@kungfu-tech/kfd 1.0.0-alpha.19 → 1.0.0-alpha.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.buildchain/kfd-1/contract-world.witness.json +579 -91
- package/.buildchain/kfd-2/kfd-foundation.trust-assessment.json +238 -0
- package/.buildchain/kfd-2/kfd-foundation.trust-claims.json +225 -0
- package/.buildchain/kfd-2/public-release-trust.claim.json +30 -18
- package/.buildchain/kfd-3/collaboration-interface.artifact.json +242 -57
- package/.buildchain/kfd-3/collaboration-interface.json +99 -1
- package/.buildchain/kfd-3/collaboration-interface.prebuild.json +261 -32
- package/README.md +18 -13
- package/buildchain.contract-lock.json +5 -5
- package/decisions/{kfd-1.md → KFD-1.md} +40 -12
- package/decisions/{kfd-2.md → KFD-2.md} +37 -4
- package/decisions/{kfd-3.md → KFD-3.md} +17 -1
- package/docs/KFD-1-usage.md +37 -0
- package/docs/KFD-2-usage.md +123 -0
- package/docs/{kfd-3-collaboration-interface.md → KFD-3-usage.md} +21 -0
- package/docs/KFD-4-usage.md +31 -0
- package/docs/MAP.md +13 -7
- package/kfd.release.json +1 -1
- package/package.json +3 -1
- package/registry.json +4 -4
- package/release-impact.json +41 -5
- package/schemas/kfd-1/contract-world.schema.json +67 -4
- package/schemas/kfd-1/witness.schema.json +113 -0
- package/schemas/kfd-2/trust-assessment.schema.json +313 -0
- package/schemas/kfd-2/trust-claims.schema.json +334 -0
- package/schemas/kfd-3/collaboration-interface.schema.json +60 -0
- package/schemas/kfd-3/witness.schema.json +8 -0
- package/schemas/kfd-standards.schema.json +124 -0
- package/scripts/check.mjs +256 -12
- package/scripts/update-kfd-1-witness.mjs +17 -6
- package/scripts/update-kfd-2-claim.mjs +226 -5
- package/scripts/update-kfd-3-witness.mjs +35 -3
- package/scripts/update-site-bundle.mjs +32 -2
- package/site/kfd-site.json +67 -4
- package/standards.json +634 -11
- package/docs/kfd-2-release-trust.md +0 -78
- /package/decisions/{kfd-4.md → KFD-4.md} +0 -0
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"loadBearingCoordinate": "commit-addressed repository contents",
|
|
21
21
|
"stableRenderedIndex": "https://kfd.libkungfu.dev",
|
|
22
22
|
"canonicalPaths": [
|
|
23
|
-
"decisions/
|
|
23
|
+
"decisions/KFD-N.md",
|
|
24
24
|
"registry.json",
|
|
25
25
|
"standards.json"
|
|
26
26
|
],
|
|
@@ -113,6 +113,18 @@
|
|
|
113
113
|
"participants": ["release-system", "agent-reader", "package-consumer"],
|
|
114
114
|
"purpose": "Inspect the explicit public KFD-2 claim passed into Buildchain release passport generation."
|
|
115
115
|
},
|
|
116
|
+
{
|
|
117
|
+
"id": "kfd-2-foundation-trust-claims",
|
|
118
|
+
"surface": ".buildchain/kfd-2/kfd-foundation.trust-claims.json",
|
|
119
|
+
"participants": ["release-system", "agent-reader", "package-consumer"],
|
|
120
|
+
"purpose": "Inspect generic KFD-2 claims for the KFD package self-dogfood assessment."
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
"id": "kfd-2-foundation-trust-assessment",
|
|
124
|
+
"surface": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json",
|
|
125
|
+
"participants": ["release-system", "agent-reader", "package-consumer"],
|
|
126
|
+
"purpose": "Inspect KFD-2's generic assessment of KFD-1, KFD-3, and KFD-4 claims."
|
|
127
|
+
},
|
|
116
128
|
{
|
|
117
129
|
"id": "site-bundle",
|
|
118
130
|
"surface": "site/kfd-site.json",
|
|
@@ -233,6 +245,22 @@
|
|
|
233
245
|
"discoverability": { "fromMinimalEntrypoint": true, "path": ".buildchain/kfd-2/public-release-trust.claim.json" },
|
|
234
246
|
"maturity": "stable"
|
|
235
247
|
},
|
|
248
|
+
{
|
|
249
|
+
"id": "kfd-2-foundation-trust-claims",
|
|
250
|
+
"kind": "json-api",
|
|
251
|
+
"participants": ["release-system", "maintainer", "agent-reader", "package-consumer"],
|
|
252
|
+
"value": "Generic KFD-2 trust claims used to assess KFD-1, KFD-3, and KFD-4 through one trust model.",
|
|
253
|
+
"discoverability": { "fromMinimalEntrypoint": true, "path": ".buildchain/kfd-2/kfd-foundation.trust-claims.json" },
|
|
254
|
+
"maturity": "stable"
|
|
255
|
+
},
|
|
256
|
+
{
|
|
257
|
+
"id": "kfd-2-foundation-trust-assessment",
|
|
258
|
+
"kind": "json-api",
|
|
259
|
+
"participants": ["release-system", "maintainer", "agent-reader", "package-consumer"],
|
|
260
|
+
"value": "Generic KFD-2 trust assessment result for KFD's own KFD-1, KFD-3, and KFD-4 claims.",
|
|
261
|
+
"discoverability": { "fromMinimalEntrypoint": true, "path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json" },
|
|
262
|
+
"maturity": "stable"
|
|
263
|
+
},
|
|
236
264
|
{
|
|
237
265
|
"id": "kfd-3-self-witnesses",
|
|
238
266
|
"kind": "json-api",
|
|
@@ -250,6 +278,76 @@
|
|
|
250
278
|
"maturity": "stable"
|
|
251
279
|
}
|
|
252
280
|
],
|
|
281
|
+
"valueEvidence": [
|
|
282
|
+
{
|
|
283
|
+
"id": "kfd-foundation-model",
|
|
284
|
+
"claim": "KFD helps humans and agents understand the foundation model before adopting or extending kungfu-systems decisions.",
|
|
285
|
+
"participants": ["human-reader", "agent-reader", "maintainer"],
|
|
286
|
+
"facts": [
|
|
287
|
+
{ "path": "README.md" },
|
|
288
|
+
{ "path": "decisions/KFD-1.md" },
|
|
289
|
+
{ "path": "decisions/KFD-2.md" },
|
|
290
|
+
{ "path": "decisions/KFD-3.md" },
|
|
291
|
+
{ "path": "registry.json" },
|
|
292
|
+
{ "path": "standards.json" }
|
|
293
|
+
],
|
|
294
|
+
"evidence": [
|
|
295
|
+
{ "path": "site/kfd-site.json" },
|
|
296
|
+
{ "path": "scripts/check.mjs" }
|
|
297
|
+
],
|
|
298
|
+
"trustAssessment": {
|
|
299
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
300
|
+
},
|
|
301
|
+
"residualRisk": [
|
|
302
|
+
{
|
|
303
|
+
"id": "human-language-interpretation",
|
|
304
|
+
"definedBy": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk",
|
|
305
|
+
"riskType": "natural-language-semantic-risk",
|
|
306
|
+
"trustImpact": "downgrade-warning",
|
|
307
|
+
"machineProvability": "not-exhaustively-enumerable",
|
|
308
|
+
"agentAction": "semantic-review-required",
|
|
309
|
+
"reason": "The foundation model is published and inspectable, but its full human-language meaning cannot be exhaustively proved from package bytes.",
|
|
310
|
+
"owner": "KFD maintainers"
|
|
311
|
+
}
|
|
312
|
+
]
|
|
313
|
+
},
|
|
314
|
+
{
|
|
315
|
+
"id": "kfd-machine-consumption",
|
|
316
|
+
"claim": "KFD gives agents and release systems machine-readable standards, schemas, package exports, and witnesses so they can consume KFD without relying on private context.",
|
|
317
|
+
"participants": ["agent-reader", "package-consumer", "site-consumer", "release-system"],
|
|
318
|
+
"facts": [
|
|
319
|
+
{ "path": "standards.json" },
|
|
320
|
+
{ "path": "schemas/kfd-3/collaboration-interface.schema.json" },
|
|
321
|
+
{ "path": "schemas/kfd-3/witness.schema.json" },
|
|
322
|
+
{ "path": "package.json#exports" }
|
|
323
|
+
],
|
|
324
|
+
"evidence": [
|
|
325
|
+
{ "path": ".buildchain/kfd-2/kfd-foundation.trust-claims.json" },
|
|
326
|
+
{ "path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json" },
|
|
327
|
+
{ "path": "scripts/check.mjs" }
|
|
328
|
+
],
|
|
329
|
+
"trustAssessment": {
|
|
330
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
331
|
+
}
|
|
332
|
+
},
|
|
333
|
+
{
|
|
334
|
+
"id": "kfd-extension-path",
|
|
335
|
+
"claim": "KFD gives humans and agents a visible extension path when the declared interface or taxonomy is insufficient.",
|
|
336
|
+
"participants": ["agent-reader", "human-reader", "maintainer", "release-system", "package-consumer"],
|
|
337
|
+
"facts": [
|
|
338
|
+
{ "path": "docs/KFD-3-usage.md" },
|
|
339
|
+
{ "path": ".buildchain/kfd-3/collaboration-interface.json" },
|
|
340
|
+
{ "path": "schemas/kfd-2/trust-taxonomy.schema.json" }
|
|
341
|
+
],
|
|
342
|
+
"evidence": [
|
|
343
|
+
{ "path": "docs/KFD-2-usage.md" },
|
|
344
|
+
{ "path": "scripts/check.mjs" }
|
|
345
|
+
],
|
|
346
|
+
"trustAssessment": {
|
|
347
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
348
|
+
}
|
|
349
|
+
}
|
|
350
|
+
],
|
|
253
351
|
"transparentConstraints": [
|
|
254
352
|
{
|
|
255
353
|
"id": "append-only-decisions",
|
|
@@ -10,9 +10,9 @@
|
|
|
10
10
|
"sourceRegistry": {
|
|
11
11
|
"id": "kfd-collaboration-interface",
|
|
12
12
|
"path": ".buildchain/kfd-3/collaboration-interface.json",
|
|
13
|
-
"sha256": "
|
|
13
|
+
"sha256": "fa41128be4ee57a4a40b76d4d7a063c01d7c2e5c53aec2b9c6db819c7a27b22b"
|
|
14
14
|
},
|
|
15
|
-
"collaborationInterfaceDigest": "sha256:
|
|
15
|
+
"collaborationInterfaceDigest": "sha256:fa41128be4ee57a4a40b76d4d7a063c01d7c2e5c53aec2b9c6db819c7a27b22b",
|
|
16
16
|
"collaborationInterface": {
|
|
17
17
|
"schemaVersion": 1,
|
|
18
18
|
"contract": "kfd-3-collaboration-interface",
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"loadBearingCoordinate": "commit-addressed repository contents",
|
|
36
36
|
"stableRenderedIndex": "https://kfd.libkungfu.dev",
|
|
37
37
|
"canonicalPaths": [
|
|
38
|
-
"decisions/
|
|
38
|
+
"decisions/KFD-N.md",
|
|
39
39
|
"registry.json",
|
|
40
40
|
"standards.json"
|
|
41
41
|
],
|
|
@@ -157,6 +157,26 @@
|
|
|
157
157
|
],
|
|
158
158
|
"purpose": "Inspect the explicit public KFD-2 claim passed into Buildchain release passport generation."
|
|
159
159
|
},
|
|
160
|
+
{
|
|
161
|
+
"id": "kfd-2-foundation-trust-claims",
|
|
162
|
+
"surface": ".buildchain/kfd-2/kfd-foundation.trust-claims.json",
|
|
163
|
+
"participants": [
|
|
164
|
+
"release-system",
|
|
165
|
+
"agent-reader",
|
|
166
|
+
"package-consumer"
|
|
167
|
+
],
|
|
168
|
+
"purpose": "Inspect generic KFD-2 claims for the KFD package self-dogfood assessment."
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
"id": "kfd-2-foundation-trust-assessment",
|
|
172
|
+
"surface": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json",
|
|
173
|
+
"participants": [
|
|
174
|
+
"release-system",
|
|
175
|
+
"agent-reader",
|
|
176
|
+
"package-consumer"
|
|
177
|
+
],
|
|
178
|
+
"purpose": "Inspect KFD-2's generic assessment of KFD-1, KFD-3, and KFD-4 claims."
|
|
179
|
+
},
|
|
160
180
|
{
|
|
161
181
|
"id": "site-bundle",
|
|
162
182
|
"surface": "site/kfd-site.json",
|
|
@@ -375,6 +395,38 @@
|
|
|
375
395
|
},
|
|
376
396
|
"maturity": "stable"
|
|
377
397
|
},
|
|
398
|
+
{
|
|
399
|
+
"id": "kfd-2-foundation-trust-claims",
|
|
400
|
+
"kind": "json-api",
|
|
401
|
+
"participants": [
|
|
402
|
+
"release-system",
|
|
403
|
+
"maintainer",
|
|
404
|
+
"agent-reader",
|
|
405
|
+
"package-consumer"
|
|
406
|
+
],
|
|
407
|
+
"value": "Generic KFD-2 trust claims used to assess KFD-1, KFD-3, and KFD-4 through one trust model.",
|
|
408
|
+
"discoverability": {
|
|
409
|
+
"fromMinimalEntrypoint": true,
|
|
410
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-claims.json"
|
|
411
|
+
},
|
|
412
|
+
"maturity": "stable"
|
|
413
|
+
},
|
|
414
|
+
{
|
|
415
|
+
"id": "kfd-2-foundation-trust-assessment",
|
|
416
|
+
"kind": "json-api",
|
|
417
|
+
"participants": [
|
|
418
|
+
"release-system",
|
|
419
|
+
"maintainer",
|
|
420
|
+
"agent-reader",
|
|
421
|
+
"package-consumer"
|
|
422
|
+
],
|
|
423
|
+
"value": "Generic KFD-2 trust assessment result for KFD's own KFD-1, KFD-3, and KFD-4 claims.",
|
|
424
|
+
"discoverability": {
|
|
425
|
+
"fromMinimalEntrypoint": true,
|
|
426
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
427
|
+
},
|
|
428
|
+
"maturity": "stable"
|
|
429
|
+
},
|
|
378
430
|
{
|
|
379
431
|
"id": "kfd-3-self-witnesses",
|
|
380
432
|
"kind": "json-api",
|
|
@@ -405,6 +457,131 @@
|
|
|
405
457
|
"maturity": "stable"
|
|
406
458
|
}
|
|
407
459
|
],
|
|
460
|
+
"valueEvidence": [
|
|
461
|
+
{
|
|
462
|
+
"id": "kfd-foundation-model",
|
|
463
|
+
"claim": "KFD helps humans and agents understand the foundation model before adopting or extending kungfu-systems decisions.",
|
|
464
|
+
"participants": [
|
|
465
|
+
"human-reader",
|
|
466
|
+
"agent-reader",
|
|
467
|
+
"maintainer"
|
|
468
|
+
],
|
|
469
|
+
"facts": [
|
|
470
|
+
{
|
|
471
|
+
"path": "README.md"
|
|
472
|
+
},
|
|
473
|
+
{
|
|
474
|
+
"path": "decisions/KFD-1.md"
|
|
475
|
+
},
|
|
476
|
+
{
|
|
477
|
+
"path": "decisions/KFD-2.md"
|
|
478
|
+
},
|
|
479
|
+
{
|
|
480
|
+
"path": "decisions/KFD-3.md"
|
|
481
|
+
},
|
|
482
|
+
{
|
|
483
|
+
"path": "registry.json"
|
|
484
|
+
},
|
|
485
|
+
{
|
|
486
|
+
"path": "standards.json"
|
|
487
|
+
}
|
|
488
|
+
],
|
|
489
|
+
"evidence": [
|
|
490
|
+
{
|
|
491
|
+
"path": "site/kfd-site.json"
|
|
492
|
+
},
|
|
493
|
+
{
|
|
494
|
+
"path": "scripts/check.mjs"
|
|
495
|
+
}
|
|
496
|
+
],
|
|
497
|
+
"trustAssessment": {
|
|
498
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
499
|
+
},
|
|
500
|
+
"residualRisk": [
|
|
501
|
+
{
|
|
502
|
+
"id": "human-language-interpretation",
|
|
503
|
+
"definedBy": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk",
|
|
504
|
+
"riskType": "natural-language-semantic-risk",
|
|
505
|
+
"trustImpact": "downgrade-warning",
|
|
506
|
+
"machineProvability": "not-exhaustively-enumerable",
|
|
507
|
+
"agentAction": "semantic-review-required",
|
|
508
|
+
"reason": "The foundation model is published and inspectable, but its full human-language meaning cannot be exhaustively proved from package bytes.",
|
|
509
|
+
"owner": "KFD maintainers"
|
|
510
|
+
}
|
|
511
|
+
]
|
|
512
|
+
},
|
|
513
|
+
{
|
|
514
|
+
"id": "kfd-machine-consumption",
|
|
515
|
+
"claim": "KFD gives agents and release systems machine-readable standards, schemas, package exports, and witnesses so they can consume KFD without relying on private context.",
|
|
516
|
+
"participants": [
|
|
517
|
+
"agent-reader",
|
|
518
|
+
"package-consumer",
|
|
519
|
+
"site-consumer",
|
|
520
|
+
"release-system"
|
|
521
|
+
],
|
|
522
|
+
"facts": [
|
|
523
|
+
{
|
|
524
|
+
"path": "standards.json"
|
|
525
|
+
},
|
|
526
|
+
{
|
|
527
|
+
"path": "schemas/kfd-3/collaboration-interface.schema.json"
|
|
528
|
+
},
|
|
529
|
+
{
|
|
530
|
+
"path": "schemas/kfd-3/witness.schema.json"
|
|
531
|
+
},
|
|
532
|
+
{
|
|
533
|
+
"path": "package.json#exports"
|
|
534
|
+
}
|
|
535
|
+
],
|
|
536
|
+
"evidence": [
|
|
537
|
+
{
|
|
538
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-claims.json"
|
|
539
|
+
},
|
|
540
|
+
{
|
|
541
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
542
|
+
},
|
|
543
|
+
{
|
|
544
|
+
"path": "scripts/check.mjs"
|
|
545
|
+
}
|
|
546
|
+
],
|
|
547
|
+
"trustAssessment": {
|
|
548
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
549
|
+
}
|
|
550
|
+
},
|
|
551
|
+
{
|
|
552
|
+
"id": "kfd-extension-path",
|
|
553
|
+
"claim": "KFD gives humans and agents a visible extension path when the declared interface or taxonomy is insufficient.",
|
|
554
|
+
"participants": [
|
|
555
|
+
"agent-reader",
|
|
556
|
+
"human-reader",
|
|
557
|
+
"maintainer",
|
|
558
|
+
"release-system",
|
|
559
|
+
"package-consumer"
|
|
560
|
+
],
|
|
561
|
+
"facts": [
|
|
562
|
+
{
|
|
563
|
+
"path": "docs/KFD-3-usage.md"
|
|
564
|
+
},
|
|
565
|
+
{
|
|
566
|
+
"path": ".buildchain/kfd-3/collaboration-interface.json"
|
|
567
|
+
},
|
|
568
|
+
{
|
|
569
|
+
"path": "schemas/kfd-2/trust-taxonomy.schema.json"
|
|
570
|
+
}
|
|
571
|
+
],
|
|
572
|
+
"evidence": [
|
|
573
|
+
{
|
|
574
|
+
"path": "docs/KFD-2-usage.md"
|
|
575
|
+
},
|
|
576
|
+
{
|
|
577
|
+
"path": "scripts/check.mjs"
|
|
578
|
+
}
|
|
579
|
+
],
|
|
580
|
+
"trustAssessment": {
|
|
581
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
582
|
+
}
|
|
583
|
+
}
|
|
584
|
+
],
|
|
408
585
|
"transparentConstraints": [
|
|
409
586
|
{
|
|
410
587
|
"id": "append-only-decisions",
|
|
@@ -654,6 +831,28 @@
|
|
|
654
831
|
"public": true,
|
|
655
832
|
"sourcePath": ".buildchain/kfd-2/public-release-trust.claim.json"
|
|
656
833
|
},
|
|
834
|
+
{
|
|
835
|
+
"id": "kfd-2-foundation-trust-claims",
|
|
836
|
+
"name": "kfd-2-foundation-trust-claims",
|
|
837
|
+
"kind": "json-api",
|
|
838
|
+
"participantProfile": "release-system,maintainer,agent-reader,package-consumer",
|
|
839
|
+
"availability": "stable",
|
|
840
|
+
"visibility": "public",
|
|
841
|
+
"participantFacing": true,
|
|
842
|
+
"public": true,
|
|
843
|
+
"sourcePath": ".buildchain/kfd-2/kfd-foundation.trust-claims.json"
|
|
844
|
+
},
|
|
845
|
+
{
|
|
846
|
+
"id": "kfd-2-foundation-trust-assessment",
|
|
847
|
+
"name": "kfd-2-foundation-trust-assessment",
|
|
848
|
+
"kind": "json-api",
|
|
849
|
+
"participantProfile": "release-system,maintainer,agent-reader,package-consumer",
|
|
850
|
+
"availability": "stable",
|
|
851
|
+
"visibility": "public",
|
|
852
|
+
"participantFacing": true,
|
|
853
|
+
"public": true,
|
|
854
|
+
"sourcePath": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json"
|
|
855
|
+
},
|
|
657
856
|
{
|
|
658
857
|
"id": "kfd-3-self-witnesses",
|
|
659
858
|
"name": "kfd-3-self-witnesses",
|
|
@@ -725,7 +924,7 @@
|
|
|
725
924
|
{
|
|
726
925
|
"id": "doc:readme",
|
|
727
926
|
"sourcePath": "README.md",
|
|
728
|
-
"sha256": "
|
|
927
|
+
"sha256": "5843355e9758ffd06488486f77fbdbaa9afe78bee8cdde2d82c75a132ff982f5"
|
|
729
928
|
},
|
|
730
929
|
{
|
|
731
930
|
"id": "doc:trademarks",
|
|
@@ -735,36 +934,46 @@
|
|
|
735
934
|
{
|
|
736
935
|
"id": "doc:docs-map",
|
|
737
936
|
"sourcePath": "docs/MAP.md",
|
|
738
|
-
"sha256": "
|
|
937
|
+
"sha256": "249e0d188993906aca3e0538c236e3b74fe90474dac34234d6ae83659f0627cf"
|
|
739
938
|
},
|
|
740
939
|
{
|
|
741
|
-
"id": "doc:kfd-
|
|
742
|
-
"sourcePath": "docs/
|
|
743
|
-
"sha256": "
|
|
940
|
+
"id": "doc:kfd-1-usage",
|
|
941
|
+
"sourcePath": "docs/KFD-1-usage.md",
|
|
942
|
+
"sha256": "3b9691cdd9c0a28c1e428e1cb421939cb17deab37d99c39caff13c058c63846a"
|
|
744
943
|
},
|
|
745
944
|
{
|
|
746
|
-
"id": "doc:kfd-
|
|
747
|
-
"sourcePath": "docs/
|
|
748
|
-
"sha256": "
|
|
945
|
+
"id": "doc:kfd-2-usage",
|
|
946
|
+
"sourcePath": "docs/KFD-2-usage.md",
|
|
947
|
+
"sha256": "ff800c6b46d1909c2f0414d9e0c8ae2219edc83a59a066cafda5c970cac3471d"
|
|
948
|
+
},
|
|
949
|
+
{
|
|
950
|
+
"id": "doc:kfd-3-usage",
|
|
951
|
+
"sourcePath": "docs/KFD-3-usage.md",
|
|
952
|
+
"sha256": "21ffa3193fa9c74a53ac890c48591ab768fa0871cb4e9cb265e5eae199ec63f7"
|
|
953
|
+
},
|
|
954
|
+
{
|
|
955
|
+
"id": "doc:kfd-4-usage",
|
|
956
|
+
"sourcePath": "docs/KFD-4-usage.md",
|
|
957
|
+
"sha256": "4c223ab68fce18cf881efd268508f57438da8dcf22834f7c032ef3b63a905347"
|
|
749
958
|
},
|
|
750
959
|
{
|
|
751
960
|
"id": "decision:kfd-1",
|
|
752
|
-
"sourcePath": "decisions/
|
|
753
|
-
"sha256": "
|
|
961
|
+
"sourcePath": "decisions/KFD-1.md",
|
|
962
|
+
"sha256": "0b7b1ec54d661b271f91f02cefa97b11e1d1ef9c637efd2d1878d5f9c9185d80"
|
|
754
963
|
},
|
|
755
964
|
{
|
|
756
965
|
"id": "decision:kfd-2",
|
|
757
|
-
"sourcePath": "decisions/
|
|
758
|
-
"sha256": "
|
|
966
|
+
"sourcePath": "decisions/KFD-2.md",
|
|
967
|
+
"sha256": "6bc01776e478afc802c57c4e21a40bcfebf170f90ae039345d883c292053b622"
|
|
759
968
|
},
|
|
760
969
|
{
|
|
761
970
|
"id": "decision:kfd-3",
|
|
762
|
-
"sourcePath": "decisions/
|
|
763
|
-
"sha256": "
|
|
971
|
+
"sourcePath": "decisions/KFD-3.md",
|
|
972
|
+
"sha256": "049a7694f50e48774f3f1f74edccb46f0397a61211c027ab0eaa77e12d4e3f14"
|
|
764
973
|
},
|
|
765
974
|
{
|
|
766
975
|
"id": "decision:kfd-4",
|
|
767
|
-
"sourcePath": "decisions/
|
|
976
|
+
"sourcePath": "decisions/KFD-4.md",
|
|
768
977
|
"sha256": "7077a6446c8baa60d85426780cb7b2bee488133196b6f53d74f0eb151f6e26e4"
|
|
769
978
|
}
|
|
770
979
|
],
|
|
@@ -772,23 +981,33 @@
|
|
|
772
981
|
{
|
|
773
982
|
"id": "schema:kfd-standards",
|
|
774
983
|
"sourcePath": "schemas/kfd-standards.schema.json",
|
|
775
|
-
"sha256": "
|
|
984
|
+
"sha256": "1ad05c1e3dd76571e359841f12ffc3620db8ede626eda8ff6393407ffad710c1"
|
|
776
985
|
},
|
|
777
986
|
{
|
|
778
987
|
"id": "schema:kfd-1:contract-world",
|
|
779
988
|
"sourcePath": "schemas/kfd-1/contract-world.schema.json",
|
|
780
|
-
"sha256": "
|
|
989
|
+
"sha256": "412d22385cd81a72798cc649c5ddfa961b6ae91ec2727d4300261a55fa5036f3"
|
|
781
990
|
},
|
|
782
991
|
{
|
|
783
992
|
"id": "schema:kfd-1:witness",
|
|
784
993
|
"sourcePath": "schemas/kfd-1/witness.schema.json",
|
|
785
|
-
"sha256": "
|
|
994
|
+
"sha256": "354e6d0691be8a4c6dfd296fa9a175bb2a3998fdefa70842f2fa2fa441f52cb1"
|
|
786
995
|
},
|
|
787
996
|
{
|
|
788
997
|
"id": "schema:kfd-2:trust-taxonomy",
|
|
789
998
|
"sourcePath": "schemas/kfd-2/trust-taxonomy.schema.json",
|
|
790
999
|
"sha256": "a663d301a663cadb8567e3010361f5a630b76b6518ed7603dfd58cbd4e64a658"
|
|
791
1000
|
},
|
|
1001
|
+
{
|
|
1002
|
+
"id": "schema:kfd-2:trust-claims",
|
|
1003
|
+
"sourcePath": "schemas/kfd-2/trust-claims.schema.json",
|
|
1004
|
+
"sha256": "5f452a5973502273f0249116b3a4171549a84515d8ba5286a09f173db4f0e03a"
|
|
1005
|
+
},
|
|
1006
|
+
{
|
|
1007
|
+
"id": "schema:kfd-2:trust-assessment",
|
|
1008
|
+
"sourcePath": "schemas/kfd-2/trust-assessment.schema.json",
|
|
1009
|
+
"sha256": "cdb56fb16d0d2e91e4a9ebaff9cefc212a70fd22701e1185ca75d66af6172a51"
|
|
1010
|
+
},
|
|
792
1011
|
{
|
|
793
1012
|
"id": "schema:kfd-2:release-claims",
|
|
794
1013
|
"sourcePath": "schemas/kfd-2/release-claims.schema.json",
|
|
@@ -802,12 +1021,12 @@
|
|
|
802
1021
|
{
|
|
803
1022
|
"id": "schema:kfd-3:collaboration-interface",
|
|
804
1023
|
"sourcePath": "schemas/kfd-3/collaboration-interface.schema.json",
|
|
805
|
-
"sha256": "
|
|
1024
|
+
"sha256": "6526be8e59d2f0f645e7f67a8f63a93f017a2dac62701147d49c5f391c5483a3"
|
|
806
1025
|
},
|
|
807
1026
|
{
|
|
808
1027
|
"id": "schema:kfd-3:witness",
|
|
809
1028
|
"sourcePath": "schemas/kfd-3/witness.schema.json",
|
|
810
|
-
"sha256": "
|
|
1029
|
+
"sha256": "86567c1d5d32ac2ce621a596c08d2702c0facea0d0cfcb836ac31a170dc19779"
|
|
811
1030
|
},
|
|
812
1031
|
{
|
|
813
1032
|
"id": "schema:kfd-4:observer-perspective",
|
|
@@ -819,51 +1038,61 @@
|
|
|
819
1038
|
{
|
|
820
1039
|
"id": "metadata:registry",
|
|
821
1040
|
"sourcePath": "registry.json",
|
|
822
|
-
"sha256": "
|
|
1041
|
+
"sha256": "003842480fb9b3b8847735db729bc94bace4f60a25e730df839f4cb74c9f1ab5"
|
|
823
1042
|
},
|
|
824
1043
|
{
|
|
825
1044
|
"id": "metadata:standards",
|
|
826
1045
|
"sourcePath": "standards.json",
|
|
827
|
-
"sha256": "
|
|
1046
|
+
"sha256": "68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4"
|
|
828
1047
|
},
|
|
829
1048
|
{
|
|
830
1049
|
"id": "metadata:release-impact",
|
|
831
1050
|
"sourcePath": "release-impact.json",
|
|
832
|
-
"sha256": "
|
|
1051
|
+
"sha256": "685f65d10491593d28321431eee315bb5fbbedd2d1ccec0747f4a37547b3124a"
|
|
833
1052
|
},
|
|
834
1053
|
{
|
|
835
1054
|
"id": "metadata:release-anchor",
|
|
836
1055
|
"sourcePath": "kfd.release.json",
|
|
837
|
-
"sha256": "
|
|
1056
|
+
"sha256": "128788929dadbf25aa60283c5c5a7f79afd971627c378edd7d85546ee2038f22"
|
|
838
1057
|
},
|
|
839
1058
|
{
|
|
840
1059
|
"id": "metadata:buildchain-contract-lock",
|
|
841
1060
|
"sourcePath": "buildchain.contract-lock.json",
|
|
842
|
-
"sha256": "
|
|
1061
|
+
"sha256": "b01c166a59bec6d73e882a69d9d91fbb98f1132558a417f4654c19889af6f0b9"
|
|
843
1062
|
},
|
|
844
1063
|
{
|
|
845
1064
|
"id": "metadata:kfd-2-public-release-trust-claim",
|
|
846
1065
|
"sourcePath": ".buildchain/kfd-2/public-release-trust.claim.json",
|
|
847
|
-
"sha256": "
|
|
1066
|
+
"sha256": "22c5b4fcbb0f57d8b61c109e3ff9ea782847e090b577bec546d5aa129b12996a"
|
|
1067
|
+
},
|
|
1068
|
+
{
|
|
1069
|
+
"id": "metadata:kfd-2-foundation-trust-claims",
|
|
1070
|
+
"sourcePath": ".buildchain/kfd-2/kfd-foundation.trust-claims.json",
|
|
1071
|
+
"sha256": "516fe8d96ddecbf4ebb32315fc1b5658e3e56c4180aca97eac2a9ab2c9208679"
|
|
1072
|
+
},
|
|
1073
|
+
{
|
|
1074
|
+
"id": "metadata:kfd-2-foundation-trust-assessment",
|
|
1075
|
+
"sourcePath": ".buildchain/kfd-2/kfd-foundation.trust-assessment.json",
|
|
1076
|
+
"sha256": "287d684a91830455580cee8dba44522a794826ce2255f4bde12f93025dc3b112"
|
|
848
1077
|
}
|
|
849
1078
|
],
|
|
850
1079
|
"packageExports": [
|
|
851
1080
|
{
|
|
852
1081
|
"id": "export:package-json",
|
|
853
1082
|
"sourcePath": "package.json#exports",
|
|
854
|
-
"sha256": "
|
|
1083
|
+
"sha256": "25ae49f5ab1c34d07d066b7e8fbe49284808bbf10b3c3b2ebe06373be1020854"
|
|
855
1084
|
},
|
|
856
1085
|
{
|
|
857
1086
|
"id": "export:npm-files",
|
|
858
1087
|
"sourcePath": "package.json#files",
|
|
859
|
-
"sha256": "
|
|
1088
|
+
"sha256": "25ae49f5ab1c34d07d066b7e8fbe49284808bbf10b3c3b2ebe06373be1020854"
|
|
860
1089
|
}
|
|
861
1090
|
],
|
|
862
1091
|
"siteConsumptionContracts": [
|
|
863
1092
|
{
|
|
864
1093
|
"id": "site:kfd-site-bundle",
|
|
865
1094
|
"sourcePath": "site/kfd-site.json",
|
|
866
|
-
"sha256": "
|
|
1095
|
+
"sha256": "f416265ea3c2aed6b8cc63f3aef35b4c2c2f8f967a0cf45433f1efcf60b3c825"
|
|
867
1096
|
},
|
|
868
1097
|
{
|
|
869
1098
|
"id": "site:release-propagation",
|
package/README.md
CHANGED
|
@@ -178,9 +178,12 @@ Agents consuming this package should start from the same sources as humans:
|
|
|
178
178
|
interface fact-source metadata to identify the public KFD fact source.
|
|
179
179
|
4. Use `schemas/kfd-2/trust-taxonomy.schema.json` for KFD-2 residual-risk and
|
|
180
180
|
trust-downgrade values. Unknown taxonomy values are invalid.
|
|
181
|
-
5. Use `schemas/kfd-
|
|
181
|
+
5. Use `schemas/kfd-2/trust-claims.schema.json` and
|
|
182
|
+
`schemas/kfd-2/trust-assessment.schema.json` when a claim needs generic
|
|
183
|
+
KFD-2 assessment instead of a release-specific passport.
|
|
184
|
+
6. Use `schemas/kfd-3/collaboration-interface.schema.json` and
|
|
182
185
|
`schemas/kfd-3/witness.schema.json` to inspect collaboration interfaces.
|
|
183
|
-
|
|
186
|
+
7. If a needed KFD-2 taxonomy value is missing, open a KFD GitHub issue rather
|
|
184
187
|
than inventing a local value:
|
|
185
188
|
`https://github.com/kungfu-systems/kfd/issues/new?title=KFD-2%20trust%20taxonomy%20extension%20request`.
|
|
186
189
|
|
|
@@ -190,11 +193,13 @@ additions may keep the same interface version; semantic changes, required-field
|
|
|
190
193
|
changes, verification meaning changes, or responsibility-boundary changes must
|
|
191
194
|
use a new interface version or contract.
|
|
192
195
|
|
|
193
|
-
KFD-2 publishes trust-taxonomy,
|
|
194
|
-
schemas under `schemas/kfd-2/`.
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
196
|
+
KFD-2 publishes trust-taxonomy, trust-claims, trust-assessment,
|
|
197
|
+
release-claims, and release-trust-passport schemas under `schemas/kfd-2/`.
|
|
198
|
+
The generic schemas let humans, agents, Buildchain, and other systems assess
|
|
199
|
+
whether claims about KFD-1, KFD-3, KFD-4, future KFDs, or product surfaces are
|
|
200
|
+
bound to source facts, evidence, hashes, audit boundaries, residual risk, and
|
|
201
|
+
responsibility state. The release schemas are a release-specific projection of
|
|
202
|
+
that model. See [`docs/KFD-2-usage.md`](docs/KFD-2-usage.md).
|
|
198
203
|
|
|
199
204
|
KFD-3 also publishes a general collaboration-interface schema and witness
|
|
200
205
|
schema under `schemas/kfd-3/`. These schemas are for participant-facing product
|
|
@@ -202,7 +207,7 @@ interfaces, not only agent APIs. A product such as Kungfu may implement an
|
|
|
202
207
|
agent-first profile, but that profile remains a product-specific realization of
|
|
203
208
|
KFD-3. The KFD-owned boundary is the standard vocabulary, schema IDs, and
|
|
204
209
|
closed-world evidence shape. See
|
|
205
|
-
[`docs/
|
|
210
|
+
[`docs/KFD-3-usage.md`](docs/KFD-3-usage.md).
|
|
206
211
|
|
|
207
212
|
KFD-4 publishes an observer-perspective schema under `schemas/kfd-4/`. It gives
|
|
208
213
|
humans and agents a standard vocabulary for observer, accepted facts,
|
|
@@ -213,10 +218,10 @@ state when a product shows a perspective-bearing timeline.
|
|
|
213
218
|
|
|
214
219
|
| ID | Kind | Axiom | Status |
|
|
215
220
|
|---|---|---|---|
|
|
216
|
-
| [KFD-1](decisions/
|
|
217
|
-
| [KFD-2](decisions/
|
|
218
|
-
| [KFD-3](decisions/
|
|
219
|
-
| [KFD-4](decisions/
|
|
221
|
+
| [KFD-1](decisions/KFD-1.md) | procedure | Facts must not drift. | active |
|
|
222
|
+
| [KFD-2](decisions/KFD-2.md) | principle | Trust must start from facts. | active |
|
|
223
|
+
| [KFD-3](decisions/KFD-3.md) | principle | Cooperation must start from trusted value. | active |
|
|
224
|
+
| [KFD-4](decisions/KFD-4.md) | procedure | Timelines must declare their observer. | active |
|
|
220
225
|
|
|
221
226
|
## Decision metadata
|
|
222
227
|
|
|
@@ -229,7 +234,7 @@ Decision metadata should expose:
|
|
|
229
234
|
|
|
230
235
|
- Public fact source: `https://github.com/kungfu-systems/kfd`
|
|
231
236
|
- Load-bearing coordinate: commit-addressed repository contents.
|
|
232
|
-
- Canonical paths: `decisions/
|
|
237
|
+
- Canonical paths: `decisions/KFD-N.md`, `registry.json`, `standards.json`.
|
|
233
238
|
- Stable rendered index: `https://kfd.libkungfu.dev`.
|
|
234
239
|
- Rendered URL: `https://kfd.libkungfu.dev/N`.
|
|
235
240
|
|
|
@@ -3,13 +3,13 @@
|
|
|
3
3
|
"contract": "kungfu-buildchain-contract-lock",
|
|
4
4
|
"buildchain": {
|
|
5
5
|
"ref": "v2",
|
|
6
|
-
"resolvedSha": "
|
|
6
|
+
"resolvedSha": "7073acd84765df11260f825abdcfdd7e57379fd8",
|
|
7
7
|
"contract": "kungfu-buildchain-runtime-contract-world",
|
|
8
|
-
"contractDigest": "sha256:
|
|
9
|
-
"compatibilityDigest": "sha256:
|
|
8
|
+
"contractDigest": "sha256:657034ebc39315b3450cd4c4356af2529b6a2ad03d0df680ec6010f3396df52d",
|
|
9
|
+
"compatibilityDigest": "sha256:967df7e854fdf582294ddfb6403eff25c00db9518a24051e7d47cbd75527c785",
|
|
10
10
|
"majorLine": "v2",
|
|
11
11
|
"compatibilityPolicy": "major-compatible",
|
|
12
|
-
"acceptedAt": "2026-07-
|
|
12
|
+
"acceptedAt": "2026-07-08T13:48:44.565Z",
|
|
13
13
|
"surfaces": [
|
|
14
14
|
{
|
|
15
15
|
"id": "reusable-build",
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
{
|
|
30
30
|
"id": "promote-buildchain-ref-action",
|
|
31
31
|
"kind": "action",
|
|
32
|
-
"breakingDigest": "sha256:
|
|
32
|
+
"breakingDigest": "sha256:0c5896590c8c9a44dfecbe060bcef1b43d3a9556737309dbe7e5f2bf83bfee6c"
|
|
33
33
|
},
|
|
34
34
|
{
|
|
35
35
|
"id": "report-buildchain-issue-action",
|