@kungfu-tech/kfd 1.0.0-alpha.12 → 1.0.0-alpha.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7,6 +7,8 @@
7
7
 
8
8
  ## One sentence
9
9
 
10
+ Trust must start from facts.
11
+
10
12
  A product must not ask users or agents to trust important claims before the
11
13
  relevant facts are inspectable, local where possible, and connected to
12
14
  responsibility state.
@@ -19,8 +21,9 @@ KFDs can be principles or procedures:
19
21
  products, repositories, and release lines change.
20
22
  - A **procedure** states how a class of work enforces or protects a principle.
21
23
 
22
- This KFD is a principle. KFD-1 is a procedure that protects release and
23
- version responsibility under this principle.
24
+ This KFD is a principle. KFD-1 is the procedure that keeps the fact sources
25
+ under this principle from drifting. KFD-3 is the principle that governs how
26
+ humans and agents cooperate once facts and trust are visible.
24
27
 
25
28
  ## Foundation role
26
29
 
@@ -31,9 +34,9 @@ trust must start from facts
31
34
  ```
32
35
 
33
36
  KFD-2 says Kungfu products should not ask users or agents to trust a claim
34
- before the product has made the relevant facts inspectable. KFD-1 protects
35
- contract truth across artifact lines. KFD-3 protects the relationship with the
36
- human or agent who must understand and act on those facts.
37
+ before the product has made the relevant facts inspectable. KFD-1 protects the
38
+ non-drifting fact source those claims stand on. KFD-3 protects the relationship
39
+ with the human or agent who must understand and act on those facts.
37
40
 
38
41
  ## Principle
39
42
 
@@ -81,14 +84,15 @@ leaves enough evidence for later review.
81
84
 
82
85
  ## Relation to KFD-1
83
86
 
84
- KFD-1 is a procedure. It makes release and version responsibility legible when
85
- contract worlds change. KFD-2 is the higher-level principle: versioning,
86
- release evidence, fact ledgers, agent control panes, extension gates, and
87
- hosted services should all preserve the path from fact source to responsibility
88
- state to proof-backed decision.
87
+ KFD-1 is a procedure. It defines what can count as a load-bearing fact source:
88
+ facts must not drift from the contract world that declares them. KFD-2 is the
89
+ next layer: once facts are non-drifting and inspectable, trust claims must be
90
+ bound to those facts and to responsibility state.
89
91
 
90
92
  KFD-2 does not supersede KFD-1. KFD-1 remains active and is one concrete
91
- procedure that implements KFD-2 for version and release responsibility.
93
+ procedure that implements KFD-2 wherever trust depends on contract worlds,
94
+ release evidence, fact ledgers, agent control panes, extension gates, hosted
95
+ surfaces, schemas, configs, or package metadata.
92
96
 
93
97
  ## Supersession rule
94
98
 
@@ -98,6 +102,21 @@ explicitly and the registry records the affected decision. Two active KFDs that
98
102
  conflict without an explicit supersession relationship are a registry defect,
99
103
  not an invitation to pick the newer text silently.
100
104
 
105
+ ## Implementation case: the KFD package
106
+
107
+ The `@kungfu-tech/kfd` npm package is a self-proof case for this principle.
108
+ It does not ask humans or agents to trust the KFD registry only because the
109
+ README says so. It publishes inspectable facts: decision documents,
110
+ `registry.json`, `standards.json`, JSON schemas, document hashes, release-impact
111
+ metadata, and conformance checks.
112
+
113
+ KFD-2 also owns the trust taxonomy used by release claims, release trust
114
+ passports, and KFD-3 witnesses. Unknown residual-risk or trust-downgrade values
115
+ fail validation until KFD records them in
116
+ `schemas/kfd-2/trust-taxonomy.schema.json`. When an agent needs a new value,
117
+ the declared extension path is to open an issue in
118
+ `https://github.com/kungfu-systems/kfd` rather than inventing a private value.
119
+
101
120
  ## Adopters
102
121
 
103
122
  Each adopting repository cites this KFD when designing or changing a fact
@@ -7,6 +7,8 @@
7
7
 
8
8
  ## One sentence
9
9
 
10
+ Cooperation must start from transparent value.
11
+
10
12
  A product must not obtain cooperation through pressure, manipulation, hidden
11
13
  control, or forced workflow capture. It must make value, choices, and
12
14
  constraints visible enough for intelligent participants to understand, decide,
@@ -28,11 +30,11 @@ kungfu-systems takes toward humans and agents as reasoning participants.
28
30
  Within the KFD-1/2/3 foundation, this is the relationship path:
29
31
 
30
32
  ```text
31
- cooperation must start from transparent value, not coercion
33
+ cooperation must start from transparent value
32
34
  ```
33
35
 
34
36
  KFD-2 protects the truth path: show facts before asking for trust. KFD-3
35
- protects the relationship path: show value before asking for compliance.
37
+ protects the relationship path: show value before asking for cooperation.
36
38
 
37
39
  ## Principle
38
40
 
@@ -151,12 +153,29 @@ KFD-3 says the path of least resistance should not be built from pressure or
151
153
  hidden control. Together:
152
154
 
153
155
  ```text
154
- KFD-2: show the facts before asking for trust.
155
- KFD-3: show the value before asking for compliance.
156
+ KFD-1: facts must not drift.
157
+ KFD-2: trust must start from facts.
158
+ KFD-3: cooperation must start from transparent value.
156
159
  ```
157
160
 
158
- KFD-2 protects the truth path. KFD-3 protects the relationship with the
159
- intelligent participant who must walk that path.
161
+ KFD-1 protects the fact-source layer. KFD-2 protects the trust layer. KFD-3
162
+ protects the relationship with the intelligent participant who must walk that
163
+ path.
164
+
165
+ ## Implementation case: the KFD package
166
+
167
+ The `@kungfu-tech/kfd` npm package is a self-proof case for this principle.
168
+ Its README gives humans and agents the same quickstart path. `standards.json`
169
+ gives stable standard identity, schema IDs, and concept names. The KFD-3
170
+ schemas define collaboration interfaces, witnesses, and extension requests, so
171
+ an agent can discover both the valid interface and the standard path for asking
172
+ to extend it.
173
+
174
+ For example, if an agent needs a KFD-2 trust-taxonomy value that does not
175
+ exist, the KFD-3 collaboration path is not hidden maintainer pressure or local
176
+ invention. The declared path is a visible GitHub issue in the KFD repository,
177
+ where the new value can be reviewed and, if accepted, added to the KFD-owned
178
+ taxonomy for everyone.
160
179
 
161
180
  ## Adopters
162
181
 
package/docs/MAP.md CHANGED
@@ -5,10 +5,15 @@
5
5
  | What is KFD, and what decisions exist? | [`../README.md`](../README.md) |
6
6
  | What is the KFD-1/2/3 foundation triad? | [`../README.md`](../README.md#foundation-triad) |
7
7
  | What worldview structure does the foundation triad express? | [`../README.md`](../README.md#foundation-model) |
8
+ | How should an agent quickly understand this package? | [`../README.md`](../README.md#agent-quickstart) |
9
+ | What is the concrete self-proof case for KFD-1/2/3? | [`../README.md`](../README.md#product-proof-path) and the implementation case in each KFD |
10
+ | Where is the public KFD fact source? | [`../README.md`](../README.md#decision-metadata) and [`../site/kfd-site.json`](../site/kfd-site.json) decision metadata |
11
+ | What does Apache-2.0 cover, and what remains official/trademark-bound? | [`../TRADEMARKS.md`](../TRADEMARKS.md) |
8
12
  | What should a site renderer consume to render `kfd.libkungfu.dev`? | [`../site/kfd-site.json`](../site/kfd-site.json) |
9
13
  | What is the top-level product accountability principle? | [KFD-2](../decisions/kfd-2.md) |
10
14
  | What stance should products take toward humans and agents as reasoning participants? | [KFD-3](../decisions/kfd-3.md) |
11
15
  | What schema should products use for KFD-3 participant-facing collaboration interfaces? | [`kfd-3-collaboration-interface.md`](kfd-3-collaboration-interface.md) |
16
+ | What should an agent do when a needed KFD-2 trust taxonomy value is missing? | [`kfd-2-release-trust.md`](kfd-2-release-trust.md#trust-taxonomy) — open a KFD GitHub issue |
12
17
  | What does a specific decision say? | [`../decisions/`](../decisions) (index: [`../registry.json`](../registry.json)) |
13
18
  | What machine metadata should Buildchain or another consumer import for KFD standard identity and schema IDs? | [`../standards.json`](../standards.json) |
14
19
  | What schema validates the standards metadata surface? | [`../schemas/kfd-standards.schema.json`](../schemas/kfd-standards.schema.json) |
@@ -17,5 +22,6 @@
17
22
  | How do decisions change over time? | [`../CONTRIBUTING.md`](../CONTRIBUTING.md) — append-only; explicit supersession mints a new number |
18
23
  | How is this package versioned and released? | [KFD-1](../decisions/kfd-1.md) applied to itself; Buildchain governs releases |
19
24
  | What release impact ledger should Buildchain consume for production passports? | [`../release-impact.json`](../release-impact.json) |
25
+ | What release provenance path must alpha promotion use? | [`release-governance.md`](release-governance.md) |
20
26
  | How do I verify registry/document agreement? | `node scripts/check.mjs` |
21
27
  | How do I report a vulnerability? | [`../SECURITY.md`](../SECURITY.md) |
@@ -7,6 +7,9 @@ history.
7
7
 
8
8
  This package defines two KFD-owned machine interfaces:
9
9
 
10
+ - `schemas/kfd-2/trust-taxonomy.schema.json`: the KFD-owned taxonomy for
11
+ residual-risk types, trust impact, machine provability, agent actions, and
12
+ downgrade reasons.
10
13
  - `schemas/kfd-2/release-claims.schema.json`: the product's declared public
11
14
  release claims.
12
15
  - `schemas/kfd-2/release-trust-passport.schema.json`: the verifier's result
@@ -24,6 +27,35 @@ state. The trust passport should then record whether each claim is bound to
24
27
  evidence, which evidence was checked, what the result was, and who owns the
25
28
  release decision.
26
29
 
30
+ ## Trust Taxonomy
31
+
32
+ KFD-2 owns the vocabulary for residual risks and trust downgrades. A product,
33
+ release tool, or agent must not invent new residual-risk values locally and
34
+ still claim KFD-2 conformance. Unknown values fail schema validation.
35
+
36
+ The current taxonomy is published in
37
+ `schemas/kfd-2/trust-taxonomy.schema.json`. It defines:
38
+
39
+ - `riskType`: what kind of trust gap remains;
40
+ - `trustImpact`: whether the gap is informational, downgraded, failing, or
41
+ unverifiable;
42
+ - `machineProvability`: whether the gap can be fully proved by machine;
43
+ - `agentAction`: what an agent should do next;
44
+ - `downgradeReason`: how a verifier maps residual risk into a release trust
45
+ result.
46
+
47
+ If an agent needs a KFD-2 value that is not present, the standard extension
48
+ path is to open an issue in the KFD repository:
49
+
50
+ ```text
51
+ https://github.com/kungfu-systems/kfd/issues/new?title=KFD-2%20trust%20taxonomy%20extension%20request
52
+ ```
53
+
54
+ The issue should state the missing value, the field it belongs to, the product
55
+ or release scenario that needs it, and why existing values cannot express the
56
+ case. Until KFD accepts the new value into the taxonomy schema, consumers
57
+ should treat the value as invalid rather than as a soft warning.
58
+
27
59
  ## Interface Versioning
28
60
 
29
61
  KFD package semver is only the distribution version. It is not the version of a
@@ -26,6 +26,8 @@ A product collaboration interface should identify:
26
26
 
27
27
  - participant profiles, such as `human`, `agent`, `operator`,
28
28
  `extension-author`, or `api-consumer`;
29
+ - public fact sources that identify where load-bearing facts live and which
30
+ surfaces are only projections;
29
31
  - minimal entrypoints that let each participant discover the rest of the
30
32
  interface;
31
33
  - participant-visible surfaces, such as CLI commands, JSON APIs, manuals,
@@ -33,6 +35,8 @@ A product collaboration interface should identify:
33
35
  - visible constraints, including what is restricted, why, and where review or
34
36
  escalation happens;
35
37
  - choice paths that let participants choose or decline safe cooperation modes;
38
+ - extension requests that tell participants how to ask for a new value,
39
+ capability, or interface when the declared interface is insufficient;
36
40
  - a closure policy for reachable participant-facing entrypoints.
37
41
 
38
42
  The KFD-3 witness schema is intentionally stricter about closure: a passing
@@ -57,3 +61,17 @@ Examples:
57
61
  requested.
58
62
 
59
63
  This keeps KFD-3 general while making real product interfaces testable.
64
+
65
+ ## Extension Requests
66
+
67
+ KFD-3 treats extension requests as part of the collaboration interface. A
68
+ human or agent should not have to infer how to cooperate when a declared
69
+ interface is missing a value or capability. The interface should expose a
70
+ visible request path, the participants it is for, the trigger, and the expected
71
+ outcome.
72
+
73
+ For KFD itself, the standard request path for missing KFD-2 trust-taxonomy
74
+ values is a GitHub issue in `kungfu-systems/kfd`. This is both a KFD-2 trust
75
+ rule and a KFD-3 collaboration rule: the taxonomy defines what values are valid,
76
+ while the collaboration interface tells agents how to request an extension
77
+ without inventing private values or relying on pressure.
@@ -0,0 +1,28 @@
1
+ # Release Governance Notes
2
+
3
+ KFD releases are governed by Buildchain channel promotion. The package version
4
+ line stays fixed at `v1.0`; alpha and production releases move through
5
+ protected channel branches.
6
+
7
+ For alpha promotion, Buildchain treats the provenance path as part of the
8
+ release contract:
9
+
10
+ ```text
11
+ dev/v1/v1.0 -> alpha/v1/v1.0
12
+ ```
13
+
14
+ The alpha branch must be updated by a merged same-repository pull request whose
15
+ head is `dev/v1/v1.0` and whose base is `alpha/v1/v1.0`. A temporary promotion
16
+ branch may satisfy GitHub freshness rules, but it is not a valid Buildchain
17
+ release source for KFD alpha publishing.
18
+
19
+ The protected branch required status check must also name the status emitted by
20
+ the current Verify workflow. As of the alpha.14 line, that required check is:
21
+
22
+ ```text
23
+ check / check
24
+ ```
25
+
26
+ Keeping the branch protection rule and the workflow-emitted status name aligned
27
+ is part of KFD-1's "facts must not drift" requirement: the release gate cannot
28
+ depend on a stale status context that no current workflow can produce.
package/kfd.release.json CHANGED
@@ -4,7 +4,7 @@
4
4
  "line": "v1.0",
5
5
  "channel": "alpha",
6
6
  "npmPackage": "@kungfu-tech/kfd",
7
- "npmVersion": "1.0.0-alpha.12",
7
+ "npmVersion": "1.0.0-alpha.14",
8
8
  "source": {
9
9
  "repository": "kungfu-systems/kfd",
10
10
  "branch": "alpha/v1/v1.0"
package/package.json CHANGED
@@ -1,10 +1,11 @@
1
1
  {
2
2
  "name": "@kungfu-tech/kfd",
3
- "version": "1.0.0-alpha.12",
3
+ "version": "1.0.0-alpha.14",
4
4
  "description": "Kung Fu Decisions (KFD): the kungfu-systems organization-wide decision registry, as a consumable artifact",
5
5
  "license": "Apache-2.0",
6
6
  "files": [
7
7
  "README.md",
8
+ "TRADEMARKS.md",
8
9
  "decisions",
9
10
  "registry.json",
10
11
  "standards.json",
@@ -21,6 +22,7 @@
21
22
  "exports": {
22
23
  "./package.json": "./package.json",
23
24
  "./README.md": "./README.md",
25
+ "./TRADEMARKS.md": "./TRADEMARKS.md",
24
26
  "./registry.json": "./registry.json",
25
27
  "./standards.json": "./standards.json",
26
28
  "./kfd.release.json": "./kfd.release.json",
package/registry.json CHANGED
@@ -6,7 +6,7 @@
6
6
  "number": 1,
7
7
  "id": "KFD-1",
8
8
  "slug": "kfd-1",
9
- "title": "Contracts must not drift: contract worlds need one fact source",
9
+ "title": "Facts must not drift: contract worlds need one fact source",
10
10
  "kind": "procedure",
11
11
  "status": "active",
12
12
  "path": "decisions/kfd-1.md",
@@ -9,14 +9,14 @@
9
9
  "versionImpact": {
10
10
  "final": "minor",
11
11
  "source": "kfd-surface-register",
12
- "rationale": "This change additively registers KFD-owned standards metadata, KFD-2 release trust schemas, KFD-3 collaboration-interface schemas, KFD-3 self-verification witnesses, and KFD-1 document/interface integrity bindings while keeping existing registry and decision surfaces compatible."
12
+ "rationale": "This change additively registers KFD-owned standards metadata, the KFD-2 trust taxonomy, KFD-2 release trust schemas, KFD-3 collaboration-interface schemas, KFD-3 self-verification witnesses, and KFD-1 document/interface integrity bindings while keeping existing registry and decision surfaces compatible."
13
13
  },
14
14
  "surfaceImpacts": [
15
15
  {
16
16
  "id": "kfd-content",
17
17
  "impact": "patch",
18
18
  "class": "content",
19
- "rationale": "KFD documents are append-only content coordinates; current decision text changes do not alter a machine-consumed surface."
19
+ "rationale": "KFD documents are append-only content coordinates; current documentation changes clarify the KFD public fact-source, license, trademark, official-status, and derivative-authority boundaries without altering the decision numbers or registry shape."
20
20
  },
21
21
  {
22
22
  "id": "kfd-registry-schema",
@@ -28,13 +28,13 @@
28
28
  "id": "kfd-standards-metadata",
29
29
  "impact": "minor",
30
30
  "class": "additive",
31
- "rationale": "standards.json and schemas/ add KFD-2 release-claims and release-trust-passport schema IDs, explicit KFD-1/2/3 interface versions, KFD document SHA-256 bindings, and KFD-owned concept names for downstream consumers."
31
+ "rationale": "standards.json and schemas/ add the KFD-2 trust-taxonomy schema ID, release-claims and release-trust-passport schema IDs, explicit KFD-1/2/3 interface versions, KFD document SHA-256 bindings, KFD-owned concept names, KFD-3 fact-source interface metadata, and official-status interface metadata for downstream consumers."
32
32
  },
33
33
  {
34
34
  "id": "kfd-package-structure",
35
35
  "impact": "minor",
36
36
  "class": "additive",
37
- "rationale": "The npm package now also publishes KFD-2 schemas, KFD-2 documentation, and KFD-3 self collaboration-interface witnesses through existing schemas/, docs/, standards.json, .buildchain/, and subpath exports while preserving existing README.md, decisions/, registry.json, and site/ paths."
37
+ "rationale": "The npm package now publishes the KFD-2 trust taxonomy, KFD-2 schemas, KFD-2 documentation, KFD-3 self collaboration-interface witnesses, TRADEMARKS.md, public fact-source metadata, and agent quickstart/self-proof documentation through existing schemas/, docs/, standards.json, site/, .buildchain/, and subpath exports while preserving existing README.md, decisions/, registry.json, and site/ paths."
38
38
  },
39
39
  {
40
40
  "id": "kfd-3-self-collaboration",
@@ -61,5 +61,5 @@
61
61
  "rationale": "The KFD to site-libkungfu-dev propagation graph now targets the downstream site's actual main branch and documents the exact KFD package surfaces consumed by kfd.libkungfu.dev, without changing the release propagation graph contract."
62
62
  }
63
63
  ],
64
- "summary": "KFD v1.0 production promotion is minor-impact because it additively exposes KFD-2 release trust metadata, KFD-1/2/3 interface version metadata, KFD-3 self-verification witnesses, document integrity bindings, and a corrected site release-propagation target for Buildchain and other consumers; existing registry, decision text, site bundle, and propagation graph contracts remain compatible."
64
+ "summary": "KFD v1.0 production promotion is minor-impact because it additively exposes KFD-2 trust taxonomy and release trust metadata, KFD-1/2/3 interface version metadata, KFD-3 self-verification witnesses, document integrity bindings, and a corrected site release-propagation target for Buildchain and other consumers; existing registry, decision text, site bundle, and propagation graph contracts remain compatible."
65
65
  }
@@ -140,8 +140,7 @@
140
140
  "residualRisk": {
141
141
  "type": "array",
142
142
  "items": {
143
- "type": "string",
144
- "minLength": 1
143
+ "$ref": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk"
145
144
  }
146
145
  },
147
146
  "responsibility": {
@@ -74,8 +74,7 @@
74
74
  "downgradeReasons": {
75
75
  "type": "array",
76
76
  "items": {
77
- "type": "string",
78
- "minLength": 1
77
+ "$ref": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/downgradeReason"
79
78
  }
80
79
  },
81
80
  "responsibility": {
@@ -171,8 +170,7 @@
171
170
  "residualRisk": {
172
171
  "type": "array",
173
172
  "items": {
174
- "type": "string",
175
- "minLength": 1
173
+ "$ref": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk"
176
174
  }
177
175
  }
178
176
  },
@@ -0,0 +1,219 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json",
4
+ "title": "KFD-2 trust taxonomy",
5
+ "type": "object",
6
+ "required": [
7
+ "schemaVersion",
8
+ "contract",
9
+ "standard"
10
+ ],
11
+ "properties": {
12
+ "schemaVersion": {
13
+ "const": 1
14
+ },
15
+ "contract": {
16
+ "const": "kfd-2-trust-taxonomy"
17
+ },
18
+ "standard": {
19
+ "const": "kfd-2"
20
+ }
21
+ },
22
+ "additionalProperties": true,
23
+ "x-kfd": {
24
+ "contract": "kfd-2-trust-taxonomy",
25
+ "schemaVersion": 1,
26
+ "allowedValues": {
27
+ "riskType": [
28
+ "natural-language-semantic-risk",
29
+ "external-fact-risk",
30
+ "partial-machine-coverage-risk",
31
+ "time-sensitive-state-risk",
32
+ "manual-review-risk"
33
+ ],
34
+ "trustImpact": [
35
+ "none",
36
+ "downgrade-warning",
37
+ "fail",
38
+ "unverifiable"
39
+ ],
40
+ "machineProvability": [
41
+ "machine-verifiable",
42
+ "partially-machine-verifiable",
43
+ "not-machine-verifiable",
44
+ "not-exhaustively-enumerable"
45
+ ],
46
+ "agentAction": [
47
+ "accept-with-warning",
48
+ "semantic-review-required",
49
+ "verify-external-facts",
50
+ "request-maintainer-review",
51
+ "open-kfd-extension-issue",
52
+ "fail-release"
53
+ ]
54
+ },
55
+ "extensionPolicy": {
56
+ "unknownValuePolicy": "schema-validation-fail",
57
+ "standardAction": "open-kfd-extension-issue",
58
+ "requestPath": {
59
+ "kind": "github-issue",
60
+ "repository": "https://github.com/kungfu-systems/kfd",
61
+ "issueUrl": "https://github.com/kungfu-systems/kfd/issues/new?title=KFD-2%20trust%20taxonomy%20extension%20request",
62
+ "appliesTo": [
63
+ "riskType",
64
+ "trustImpact",
65
+ "machineProvability",
66
+ "agentAction"
67
+ ]
68
+ }
69
+ }
70
+ },
71
+ "$defs": {
72
+ "riskType": {
73
+ "enum": [
74
+ "natural-language-semantic-risk",
75
+ "external-fact-risk",
76
+ "partial-machine-coverage-risk",
77
+ "time-sensitive-state-risk",
78
+ "manual-review-risk"
79
+ ]
80
+ },
81
+ "trustImpact": {
82
+ "enum": [
83
+ "none",
84
+ "downgrade-warning",
85
+ "fail",
86
+ "unverifiable"
87
+ ]
88
+ },
89
+ "machineProvability": {
90
+ "enum": [
91
+ "machine-verifiable",
92
+ "partially-machine-verifiable",
93
+ "not-machine-verifiable",
94
+ "not-exhaustively-enumerable"
95
+ ]
96
+ },
97
+ "agentAction": {
98
+ "enum": [
99
+ "accept-with-warning",
100
+ "semantic-review-required",
101
+ "verify-external-facts",
102
+ "request-maintainer-review",
103
+ "open-kfd-extension-issue",
104
+ "fail-release"
105
+ ]
106
+ },
107
+ "extensionRequest": {
108
+ "type": "object",
109
+ "required": [
110
+ "kind",
111
+ "repository",
112
+ "issueUrl"
113
+ ],
114
+ "properties": {
115
+ "kind": {
116
+ "const": "github-issue"
117
+ },
118
+ "repository": {
119
+ "const": "https://github.com/kungfu-systems/kfd"
120
+ },
121
+ "issueUrl": {
122
+ "type": "string",
123
+ "format": "uri"
124
+ },
125
+ "appliesTo": {
126
+ "type": "array",
127
+ "items": {
128
+ "enum": [
129
+ "riskType",
130
+ "trustImpact",
131
+ "machineProvability",
132
+ "agentAction"
133
+ ]
134
+ }
135
+ }
136
+ },
137
+ "additionalProperties": true
138
+ },
139
+ "residualRisk": {
140
+ "type": "object",
141
+ "required": [
142
+ "id",
143
+ "definedBy",
144
+ "riskType",
145
+ "trustImpact",
146
+ "machineProvability",
147
+ "agentAction",
148
+ "reason",
149
+ "owner"
150
+ ],
151
+ "properties": {
152
+ "id": {
153
+ "type": "string",
154
+ "pattern": "^[a-z0-9]+(-[a-z0-9]+)*$"
155
+ },
156
+ "definedBy": {
157
+ "const": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk"
158
+ },
159
+ "riskType": {
160
+ "$ref": "#/$defs/riskType"
161
+ },
162
+ "trustImpact": {
163
+ "$ref": "#/$defs/trustImpact"
164
+ },
165
+ "machineProvability": {
166
+ "$ref": "#/$defs/machineProvability"
167
+ },
168
+ "agentAction": {
169
+ "$ref": "#/$defs/agentAction"
170
+ },
171
+ "reason": {
172
+ "type": "string",
173
+ "minLength": 1
174
+ },
175
+ "owner": {
176
+ "type": "string",
177
+ "minLength": 1
178
+ },
179
+ "extensionRequest": {
180
+ "$ref": "#/$defs/extensionRequest"
181
+ }
182
+ },
183
+ "additionalProperties": false
184
+ },
185
+ "downgradeReason": {
186
+ "type": "object",
187
+ "required": [
188
+ "id",
189
+ "riskType",
190
+ "trustImpact",
191
+ "reason"
192
+ ],
193
+ "properties": {
194
+ "id": {
195
+ "type": "string",
196
+ "pattern": "^[a-z0-9]+(-[a-z0-9]+)*$"
197
+ },
198
+ "riskType": {
199
+ "$ref": "#/$defs/riskType"
200
+ },
201
+ "trustImpact": {
202
+ "$ref": "#/$defs/trustImpact"
203
+ },
204
+ "reason": {
205
+ "type": "string",
206
+ "minLength": 1
207
+ },
208
+ "agentAction": {
209
+ "$ref": "#/$defs/agentAction"
210
+ },
211
+ "source": {
212
+ "type": "string",
213
+ "minLength": 1
214
+ }
215
+ },
216
+ "additionalProperties": false
217
+ }
218
+ }
219
+ }