Every Fonteum response payload — MCP tool result, webhook event, v1 API endpoint — carries the same canonical 14-tuple provenance block. The original 8 fields cover source attribution + freshness + methodology + confidence. 6 new fields close specific gaps relative to SOC 2 Type 2 (CC8.1 change management, CC6.1 data classification), HIPAA §164.312 integrity controls, FAIR Data Principles (F1 persistent identifier, R1.1 license), ICMJE academic citation standards, and SLSA Build Level 3 cryptographic provenance.
Cryptographic chain → Identity layer → Webhook events → Semantic search →
_sourcestringCanonical name of the upstream data source. Human-readable; matches the public name the source publishes itself under.
"CMS NPPES NPI Registry (public API)"_source_urlstringPublic URL of the upstream source. Resolves to either the source's own portal or its API endpoint.
"https://npiregistry.cms.hhs.gov/api/"_dataset_idstringFonteum-internal dataset slug. Stable across snapshots; matches data_sources.slug + the source-defaults registry key.
"nppes-npi-registry"_snapshotstring (ISO date)ISO date YYYY-MM-DD of the snapshot used to produce this response. Stable identifier for the upstream pull.
"2026-05-10"_methodologystringFonteum methodology version that produced the response. Bumps land in /methodology/changelog with date + summary.
"v2026.05.0"_last_checkedstring (ISO timestamp)ISO timestamp Fonteum last re-checked the value against the source. May be more recent than _snapshot when re-checks happen between snapshot pulls.
"2026-05-10T07:00:00.000Z"_confidencenumber (0..1)0..1 score. 1.0 = verbatim from source. <1.0 = derived via cross-source matching, name normalization, or other inference.
1.0_data_availabilitystring[]Availability flags. Common values: ["present"] (verbatim), ["pending_refresh"] (snapshot stale), ["archived"] (deprecated source). Multi-flag arrays allowed for compound states.
["present"]_pipeline_versionstring | nullnullableGit commit SHA (7-char short form) of the Fonteum ingestion code that produced the snapshot. Closes the change-management gap: every produced artifact traces back to the exact code revision. Always populated in deployed environments via VERCEL_GIT_COMMIT_SHA; "dev-local" in local dev.
"abc1234"_doistring | nullnullableReserved for a persistent archival DOI for the methodology version. Currently always null — no DOI is minted at this time.
null_licensestring | nullnullableSPDX identifier for redistribution rights. Federal sources (CMS, OIG, HRSA, BLS, BEA, Census) use US-Government-Works (public domain per 17 USC §105). Fonteum-derived datasets use CC-BY-4.0. Sources we don't recognize get null — caller can override.
"US-Government-Works"_coverage_period_startstring | null (ISO-8601)nullableISO-8601 date when the upstream source first started publishing this kind of data. Backstops the snapshot date with the source's own inception.
"2007-09-15"_coverage_period_endstring | "ongoing" | nullnullableISO-8601 end date OR the literal "ongoing" for live sources. Future deprecated sources would set explicit end dates.
"ongoing"_slsa_provenance_urlstring | nullnullableURL to the SLSA Build Level 3 provenance artifact for this snapshot. Phase 1 ships a placeholder pointing at the GitHub Actions workflow run; full SLSA generator wires up in §sprint3-slsa-generator. Once populated, downstream consumers can re-validate the SLSA attestation to confirm the artifact wasn't tampered with.
"https://github.com/fpobuilds/directoryventures-engine/actions/runs/123"All 6 new fields are nullable. Subscribers + consumers built against the original 8-field contract continue to receive valid payloads — they just ignore the 6 extra keys per JSON contract. No versioned event_type bump required (per the buildEventPayload freeze rules). Field types are exposed via the central ProvenanceContract interface in src/mcp/types.ts + the ProvenancePayload interface in src/lib/events/types.ts. TypeScript consumers depending on those interfaces will see the 6 new fields as required-nullable; their values are guaranteed non-undefined.