@aikdna/kdna-cli 0.16.5 → 0.16.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikdna/kdna-cli",
-  "version": "0.16.5",
+  "version": "0.16.7",
   "description": "KDNA CLI — create, validate, install, and manage domain cognition packages for AI agents.",
   "type": "commonjs",
   "bin": {

package/src/cli.js

@@ -14,6 +14,7 @@ const {
   cmdUnpack,
   cmdUnpackEncrypt,
   cmdInspect,
+  cmdCard,
 } = require('./cmds/domain');
 const { cmdList, cmdRegistry } = require('./cmds/registry');
 const {
@@ -85,6 +86,8 @@ Domain Authoring:
   unpack <file>                    Unpack .kdna container
   unpack <file> --license <file>   Unpack encrypted .kdnae container
   inspect <path>                   Inspect domain or .kdna file
+  inspect <path> --locale zh-CN     Inspect with localized governance data
+  card <path> [--locale zh-CN]      Display KDNA Card (governance metadata)
   publish <path>                   Pack + sign + publish
   publish --check <path>           Quality gate check only
   version bump <level> [path]      Bump domain version
@@ -107,7 +110,8 @@ Agent Runtime:
 
 Testing & Verification:
   verify <name>                    3-layer: structure + trust + judgment
-  verify <name> --i18n               I18N verification: locale dirs, overlays, card completeness
+  verify <name> --i18n               I18N verification: locales, overlays, card completeness
+  verify <name> --governance         Governance verification: risk_level, KDNA_CARD, provenance
   verify <name> --judgment --run-tests  Judgment validation with eval cases
   compare <name> --input "..."     With/without KDNA reasoning diff
   compare <name> --input "..." --report-md     Markdown report format
@@ -285,6 +289,14 @@ switch (cmd) {
     cmdInspect(target, args.includes('--json'), locale);
     break;
   }
+  case 'card': {
+    const target = args.filter((a) => !a.startsWith('--'))[1];
+    if (!target) error('Usage: kdna card <path> [--json] [--locale zh-CN]');
+    const localeIdx = args.indexOf('--locale');
+    const locale = localeIdx >= 0 ? args[localeIdx + 1] : null;
+    cmdCard(target, locale);
+    break;
+  }
   case 'verify': {
     const { cmdVerify } = require('./verify');
     const target = args.filter((a) => !a.startsWith('--'))[1];

package/src/cmds/domain.js

@@ -333,7 +333,8 @@ function cmdUnpack(filePath, force) {
   const outDir = path.join(path.dirname(abs), domainName);
 
   if (fs.existsSync(outDir)) {
-    if (!force) error(`Directory already exists: ${outDir}\nUse --force to overwrite.`, EXIT.INPUT_ERROR);
+    if (!force)
+      error(`Directory already exists: ${outDir}\nUse --force to overwrite.`, EXIT.INPUT_ERROR);
     fs.rmSync(outDir, { recursive: true, force: true });
   }
 
@@ -645,7 +646,11 @@ function cmdInspect(dir, jsonMode = false, locale = null) {
         frameworks: (c.frameworks || []).length,
         core_structures: (c.core_structure || []).length,
         stances: (c.stances || []).length,
-        preferred_terms: (pat?.terminology?.preferred_terms || pat?.terminology?.standard_terms || []).length,
+        preferred_terms: (
+          pat?.terminology?.preferred_terms ||
+          pat?.terminology?.standard_terms ||
+          []
+        ).length,
         banned_terms: (pat?.terminology?.banned_terms || []).length,
         misunderstandings: (pat?.misunderstandings || []).length,
         self_checks: (pat?.self_check || []).length,
@@ -725,7 +730,7 @@ function cmdInspect(dir, jsonMode = false, locale = null) {
 
   if (rea) console.log(`  Reasoning chains:   ${(rea.reasoning_chains || []).length}`);
 
-  if (evo)   console.log(`  Evolution stages:   ${(evo.stages || []).length}`);
+  if (evo) console.log(`  Evolution stages:   ${(evo.stages || []).length}`);
 
   // Governance metadata (with locale support)
   let kdnaCard = readJson(path.join(abs, 'KDNA_CARD.json'));
@@ -745,9 +750,18 @@ function cmdInspect(dir, jsonMode = false, locale = null) {
     if (summary && locale) console.log(`  Summary:        ${summary}`);
     console.log(`  Risk level:     ${kdnaCard.risk_level || '?'}`);
     console.log(`  Review status:  ${kdnaCard.review_status || '?'}`);
-    if (kdnaCard.intended_use?.length) console.log(`  Intended use:   ${kdnaCard.intended_use[0]}${kdnaCard.intended_use.length > 1 ? ` (+${kdnaCard.intended_use.length - 1} more)` : ''}`);
-    if (kdnaCard.out_of_scope?.length) console.log(`  Out of scope:   ${kdnaCard.out_of_scope[0]}${kdnaCard.out_of_scope.length > 1 ? ` (+${kdnaCard.out_of_scope.length - 1} more)` : ''}`);
-    if (kdnaCard.known_limitations?.length) console.log(`  Limitations:    ${kdnaCard.known_limitations[0]}${kdnaCard.known_limitations.length > 1 ? ` (+${kdnaCard.known_limitations.length - 1} more)` : ''}`);
+    if (kdnaCard.intended_use?.length)
+      console.log(
+        `  Intended use:   ${kdnaCard.intended_use[0]}${kdnaCard.intended_use.length > 1 ? ` (+${kdnaCard.intended_use.length - 1} more)` : ''}`,
+      );
+    if (kdnaCard.out_of_scope?.length)
+      console.log(
+        `  Out of scope:   ${kdnaCard.out_of_scope[0]}${kdnaCard.out_of_scope.length > 1 ? ` (+${kdnaCard.out_of_scope.length - 1} more)` : ''}`,
+      );
+    if (kdnaCard.known_limitations?.length)
+      console.log(
+        `  Limitations:    ${kdnaCard.known_limitations[0]}${kdnaCard.known_limitations.length > 1 ? ` (+${kdnaCard.known_limitations.length - 1} more)` : ''}`,
+      );
     if (kdnaCard.requires_expert_review) console.log(`  ⚠ Expert review required`);
   }
 
@@ -778,7 +792,9 @@ function cmdPackEncrypt(dir, args = []) {
 
   let manifest = readJson(path.join(abs, 'kdna.json'));
   if (!manifest) {
-    const jsonCount = fs.readdirSync(abs).filter(f => f.endsWith('.json') && f !== 'kdna.json').length;
+    const jsonCount = fs
+      .readdirSync(abs)
+      .filter((f) => f.endsWith('.json') && f !== 'kdna.json').length;
     manifest = {
       kdna_spec: '1.0-rc',
       name: domainName,
@@ -803,7 +819,8 @@ function cmdPackEncrypt(dir, args = []) {
 
   if (licenseIdx >= 0) {
     const licensePath = args[licenseIdx + 1];
-    if (!licensePath || !fs.existsSync(licensePath)) error('License file not found', EXIT.INPUT_ERROR);
+    if (!licensePath || !fs.existsSync(licensePath))
+      error('License file not found', EXIT.INPUT_ERROR);
     const license = JSON.parse(fs.readFileSync(licensePath, 'utf8'));
     const licenseKey = license.license_id;
     const fp = machineFingerprint();
@@ -813,7 +830,10 @@ function cmdPackEncrypt(dir, args = []) {
     if (!rawKey) error('--key requires a value', EXIT.INPUT_ERROR);
     encKey = deriveKey(rawKey, machineFingerprint());
   } else {
-    error('Use --license <license.json> or --key <secret> to provide encryption key', EXIT.INPUT_ERROR);
+    error(
+      'Use --license <license.json> or --key <secret> to provide encryption key',
+      EXIT.INPUT_ERROR,
+    );
   }
 
   const outputDir = args.includes('--output') ? args[args.indexOf('--output') + 1] : null;
@@ -823,7 +843,7 @@ function cmdPackEncrypt(dir, args = []) {
 
   // Build encrypted ZIP
   const zlib = require('zlib');
-  const files = fs.readdirSync(abs).filter(f => {
+  const files = fs.readdirSync(abs).filter((f) => {
     if (f.startsWith('.')) return false;
     const ext = path.extname(f);
     return ext === '.json' || f === 'README.md' || f === 'LICENSE' || f === 'kdna.json';
@@ -897,7 +917,9 @@ function cmdPackEncrypt(dir, args = []) {
 
   console.log(`✓ Encrypted pack: ${outPath}`);
   console.log(`  Domain: ${domainName} v${manifest.version}`);
-  console.log(`  Files: ${files.length} (${files.filter(isEncryptable).length} encrypted, ${files.filter(f => !isEncryptable(f)).length} plaintext)`);
+  console.log(
+    `  Files: ${files.length} (${files.filter(isEncryptable).length} encrypted, ${files.filter((f) => !isEncryptable(f)).length} plaintext)`,
+  );
   console.log(`  Container: AES-256-GCM .kdnae`);
 }
 
@@ -916,7 +938,8 @@ function cmdUnpackEncrypt(filePath, args = []) {
 
   if (licenseIdx >= 0) {
     const licensePath = args[licenseIdx + 1];
-    if (!licensePath || !fs.existsSync(licensePath)) error('License file not found', EXIT.INPUT_ERROR);
+    if (!licensePath || !fs.existsSync(licensePath))
+      error('License file not found', EXIT.INPUT_ERROR);
     const license = JSON.parse(fs.readFileSync(licensePath, 'utf8'));
     const licenseKey = license.license_id;
     const fp = machineFingerprint();
@@ -934,7 +957,8 @@ function cmdUnpackEncrypt(filePath, args = []) {
   const force = args.includes('--force');
 
   if (fs.existsSync(outDir)) {
-    if (!force) error(`Directory already exists: ${outDir}\nUse --force to overwrite.`, EXIT.INPUT_ERROR);
+    if (!force)
+      error(`Directory already exists: ${outDir}\nUse --force to overwrite.`, EXIT.INPUT_ERROR);
     fs.rmSync(outDir, { recursive: true, force: true });
   }
   fs.mkdirSync(outDir, { recursive: true });
@@ -954,10 +978,17 @@ zf.close()
       fs.writeFileSync(tmpPy, script);
       execSync(`python3 ${tmpPy}`, { stdio: 'pipe' });
     } catch {
-      try { execSync(`unzip -q -o "${abs}" -d "${tmpDir}"`, { stdio: 'pipe' }); }
-      catch { error('Cannot unpack .kdnae container'); }
+      try {
+        execSync(`unzip -q -o "${abs}" -d "${tmpDir}"`, { stdio: 'pipe' });
+      } catch {
+        error('Cannot unpack .kdnae container');
+      }
     } finally {
-      try { fs.unlinkSync(tmpPy); } catch { /* cleanup */ }
+      try {
+        fs.unlinkSync(tmpPy);
+      } catch {
+        /* cleanup */
+      }
     }
 
     // Copy plaintext files, decrypt KDNA files
@@ -979,13 +1010,93 @@ zf.close()
       }
     }
   } finally {
-    try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch { /* cleanup */ }
+    try {
+      fs.rmSync(tmpDir, { recursive: true, force: true });
+    } catch {
+      /* cleanup */
+    }
   }
 
   console.log(`✓ Decrypted: ${outDir}`);
   const files = fs.readdirSync(outDir);
   console.log(`  Files: ${files.length}`);
-  files.forEach(f => console.log(`    ${f}`));
+  files.forEach((f) => console.log(`    ${f}`));
+}
+
+// ─── KDNA Card (locale-aware) ────────────────────────────────────
+
+function cmdCard(dir, locale = null) {
+  const abs = path.resolve(dir);
+  let card = readJson(path.join(abs, 'KDNA_CARD.json'));
+
+  if (locale) {
+    const localeCard = readJson(path.join(abs, 'locales', locale, 'KDNA_CARD.json'));
+    if (localeCard) {
+      card = { ...card, ...localeCard };
+    }
+  }
+
+  if (!card) {
+    error(
+      `No KDNA_CARD.json found in ${abs}${locale ? ` or locales/${locale}/` : ''}`,
+      EXIT.INPUT_ERROR,
+    );
+  }
+
+  const jsonMode = process.argv.includes('--json');
+
+  if (jsonMode) {
+    console.log(JSON.stringify(card, null, 2));
+    return;
+  }
+
+  console.log('═'.repeat(60));
+  console.log(`  KDNA Card${locale ? ` (${locale})` : ''}`);
+  console.log('═'.repeat(60));
+  console.log('');
+  if (card.display_name) console.log(`  Display name:   ${card.display_name}`);
+  console.log(`  Domain:         ${card.name || '?'}`);
+  console.log(`  Version:        ${card.version || '?'}`);
+  console.log(`  Risk level:     ${card.risk_level || '?'}`);
+  console.log(`  Quality:        ${card.quality_badge || '?'}`);
+  console.log(`  Review:         ${card.review_status || '?'}`);
+  console.log(`  License:        ${card.license || '?'}`);
+  if (card.summary) console.log(`  Summary:        ${card.summary}`);
+  console.log('');
+  if (card.intended_use?.length) {
+    console.log('  ── Intended Use ──');
+    card.intended_use.forEach((u) => console.log(`  ✓ ${u}`));
+    console.log('');
+  }
+  if (card.out_of_scope?.length) {
+    console.log('  ── Out of Scope ──');
+    card.out_of_scope.forEach((o) => console.log(`  ✗ ${o}`));
+    console.log('');
+  }
+  if (card.known_limitations?.length) {
+    console.log('  ── Known Limitations ──');
+    card.known_limitations.forEach((l) => console.log(`  ⚠ ${l}`));
+    console.log('');
+  }
+  if (card.risk_warnings?.length) {
+    console.log('  ── Risk Warnings ──');
+    card.risk_warnings.forEach((w) => console.log(`  ⚡ ${w}`));
+    console.log('');
+  }
+  if (card.author_responsibility) {
+    console.log(`  Author: ${card.author_responsibility}`);
+    console.log('');
+  }
+  if (card.provenance) {
+    console.log('  ── Provenance ──');
+    console.log(`  Studio:    ${card.provenance.studio_core || '?'}`);
+    console.log(`  Version:   ${card.provenance.studio_core_version || '?'}`);
+    console.log(`  Built:     ${card.provenance.built_at || '?'}`);
+    if (card.provenance.content_fingerprint)
+      console.log(`  Fingerprint: ${card.provenance.content_fingerprint}`);
+    console.log('');
+  }
+  console.log('═'.repeat(60));
 }
 
 module.exports = {
@@ -995,4 +1106,5 @@ module.exports = {
   cmdUnpack,
   cmdUnpackEncrypt,
   cmdInspect,
+  cmdCard,
 };

package/src/verify.js

@@ -467,6 +467,87 @@ function checkI18n(destDir) {
   };
 }
 
+// ─── Governance layer ───────────────────────────────────────────────
+
+function checkGovernance(destDir) {
+  const issues = [];
+  const passed = [];
+  const card = readJson(path.join(destDir, 'KDNA_CARD.json')) || {};
+
+  if (!readJson(path.join(destDir, 'KDNA_CARD.json'))) {
+    issues.push({ severity: 'error', msg: 'governance: KDNA_CARD.json missing — required' });
+    return { layer: 'governance', passed: false, issues, results: issues.map((i) => i.msg) };
+  }
+  passed.push('KDNA_CARD.json present');
+
+  if (!card.risk_level) {
+    issues.push({ severity: 'error', msg: 'governance: risk_level not declared (R0/R1/R2/R3)' });
+  } else if (!['R0', 'R1', 'R2', 'R3'].includes(card.risk_level)) {
+    issues.push({ severity: 'error', msg: `governance: invalid risk_level "${card.risk_level}"` });
+  } else {
+    passed.push(`risk_level: ${card.risk_level}`);
+  }
+
+  if (!card.intended_use?.length) {
+    issues.push({ severity: 'error', msg: 'governance: intended_use empty' });
+  } else {
+    passed.push(`intended_use: ${card.intended_use.length} entries`);
+  }
+
+  if (!card.out_of_scope?.length) {
+    issues.push({ severity: 'error', msg: 'governance: out_of_scope empty' });
+  } else {
+    passed.push(`out_of_scope: ${card.out_of_scope.length} entries`);
+  }
+
+  if (!card.known_limitations?.length) {
+    issues.push({ severity: 'warn', msg: 'governance: known_limitations empty' });
+  } else {
+    passed.push(`known_limitations: ${card.known_limitations.length} entries`);
+  }
+
+  if (['R1', 'R2', 'R3'].includes(card.risk_level) && !card.author_responsibility) {
+    issues.push({
+      severity: 'warn',
+      msg: `governance: risk ${card.risk_level} should declare author_responsibility`,
+    });
+  }
+
+  if (['R2', 'R3'].includes(card.risk_level)) {
+    if (!card.reviewed_by && !card.requires_expert_review) {
+      issues.push({
+        severity: 'error',
+        msg: `governance: risk ${card.risk_level} requires expert_review`,
+      });
+    }
+    if (!card.risk_warnings?.length) {
+      issues.push({
+        severity: 'error',
+        msg: `governance: risk ${card.risk_level} requires risk_warnings`,
+      });
+    }
+  }
+
+  if (!card.human_lock_summary)
+    issues.push({ severity: 'warn', msg: 'governance: human_lock_summary missing' });
+  else passed.push('human_lock_summary present');
+
+  if (!card.provenance) issues.push({ severity: 'warn', msg: 'governance: provenance missing' });
+  else passed.push('provenance present');
+
+  if (!card.quality_badge)
+    issues.push({ severity: 'warn', msg: 'governance: quality_badge missing' });
+  else passed.push(`quality_badge: ${card.quality_badge}`);
+
+  return {
+    layer: 'governance',
+    passed: issues.filter((i) => i.severity === 'error').length === 0,
+    issues,
+    results: passed.concat(issues.map((i) => i.msg)),
+    score: { total: passed.length, max: passed.length + issues.length },
+  };
+}
+
 // ─── Main ──────────────────────────────────────────────────────────────
 
 function cmdVerify(input, args = []) {
@@ -477,8 +558,9 @@ function cmdVerify(input, args = []) {
     trust: args.includes('--trust'),
     judgment: args.includes('--judgment'),
     i18n: args.includes('--i18n'),
+    governance: args.includes('--governance'),
   };
-  const all = !want.structure && !want.trust && !want.judgment && !want.i18n;
+  const all = !want.structure && !want.trust && !want.judgment && !want.i18n && !want.governance;
   if (all) want.structure = want.trust = want.judgment = true;
 
   // Resolve name → installed path + scope/entry
@@ -532,6 +614,7 @@ function cmdVerify(input, args = []) {
   if (want.trust) results.push(checkTrust(destDir, scope, entry));
   if (want.judgment) results.push(checkJudgment(destDir));
   if (want.i18n) results.push(checkI18n(destDir));
+  if (want.governance) results.push(checkGovernance(destDir));
 
   // ── JSON output ──────────────────────────────────────────────────────
   if (jsonMode) {
@@ -548,6 +631,8 @@ function cmdVerify(input, args = []) {
     const structureResult = results.find((r) => r.layer === 'structure');
     const trustResult = results.find((r) => r.layer === 'trust');
     const judgmentResult = results.find((r) => r.layer === 'judgment');
+    const i18nResult = results.find((r) => r.layer === 'i18n');
+    const governanceResult = results.find((r) => r.layer === 'governance');
 
     let exitCode = EXIT.OK;
     if (structureResult && structureResult.issues.some((i) => i.severity === 'error')) {