@aikdna/kdna-cli 0.26.2 → 0.26.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/cmds/domain.js +3 -15
- package/src/publish.js +12 -8
- package/src/verify.js +9 -55
package/package.json
CHANGED
package/src/cmds/domain.js
CHANGED
|
@@ -314,21 +314,9 @@ function cmdPack(dir, outputDir) {
|
|
|
314
314
|
if (!core) error('KDNA_Core.json not found or invalid');
|
|
315
315
|
if (!pat) error('KDNA_Patterns.json not found or invalid');
|
|
316
316
|
|
|
317
|
-
console.warn('Warning: kdna dev pack creates a dev-only
|
|
318
|
-
console.warn('Use KDNA Studio compile/export
|
|
319
|
-
|
|
320
|
-
// Human Lock Gate — check judgment-class cards before packing
|
|
321
|
-
const { checkHumanLock } = require('../publish');
|
|
322
|
-
const hl = checkHumanLock(abs);
|
|
323
|
-
if (!hl.passed) {
|
|
324
|
-
console.error('Human Lock Gate: BLOCKED');
|
|
325
|
-
for (const issue of hl.issues) {
|
|
326
|
-
console.error(` ✗ ${issue}`);
|
|
327
|
-
}
|
|
328
|
-
console.error('Judgment-class cards must be locked with valid Human Lock before packing.');
|
|
329
|
-
console.error('Use kdna publish --check for details.');
|
|
330
|
-
process.exit(EXIT.HUMAN_LOCK_REQUIRED);
|
|
331
|
-
}
|
|
317
|
+
console.warn('Warning: kdna dev pack creates a dev-only .kdna bundle.');
|
|
318
|
+
console.warn('Use KDNA Studio compile/export for release-grade authoring evidence.');
|
|
319
|
+
console.warn('Human Lock is optional provenance and is not required for format validity.');
|
|
332
320
|
|
|
333
321
|
const domainName = core.meta?.domain || path.basename(abs);
|
|
334
322
|
|
package/src/publish.js
CHANGED
|
@@ -710,12 +710,6 @@ function validateAuthoringProvenance(manifest) {
|
|
|
710
710
|
const badge = manifest.quality_badge || 'untested';
|
|
711
711
|
const highTrust = (badgeRank[badge] || 0) >= badgeRank.tested;
|
|
712
712
|
const authoring = manifest.authoring;
|
|
713
|
-
const studioCompatible = new Set([
|
|
714
|
-
'kdna-studio',
|
|
715
|
-
'kdna-studio-cli',
|
|
716
|
-
'kdna-studio-sdk',
|
|
717
|
-
'third-party-studio-compatible',
|
|
718
|
-
]);
|
|
719
713
|
|
|
720
714
|
if (!authoring) {
|
|
721
715
|
if (highTrust) issues.push(`quality_badge "${badge}" requires authoring provenance`);
|
|
@@ -724,8 +718,18 @@ function validateAuthoringProvenance(manifest) {
|
|
|
724
718
|
if (authoring.created_by === 'manual-dev-source' && highTrust) {
|
|
725
719
|
issues.push('manual-dev-source assets cannot claim tested or higher quality');
|
|
726
720
|
}
|
|
727
|
-
|
|
728
|
-
|
|
721
|
+
// Conformance-based check: any tool that passes the official validator is compatible.
|
|
722
|
+
// The authoring.conformance block records validator identity and pass status.
|
|
723
|
+
if (highTrust) {
|
|
724
|
+
const conformance = authoring.conformance;
|
|
725
|
+
if (!conformance || !conformance.passed) {
|
|
726
|
+
issues.push(
|
|
727
|
+
`quality_badge "${badge}" requires conformance validation (authoring.conformance.passed = true)`,
|
|
728
|
+
);
|
|
729
|
+
}
|
|
730
|
+
if (!conformance || !conformance.spec_version) {
|
|
731
|
+
issues.push('trusted assets require authoring.conformance.spec_version');
|
|
732
|
+
}
|
|
729
733
|
}
|
|
730
734
|
if (highTrust && !authoring.compiler) issues.push('trusted assets require authoring.compiler');
|
|
731
735
|
if (highTrust && !authoring.compiler_version) {
|
package/src/verify.js
CHANGED
|
@@ -20,6 +20,7 @@ const path = require('path');
|
|
|
20
20
|
const { RegistryResolver, parseName, registryTrustIssues, isEntryRevoked } = require('./registry');
|
|
21
21
|
const { EXIT, isYesNoSelfCheck } = require('./cmds/_common');
|
|
22
22
|
const { licenseDecryptOptionsForManifest } = require('./cmds/license');
|
|
23
|
+
const { validateAuthoringProvenance } = require('./publish');
|
|
23
24
|
|
|
24
25
|
const {
|
|
25
26
|
getInstalled,
|
|
@@ -515,71 +516,24 @@ function checkJudgment(input, options = {}) {
|
|
|
515
516
|
};
|
|
516
517
|
const badge = manifest?.quality_badge || 'untested';
|
|
517
518
|
const highTrust = (badgeRank[badge] || 0) >= badgeRank.tested;
|
|
518
|
-
const authoring = manifest?.authoring;
|
|
519
|
-
const studioCompatible = new Set([
|
|
520
|
-
'kdna-studio',
|
|
521
|
-
'kdna-studio-cli',
|
|
522
|
-
'kdna-studio-sdk',
|
|
523
|
-
'third-party-studio-compatible',
|
|
524
|
-
]);
|
|
525
519
|
if (highTrust) {
|
|
526
|
-
|
|
527
|
-
|
|
520
|
+
const provenanceIssues = validateAuthoringProvenance(manifest || {});
|
|
521
|
+
score.max += 1;
|
|
522
|
+
if (provenanceIssues.length) {
|
|
528
523
|
issues.push({
|
|
529
524
|
severity: 'error',
|
|
530
|
-
msg: `quality_badge ${badge}
|
|
525
|
+
msg: `quality_badge ${badge} authoring provenance gate failed: ${provenanceIssues.join('; ')}`,
|
|
531
526
|
});
|
|
532
527
|
} else {
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
if (!okSource) {
|
|
536
|
-
issues.push({
|
|
537
|
-
severity: 'error',
|
|
538
|
-
msg: 'trusted quality requires Studio-compatible authoring.created_by',
|
|
539
|
-
});
|
|
540
|
-
}
|
|
541
|
-
const hasCompiler = !!(
|
|
542
|
-
authoring.compiler &&
|
|
543
|
-
authoring.compiler_version &&
|
|
544
|
-
authoring.compiled_at
|
|
545
|
-
);
|
|
546
|
-
bump(1, hasCompiler ? 1 : 0, 'authoring compiler metadata present');
|
|
547
|
-
if (!hasCompiler) {
|
|
548
|
-
issues.push({
|
|
549
|
-
severity: 'error',
|
|
550
|
-
msg: 'trusted quality requires compiler, compiler_version, and compiled_at',
|
|
551
|
-
});
|
|
552
|
-
}
|
|
553
|
-
const hasIdentity = [
|
|
554
|
-
'asset_uid',
|
|
555
|
-
'project_uid',
|
|
556
|
-
'build_id',
|
|
557
|
-
'domain_id',
|
|
558
|
-
'content_digest',
|
|
559
|
-
].every((field) => !!(authoring[field] || manifest[field]));
|
|
560
|
-
bump(1, hasIdentity ? 1 : 0, 'authoring asset identity present');
|
|
561
|
-
if (!hasIdentity) {
|
|
562
|
-
issues.push({
|
|
563
|
-
severity: 'error',
|
|
564
|
-
msg: 'trusted quality requires asset_uid, project_uid, build_id, domain_id, and content_digest',
|
|
565
|
-
});
|
|
566
|
-
}
|
|
567
|
-
const humanConfirmed =
|
|
568
|
-
authoring.human_confirmed === true && Number(authoring.human_lock_count) > 0;
|
|
569
|
-
bump(1, humanConfirmed ? 1 : 0, `Human Lock provenance (${authoring.human_lock_count || 0})`);
|
|
570
|
-
if (!humanConfirmed) {
|
|
571
|
-
issues.push({
|
|
572
|
-
severity: 'error',
|
|
573
|
-
msg: 'trusted quality requires human_confirmed=true and human_lock_count > 0',
|
|
574
|
-
});
|
|
575
|
-
}
|
|
528
|
+
score.total += 1;
|
|
529
|
+
passed.push('✓ authoring provenance satisfies trusted quality gate');
|
|
576
530
|
}
|
|
577
|
-
} else if (!authoring) {
|
|
531
|
+
} else if (!manifest?.authoring) {
|
|
578
532
|
issues.push({
|
|
579
533
|
severity: 'warn',
|
|
580
534
|
msg: 'authoring provenance missing; asset cannot be promoted above untested',
|
|
581
535
|
});
|
|
582
|
-
} else if (authoring.created_by === 'manual-dev-source') {
|
|
536
|
+
} else if (manifest.authoring.created_by === 'manual-dev-source') {
|
|
583
537
|
passed.push('authoring provenance: manual-dev-source (untested ceiling)');
|
|
584
538
|
}
|
|
585
539
|
|