Reference

Project Intent Axis Packages

Version: 0.2
Status: Draft
Lineage: Project-level configuration

Purpose

Intent in M45 is structured through intent axes.

Intent axes define the semantic dimensions along which system intent is expressed, reviewed, and evolved.

Axes are grouped into Project Intent Axis Packages.

An axis package represents a coherent semantic lens on system intent, such as:

  • Functional and behavioral intent
  • Safety and hazard-related intent
  • Operational and environmental intent
  • Verification and assurance intent

Axis packages are not universal.

They are selected and configured per project through the Project Intent Profile.

Why axis packages exist

Complex systems do not have a single notion of intent.

Different stakeholders reason about the same system using different abstractions and concerns.

Axis packages allow M45 to:

  • Represent multiple views of system intent without duplication
  • Keep intent snapshots stable as semantic needs evolve
  • Support safety-critical reasoning alongside functional reasoning
  • Avoid collapsing intent into a single flattened taxonomy

This mirrors intent specifications, where intent is distributed across abstraction levels and concerns, but makes that structure explicit and configurable.

What an axis package defines

An axis package defines:

  • Which intent dimensions (axes) exist
  • What kinds of intent elements are meaningful
  • How intent should be interpreted and reviewed

Project Intent Axis Package schema

Axis packages are first-class configuration objects. They are referenced (by id + version) from a Project Intent Profile.

Formal JSON representation

{
  "packageId": "string",
  "packageName": "string",
  "version": "string",
  "status": "active | deprecated",
  "scope": "default | project-specific",

  "description": "string",

  "axes": [
    {
      "axisDefinition": {
        "axisId": "string",
        "displayName": "string",
        "description": "string",
        "scope": "default | project-specific",
        "status": "active | deprecated",
        "inclusionCriteria": ["string"],
        "typicalSources": ["string"],
        "examples": [
          { "text": "string", "rationale": "string" }
        ],
        "nonExamples": [
          { "text": "string", "rationale": "string" }
        ],
        "notes": "string | null"
      },
      "constraints": "string | null",
      "notes": "string | null"
    }
  ],

  "supportedIntentKinds": ["string"],
  "supportedConcerns": ["environment | operator | system | verification"],
  "supportedIntentLevels": [
    "system_purpose | design_principle | blackbox_behavior | design_representation | physical_representation"
  ],

  "reviewGuidance": "string | null",
  "inferenceGuidance": "string | null",

  "supersedesPackageId": "string | null"
}

Field definitions

packageId

Type: string

Stable identifier for the axis package.

This is what profiles reference. It should remain stable across versions.

Examples:

  • functionalBehavior
  • safetyHazard
  • operationalEnvironment
  • verificationAssurance

packageName

Type: string

Human-readable name for display.

version

Type: string

Version identifier for the package definition.

Axis packages are versioned so that intent snapshots can retain the semantic frame they were evaluated under (via the snapshot’s referenced profile).

status

Type: enum

Values:

  • active
  • deprecated

Deprecated packages can be referenced by historical profiles/snapshots, but should not be used for new profiles.

scope

Type: enum

Values:

  • default
  • project-specific

Indicates whether the package is part of the M45 default set or defined by a project/organization.

description

Type: string

Normative description of what semantic “lens” the package represents and what it is intended to be used for.

axes

Type: array of objects

The set of intent axes included in the package.

Each entry includes an axisDefinition (see Axis Definition Schema), including examples and non-examples with rationales.

Optional constraints/notes allow package-local guidance, without changing the underlying axis definition.

supportedIntentKinds

Type: array of strings

List of intent element kinds that this package is designed to organize/review.

This is a semantic contract used for validation and UX defaults (e.g., which kinds to emphasize in package-focused review views).

supportedConcerns

Type: array of enums

Allowed values:

  • environment
  • operator
  • system
  • verification

Concerns that are in-scope for this package.

supportedIntentLevels

Type: array of enums

Allowed values:

  • system_purpose
  • design_principle
  • blackbox_behavior
  • design_representation
  • physical_representation

Intent levels that are in-scope for this package.

reviewGuidance

Type: string | null

Human guidance for how to review intent under this package (e.g., “ensure every hazard traces to at least one safety constraint”).

inferenceGuidance

Type: string | null

Tooling guidance for inference (e.g., “prioritize STPA artifacts and hazard logs; treat meeting notes as supporting evidence”).

This is guidance, not executable logic.

supersedesPackageId

Type: string | null

References an earlier package that this package replaces.

Validation rules

  • A profile references axis packages by (packageId, packageVersion) (see Project Intent Profile).
  • The active axes for a profile are derived from its activated packages, optionally narrowed by profile settings.
  • If an intent element has a non-null axisId, that axisId must be present in the active axis set under the snapshot’s referenced profile.

Example axis package

{
  "packageId": "safetyHazard",
  "packageName": "Safety and hazard-related intent",
  "version": "1.0",
  "status": "active",
  "scope": "default",
  "description": "Axes for hazards, safety constraints, and safety-relevant reasoning (STPA-compatible).",
  "axes": [
    {
      "axisDefinition": {
        "axisId": "hazard",
        "displayName": "Hazard",
        "description": "System-level hazardous state that could lead to unacceptable loss (not a component failure mode).",
        "scope": "default",
        "status": "active",
        "inclusionCriteria": ["Describes an unsafe system state with potential loss consequences"],
        "typicalSources": ["safetyAnalysis", "hazardLog", "requirements"],
        "examples": [
          {
            "text": "Loss of navigation capability during approach",
            "rationale": "Describes a hazardous system condition, independent of a specific component fault."
          }
        ],
        "nonExamples": [
          {
            "text": "GNSS receiver power supply fails",
            "rationale": "A component failure mode; it may contribute to a hazard but is not itself the system-level hazardous state."
          }
        ],
        "notes": null
      },
      "constraints": null,
      "notes": null
    },
    {
      "axisDefinition": {
        "axisId": "safetyConstraint",
        "displayName": "Safety constraint",
        "description": "Constraint derived from hazards to prevent or mitigate unsafe system states.",
        "scope": "default",
        "status": "active",
        "inclusionCriteria": ["Constrains behavior or design to mitigate one or more hazards"],
        "typicalSources": ["safetyRequirements", "safetyAnalysis", "requirements"],
        "examples": [
          {
            "text": "The system shall transition to inertial navigation within 100 ms of GNSS signal loss during approach.",
            "rationale": "Constrains behavior in a hazard-relevant context to prevent loss of navigation capability."
          }
        ],
        "nonExamples": [
          {
            "text": "The system shall be safe.",
            "rationale": "Too vague to be a constraint; it does not define an actionable restriction or mitigation."
          }
        ],
        "notes": null
      },
      "constraints": null,
      "notes": "Prefer constraints that are preservation invariants."
    },
    {
      "axisDefinition": {
        "axisId": "uca",
        "displayName": "Unsafe control action (UCA)",
        "description": "A control action that, under certain contexts, can lead to hazards or losses (STPA).",
        "scope": "default",
        "status": "active",
        "inclusionCriteria": ["Describes an unsafe control action with context (provided/omitted/too early/too late/too long)"],
        "typicalSources": ["stpaAnalysis", "safetyAnalysis"],
        "examples": [
          {
            "text": "Autopilot engages climb mode when airspeed is below minimum safe threshold.",
            "rationale": "A control action whose provision in a specific context can contribute to hazards."
          }
        ],
        "nonExamples": [
          {
            "text": "The autopilot shall have a climb mode.",
            "rationale": "A functional feature statement, not an unsafe control action with hazardous context."
          }
        ],
        "notes": "Optional: include only if STPA-style artifacts exist."
      },
      "constraints": null,
      "notes": "Unsafe Control Actions (optional, if STPA artifacts exist)."
    }
  ],
  "supportedIntentKinds": ["hazard", "constraint", "assumption", "limitation", "vnv_intent"],
  "supportedConcerns": ["system", "operator", "environment", "verification"],
  "supportedIntentLevels": ["system_purpose", "design_principle", "blackbox_behavior", "design_representation"],
  "reviewGuidance": "Ensure every accepted hazard is mitigated by at least one accepted safety constraint and has supporting evidence or explicit rationale.",
  "inferenceGuidance": "Prioritize safety analyses and hazard logs; treat requirements as evidence via requirement projections.",
  "supersedesPackageId": null
}

Relationship to Project Intent Profiles

Project Intent Profiles activate one or more axis packages for a project.

This means:

  • A profile declares which axis packages are enabled
  • Only axes from enabled packages may be used in intent snapshots
  • Intent snapshots reference the profile, preserving the semantic context

This keeps intent snapshots stable while allowing semantic evolution.

Relationship to intent snapshots

In M45:

  • Intent Snapshots store meaning
  • Axis Packages define how meaning is structured

So:

Each intent element in a snapshot has an axisId field that must belong to an axis from a package enabled by the snapshot's Project Intent Profile.

This constraint lives in validation logic and documentation, not in the snapshot payload, keeping snapshots compact and timeless.

Common axis packages

Functional and behavioral intent

Focuses on what the system does and how it behaves.

Typical axes include:

  • Functions
  • Modes
  • Scenarios
  • Components

Safety and hazard-related intent

Focuses on hazards, safety constraints, and safety-related behavior.

Typical axes include:

  • Hazards
  • Safety constraints
  • Unsafe control actions (UCAs)

This allows projects to:

  • Introduce hazard and safety reasoning incrementally
  • Apply different safety lenses to the same system intent
  • Maintain separation between functional intent and safety intent while preserving traceability

Safety intent does not replace functional intent.

It constrains and contextualizes it.

Operational and environmental intent

Focuses on operational context and environmental assumptions.

Typical axes include:

  • Environmental assumptions
  • Operator roles
  • Operational scenarios
  • External constraints

Verification and assurance intent

Focuses on verification objectives and assurance claims.

Typical axes include:

  • Verification objectives
  • Test scenarios
  • Assurance claims
  • Validation criteria

Design intent

Axis packages exist to make semantic structure explicit and configurable, not to impose a fixed ontology.

This enables:

  • STPA lenses
  • SysML v2 projections
  • Certification-specific semantic overlays

Relationship to other concepts