@kungfu-tech/kfd 1.0.0-alpha.19 → 1.0.0-alpha.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.buildchain/kfd-1/contract-world.witness.json +579 -91
- package/.buildchain/kfd-2/kfd-foundation.trust-assessment.json +238 -0
- package/.buildchain/kfd-2/kfd-foundation.trust-claims.json +225 -0
- package/.buildchain/kfd-2/public-release-trust.claim.json +30 -18
- package/.buildchain/kfd-3/collaboration-interface.artifact.json +242 -57
- package/.buildchain/kfd-3/collaboration-interface.json +99 -1
- package/.buildchain/kfd-3/collaboration-interface.prebuild.json +261 -32
- package/README.md +18 -13
- package/buildchain.contract-lock.json +5 -5
- package/decisions/{kfd-1.md → KFD-1.md} +40 -12
- package/decisions/{kfd-2.md → KFD-2.md} +37 -4
- package/decisions/{kfd-3.md → KFD-3.md} +17 -1
- package/docs/KFD-1-usage.md +37 -0
- package/docs/KFD-2-usage.md +123 -0
- package/docs/{kfd-3-collaboration-interface.md → KFD-3-usage.md} +21 -0
- package/docs/KFD-4-usage.md +31 -0
- package/docs/MAP.md +13 -7
- package/kfd.release.json +1 -1
- package/package.json +3 -1
- package/registry.json +4 -4
- package/release-impact.json +41 -5
- package/schemas/kfd-1/contract-world.schema.json +67 -4
- package/schemas/kfd-1/witness.schema.json +113 -0
- package/schemas/kfd-2/trust-assessment.schema.json +313 -0
- package/schemas/kfd-2/trust-claims.schema.json +334 -0
- package/schemas/kfd-3/collaboration-interface.schema.json +60 -0
- package/schemas/kfd-3/witness.schema.json +8 -0
- package/schemas/kfd-standards.schema.json +124 -0
- package/scripts/check.mjs +256 -12
- package/scripts/update-kfd-1-witness.mjs +17 -6
- package/scripts/update-kfd-2-claim.mjs +226 -5
- package/scripts/update-kfd-3-witness.mjs +35 -3
- package/scripts/update-site-bundle.mjs +32 -2
- package/site/kfd-site.json +67 -4
- package/standards.json +634 -11
- package/docs/kfd-2-release-trust.md +0 -78
- /package/decisions/{kfd-4.md → KFD-4.md} +0 -0
|
@@ -44,8 +44,10 @@ when either holds:
|
|
|
44
44
|
- **(b) Cross-time dependency** — its outputs remain depended on after the run
|
|
45
45
|
(persisted data, audit evidence, replayable records).
|
|
46
46
|
|
|
47
|
-
Each entry carries a stable kebab-case ID.
|
|
48
|
-
|
|
47
|
+
Each entry carries a stable kebab-case ID. A surface may be
|
|
48
|
+
`integration-time`, `cross-time`, or both. Registers live in each repository's
|
|
49
|
+
contract-world metadata or versioning document and are the input to every
|
|
50
|
+
classification below.
|
|
49
51
|
|
|
50
52
|
## Concrete case: config contracts
|
|
51
53
|
|
|
@@ -61,21 +63,44 @@ steps, and the final product must consume the same contract mechanism. It is
|
|
|
61
63
|
not enough for the packaged artifact to be internally consistent if the
|
|
62
64
|
developer path used a different, driftable config source.
|
|
63
65
|
|
|
64
|
-
## The
|
|
66
|
+
## The compatibility impact core
|
|
65
67
|
|
|
66
|
-
Classify the actual diff against the register; the
|
|
68
|
+
Classify the actual diff against the register; the strongest match wins:
|
|
67
69
|
|
|
68
70
|
| # | Condition | Verdict |
|
|
69
71
|
|---|---|---|
|
|
70
|
-
| 1 | **Breaks** any registered surface (removal, semantic change, layout change, incompatible rename — a semantic change counts as breakage even when shapes are unchanged: changed defaults, changed channel meaning, a newly required field) | **
|
|
71
|
-
| 2 | **Additively evolves** a registered surface, or **adds** a surface consumers will weld to | **
|
|
72
|
-
| 3 | Touches no registered surface | **
|
|
73
|
-
| 4 | **Cannot be classified** | **Do not guess.** The register is deficient: fix the register first (a maintainer decision), then reclassify |
|
|
72
|
+
| 1 | **Breaks** any registered surface (removal, semantic change, layout change, incompatible rename — a semantic change counts as breakage even when shapes are unchanged: changed defaults, changed channel meaning, a newly required field) | **breaking impact** |
|
|
73
|
+
| 2 | **Additively evolves** a registered surface, or **adds** a surface consumers will weld to | **additive impact** (register the new surface at the same time) |
|
|
74
|
+
| 3 | Touches no registered surface | **no registered-surface impact** — regardless of how large the implementation change is |
|
|
75
|
+
| 4 | **Cannot be classified** | **unclassifiable impact. Do not guess.** The register is deficient: fix the register first (a maintainer decision), then reclassify |
|
|
74
76
|
|
|
75
77
|
Rule 4 is the safety valve: it forces the irreducible judgment (what counts as
|
|
76
78
|
a welded surface) to a maintainer instead of letting a change silently pick
|
|
77
79
|
the convenient answer.
|
|
78
80
|
|
|
81
|
+
These four impact classes are the KFD-1 core. They are not inherently release
|
|
82
|
+
version numbers. A product must project them into the control action that
|
|
83
|
+
matches its domain: version line movement, config migration, ABI epoch, API
|
|
84
|
+
namespace, release gate, runtime compatibility bridge, or user workflow gate.
|
|
85
|
+
|
|
86
|
+
## Release versioning projection
|
|
87
|
+
|
|
88
|
+
For release versioning, the compatibility impact core projects to semver:
|
|
89
|
+
|
|
90
|
+
| Compatibility impact | Release verdict |
|
|
91
|
+
|---|---|
|
|
92
|
+
| breaking impact | **major** |
|
|
93
|
+
| additive impact | **minor** |
|
|
94
|
+
| no registered-surface impact | **patch** |
|
|
95
|
+
| unclassifiable impact | **block release; fix the register first** |
|
|
96
|
+
|
|
97
|
+
This projection is the first implementation case, not the whole principle.
|
|
98
|
+
Other domains must keep the same impact core while choosing their own action:
|
|
99
|
+
config contracts may require a migration bridge or rejected old config, ABIs
|
|
100
|
+
may require a new soname or ABI epoch, APIs may require a namespace or endpoint
|
|
101
|
+
compatibility boundary, and agent/UI surfaces may require explicit workflow or
|
|
102
|
+
command migration.
|
|
103
|
+
|
|
79
104
|
## Constraint clauses
|
|
80
105
|
|
|
81
106
|
- **Reverse prohibition.** A line must not be opened for feature volume,
|
|
@@ -87,7 +112,8 @@ the convenient answer.
|
|
|
87
112
|
self-archivable inputs, and no hard coupling to a maintainer-operated
|
|
88
113
|
service.
|
|
89
114
|
- **Decision time.** The verdict is checked against the final diff before the
|
|
90
|
-
|
|
115
|
+
action gate that depends on it; for releases this is checked before
|
|
116
|
+
promotion into the alpha channel. Planning-time classification is only a
|
|
91
117
|
prediction.
|
|
92
118
|
- **Major dignity.** A major release communicates exactly one thing: something
|
|
93
119
|
you welded to broke and you must re-audit. An empty major — one that breaks
|
|
@@ -118,9 +144,11 @@ the convenient answer.
|
|
|
118
144
|
|
|
119
145
|
## The decision log
|
|
120
146
|
|
|
121
|
-
Line openings (minor/major), register changes,
|
|
122
|
-
recorded in the repository's
|
|
123
|
-
|
|
147
|
+
Line openings (minor/major), register changes, deprecations, and other
|
|
148
|
+
compatibility-impact decisions must be recorded in the repository's
|
|
149
|
+
contract-world or versioning document. Release patches stay silent — silence
|
|
150
|
+
is itself the signal that no registered surface was touched in the release
|
|
151
|
+
projection.
|
|
124
152
|
|
|
125
153
|
One markdown table row per event, newest first:
|
|
126
154
|
|
|
@@ -23,7 +23,9 @@ KFDs can be principles or procedures:
|
|
|
23
23
|
|
|
24
24
|
This KFD is a principle. KFD-1 is the procedure that keeps the fact sources
|
|
25
25
|
under this principle from drifting. KFD-3 is the principle that governs how
|
|
26
|
-
humans and agents cooperate once facts and trust are visible.
|
|
26
|
+
humans and agents cooperate once facts and trust are visible. KFD-4 is a
|
|
27
|
+
procedure whose observer-perspective claims can also be assessed under this
|
|
28
|
+
principle.
|
|
27
29
|
|
|
28
30
|
## Foundation role
|
|
29
31
|
|
|
@@ -38,6 +40,10 @@ before the product has made the relevant facts inspectable. KFD-1 protects the
|
|
|
38
40
|
non-drifting fact source those claims stand on. KFD-3 protects the relationship
|
|
39
41
|
with the human or agent who must understand and act on those facts.
|
|
40
42
|
|
|
43
|
+
KFD-2 is not a checker for only one other KFD. It is the generic trust
|
|
44
|
+
adjudication layer for any KFD claim, product claim, artifact claim, control
|
|
45
|
+
surface claim, or release claim that asks a human or agent to rely on it.
|
|
46
|
+
|
|
41
47
|
## Principle
|
|
42
48
|
|
|
43
49
|
When a kungfu-systems product represents work or control, its default path
|
|
@@ -71,6 +77,27 @@ leaves enough evidence for later review.
|
|
|
71
77
|
- Hosted or cloud convenience may add synchronization, storage, compute, and
|
|
72
78
|
collaboration, but it must not become the only place where the truth exists.
|
|
73
79
|
|
|
80
|
+
## Generic trust assessment model
|
|
81
|
+
|
|
82
|
+
Every KFD-2 trust assessment starts from a claim. The claim may be about a
|
|
83
|
+
release, but it may also be about a contract world, a collaboration interface,
|
|
84
|
+
an observer perspective, a config surface, an API, an ABI, a GUI surface, a
|
|
85
|
+
runtime fact, documentation, or another product surface.
|
|
86
|
+
|
|
87
|
+
A claim is trustable only when the assessment can state:
|
|
88
|
+
|
|
89
|
+
- what the claim is about;
|
|
90
|
+
- which facts the claim binds to;
|
|
91
|
+
- which evidence was checked;
|
|
92
|
+
- what can be machine verified;
|
|
93
|
+
- what remains a residual risk;
|
|
94
|
+
- who owns source facts, verification, and the trust decision;
|
|
95
|
+
- whether the result is pass, warning, fail, or unverifiable.
|
|
96
|
+
|
|
97
|
+
This model is intentionally general. KFD-1, KFD-3, KFD-4, and future KFDs can
|
|
98
|
+
provide claims that KFD-2 assesses. Release trust passports are one projection
|
|
99
|
+
of this model, not the model itself.
|
|
100
|
+
|
|
74
101
|
## What it does not require
|
|
75
102
|
|
|
76
103
|
- It does not require every product to be a journal engine or runtime ledger.
|
|
@@ -111,12 +138,18 @@ README says so. It publishes inspectable facts: decision documents,
|
|
|
111
138
|
metadata, and conformance checks.
|
|
112
139
|
|
|
113
140
|
KFD-2 also owns the trust taxonomy used by release claims, release trust
|
|
114
|
-
passports,
|
|
115
|
-
fail validation until KFD records them
|
|
116
|
-
`schemas/kfd-2/trust-taxonomy.schema.json`. When an agent needs a new value,
|
|
141
|
+
passports, KFD-3 witnesses, and generic trust assessments. Unknown
|
|
142
|
+
residual-risk or trust-downgrade values fail validation until KFD records them
|
|
143
|
+
in `schemas/kfd-2/trust-taxonomy.schema.json`. When an agent needs a new value,
|
|
117
144
|
the declared extension path is to open an issue in
|
|
118
145
|
`https://github.com/kungfu-systems/kfd` rather than inventing a private value.
|
|
119
146
|
|
|
147
|
+
The package dogfoods this model through
|
|
148
|
+
`.buildchain/kfd-2/kfd-foundation.trust-claims.json` and
|
|
149
|
+
`.buildchain/kfd-2/kfd-foundation.trust-assessment.json`. Those files assess
|
|
150
|
+
KFD-1's contract-world claim, KFD-3's collaboration-interface claim, and KFD-4's
|
|
151
|
+
observer-perspective claim through the same KFD-2 structure.
|
|
152
|
+
|
|
120
153
|
## Adopters
|
|
121
154
|
|
|
122
155
|
Each adopting repository cites this KFD when designing or changing a fact
|
|
@@ -97,6 +97,13 @@ human-readable facts wherever possible. A capable agent should be able to learn
|
|
|
97
97
|
the product's value, and why that value can be trusted, by inspecting the
|
|
98
98
|
product's own facts and commands.
|
|
99
99
|
|
|
100
|
+
Trusted value is therefore not only a product promise or persuasive sentence.
|
|
101
|
+
A collaboration interface should bind important value claims to explicit value
|
|
102
|
+
evidence: the facts that make the value claim inspectable, the artifacts or
|
|
103
|
+
checks that prove those facts are present, and the KFD-2 trust assessment or
|
|
104
|
+
residual-risk state that tells participants how much weight to place on the
|
|
105
|
+
claim.
|
|
106
|
+
|
|
100
107
|
### 3. Use constraints as transparent safety, not hidden control
|
|
101
108
|
|
|
102
109
|
Hard constraints are legitimate when they protect users, agents, work products,
|
|
@@ -165,6 +172,12 @@ KFD-1 protects the fact-source layer. KFD-2 protects the trust layer. KFD-3
|
|
|
165
172
|
protects the relationship with the intelligent participant who must decide
|
|
166
173
|
whether the offered value is trustworthy enough to walk that path.
|
|
167
174
|
|
|
175
|
+
In machine-readable profiles, this means KFD-3 collaboration interfaces should
|
|
176
|
+
not merely list surfaces and constraints. They should also declare value
|
|
177
|
+
evidence that can be evaluated through the KFD-2 trust model. KFD-2 can then
|
|
178
|
+
say which parts are machine-checkable, which parts remain semantic residual
|
|
179
|
+
risk, and what an agent should do next.
|
|
180
|
+
|
|
168
181
|
## Implementation case: the KFD package
|
|
169
182
|
|
|
170
183
|
The `@kungfu-tech/kfd` npm package is a self-proof case for this principle.
|
|
@@ -172,7 +185,10 @@ Its README gives humans and agents the same quickstart path. `standards.json`
|
|
|
172
185
|
gives stable standard identity, schema IDs, and concept names. The KFD-3
|
|
173
186
|
schemas define collaboration interfaces, witnesses, and extension requests, so
|
|
174
187
|
an agent can discover both the valid interface and the standard path for asking
|
|
175
|
-
to extend it.
|
|
188
|
+
to extend it. The KFD-3 collaboration interface also declares value evidence
|
|
189
|
+
that points to KFD-owned facts, package surfaces, and the KFD-2 generic trust
|
|
190
|
+
assessment, so an agent can inspect why KFD's claimed value is trustable before
|
|
191
|
+
cooperating.
|
|
176
192
|
|
|
177
193
|
For example, if an agent needs a KFD-2 trust-taxonomy value that does not
|
|
178
194
|
exist, the KFD-3 collaboration path is not hidden maintainer pressure or local
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# KFD-1 Implementation Notes
|
|
2
|
+
|
|
3
|
+
KFD-1 defines the fact-source rule: facts must not drift. This page is the
|
|
4
|
+
package implementation note for machine consumers and release systems. The
|
|
5
|
+
authoritative decision text remains `decisions/KFD-1.md`.
|
|
6
|
+
|
|
7
|
+
## Package Surfaces
|
|
8
|
+
|
|
9
|
+
The KFD package implements KFD-1 through a declared contract world:
|
|
10
|
+
|
|
11
|
+
- `standards.json#/standards/kfd-1/surfaceRegister` is the package-owned
|
|
12
|
+
surface register.
|
|
13
|
+
- `schemas/kfd-1/contract-world.schema.json` defines the contract-world schema.
|
|
14
|
+
- `schemas/kfd-1/witness.schema.json` defines the witness schema.
|
|
15
|
+
- `.buildchain/kfd-1/contract-world.witness.json` projects registered surfaces,
|
|
16
|
+
source hashes, artifact hashes, surface classes, and impact projections.
|
|
17
|
+
- `scripts/check.mjs` verifies the register, schema enums, witness hashes, and
|
|
18
|
+
surface projection.
|
|
19
|
+
|
|
20
|
+
## Compatibility Impact Core
|
|
21
|
+
|
|
22
|
+
KFD-1 uses four generic compatibility-impact classes:
|
|
23
|
+
|
|
24
|
+
- `breaking`
|
|
25
|
+
- `additive`
|
|
26
|
+
- `none`
|
|
27
|
+
- `unclassifiable`
|
|
28
|
+
|
|
29
|
+
Release versioning is only one projection of those classes. Other domains can
|
|
30
|
+
project the same core into config migration, ABI epochs, API namespaces,
|
|
31
|
+
runtime compatibility bridges, or workflow gates.
|
|
32
|
+
|
|
33
|
+
## Dogfood Role
|
|
34
|
+
|
|
35
|
+
This package uses KFD-1 on itself. New public package surfaces should be added
|
|
36
|
+
to `standards.json#/standards/kfd-1/surfaceRegister`, then projected into the
|
|
37
|
+
KFD-1 witness by `node scripts/update-kfd-1-witness.mjs`.
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
# KFD-2 Trust Assessment Metadata
|
|
2
|
+
|
|
3
|
+
KFD-2 says that trust must start from inspectable facts and responsibility
|
|
4
|
+
state. A product must not ask users or agents to trust load-bearing claims only
|
|
5
|
+
because they appear in prose, changelogs, repository history, generated UI, or
|
|
6
|
+
maintainer reputation.
|
|
7
|
+
|
|
8
|
+
This package defines KFD-owned machine interfaces for the generic trust model:
|
|
9
|
+
|
|
10
|
+
- `schemas/kfd-2/trust-taxonomy.schema.json`: the KFD-owned taxonomy for
|
|
11
|
+
residual-risk types, trust impact, machine provability, agent actions, and
|
|
12
|
+
downgrade reasons.
|
|
13
|
+
- `schemas/kfd-2/trust-claims.schema.json`: the generic claim input shape for
|
|
14
|
+
KFD-2 assessment. Claims may target KFD standards, contract worlds,
|
|
15
|
+
collaboration interfaces, observer perspectives, releases, config, APIs,
|
|
16
|
+
ABIs, runtime facts, documentation, or other product surfaces.
|
|
17
|
+
- `schemas/kfd-2/trust-assessment.schema.json`: the generic assessment output
|
|
18
|
+
shape that records result, checked facts, evidence, audit boundary,
|
|
19
|
+
responsibility, residual risk, and downgrade reasons.
|
|
20
|
+
- `schemas/kfd-2/release-claims.schema.json`: the product's declared public
|
|
21
|
+
release claims, as a release-specific projection.
|
|
22
|
+
- `schemas/kfd-2/release-trust-passport.schema.json`: the verifier's result
|
|
23
|
+
after auditing release claims against evidence.
|
|
24
|
+
|
|
25
|
+
The generic flow is:
|
|
26
|
+
|
|
27
|
+
```text
|
|
28
|
+
trust claims -> evidence audit -> trust assessment -> product or release gate
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
The intended Buildchain flow is:
|
|
32
|
+
|
|
33
|
+
```text
|
|
34
|
+
release claims -> evidence audit -> release trust passport -> release passport
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Release trust passports are one projection of KFD-2, not the whole KFD-2 model.
|
|
38
|
+
Each claim should declare the statement being made, the subject of the claim,
|
|
39
|
+
the facts it binds to, machine-readable evidence, the audit boundary, residual
|
|
40
|
+
risk, and responsibility state. A trust assessment or release trust passport
|
|
41
|
+
then records whether each claim is bound to evidence, which evidence was
|
|
42
|
+
checked, what the result was, and who owns the decision.
|
|
43
|
+
|
|
44
|
+
## Generic Trust Claims
|
|
45
|
+
|
|
46
|
+
The generic claim model exists so KFD-2 can assess KFD-1, KFD-3, KFD-4, and
|
|
47
|
+
future KFDs through one structure instead of inventing a new evaluator for each
|
|
48
|
+
standard.
|
|
49
|
+
|
|
50
|
+
A generic claim identifies:
|
|
51
|
+
|
|
52
|
+
- `subject`: what the claim is about, such as `contract-world`,
|
|
53
|
+
`collaboration-interface`, `observer-perspective`, `release`, `config`,
|
|
54
|
+
`api`, `abi`, `gui-surface`, or `runtime-fact`;
|
|
55
|
+
- `facts`: the inspectable fact sources the claim binds to;
|
|
56
|
+
- `evidence`: the files, schemas, witnesses, commands, artifacts, URLs, or
|
|
57
|
+
manual-review records used to evaluate the claim;
|
|
58
|
+
- `auditBoundary`: what the assessment covers and whether the surface is
|
|
59
|
+
closed-world, declared-open, sampled, or manual;
|
|
60
|
+
- `responsibility`: who owns source facts, verification, and the decision;
|
|
61
|
+
- `residualRisk`: KFD-2 taxonomy values for what remains unproved.
|
|
62
|
+
|
|
63
|
+
The KFD package dogfoods this through:
|
|
64
|
+
|
|
65
|
+
```text
|
|
66
|
+
.buildchain/kfd-2/kfd-foundation.trust-claims.json
|
|
67
|
+
.buildchain/kfd-2/kfd-foundation.trust-assessment.json
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
Those files assess KFD-1's contract-world claim, KFD-3's
|
|
71
|
+
collaboration-interface claim, and KFD-4's observer-perspective claim. KFD-3
|
|
72
|
+
currently receives a warning result because its machine-checkable interface
|
|
73
|
+
still carries natural-language semantic residual risk.
|
|
74
|
+
|
|
75
|
+
## Trust Taxonomy
|
|
76
|
+
|
|
77
|
+
KFD-2 owns the vocabulary for residual risks and trust downgrades. A product,
|
|
78
|
+
release tool, or agent must not invent new residual-risk values locally and
|
|
79
|
+
still claim KFD-2 conformance. Unknown values fail schema validation.
|
|
80
|
+
|
|
81
|
+
The current taxonomy is published in
|
|
82
|
+
`schemas/kfd-2/trust-taxonomy.schema.json`. It defines:
|
|
83
|
+
|
|
84
|
+
- `riskType`: what kind of trust gap remains;
|
|
85
|
+
- `trustImpact`: whether the gap is informational, downgraded, failing, or
|
|
86
|
+
unverifiable;
|
|
87
|
+
- `machineProvability`: whether the gap can be fully proved by machine;
|
|
88
|
+
- `agentAction`: what an agent should do next;
|
|
89
|
+
- `downgradeReason`: how a verifier maps residual risk into a release trust
|
|
90
|
+
result.
|
|
91
|
+
|
|
92
|
+
If an agent needs a KFD-2 value that is not present, the standard extension
|
|
93
|
+
path is to open an issue in the KFD repository:
|
|
94
|
+
|
|
95
|
+
```text
|
|
96
|
+
https://github.com/kungfu-systems/kfd/issues/new?title=KFD-2%20trust%20taxonomy%20extension%20request
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
The issue should state the missing value, the field it belongs to, the product
|
|
100
|
+
or release scenario that needs it, and why existing values cannot express the
|
|
101
|
+
case. Until KFD accepts the new value into the taxonomy schema, consumers
|
|
102
|
+
should treat the value as invalid rather than as a soft warning.
|
|
103
|
+
|
|
104
|
+
## Interface Versioning
|
|
105
|
+
|
|
106
|
+
KFD package semver is only the distribution version. It is not the version of a
|
|
107
|
+
KFD-owned machine interface.
|
|
108
|
+
|
|
109
|
+
Every KFD-owned machine interface uses:
|
|
110
|
+
|
|
111
|
+
- `schemaVersion`: the interface version consumed by tools.
|
|
112
|
+
- `contract`: the stable contract name, such as `kfd-2-release-claims`.
|
|
113
|
+
- `$id`: the canonical schema URL for the current stable interface.
|
|
114
|
+
|
|
115
|
+
Compatible additions may keep `schemaVersion: 1`. A change that alters required
|
|
116
|
+
fields, field semantics, verification meaning, audit boundary semantics, or
|
|
117
|
+
responsibility semantics must not silently reuse the same interface contract.
|
|
118
|
+
It must introduce a new interface version or, when the standard itself changes,
|
|
119
|
+
a new KFD decision or amendment path.
|
|
120
|
+
|
|
121
|
+
The same rule applies to KFD-1 and KFD-3 schemas. Their current schemas already
|
|
122
|
+
carry `schemaVersion: 1` and a `contract` value; this document makes the
|
|
123
|
+
evolution rule explicit across the KFD package.
|
|
@@ -32,6 +32,8 @@ A product collaboration interface should identify:
|
|
|
32
32
|
interface;
|
|
33
33
|
- participant-visible surfaces, such as CLI commands, JSON APIs, manuals,
|
|
34
34
|
skills, GUI routes, envelopes, packages, or protocols;
|
|
35
|
+
- value evidence that binds important participant-facing value claims to facts,
|
|
36
|
+
artifacts, checks, trust assessments, and residual-risk state;
|
|
35
37
|
- visible constraints, including what is restricted, why, and where review or
|
|
36
38
|
escalation happens;
|
|
37
39
|
- choice paths that let participants choose or decline safe cooperation modes;
|
|
@@ -44,6 +46,25 @@ closed-world proof reports reachable entrypoints, classified entrypoints, and
|
|
|
44
46
|
an empty `unclassifiedEntrypoints` list. This prevents a product from exposing
|
|
45
47
|
a participant-facing or callable backdoor API outside the declared interface.
|
|
46
48
|
|
|
49
|
+
## Value Evidence
|
|
50
|
+
|
|
51
|
+
KFD-3 does not treat value as a marketing claim. A collaboration interface
|
|
52
|
+
should state the value a participant is being asked to trust, then point to the
|
|
53
|
+
facts and evidence that make that value inspectable.
|
|
54
|
+
|
|
55
|
+
Each `valueEvidence` entry should identify:
|
|
56
|
+
|
|
57
|
+
- the value claim;
|
|
58
|
+
- the participants who depend on it;
|
|
59
|
+
- the fact artifacts that define the claim;
|
|
60
|
+
- the evidence artifacts or checks that show those facts are present;
|
|
61
|
+
- a KFD-2 trust assessment or residual-risk state when the claim cannot be
|
|
62
|
+
exhaustively proved by machine.
|
|
63
|
+
|
|
64
|
+
This is the engineering bridge between KFD-2 and KFD-3. KFD-2 explains how
|
|
65
|
+
trust is assessed from facts. KFD-3 explains how that assessed value is exposed
|
|
66
|
+
to participants before cooperation is requested.
|
|
67
|
+
|
|
47
68
|
## Product profile boundary
|
|
48
69
|
|
|
49
70
|
Concrete product profiles may add their own contracts, registry fields, command
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# KFD-4 Implementation Notes
|
|
2
|
+
|
|
3
|
+
KFD-4 defines the observer-perspective rule: timelines must declare their
|
|
4
|
+
observer. This page is the package implementation note for machine consumers
|
|
5
|
+
and products that show perspective-bearing timelines. The authoritative
|
|
6
|
+
decision text remains `decisions/KFD-4.md`.
|
|
7
|
+
|
|
8
|
+
## Package Surface
|
|
9
|
+
|
|
10
|
+
The KFD package implements KFD-4 through:
|
|
11
|
+
|
|
12
|
+
- `decisions/KFD-4.md`: the authoritative procedure text.
|
|
13
|
+
- `schemas/kfd-4/observer-perspective.schema.json`: the KFD-owned schema for
|
|
14
|
+
observer-relative timeline views.
|
|
15
|
+
- `standards.json#/standards/kfd-4`: metadata that exposes the schema ID, schema
|
|
16
|
+
path, interface contract, and concept names.
|
|
17
|
+
- `scripts/check.mjs`: verification that KFD-4 metadata and schema remain
|
|
18
|
+
wired into the package.
|
|
19
|
+
|
|
20
|
+
## When To Use The Gate
|
|
21
|
+
|
|
22
|
+
Use KFD-4 when a product surface represents time, history, replay, sync,
|
|
23
|
+
ordering, or mixed-source work state. A product that does not present a
|
|
24
|
+
perspective-bearing timeline does not need a KFD-4 gate.
|
|
25
|
+
|
|
26
|
+
## Trust Relation
|
|
27
|
+
|
|
28
|
+
KFD-4 claims can be assessed by KFD-2. The KFD package does this through
|
|
29
|
+
`.buildchain/kfd-2/kfd-foundation.trust-claims.json` and
|
|
30
|
+
`.buildchain/kfd-2/kfd-foundation.trust-assessment.json`, where KFD-4 is
|
|
31
|
+
assessed as an `observer-perspective` subject.
|
package/docs/MAP.md
CHANGED
|
@@ -6,24 +6,30 @@
|
|
|
6
6
|
| What is the KFD-1/2/3 foundation triad? | [`../README.md`](../README.md#foundation-triad) |
|
|
7
7
|
| What worldview structure does the foundation triad express? | [`../README.md`](../README.md#foundation-model) |
|
|
8
8
|
| What practice guidelines are derived from the foundation triad? | [`../README.md`](../README.md#practice-guidelines) |
|
|
9
|
-
| How should a product show timeline order from a declared perspective? | [KFD-4](../decisions/
|
|
9
|
+
| How should a product show timeline order from a declared perspective? | [KFD-4](../decisions/KFD-4.md) |
|
|
10
10
|
| What schema should products use for KFD-4 observer-relative timeline views? | [`../schemas/kfd-4/observer-perspective.schema.json`](../schemas/kfd-4/observer-perspective.schema.json) |
|
|
11
|
+
| What are the package implementation notes for KFD-1? | [`KFD-1-usage.md`](KFD-1-usage.md) |
|
|
12
|
+
| What are the package implementation notes for KFD-2? | [`KFD-2-usage.md`](KFD-2-usage.md) |
|
|
13
|
+
| What are the package implementation notes for KFD-3? | [`KFD-3-usage.md`](KFD-3-usage.md) |
|
|
14
|
+
| What are the package implementation notes for KFD-4? | [`KFD-4-usage.md`](KFD-4-usage.md) |
|
|
11
15
|
| How should an agent quickly understand this package? | [`../README.md`](../README.md#agent-quickstart) |
|
|
12
16
|
| What is the concrete self-proof case for KFD-1/2/3/4? | [`../README.md`](../README.md#product-proof-path) and the implementation case in each KFD |
|
|
13
17
|
| Where is the public KFD fact source? | [`../README.md`](../README.md#decision-metadata) and [`../site/kfd-site.json`](../site/kfd-site.json) decision metadata |
|
|
14
18
|
| What does Apache-2.0 cover, and what remains official/trademark-bound? | [`../TRADEMARKS.md`](../TRADEMARKS.md) |
|
|
15
19
|
| What should a site renderer consume to render `kfd.libkungfu.dev`? | [`../site/kfd-site.json`](../site/kfd-site.json) |
|
|
16
|
-
|
|
|
17
|
-
| What
|
|
18
|
-
| What
|
|
19
|
-
| What should
|
|
20
|
+
| How should a site map decision pages to usage subpages? | [`../site/kfd-site.json`](../site/kfd-site.json) — `decisionPages.usagePages` maps `/N` to `/N/usage` |
|
|
21
|
+
| What is the top-level product accountability principle? | [KFD-2](../decisions/KFD-2.md) |
|
|
22
|
+
| What stance should products take toward humans and agents as reasoning participants? | [KFD-3](../decisions/KFD-3.md) |
|
|
23
|
+
| What schema should products use for KFD-3 participant-facing collaboration interfaces? | [`KFD-3-usage.md`](KFD-3-usage.md) |
|
|
24
|
+
| What schema should a product or agent use for generic KFD-2 trust assessment? | [`KFD-2-usage.md`](KFD-2-usage.md#generic-trust-claims) |
|
|
25
|
+
| What should an agent do when a needed KFD-2 trust taxonomy value is missing? | [`KFD-2-usage.md`](KFD-2-usage.md#trust-taxonomy) — open a KFD GitHub issue |
|
|
20
26
|
| What does a specific decision say? | [`../decisions/`](../decisions) (index: [`../registry.json`](../registry.json)) |
|
|
21
27
|
| What machine metadata should Buildchain or another consumer import for KFD standard identity and schema IDs? | [`../standards.json`](../standards.json) |
|
|
22
28
|
| What schema validates the standards metadata surface? | [`../schemas/kfd-standards.schema.json`](../schemas/kfd-standards.schema.json) |
|
|
23
|
-
| What schema should release systems use for KFD-2 release claims and trust passports? | [`
|
|
29
|
+
| What schema should release systems use for KFD-2 release claims and trust passports? | [`KFD-2-usage.md`](KFD-2-usage.md) — release passports are a KFD-2 projection |
|
|
24
30
|
| How do I cite a decision? | [`../README.md`](../README.md) — cite by number, e.g. `KFD-1` |
|
|
25
31
|
| How do decisions change over time? | [`../CONTRIBUTING.md`](../CONTRIBUTING.md) — append-only; explicit supersession mints a new number |
|
|
26
|
-
| How is this package versioned and released? | [KFD-1](../decisions/
|
|
32
|
+
| How is this package versioned and released? | [KFD-1](../decisions/KFD-1.md) applied to itself; Buildchain governs releases |
|
|
27
33
|
| What release impact ledger should Buildchain consume for production passports? | [`../release-impact.json`](../release-impact.json) |
|
|
28
34
|
| What release provenance path must alpha promotion use? | [`release-governance.md`](release-governance.md) |
|
|
29
35
|
| How do I verify registry/document agreement? | `node scripts/check.mjs` |
|
package/kfd.release.json
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kungfu-tech/kfd",
|
|
3
|
-
"version": "1.0.0-alpha.
|
|
3
|
+
"version": "1.0.0-alpha.20",
|
|
4
4
|
"description": "Kung Fu Decisions (KFD): the kungfu-systems organization-wide decision registry, as a consumable artifact",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"files": [
|
|
@@ -35,6 +35,8 @@
|
|
|
35
35
|
"./scripts/*.mjs": "./scripts/*.mjs",
|
|
36
36
|
"./buildchain/kfd-1/contract-world.witness.json": "./.buildchain/kfd-1/contract-world.witness.json",
|
|
37
37
|
"./buildchain/kfd-2/public-release-trust.claim.json": "./.buildchain/kfd-2/public-release-trust.claim.json",
|
|
38
|
+
"./buildchain/kfd-2/kfd-foundation.trust-claims.json": "./.buildchain/kfd-2/kfd-foundation.trust-claims.json",
|
|
39
|
+
"./buildchain/kfd-2/kfd-foundation.trust-assessment.json": "./.buildchain/kfd-2/kfd-foundation.trust-assessment.json",
|
|
38
40
|
"./buildchain/kfd-3/collaboration-interface.json": "./.buildchain/kfd-3/collaboration-interface.json",
|
|
39
41
|
"./buildchain/kfd-3/collaboration-interface.prebuild.json": "./.buildchain/kfd-3/collaboration-interface.prebuild.json",
|
|
40
42
|
"./buildchain/kfd-3/collaboration-interface.artifact.json": "./.buildchain/kfd-3/collaboration-interface.artifact.json",
|
package/registry.json
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
"title": "Facts must not drift: contract worlds need one fact source",
|
|
10
10
|
"kind": "procedure",
|
|
11
11
|
"status": "active",
|
|
12
|
-
"path": "decisions/
|
|
12
|
+
"path": "decisions/KFD-1.md",
|
|
13
13
|
"url": "https://kfd.libkungfu.dev/1"
|
|
14
14
|
},
|
|
15
15
|
{
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"title": "Trust must start from facts: responsibility must be inspectable",
|
|
20
20
|
"kind": "principle",
|
|
21
21
|
"status": "active",
|
|
22
|
-
"path": "decisions/
|
|
22
|
+
"path": "decisions/KFD-2.md",
|
|
23
23
|
"url": "https://kfd.libkungfu.dev/2"
|
|
24
24
|
},
|
|
25
25
|
{
|
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
"title": "Cooperation must start from trusted value: compliance must not be coerced",
|
|
30
30
|
"kind": "principle",
|
|
31
31
|
"status": "active",
|
|
32
|
-
"path": "decisions/
|
|
32
|
+
"path": "decisions/KFD-3.md",
|
|
33
33
|
"url": "https://kfd.libkungfu.dev/3"
|
|
34
34
|
},
|
|
35
35
|
{
|
|
@@ -39,7 +39,7 @@
|
|
|
39
39
|
"title": "Timelines must declare their observer: useful views need a stated perspective",
|
|
40
40
|
"kind": "procedure",
|
|
41
41
|
"status": "active",
|
|
42
|
-
"path": "decisions/
|
|
42
|
+
"path": "decisions/KFD-4.md",
|
|
43
43
|
"url": "https://kfd.libkungfu.dev/4"
|
|
44
44
|
}
|
|
45
45
|
]
|
package/release-impact.json
CHANGED
|
@@ -8,8 +8,8 @@
|
|
|
8
8
|
},
|
|
9
9
|
"versionImpact": {
|
|
10
10
|
"final": "minor",
|
|
11
|
-
"source": "kfd-
|
|
12
|
-
"rationale": "This change additively
|
|
11
|
+
"source": "kfd-site-decision-usage-pages",
|
|
12
|
+
"rationale": "This change additively exposes decision usage subpage mapping in the KFD site bundle, while preserving existing registry, package, and schemaVersion 1 compatibility."
|
|
13
13
|
},
|
|
14
14
|
"surfaceImpacts": [
|
|
15
15
|
{
|
|
@@ -28,13 +28,13 @@
|
|
|
28
28
|
"id": "kfd-standards-metadata",
|
|
29
29
|
"impact": "minor",
|
|
30
30
|
"class": "additive",
|
|
31
|
-
"rationale": "standards.json and schemas/ add the KFD-2 trust-taxonomy
|
|
31
|
+
"rationale": "standards.json and schemas/ add the KFD-2 trust-taxonomy, trust-claims, trust-assessment, release-claims, and release-trust-passport schema IDs, explicit KFD-1/2/3/4 interface versions, KFD-4 observer-perspective schema metadata, KFD document SHA-256 bindings, KFD-owned concept names, KFD-3 fact-source interface metadata, and official-status interface metadata for downstream consumers."
|
|
32
32
|
},
|
|
33
33
|
{
|
|
34
34
|
"id": "kfd-package-structure",
|
|
35
35
|
"impact": "minor",
|
|
36
36
|
"class": "additive",
|
|
37
|
-
"rationale": "The npm package now publishes the KFD-2 trust taxonomy,
|
|
37
|
+
"rationale": "The npm package now publishes the KFD-2 trust taxonomy, generic trust claims, generic trust assessment, release trust schemas, KFD usage documentation, KFD-3 self collaboration-interface witnesses, KFD-4 observer-perspective schema, TRADEMARKS.md, public fact-source metadata, agent quickstart/self-proof documentation, Buildchain contract lock metadata, and repository verification scripts through existing schemas/, docs/, standards.json, site/, scripts/, .buildchain/, and subpath exports while preserving README.md, decisions/, registry.json, and site/ as stable directories."
|
|
38
38
|
},
|
|
39
39
|
{
|
|
40
40
|
"id": "kfd-buildchain-contract-lock",
|
|
@@ -48,18 +48,42 @@
|
|
|
48
48
|
"class": "additive",
|
|
49
49
|
"rationale": "site/kfd-site.json now exposes generated README-backed homepage.sections and homepage.displayPlan fields, including the adoption-boundary and practice-guidelines homepage sections, and scripts/check.mjs verifies the checked-in bundle matches the README projection so downstream sites can render KFD-owned homepage content without maintaining their own README parser or drifting copy."
|
|
50
50
|
},
|
|
51
|
+
{
|
|
52
|
+
"id": "kfd-site-decision-usage-pages",
|
|
53
|
+
"impact": "minor",
|
|
54
|
+
"class": "additive",
|
|
55
|
+
"rationale": "site/kfd-site.json now exposes decisionPages.usagePages, mapping each authoritative KFD decision page to its docs/KFD-N-usage.md child page and stable /N/usage route."
|
|
56
|
+
},
|
|
51
57
|
{
|
|
52
58
|
"id": "kfd-3-self-collaboration",
|
|
53
59
|
"impact": "minor",
|
|
54
60
|
"class": "release-passport",
|
|
55
61
|
"rationale": "KFD now declares its own participant-facing collaboration interface and ships pre-build plus artifact-side KFD-3 witnesses so Buildchain can audit interface closure in the release passport."
|
|
56
62
|
},
|
|
63
|
+
{
|
|
64
|
+
"id": "kfd-3-trusted-value-evidence",
|
|
65
|
+
"impact": "minor",
|
|
66
|
+
"class": "additive",
|
|
67
|
+
"rationale": "KFD-3 collaboration interfaces now declare explicit valueEvidence that binds participant-facing value claims to fact artifacts, evidence artifacts, KFD-2 trust assessments, and residual-risk state."
|
|
68
|
+
},
|
|
57
69
|
{
|
|
58
70
|
"id": "kfd-2-public-release-trust-claim",
|
|
59
71
|
"impact": "minor",
|
|
60
72
|
"class": "release-passport",
|
|
61
73
|
"rationale": "KFD now ships an explicit machine-bound public KFD-2 release trust claim and passes it into Buildchain release passport generation."
|
|
62
74
|
},
|
|
75
|
+
{
|
|
76
|
+
"id": "kfd-2-generic-trust-assessment-core",
|
|
77
|
+
"impact": "minor",
|
|
78
|
+
"class": "additive",
|
|
79
|
+
"rationale": "KFD-2 now publishes generic trust-claims and trust-assessment schemas and dogfoods them through KFD-owned assessment files that evaluate KFD-1 contract-world, KFD-3 collaboration-interface, and KFD-4 observer-perspective claims."
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
"id": "kfd-numbered-paths",
|
|
83
|
+
"impact": "minor",
|
|
84
|
+
"class": "compatible",
|
|
85
|
+
"rationale": "Decision documents now use stable numbered paths under decisions/KFD-N.md, while usage documentation uses docs/KFD-N-usage.md to distinguish authoritative decision text from consumer implementation notes."
|
|
86
|
+
},
|
|
63
87
|
{
|
|
64
88
|
"id": "kfd-release-anchor",
|
|
65
89
|
"impact": "minor",
|
|
@@ -71,7 +95,19 @@
|
|
|
71
95
|
"impact": "patch",
|
|
72
96
|
"class": "compatible",
|
|
73
97
|
"rationale": "The KFD to site-libkungfu-dev propagation graph now targets the downstream site's actual main branch and documents the exact KFD package surfaces consumed by kfd.libkungfu.dev, without changing the release propagation graph contract."
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
"id": "kfd-1-compatibility-impact-core",
|
|
101
|
+
"impact": "minor",
|
|
102
|
+
"class": "additive",
|
|
103
|
+
"rationale": "KFD-1 now defines breaking, additive, none, and unclassifiable as the generic compatibility-impact core, with release versioning as one projection rather than the only interpretation."
|
|
104
|
+
},
|
|
105
|
+
{
|
|
106
|
+
"id": "kfd-1-surface-register",
|
|
107
|
+
"impact": "minor",
|
|
108
|
+
"class": "additive",
|
|
109
|
+
"rationale": "standards.json now publishes the KFD package surface register as the KFD-1 fact source, and the KFD-1 witness projects each registered surface class and impact projection from that fact source."
|
|
74
110
|
}
|
|
75
111
|
],
|
|
76
|
-
"summary": "KFD v1.0 production promotion is minor-impact because it additively exposes
|
|
112
|
+
"summary": "KFD v1.0 production promotion is minor-impact because it additively exposes decision usage subpage mapping in the site bundle, preserves existing package and schemaVersion 1 compatibility, and separates authoritative decision paths from numbered usage documentation."
|
|
77
113
|
}
|