@aikdna/kdna-cli 0.26.2 → 0.26.4

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aikdna/kdna-cli",
-  "version": "0.26.2",
-  "description": "KDNA CLI — runtime control plane for verifying, installing, loading, comparing, publishing, and auditing existing .kdna assets.",
+  "version": "0.26.4",
+  "description": "KDNA CLI — runtime control plane for inspecting, validating, planning, packing, unpacking, and loading local .kdna assets.",
   "type": "commonjs",
   "bin": {
     "kdna": "src/cli.js",

package/src/cmds/_common.js

@@ -57,7 +57,7 @@ Usage:
   kdna init <name>              Deprecated alias for kdna dev scaffold <name>
   kdna dev scaffold <name>      Scaffold a non-canonical dev source workspace
   kdna dev validate <path>      Validate a dev source directory
-  kdna dev pack <path>          Build a dev-only non-trusted .kdna bundle
+  kdna dev pack <path>          Build a dev-only diagnostic .kdna bundle
   kdna dev unpack <path>        Unpack .kdna into a dev source directory
   kdna dev inspect <path>       Inspect a dev source directory
   kdna dev card <path>          Display KDNA Card from a dev source directory

package/src/cmds/demo.js

@@ -52,6 +52,9 @@ function cmdDemo(args) {
   process.stdout.write(`  kdna inspect  ${dest}\n`);
   process.stdout.write(`  kdna validate ${dest}\n`);
   process.stdout.write(`  kdna pack     ${dest} ${dest}.kdna\n`);
+  process.stdout.write(`  kdna validate ${dest}.kdna\n`);
+  process.stdout.write(`  kdna plan-load ${dest}.kdna\n`);
+  process.stdout.write(`  kdna load     ${dest}.kdna --profile=compact --as=prompt\n`);
 }
 
 module.exports = { cmdDemo };

package/src/cmds/domain.js

@@ -314,21 +314,9 @@ function cmdPack(dir, outputDir) {
   if (!core) error('KDNA_Core.json not found or invalid');
   if (!pat) error('KDNA_Patterns.json not found or invalid');
 
-  console.warn('Warning: kdna dev pack creates a dev-only non-trusted .kdna bundle.');
-  console.warn('Use KDNA Studio compile/export to create a trusted canonical .kdna asset.');
-
-  // Human Lock Gate — check judgment-class cards before packing
-  const { checkHumanLock } = require('../publish');
-  const hl = checkHumanLock(abs);
-  if (!hl.passed) {
-    console.error('Human Lock Gate: BLOCKED');
-    for (const issue of hl.issues) {
-      console.error(`  ✗ ${issue}`);
-    }
-    console.error('Judgment-class cards must be locked with valid Human Lock before packing.');
-    console.error('Use kdna publish --check for details.');
-    process.exit(EXIT.HUMAN_LOCK_REQUIRED);
-  }
+  console.warn('Warning: kdna dev pack creates a dev-only .kdna bundle.');
+  console.warn('Use KDNA Studio compile/export for release-grade authoring evidence.');
+  console.warn('Human Lock is optional provenance and is not required for format validity.');
 
   const domainName = core.meta?.domain || path.basename(abs);
 

package/src/publish.js

@@ -175,9 +175,9 @@ function checkHumanLock(domainPath) {
   if (cards.length === 0) return { passed: true, issues: [] };
 
   for (const card of cards) {
-    // Rule 1: Must be locked
+    // Rule 1: Legacy publish evidence requires Studio approval.
     if (!card.status || !['locked', 'tested', 'published'].includes(card.status)) {
-      issues.push(`${card.type} "${card.id}" is not locked. Human Lock required before publish.`);
+      issues.push(`${card.type} "${card.id}" is not approved for legacy publish evidence.`);
       continue;
     }
     // Rule 2: Must have human_lock record
@@ -607,15 +607,15 @@ function publicKeyToScopeFormat(publicKeyPem) {
  * kdna publish <file.kdna> — Publish an existing Studio-compiled asset.
  *
  * Publishing no longer packs arbitrary source directories. Source directories
- * are non-canonical dev workspaces; trusted assets come from Studio-compatible
- * compile/export pipelines.
+ * are non-canonical dev workspaces; release-evidence assets come from
+ * Studio-compatible compile/export pipelines.
  */
 function cmdPublish(assetPath, args = []) {
   const abs = path.resolve(assetPath);
   if (!fs.existsSync(abs)) error(`Path not found: ${abs}`, EXIT.INPUT_ERROR);
   if (fs.statSync(abs).isDirectory()) {
     error(
-      'kdna publish only accepts existing .kdna assets. Source directories are non-canonical; use KDNA Studio compile/export, then run kdna publish <file.kdna>.',
+      'kdna publish only accepts existing .kdna assets. Source directories are non-canonical; use KDNA Studio compile/export, then run kdna publish <file.kdna> for legacy publish compatibility.',
       EXIT.INPUT_ERROR,
     );
   }
@@ -710,12 +710,6 @@ function validateAuthoringProvenance(manifest) {
   const badge = manifest.quality_badge || 'untested';
   const highTrust = (badgeRank[badge] || 0) >= badgeRank.tested;
   const authoring = manifest.authoring;
-  const studioCompatible = new Set([
-    'kdna-studio',
-    'kdna-studio-cli',
-    'kdna-studio-sdk',
-    'third-party-studio-compatible',
-  ]);
 
   if (!authoring) {
     if (highTrust) issues.push(`quality_badge "${badge}" requires authoring provenance`);
@@ -724,28 +718,38 @@ function validateAuthoringProvenance(manifest) {
   if (authoring.created_by === 'manual-dev-source' && highTrust) {
     issues.push('manual-dev-source assets cannot claim tested or higher quality');
   }
-  if (highTrust && !studioCompatible.has(authoring.created_by)) {
-    issues.push(`quality_badge "${badge}" requires Studio-compatible created_by`);
+  // Conformance-based check: any tool that passes the official validator is compatible.
+  // The authoring.conformance block records validator identity and pass status.
+  if (highTrust) {
+    const conformance = authoring.conformance;
+    if (!conformance || !conformance.passed) {
+      issues.push(
+        `quality_badge "${badge}" requires conformance validation (authoring.conformance.passed = true)`,
+      );
+    }
+    if (!conformance || !conformance.spec_version) {
+      issues.push('release-evidence assets require authoring.conformance.spec_version');
+    }
   }
-  if (highTrust && !authoring.compiler) issues.push('trusted assets require authoring.compiler');
+  if (highTrust && !authoring.compiler) issues.push('release-evidence assets require authoring.compiler');
   if (highTrust && !authoring.compiler_version) {
-    issues.push('trusted assets require authoring.compiler_version');
+    issues.push('release-evidence assets require authoring.compiler_version');
   }
   if (highTrust && !authoring.compiled_at)
-    issues.push('trusted assets require authoring.compiled_at');
+    issues.push('release-evidence assets require authoring.compiled_at');
   for (const field of ['asset_uid', 'project_uid', 'build_id', 'domain_id', 'content_digest']) {
     if (highTrust && !authoring[field] && !manifest[field]) {
-      issues.push(`trusted assets require ${field} in authoring provenance or manifest`);
+      issues.push(`release-evidence assets require ${field} in authoring provenance or manifest`);
     }
   }
   if (highTrust && authoring.human_confirmed !== true) {
-    issues.push('trusted assets require authoring.human_confirmed = true');
+    issues.push('release-evidence assets require authoring.human_confirmed = true');
   }
   if (highTrust && !Number.isInteger(authoring.human_lock_count)) {
-    issues.push('trusted assets require authoring.human_lock_count');
+    issues.push('release-evidence assets require authoring.human_lock_count');
   }
   if (highTrust && Number.isInteger(authoring.human_lock_count) && authoring.human_lock_count < 1) {
-    issues.push('trusted assets require at least one Human Lock');
+    issues.push('release-evidence assets require at least one Human Lock when that claim is made');
   }
   return issues;
 }

package/src/verify.js

@@ -20,6 +20,7 @@ const path = require('path');
 const { RegistryResolver, parseName, registryTrustIssues, isEntryRevoked } = require('./registry');
 const { EXIT, isYesNoSelfCheck } = require('./cmds/_common');
 const { licenseDecryptOptionsForManifest } = require('./cmds/license');
+const { validateAuthoringProvenance } = require('./publish');
 
 const {
   getInstalled,
@@ -515,71 +516,24 @@ function checkJudgment(input, options = {}) {
   };
   const badge = manifest?.quality_badge || 'untested';
   const highTrust = (badgeRank[badge] || 0) >= badgeRank.tested;
-  const authoring = manifest?.authoring;
-  const studioCompatible = new Set([
-    'kdna-studio',
-    'kdna-studio-cli',
-    'kdna-studio-sdk',
-    'third-party-studio-compatible',
-  ]);
   if (highTrust) {
-    if (!authoring) {
-      score.max += 2;
+    const provenanceIssues = validateAuthoringProvenance(manifest || {});
+    score.max += 1;
+    if (provenanceIssues.length) {
       issues.push({
         severity: 'error',
-        msg: `quality_badge ${badge} requires authoring provenance`,
+        msg: `quality_badge ${badge} authoring provenance gate failed: ${provenanceIssues.join('; ')}`,
       });
     } else {
-      const okSource = studioCompatible.has(authoring.created_by);
-      bump(1, okSource ? 1 : 0, `authoring.created_by: ${authoring.created_by || '?'}`);
-      if (!okSource) {
-        issues.push({
-          severity: 'error',
-          msg: 'trusted quality requires Studio-compatible authoring.created_by',
-        });
-      }
-      const hasCompiler = !!(
-        authoring.compiler &&
-        authoring.compiler_version &&
-        authoring.compiled_at
-      );
-      bump(1, hasCompiler ? 1 : 0, 'authoring compiler metadata present');
-      if (!hasCompiler) {
-        issues.push({
-          severity: 'error',
-          msg: 'trusted quality requires compiler, compiler_version, and compiled_at',
-        });
-      }
-      const hasIdentity = [
-        'asset_uid',
-        'project_uid',
-        'build_id',
-        'domain_id',
-        'content_digest',
-      ].every((field) => !!(authoring[field] || manifest[field]));
-      bump(1, hasIdentity ? 1 : 0, 'authoring asset identity present');
-      if (!hasIdentity) {
-        issues.push({
-          severity: 'error',
-          msg: 'trusted quality requires asset_uid, project_uid, build_id, domain_id, and content_digest',
-        });
-      }
-      const humanConfirmed =
-        authoring.human_confirmed === true && Number(authoring.human_lock_count) > 0;
-      bump(1, humanConfirmed ? 1 : 0, `Human Lock provenance (${authoring.human_lock_count || 0})`);
-      if (!humanConfirmed) {
-        issues.push({
-          severity: 'error',
-          msg: 'trusted quality requires human_confirmed=true and human_lock_count > 0',
-        });
-      }
+      score.total += 1;
+      passed.push('✓ authoring provenance satisfies trusted quality gate');
     }
-  } else if (!authoring) {
+  } else if (!manifest?.authoring) {
     issues.push({
       severity: 'warn',
       msg: 'authoring provenance missing; asset cannot be promoted above untested',
     });
-  } else if (authoring.created_by === 'manual-dev-source') {
+  } else if (manifest.authoring.created_by === 'manual-dev-source') {
     passed.push('authoring provenance: manual-dev-source (untested ceiling)');
   }