@archsight/aios 1.0.1 → 1.1.0

package/bin/archsight-aios.mjs

@@ -3,6 +3,7 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import os from "node:os";
+import { spawn } from "node:child_process";
 import { fileURLToPath } from "node:url";
 
 const __filename = fileURLToPath(import.meta.url);
@@ -43,6 +44,7 @@ const skillAliases = {
     "aios-bim-domain-modeling",
     "archsight-bim-domain-modeling"
   ],
+  "aios-structural": ["aios-structural-review", "archsight-structural-review"],
   "aios-runtime": [
     "aios-runtime-design",
     "archsight-runtime-design",
@@ -62,6 +64,7 @@ function usage() {
     "  archsight-aios doctor",
     "  archsight-aios init [--cwd <path>] [--mode <auto|full|linked|ai-only>] [--profile <name>]",
     "  archsight-aios validate [--cwd <path>] [--profile <name>] [--temp]",
+    "  archsight-aios capability:call --capability <id> --agent <id> --skill <id> --input <json-file>",
     "  archsight-aios hermes:validate",
     "  archsight-aios hermes:sync-dry-run",
     "  archsight-aios hermes:detect-drift",
@@ -72,6 +75,7 @@ function usage() {
     "  doctor                Check repository assets and user-level installation.",
     "  init                  Add AI rules and .ai governance files to a project.",
     "  validate              Validate the project AI template output.",
+    "  capability:call       Authorize and call a registered local Capability adapter.",
     "  hermes:*              Validate or dry-run Hermes runtime prompt sync.",
     "",
     "Examples:",
@@ -94,7 +98,15 @@ function parseArgs(argv) {
     profile: undefined,
     cwd: process.cwd(),
     help,
-    temp: false
+    temp: false,
+    capability: undefined,
+    agent: undefined,
+    skill: undefined,
+    input: undefined,
+    mcpCwd: undefined,
+    mcpCommand: undefined,
+    mcpArgs: [],
+    timeoutMs: undefined
   };
 
   for (let i = 0; i < rest.length; i += 1) {
@@ -111,6 +123,22 @@ function parseArgs(argv) {
       options.profile = rest[++i];
     } else if (arg === "--temp") {
       options.temp = true;
+    } else if (arg === "--capability") {
+      options.capability = rest[++i];
+    } else if (arg === "--agent") {
+      options.agent = rest[++i];
+    } else if (arg === "--skill") {
+      options.skill = rest[++i];
+    } else if (arg === "--input") {
+      options.input = path.resolve(rest[++i]);
+    } else if (arg === "--mcp-cwd") {
+      options.mcpCwd = path.resolve(rest[++i]);
+    } else if (arg === "--mcp-command") {
+      options.mcpCommand = rest[++i];
+    } else if (arg === "--mcp-arg") {
+      options.mcpArgs.push(rest[++i]);
+    } else if (arg === "--timeout-ms") {
+      options.timeoutMs = Number(rest[++i]);
     } else if (arg === "--help" || arg === "-h") {
       options.help = true;
     } else {
@@ -213,6 +241,373 @@ async function readJson(filePath) {
   return JSON.parse(raw);
 }
 
+async function readCapabilityRegistry() {
+  const manifest = await readManifest();
+  const registryPath = path.join(repoRoot, manifest.capabilityRegistry.registryPath);
+  return readJson(registryPath);
+}
+
+async function readCapabilityAdapters() {
+  const manifest = await readManifest();
+  const adapterPath = manifest.capabilityRegistry?.adapterPath;
+  if (!adapterPath) {
+    return { schema: 1, adapters: [] };
+  }
+  return readJson(path.join(repoRoot, adapterPath));
+}
+
+function jsonTypeMatches(schemaType, value) {
+  if (schemaType === "object") {
+    return value !== null && typeof value === "object" && !Array.isArray(value);
+  }
+  if (schemaType === "array") {
+    return Array.isArray(value);
+  }
+  if (schemaType === "integer") {
+    return Number.isInteger(value);
+  }
+  if (schemaType === "number") {
+    return typeof value === "number" && Number.isFinite(value);
+  }
+  if (schemaType === "string") {
+    return typeof value === "string";
+  }
+  if (schemaType === "boolean") {
+    return typeof value === "boolean";
+  }
+  return true;
+}
+
+function valueAtPath(value, fieldPath) {
+  return fieldPath.split(".").reduce((current, key) => {
+    if (current === null || typeof current !== "object") {
+      return undefined;
+    }
+    return current[key];
+  }, value);
+}
+
+function validateJsonSchemaSubset(schema, value, label = "$", errors = []) {
+  if (!schema || typeof schema !== "object") {
+    return errors;
+  }
+
+  if (schema.type && !jsonTypeMatches(schema.type, value)) {
+    errors.push(`${label} expected ${schema.type}`);
+    return errors;
+  }
+
+  if (schema.enum && !schema.enum.includes(value)) {
+    errors.push(`${label} expected one of ${schema.enum.join(", ")}`);
+  }
+
+  if (typeof schema.minimum === "number" && typeof value === "number" && value < schema.minimum) {
+    errors.push(`${label} must be >= ${schema.minimum}`);
+  }
+
+  if (schema.type === "object" && value !== null && typeof value === "object" && !Array.isArray(value)) {
+    for (const requiredField of schema.required ?? []) {
+      if (!Object.hasOwn(value, requiredField)) {
+        errors.push(`${label}.${requiredField} is required`);
+      }
+    }
+
+    for (const [property, propertySchema] of Object.entries(schema.properties ?? {})) {
+      if (Object.hasOwn(value, property)) {
+        validateJsonSchemaSubset(propertySchema, value[property], `${label}.${property}`, errors);
+      }
+    }
+  }
+
+  if (schema.type === "array" && Array.isArray(value) && schema.items) {
+    value.forEach((item, index) => validateJsonSchemaSubset(schema.items, item, `${label}[${index}]`, errors));
+  }
+
+  return errors;
+}
+
+function findCapability(registry, capabilityId) {
+  return (registry.capabilities ?? []).find((capability) => capability.id === capabilityId);
+}
+
+function findCapabilityAdapter(adapters, capabilityId) {
+  return (adapters.adapters ?? []).find((adapter) => (adapter.capabilityIds ?? []).includes(capabilityId));
+}
+
+function authorizeCapability(capability, options) {
+  if (!options.agent) {
+    throw new Error("--agent is required for Capability calls");
+  }
+  if (!options.skill) {
+    throw new Error("--skill is required for Capability calls");
+  }
+  if (!capability.ownerAgents.includes(options.agent)) {
+    throw new Error(`Capability denied: agent ${options.agent} cannot call ${capability.id}`);
+  }
+  if ((capability.allowedSkills ?? []).length > 0 && !capability.allowedSkills.includes(options.skill)) {
+    throw new Error(`Capability denied: skill ${options.skill} cannot call ${capability.id}`);
+  }
+}
+
+function normalizeExpectedValue(rawValue) {
+  const trimmed = rawValue.trim();
+  if (trimmed === "true") {
+    return true;
+  }
+  if (trimmed === "false") {
+    return false;
+  }
+  if (/^-?\d+(\.\d+)?$/.test(trimmed)) {
+    return Number(trimmed);
+  }
+  return trimmed.replace(/^["']|["']$/g, "");
+}
+
+function evaluateRuleCondition(condition, result) {
+  const match = condition.match(/^([A-Za-z0-9_.]+)\s*==\s*(.+)$/);
+  if (!match) {
+    return false;
+  }
+  const actual = valueAtPath(result, match[1]);
+  const expected = normalizeExpectedValue(match[2]);
+  return actual === expected;
+}
+
+function evaluateCapabilityDecision(capability, result, validationErrors) {
+  const missingEvidence = (capability.evidenceContract?.requiredFields ?? [])
+    .filter((field) => valueAtPath(result, field) === undefined);
+  const matchedRules = (capability.blockingRules ?? [])
+    .filter((rule) => evaluateRuleCondition(rule.when, result));
+
+  if (validationErrors.length > 0 || missingEvidence.length > 0) {
+    return {
+      action: "hold",
+      severity: "P1",
+      matchedRules,
+      missingEvidence,
+      validationErrors
+    };
+  }
+
+  if (matchedRules.length === 0) {
+    return {
+      action: "proceed",
+      severity: "none",
+      matchedRules,
+      missingEvidence,
+      validationErrors
+    };
+  }
+
+  const actionRank = { block: 4, human_escalation: 3, hold: 2, revise: 1 };
+  const severityRank = { P0: 3, P1: 2, P2: 1 };
+  const sorted = [...matchedRules].sort((left, right) => {
+    const severityDiff = (severityRank[right.severity] ?? 0) - (severityRank[left.severity] ?? 0);
+    if (severityDiff !== 0) {
+      return severityDiff;
+    }
+    return (actionRank[right.action] ?? 0) - (actionRank[left.action] ?? 0);
+  });
+
+  return {
+    action: sorted[0].action,
+    severity: sorted[0].severity,
+    matchedRules,
+    missingEvidence,
+    validationErrors
+  };
+}
+
+function defaultAdapterCwd(adapter, options) {
+  if (options.mcpCwd) {
+    return options.mcpCwd;
+  }
+  if (adapter.cwdEnv && process.env[adapter.cwdEnv]) {
+    return path.resolve(process.env[adapter.cwdEnv]);
+  }
+  if (adapter.defaultSiblingDir) {
+    return path.resolve(repoRoot, "..", adapter.defaultSiblingDir);
+  }
+  return repoRoot;
+}
+
+function resolveCapabilityAdapter(adapter, capabilityId, options) {
+  return {
+    command: options.mcpCommand || adapter.command,
+    args: options.mcpArgs.length > 0 ? options.mcpArgs : adapter.args ?? [],
+    cwd: defaultAdapterCwd(adapter, options),
+    toolName: adapter.toolNameMap?.[capabilityId] ?? capabilityId.split(".").at(-1),
+    timeoutMs: Number(options.timeoutMs || adapter.timeoutMs || 30000)
+  };
+}
+
+function callMcpStdio({ command, args, cwd, toolName, input, timeoutMs }) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(command, args, {
+      cwd,
+      stdio: ["pipe", "pipe", "pipe"],
+      windowsHide: true
+    });
+    let stdout = "";
+    let stderr = "";
+    let settled = false;
+
+    function settle(callback, value) {
+      if (settled) {
+        return;
+      }
+      settled = true;
+      clearTimeout(timer);
+      callback(value);
+    }
+
+    const timer = setTimeout(() => {
+      child.kill();
+      settle(reject, new Error(`MCP call timed out after ${timeoutMs}ms`));
+    }, timeoutMs);
+
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString("utf8");
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString("utf8");
+    });
+    child.on("error", (error) => {
+      settle(reject, error);
+    });
+    child.on("close", (exitCode) => {
+      if (exitCode !== 0) {
+        settle(reject, new Error(`MCP server exited with ${exitCode}: ${stderr.trim()}`));
+        return;
+      }
+
+      try {
+        const responses = stdout
+          .split(/\r?\n/)
+          .filter((line) => line.trim().length > 0)
+          .map((line) => JSON.parse(line));
+        const callResponse = responses.find((response) => response.id === 2);
+        if (!callResponse) {
+          throw new Error("MCP tools/call response was not returned");
+        }
+        if (callResponse.error) {
+          throw new Error(`MCP tools/call failed: ${callResponse.error.message}`);
+        }
+        settle(resolve, {
+          initialize: responses.find((response) => response.id === 1)?.result,
+          call: callResponse.result,
+          stderr
+        });
+      } catch (error) {
+        settle(reject, new Error(`${error.message}. stdout: ${stdout.trim()}`));
+      }
+    });
+
+    const initialize = {
+      jsonrpc: "2.0",
+      id: 1,
+      method: "initialize",
+      params: {
+        protocolVersion: "2025-06-18",
+        capabilities: {},
+        clientInfo: { name: "archsight-aios", version: "1.0.1" }
+      }
+    };
+    const callTool = {
+      jsonrpc: "2.0",
+      id: 2,
+      method: "tools/call",
+      params: {
+        name: toolName,
+        arguments: input
+      }
+    };
+    child.stdin.write(`${JSON.stringify(initialize)}\n`);
+    child.stdin.write(`${JSON.stringify(callTool)}\n`);
+    child.stdin.end();
+  });
+}
+
+async function capabilityCall(options) {
+  if (!options.capability) {
+    throw new Error("--capability is required");
+  }
+  if (!options.input) {
+    throw new Error("--input is required");
+  }
+
+  const registry = await readCapabilityRegistry();
+  const capability = findCapability(registry, options.capability);
+  if (!capability) {
+    throw new Error(`Unknown Capability: ${options.capability}`);
+  }
+  authorizeCapability(capability, options);
+
+  const adapters = await readCapabilityAdapters();
+  const adapter = findCapabilityAdapter(adapters, capability.id);
+  if (!adapter) {
+    throw new Error(`No local adapter registered for Capability: ${capability.id}`);
+  }
+
+  const input = await readJson(options.input);
+  const inputErrors = validateJsonSchemaSubset(capability.inputSchema, input, "$.input");
+  if (inputErrors.length > 0) {
+    throw new Error(`Capability input validation failed: ${inputErrors.join("; ")}`);
+  }
+
+  const resolvedAdapter = resolveCapabilityAdapter(adapter, capability.id, options);
+  if (!resolvedAdapter.command) {
+    throw new Error(`Capability adapter ${adapter.id} does not define a command`);
+  }
+  if (!(await exists(resolvedAdapter.cwd))) {
+    throw new Error(`MCP adapter cwd not found: ${resolvedAdapter.cwd}`);
+  }
+
+  const mcp = await callMcpStdio({
+    command: resolvedAdapter.command,
+    args: resolvedAdapter.args,
+    cwd: resolvedAdapter.cwd,
+    toolName: resolvedAdapter.toolName,
+    input,
+    timeoutMs: resolvedAdapter.timeoutMs
+  });
+  const structuredContent = mcp.call?.structuredContent;
+  if (!structuredContent || typeof structuredContent !== "object") {
+    throw new Error("MCP tool result did not include structuredContent");
+  }
+
+  const outputErrors = validateJsonSchemaSubset(capability.outputSchema, structuredContent, "$.toolResult");
+  const decision = evaluateCapabilityDecision(capability, structuredContent, outputErrors);
+  const envelope = {
+    schema: 1,
+    capabilityId: capability.id,
+    agent: options.agent,
+    skill: options.skill,
+    authorized: true,
+    inputValidated: true,
+    adapter: {
+      id: adapter.id,
+      transport: adapter.transport,
+      cwd: resolvedAdapter.cwd,
+      command: resolvedAdapter.command,
+      args: resolvedAdapter.args,
+      toolName: resolvedAdapter.toolName
+    },
+    toolResult: structuredContent,
+    decision,
+    evidence: {
+      level: capability.authorityLevel,
+      source: "mcp.structuredContent",
+      serverInfo: mcp.initialize?.serverInfo
+    }
+  };
+
+  console.log(JSON.stringify(envelope, null, 2));
+  if (["block", "hold", "human_escalation"].includes(decision.action)) {
+    process.exitCode = 2;
+  }
+}
+
 function routeAgentName(manifest, agentId) {
   return manifest.agents.find((agent) => agent.id === agentId)?.displayName ?? agentId;
 }
@@ -624,6 +1019,44 @@ async function doctor() {
     await check("hermes sync record template", path.join(repoRoot, manifest.hermes.syncRecordTemplatePath));
   }
 
+  if (manifest.capabilityRegistry) {
+    const registryPath = path.join(repoRoot, manifest.capabilityRegistry.registryPath);
+    await check("capability registry schema", path.join(repoRoot, manifest.capabilityRegistry.schemaPath));
+    await check("capability registry", registryPath);
+    if (manifest.capabilityRegistry.adapterPath) {
+      await check("capability adapters", path.join(repoRoot, manifest.capabilityRegistry.adapterPath));
+    }
+
+    const registry = await readJson(registryPath);
+    checkCondition("capability registry schema version", registry.schema === 1, "schema === 1");
+    checkCondition("capability registry has capabilities", registry.capabilities?.length > 0, "capabilities.length > 0");
+
+    const capabilityIds = new Set();
+    for (const capability of registry.capabilities ?? []) {
+      checkCondition(`capability id unique ${capability.id}`, !capabilityIds.has(capability.id), capability.id);
+      capabilityIds.add(capability.id);
+      checkCondition(`capability authority ${capability.id}`, ["L1", "L2", "L3"].includes(capability.authorityLevel), capability.authorityLevel);
+      checkCondition(`capability has blocking rules ${capability.id}`, capability.blockingRules?.length > 0, "blockingRules.length > 0");
+      for (const agentId of capability.ownerAgents ?? []) {
+        checkCondition(`capability owner exists ${capability.id}/${agentId}`, agentIds.has(agentId), agentId);
+      }
+      for (const skillId of capability.allowedSkills ?? []) {
+        checkCondition(`capability skill exists ${capability.id}/${skillId}`, skillIds.has(skillId), skillId);
+      }
+    }
+
+    if (manifest.capabilityRegistry.adapterPath) {
+      const adapters = await readJson(path.join(repoRoot, manifest.capabilityRegistry.adapterPath));
+      checkCondition("capability adapters schema version", adapters.schema === 1, "schema === 1");
+      for (const adapter of adapters.adapters ?? []) {
+        checkCondition(`capability adapter transport ${adapter.id}`, adapter.transport === "stdio-mcp", adapter.transport);
+        for (const capabilityId of adapter.capabilityIds ?? []) {
+          checkCondition(`capability adapter target exists ${adapter.id}/${capabilityId}`, capabilityIds.has(capabilityId), capabilityId);
+        }
+      }
+    }
+  }
+
   await check("gemini support assets", geminiRoot);
   await check("gemini support skills", path.join(geminiRoot, "skills"));
   await check("gemini support workflows", path.join(geminiRoot, "workflows"));
@@ -942,6 +1375,8 @@ async function main() {
     await initProject(options);
   } else if (options.command === "validate") {
     await validateProjectTemplate(options);
+  } else if (options.command === "capability:call") {
+    await capabilityCall(options);
   } else if (options.command === "hermes:validate") {
     await validateHermesRegistry();
   } else if (options.command === "hermes:sync-dry-run") {

package/docs/quickstart.md

@@ -23,7 +23,8 @@ npx @archsight/aios doctor
 Windows PowerShell 示例：
 
 ```powershell
-cd C:\Work\YourProject
+$projectPath = "<你的业务项目绝对路径>"
+cd $projectPath
 npx @archsight/aios init
 ```
 

package/governance/README.md

@@ -8,8 +8,11 @@
 - [AI Review Policy](ai-review-policy.md)
 - [Security Policy](security-policy.md)
 - [Agent Boundary Policy](agent-boundary.md)
+- [Capability-Backed Arbitration Protocol](arbitration-protocol.md)
 - [Delivery Policy](delivery-policy.md)
 - [Context Policy](context-policy.md)
 - [Memory Policy](memory-policy.md)
 
 治理目标是防止 agent 乱调用、prompt 泄露、上下文爆炸、AI 瞎改代码、权限失控和未经评审的自动交付。
+
+多 Agent 产生逻辑冲突时，优先按 `arbitration-protocol.md` 的证据等级处理：确定性工具、项目事实和结构化知识优先于 Agent 自然语言判断；涉及生产授权、法规合规最终结论、结构安全结论和商业范围取舍时升级给人类负责人。

package/governance/arbitration-protocol.md

@@ -0,0 +1,153 @@
+# Capability-Backed Arbitration Protocol
+
+状态：治理基线草案  
+适用范围：ArchSight AIOS 多 Agent 冲突仲裁、工具证据裁决和人工升级
+
+---
+
+## 一、目标
+
+本协议把 AIOS 的多 Agent 协作从“角色意见协商”升级为“证据驱动仲裁”。
+
+核心原则：
+
+> Agent 可以提出 Claim，但不能只凭自然语言推理裁决事实。事实裁决必须回到项目证据、结构化知识、确定性工具或人工授权。
+
+适用场景：
+
+- Atlas、Mason、Vitruvius、Argus、Daedalus、Euclid 等 Agent 对方案产生逻辑冲突。
+- 架构建议、工程计划、规范语义、结构计算、安全审查或 Runtime 权限之间存在互相阻断。
+- AIOS 需要决定继续执行、回滚、重新评审、收缩范围或升级给人类负责人。
+
+---
+
+## 二、证据优先级
+
+仲裁时按以下优先级裁决。低层级证据不能推翻高层级证据，除非高层级证据本身被标记为无效、过期或不适用。
+
+| 等级 | 证据 | 说明 |
+| --- | --- | --- |
+| L0 | 人类硬约束 | 预算、交付窗口、生产授权、法律责任、商业取舍、签章和最终发布许可。 |
+| L1 | 确定性工具返回值 | 测试、构建、lint、schema 校验、安全扫描、结构求解器、规范检查 API。 |
+| L2 | 项目事实 | 当前代码、配置、接口契约、数据库迁移、部署脚本、CI、ADR、运行日志。 |
+| L3 | 结构化知识库 | GraphRAG、规范条文、版本关系、地区 / 专业适用条件、来源页码和质量状态。 |
+| L4 | 专项 Agent 判断 | Atlas 的架构判断、Mason 的交付判断、Vitruvius 的领域判断、Euclid 的建模判断。 |
+| L5 | LLM 自然语言推理 | 只能作为假设、解释或建议，不能单独作为阻断或放行依据。 |
+
+工具结果优先，但不得盲信工具结果。L1/L3 证据必须带有输入、版本、适用条件和执行状态；缺失时只能进入 `Need verify`。
+
+---
+
+## 三、Claim 契约
+
+Agent 之间发生冲突时，不能只输出“我不同意”。每个参与方必须把意见转成 Claim：
+
+```text
+Claim:
+  id:
+  owner_agent:
+  type: architecture | delivery | domain_semantics | structural | security | runtime | business
+  statement:
+  evidence_level: L0 | L1 | L2 | L3 | L4 | L5
+  evidence:
+  assumptions:
+  need_verify:
+  blocking: true | false
+  severity: P0 | P1 | P2
+  requested_action: proceed | revise | reduce | stop | human_escalation
+```
+
+Claim 必须明确区分事实、判断、假设和待验证项。没有证据的 Claim 默认不具备阻断权。
+
+---
+
+## 四、冲突分类与主裁决依据
+
+| 冲突类型 | 主裁决依据 | 默认处理 |
+| --- | --- | --- |
+| 架构冲突 | Atlas + L2 项目事实 + L1 验证工具 | 回到 `architecture-review`。 |
+| 交付冲突 | Mason + CI / 测试 / 依赖图 | 收缩范围、重排计划或回到任务拆解。 |
+| 行业语义冲突 | Vitruvius + 规范工具 + 结构化知识库 | 不满足适用条件时阻断执行。 |
+| 结构计算冲突 | Euclid + Solver / 数值校验 + 单位和边界条件 | 缺少输入或工具失败时不得输出确定结论。 |
+| 安全 / 权限冲突 | Argus + 安全扫描 + 权限策略 | 默认阻断，除非人工明确批准。 |
+| Runtime 冲突 | Daedalus + Capability 权限 + 上下文策略 | 降权、隔离或重新设计工具调用边界。 |
+| 商业 / 范围冲突 | Janus / CEO + L0 人类目标 | 人工裁决或明确阶段性取舍。 |
+
+---
+
+## 五、状态机
+
+```text
+proposed
+  -> evidence_required
+  -> tool_check
+  -> accepted
+  -> planned
+  -> executed
+  -> reviewed
+  -> completed
+```
+
+异常路径：
+
+```text
+tool_check -> rejected -> revise
+tool_check -> need_verify -> hold
+reviewed -> rejected -> revise
+any -> human_escalation
+```
+
+阻断规则：
+
+- L1 工具返回 `fail` 且适用条件有效时，必须阻断后续执行或放行。
+- L3 规范 / 知识证据缺少版本、来源或适用条件时，不能自动判定合规。
+- L4 Agent 判断只能触发复核、重评或工具调用，不能独立推翻 L1/L2/L3。
+- L0 人类授权可以覆盖执行路线，但不能把未验证事实改写成已验证事实。
+
+---
+
+## 六、人工升级条件
+
+以下情况必须升级给人类负责人或项目指定审批人：
+
+- 核心技术栈替换。
+- 生产数据模型迁移。
+- Runtime 权限扩大。
+- 多 Agent 自动执行权限放开。
+- 自动发布到生产。
+- 法规合规最终判定、结构安全结论或工程签章。
+- 商业范围、预算、交付窗口和停损信号的最终取舍。
+
+人工裁决也必须记录证据和约束，不能只记录“老板同意”。
+
+---
+
+## 七、Decision Ledger
+
+每次仲裁必须沉淀为可复核记录。最小字段：
+
+```text
+Decision:
+  id:
+  date:
+  conflict:
+  claims:
+  evidence:
+  tool_results:
+  decision: proceed | revise | reduce | stop | escalate
+  rejected:
+  owner:
+  follow_up:
+```
+
+Decision Ledger 可以写入 ADR、memory、PR 描述、issue 或项目 `.ai/` 目录，具体位置由项目接入规则决定。
+
+---
+
+## 八、落地要求
+
+- Workflow 输出必须包含 `Claim / Evidence / Tool Result / Decision`。
+- Skill 需要声明可用 Capability、权限边界和证据契约。
+- Runtime Adapter 只负责调用工具和回传证据，不替代 Agent 判断。
+- 工具调用失败时必须暴露失败原因、输入摘要和可恢复路径。
+- 没有 Capability 实现时，必须标为 `declared-interface` 或 `Need verify`，不得伪造工具结果。

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@archsight/aios",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "面向建筑 AI 研发的规则、Skill、Workflow 与多 Agent 项目接入工具包。",
   "type": "module",
   "homepage": "https://github.com/ArchSightLabs/archsight-aios#readme",
@@ -65,5 +65,5 @@
     "CLAUDE.md",
     "GEMINI.md"
   ],
-  "license": "MIT"
-}
+  "license": "Apache-2.0"
+}