDK example

const grant = await client.standingGrant({
  tenant: "tenant_node:rheinwerk_calibration",
  standing_claim: "standing_claim:m21_fixture",
  standing_evaluation: "standing_evaluation:m21_fixture",
  actor: "human_person:anna",
  company: "company_geist:rheinwerk_calibration",
  office: "Geschaeftsfuehrer",
  powers: ["invoice.issue", "advisor.review"],
  fixture: true,
});

`standing.revoke`

Record fixture standing revocation lifecycle.

POST /v1/standing/revoke
state: staging-durable
sdk_role: record fixture standing revocation lifecycle
request_record: CloudStandingRevokeRequest
responses: standing_revocation | refusal | receipt

Request

interface StandingRevokeRequest {
  tenant: GestaltRef;
  standing: GestaltRef;
  reason: string;
  fixture: boolean;          // must be true
}

Response

{
  "operation": "standing.revoke",
  "outcome": "admitted",
  "body": {
    "standing": "standing_grant:...",
    "revocation_record": "standing_grant:..._revoked",
    "status": "revoked",
    "durable_state": {...},
    "production_admission": false
  },
  "receipt": {...}
}

SDK example

const revocation = await client.standingRevoke({
  tenant: "tenant_node:rheinwerk_calibration",
  standing: "standing_grant:anna_geschaeftsfuehrer_fixture",
  reason: "fixture revocation rehearsal",
  fixture: true,
});

`mandate.delegate`

Delegate fixture mandate with HumanAuth approval while not creating standing.

POST /v1/mandates/delegate
state: staging-durable
sdk_role: delegate fixture mandate with HumanAuth approval while not creating standing
request_record: CloudMandateDelegateRequest
responses: mandate | refusal | receipt

Request

interface MandateDelegateRequest {
  tenant: GestaltRef;
  principal: GestaltRef;
  delegate: GestaltRef;
  source_standing: GestaltRef;
  act_scope: string[];
  readable_lens: string[];
  human_presence_receipt?: GestaltRef;  // required; refused if missing or unknown
  fixture: boolean;                      // must be true
}

Response

{
  "operation": "mandate.delegate",
  "outcome": "admitted",
  "body": {
    "mandate": "mandate:...",
    "status": "active",
    "human_presence_satisfied_sensitive_approval": true,
    "standing_created": false,
    "durable_state": {...},
    "production_admission": false
  },
  "receipt": {...}
}

The handler refuses with mandate_human_presence_required if human_presence_receipt is missing and with mandate_human_presence_unknown if the cited receipt is not known. standing_created: false is asserted explicitly: delegation reuses standing rather than creating new standing.

SDK example

const mandate = await client.mandateDelegate({
  tenant: "tenant_node:rheinwerk_calibration",
  principal: "company_geist:rheinwerk_calibration",
  delegate: "human_person:anna",
  source_standing: "standing:anna_geschaeftsfuehrer_fixture",
  act_scope: ["invoice.issue"],
  readable_lens: ["advisor_review"],
  human_presence_receipt: "human_presence_receipt:fixture_private_presence",
  fixture: true,
});

`mandate.revoke`

Record fixture mandate revocation lifecycle.

POST /v1/mandates/revoke
state: staging-durable
sdk_role: record fixture mandate revocation lifecycle
request_record: CloudMandateRevokeRequest
responses: mandate_revocation | refusal | receipt

Request

interface MandateRevokeRequest {
  tenant: GestaltRef;
  mandate: GestaltRef;
  reason: string;
  fixture: boolean;          // must be true
}

Response

{
  "operation": "mandate.revoke",
  "outcome": "admitted",
  "body": {
    "mandate": "mandate:...",
    "revocation_record": "mandate:..._revoked",
    "status": "revoked",
    "durable_state": {...},
    "production_admission": false
  },
  "receipt": {...}
}

SDK example

const revocation = await client.mandateRevoke({
  tenant: "tenant_node:rheinwerk_calibration",
  mandate: "mandate:fixture_m14_mandate",
  reason: "fixture mandate revocation rehearsal",
  fixture: true,
});

Refusal codes

Selected refusal codes returned by this cluster (see refusal.codes for the full list):

koerper_fixture_only
standing_presence_cannot_create_authority
standing_evaluation_required
mandate_human_presence_required
mandate_human_presence_unknown

Where to read next

API: authority — hosted operator delegation, authority package activation, presence approval.
API: advisor — advisor matters cite standing but never create it.
API: auth and sessions — login finishes cite standing without elevating it.
Reference: refusal codes.