General Rules¶
This section defines cross-capability protocol rules.
Normative Keywords¶
The words MUST, MUST NOT, SHOULD, and MAY are normative.
Interoperability Rules¶
- Producers MUST include all required fields.
- Consumers MUST validate required fields.
- Consumers SHOULD tolerate unknown additive fields.
- Participants MUST NOT infer unsupported state transitions.
- Participants MUST process events idempotently.
Payload Documentation Standard¶
Each protocol payload description MUST include:
- Field table with
name,required, anddescription. - Payload example.
Examples are illustrative protocol shapes, not transport contracts.
Operation Documentation Standard¶
Each documented operation MUST declare:
- Whether authentication is required.
- Which scope or permission is required when authentication applies.
- A reference to the Authentication and Authorization section.
This allows implementers to understand access requirements directly from the operation definition, without guessing from transport examples.
Security Rules¶
- Authentication context MUST be merchant-scoped.
- Secrets MUST NOT be exposed in logs or traces.
- Callback trust validation MUST be enforced for asynchronous delivery.
Compatibility Rules¶
- Existing required fields MUST NOT be removed in backward-compatible updates.
- Enum extensions SHOULD be additive.
- Breaking behavior changes MUST be version-signaled.