@kungfu-tech/kfd 1.0.0-alpha.19 → 1.0.0-alpha.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.buildchain/kfd-1/contract-world.witness.json +579 -91
- package/.buildchain/kfd-2/kfd-foundation.trust-assessment.json +238 -0
- package/.buildchain/kfd-2/kfd-foundation.trust-claims.json +225 -0
- package/.buildchain/kfd-2/public-release-trust.claim.json +30 -18
- package/.buildchain/kfd-3/collaboration-interface.artifact.json +242 -57
- package/.buildchain/kfd-3/collaboration-interface.json +99 -1
- package/.buildchain/kfd-3/collaboration-interface.prebuild.json +261 -32
- package/README.md +18 -13
- package/buildchain.contract-lock.json +5 -5
- package/decisions/{kfd-1.md → KFD-1.md} +40 -12
- package/decisions/{kfd-2.md → KFD-2.md} +37 -4
- package/decisions/{kfd-3.md → KFD-3.md} +17 -1
- package/docs/KFD-1-usage.md +37 -0
- package/docs/KFD-2-usage.md +123 -0
- package/docs/{kfd-3-collaboration-interface.md → KFD-3-usage.md} +21 -0
- package/docs/KFD-4-usage.md +31 -0
- package/docs/MAP.md +13 -7
- package/kfd.release.json +1 -1
- package/package.json +3 -1
- package/registry.json +4 -4
- package/release-impact.json +41 -5
- package/schemas/kfd-1/contract-world.schema.json +67 -4
- package/schemas/kfd-1/witness.schema.json +113 -0
- package/schemas/kfd-2/trust-assessment.schema.json +313 -0
- package/schemas/kfd-2/trust-claims.schema.json +334 -0
- package/schemas/kfd-3/collaboration-interface.schema.json +60 -0
- package/schemas/kfd-3/witness.schema.json +8 -0
- package/schemas/kfd-standards.schema.json +124 -0
- package/scripts/check.mjs +256 -12
- package/scripts/update-kfd-1-witness.mjs +17 -6
- package/scripts/update-kfd-2-claim.mjs +226 -5
- package/scripts/update-kfd-3-witness.mjs +35 -3
- package/scripts/update-site-bundle.mjs +32 -2
- package/site/kfd-site.json +67 -4
- package/standards.json +634 -11
- package/docs/kfd-2-release-trust.md +0 -78
- /package/decisions/{kfd-4.md → KFD-4.md} +0 -0
|
@@ -2,15 +2,61 @@ import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
|
|
|
2
2
|
import crypto from "node:crypto";
|
|
3
3
|
import path from "node:path";
|
|
4
4
|
|
|
5
|
-
const
|
|
5
|
+
const releaseClaimPath = ".buildchain/kfd-2/public-release-trust.claim.json";
|
|
6
|
+
const trustClaimsPath = ".buildchain/kfd-2/kfd-foundation.trust-claims.json";
|
|
7
|
+
const trustAssessmentPath = ".buildchain/kfd-2/kfd-foundation.trust-assessment.json";
|
|
6
8
|
|
|
7
9
|
const readJson = (filePath) => JSON.parse(readFileSync(filePath, "utf8"));
|
|
8
10
|
const sha256File = (filePath) => crypto.createHash("sha256").update(readFileSync(filePath)).digest("hex");
|
|
11
|
+
const digestFile = (filePath) => `sha256:${sha256File(filePath)}`;
|
|
9
12
|
const pointer = (filePath, extra = {}) => ({
|
|
10
13
|
path: filePath,
|
|
11
14
|
sha256: sha256File(filePath),
|
|
12
15
|
...extra,
|
|
13
16
|
});
|
|
17
|
+
const artifactPointer = (kind, filePath, extra = {}) => ({
|
|
18
|
+
kind,
|
|
19
|
+
path: filePath,
|
|
20
|
+
sha256: sha256File(filePath),
|
|
21
|
+
...extra,
|
|
22
|
+
});
|
|
23
|
+
const evidence = (type, filePath, description, extra = {}) => ({
|
|
24
|
+
type,
|
|
25
|
+
pointer: artifactPointer(type === "schema" ? "schema" : type === "witness" ? "witness" : "file", filePath),
|
|
26
|
+
machineProvability: "machine-verifiable",
|
|
27
|
+
description,
|
|
28
|
+
...extra,
|
|
29
|
+
});
|
|
30
|
+
const evidenceResult = (type, filePath, description, extra = {}) => ({
|
|
31
|
+
type,
|
|
32
|
+
result: "pass",
|
|
33
|
+
machineProvability: "machine-verifiable",
|
|
34
|
+
path: filePath,
|
|
35
|
+
digest: digestFile(filePath),
|
|
36
|
+
description,
|
|
37
|
+
...extra,
|
|
38
|
+
});
|
|
39
|
+
const responsibility = {
|
|
40
|
+
owner: "KFD maintainers",
|
|
41
|
+
sourceOwner: "KFD maintainers",
|
|
42
|
+
verificationOwner: "KFD package self-verification",
|
|
43
|
+
decisionOwner: "KFD maintainers",
|
|
44
|
+
};
|
|
45
|
+
const naturalLanguageResidualRisk = {
|
|
46
|
+
id: "human-language-interpretation",
|
|
47
|
+
definedBy: "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk",
|
|
48
|
+
riskType: "natural-language-semantic-risk",
|
|
49
|
+
trustImpact: "downgrade-warning",
|
|
50
|
+
machineProvability: "not-exhaustively-enumerable",
|
|
51
|
+
agentAction: "semantic-review-required",
|
|
52
|
+
reason: "Natural-language standard interpretation is inspectable and reviewable but cannot be exhaustively proved from package bytes.",
|
|
53
|
+
owner: "KFD maintainers",
|
|
54
|
+
};
|
|
55
|
+
const writeJson = (filePath, value) => {
|
|
56
|
+
mkdirSync(path.dirname(filePath), { recursive: true });
|
|
57
|
+
writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\n`);
|
|
58
|
+
console.log(`updated ${filePath}`);
|
|
59
|
+
};
|
|
14
60
|
|
|
15
61
|
const packageJson = readJson("package.json");
|
|
16
62
|
const releaseAnchor = readJson("kfd.release.json");
|
|
@@ -30,6 +76,8 @@ const machineEvidence = [
|
|
|
30
76
|
pointer(".github/workflows/build.yml", { id: "buildchain-build-workflow" }),
|
|
31
77
|
pointer(".github/workflows/buildchain-ref-promotion.yml", { id: "buildchain-promotion-workflow" }),
|
|
32
78
|
pointer("schemas/kfd-2/trust-taxonomy.schema.json", { id: "kfd-2-trust-taxonomy-schema" }),
|
|
79
|
+
pointer("schemas/kfd-2/trust-claims.schema.json", { id: "kfd-2-trust-claims-schema" }),
|
|
80
|
+
pointer("schemas/kfd-2/trust-assessment.schema.json", { id: "kfd-2-trust-assessment-schema" }),
|
|
33
81
|
pointer("schemas/kfd-2/release-claims.schema.json", { id: "kfd-2-release-claims-schema" }),
|
|
34
82
|
pointer("schemas/kfd-2/release-trust-passport.schema.json", { id: "kfd-2-release-trust-passport-schema" }),
|
|
35
83
|
];
|
|
@@ -38,7 +86,7 @@ const hashes = Object.fromEntries(
|
|
|
38
86
|
[...sourceBindings, ...machineEvidence].map((entry) => [entry.id, entry.sha256]),
|
|
39
87
|
);
|
|
40
88
|
|
|
41
|
-
const
|
|
89
|
+
const releaseClaim = {
|
|
42
90
|
id: "kfd-public-release-trust",
|
|
43
91
|
public: true,
|
|
44
92
|
claim:
|
|
@@ -78,6 +126,179 @@ const claim = {
|
|
|
78
126
|
residualRisk: [],
|
|
79
127
|
};
|
|
80
128
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
129
|
+
writeJson(releaseClaimPath, releaseClaim);
|
|
130
|
+
|
|
131
|
+
const trustClaims = {
|
|
132
|
+
schemaVersion: 1,
|
|
133
|
+
contract: "kfd-2-trust-claims",
|
|
134
|
+
standard: "kfd-2",
|
|
135
|
+
projection: {
|
|
136
|
+
kind: "generic",
|
|
137
|
+
description: "KFD self-dogfood claims for assessing KFD-1, KFD-3, and KFD-4 from the generic KFD-2 trust model.",
|
|
138
|
+
},
|
|
139
|
+
claims: [
|
|
140
|
+
{
|
|
141
|
+
id: "kfd-1-contract-world-trust",
|
|
142
|
+
statement:
|
|
143
|
+
"KFD-1 is trustable as the KFD package contract-world rule because its surface register, schema, witness, and verification command are inspectable from committed package facts.",
|
|
144
|
+
subject: {
|
|
145
|
+
kind: "contract-world",
|
|
146
|
+
id: "kfd-1-surface-register",
|
|
147
|
+
standard: "kfd-1",
|
|
148
|
+
description: "KFD-1 non-drifting fact-source and compatibility-impact surface register.",
|
|
149
|
+
},
|
|
150
|
+
facts: [
|
|
151
|
+
artifactPointer("file", "standards.json"),
|
|
152
|
+
artifactPointer("schema", "schemas/kfd-1/contract-world.schema.json"),
|
|
153
|
+
],
|
|
154
|
+
evidence: [
|
|
155
|
+
evidence("schema", "schemas/kfd-1/contract-world.schema.json", "KFD-1 contract-world schema is published as a package surface."),
|
|
156
|
+
evidence("file", "scripts/check.mjs", "The package check gate validates the KFD-1 schema, surface register, witness, and hashes."),
|
|
157
|
+
],
|
|
158
|
+
verification: {
|
|
159
|
+
command: "node scripts/check.mjs",
|
|
160
|
+
expectedResult: "pass",
|
|
161
|
+
},
|
|
162
|
+
auditBoundary: {
|
|
163
|
+
scope: "KFD package KFD-1 surface-register, schema, witness, and self-verification gate",
|
|
164
|
+
enumerability: "closed-world",
|
|
165
|
+
},
|
|
166
|
+
residualRisk: [],
|
|
167
|
+
responsibility,
|
|
168
|
+
status: "enforced",
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
id: "kfd-3-collaboration-interface-trust",
|
|
172
|
+
statement:
|
|
173
|
+
"KFD-3 is trustable as a participant-facing collaboration interface because KFD publishes the declared interface, explicit value evidence, prebuild witness, artifact witness, extension path, and closure check.",
|
|
174
|
+
subject: {
|
|
175
|
+
kind: "collaboration-interface",
|
|
176
|
+
id: "kfd-3-collaboration-interface",
|
|
177
|
+
standard: "kfd-3",
|
|
178
|
+
description: "KFD package collaboration interface for humans, agents, maintainers, package consumers, site consumers, and release systems.",
|
|
179
|
+
},
|
|
180
|
+
facts: [
|
|
181
|
+
artifactPointer("file", ".buildchain/kfd-3/collaboration-interface.json"),
|
|
182
|
+
],
|
|
183
|
+
evidence: [
|
|
184
|
+
evidence("schema", "schemas/kfd-3/collaboration-interface.schema.json", "KFD-3 collaboration interface schema is published."),
|
|
185
|
+
evidence("file", ".buildchain/kfd-3/collaboration-interface.json", "KFD-3 source collaboration interface declares reachable participant-facing surfaces and value evidence."),
|
|
186
|
+
evidence("file", "scripts/check.mjs", "The package check gate validates KFD-3 interface closure and witness parity."),
|
|
187
|
+
],
|
|
188
|
+
verification: {
|
|
189
|
+
command: "node scripts/check.mjs",
|
|
190
|
+
expectedResult: "warning",
|
|
191
|
+
},
|
|
192
|
+
auditBoundary: {
|
|
193
|
+
scope: "KFD participant-facing collaboration surfaces, extension paths, and shipped witness files",
|
|
194
|
+
enumerability: "closed-world",
|
|
195
|
+
},
|
|
196
|
+
residualRisk: [naturalLanguageResidualRisk],
|
|
197
|
+
responsibility,
|
|
198
|
+
status: "enforced",
|
|
199
|
+
},
|
|
200
|
+
{
|
|
201
|
+
id: "kfd-4-observer-perspective-trust",
|
|
202
|
+
statement:
|
|
203
|
+
"KFD-4 is trustable as an observer-perspective interface because KFD publishes the schema, standards metadata, decision text, and verification gate for observer-relative timeline views.",
|
|
204
|
+
subject: {
|
|
205
|
+
kind: "observer-perspective",
|
|
206
|
+
id: "kfd-4-observer-perspective",
|
|
207
|
+
standard: "kfd-4",
|
|
208
|
+
description: "KFD-4 observer-perspective schema for perspective-bearing timeline views.",
|
|
209
|
+
},
|
|
210
|
+
facts: [
|
|
211
|
+
artifactPointer("file", "decisions/KFD-4.md"),
|
|
212
|
+
artifactPointer("file", "standards.json"),
|
|
213
|
+
artifactPointer("schema", "schemas/kfd-4/observer-perspective.schema.json"),
|
|
214
|
+
],
|
|
215
|
+
evidence: [
|
|
216
|
+
evidence("schema", "schemas/kfd-4/observer-perspective.schema.json", "KFD-4 observer-perspective schema is published."),
|
|
217
|
+
evidence("file", "standards.json", "Standards metadata exposes the KFD-4 schema ID, path, interface version, and concept names."),
|
|
218
|
+
evidence("file", "scripts/check.mjs", "The package check gate validates the KFD-4 schema and standards metadata."),
|
|
219
|
+
],
|
|
220
|
+
verification: {
|
|
221
|
+
command: "node scripts/check.mjs",
|
|
222
|
+
expectedResult: "pass",
|
|
223
|
+
},
|
|
224
|
+
auditBoundary: {
|
|
225
|
+
scope: "KFD-4 decision text, observer-perspective schema, standards metadata, and self-verification gate",
|
|
226
|
+
enumerability: "closed-world",
|
|
227
|
+
},
|
|
228
|
+
residualRisk: [],
|
|
229
|
+
responsibility,
|
|
230
|
+
status: "enforced",
|
|
231
|
+
},
|
|
232
|
+
],
|
|
233
|
+
schemaEvolution: {
|
|
234
|
+
compatibilityRule:
|
|
235
|
+
"Compatible additions may keep schemaVersion 1; semantic, required-field, verification-meaning, or responsibility-boundary changes require a new interface version or contract.",
|
|
236
|
+
},
|
|
237
|
+
};
|
|
238
|
+
writeJson(trustClaimsPath, trustClaims);
|
|
239
|
+
|
|
240
|
+
const trustClaimsDigest = digestFile(trustClaimsPath);
|
|
241
|
+
const assessment = {
|
|
242
|
+
schemaVersion: 1,
|
|
243
|
+
contract: "kfd-2-trust-assessment",
|
|
244
|
+
standard: "kfd-2",
|
|
245
|
+
assessedClaims: {
|
|
246
|
+
schemaId: "https://kfd.libkungfu.dev/schemas/kfd-2/trust-claims.schema.json",
|
|
247
|
+
path: trustClaimsPath,
|
|
248
|
+
digest: trustClaimsDigest,
|
|
249
|
+
},
|
|
250
|
+
result: "warning",
|
|
251
|
+
projection: {
|
|
252
|
+
kind: "generic",
|
|
253
|
+
description: "Generic KFD-2 assessment of KFD-owned foundation and practice guideline claims.",
|
|
254
|
+
},
|
|
255
|
+
assessments: [
|
|
256
|
+
{
|
|
257
|
+
id: "assess-kfd-1-contract-world-trust",
|
|
258
|
+
claimId: "kfd-1-contract-world-trust",
|
|
259
|
+
subject: trustClaims.claims[0].subject,
|
|
260
|
+
result: "pass",
|
|
261
|
+
facts: trustClaims.claims[0].facts.map((entry) => evidenceResult(entry.kind, entry.path, `Fact ${entry.path} is present and hashable.`)),
|
|
262
|
+
evidence: trustClaims.claims[0].evidence.map((entry) => evidenceResult(entry.type, entry.pointer.path, entry.description)),
|
|
263
|
+
auditBoundary: trustClaims.claims[0].auditBoundary,
|
|
264
|
+
responsibility,
|
|
265
|
+
residualRisk: [],
|
|
266
|
+
},
|
|
267
|
+
{
|
|
268
|
+
id: "assess-kfd-3-collaboration-interface-trust",
|
|
269
|
+
claimId: "kfd-3-collaboration-interface-trust",
|
|
270
|
+
subject: trustClaims.claims[1].subject,
|
|
271
|
+
result: "warning",
|
|
272
|
+
facts: trustClaims.claims[1].facts.map((entry) => evidenceResult(entry.kind, entry.path, `Fact ${entry.path} is present and hashable.`)),
|
|
273
|
+
evidence: trustClaims.claims[1].evidence.map((entry) => evidenceResult(entry.type, entry.pointer.path, entry.description)),
|
|
274
|
+
auditBoundary: trustClaims.claims[1].auditBoundary,
|
|
275
|
+
responsibility,
|
|
276
|
+
residualRisk: [naturalLanguageResidualRisk],
|
|
277
|
+
},
|
|
278
|
+
{
|
|
279
|
+
id: "assess-kfd-4-observer-perspective-trust",
|
|
280
|
+
claimId: "kfd-4-observer-perspective-trust",
|
|
281
|
+
subject: trustClaims.claims[2].subject,
|
|
282
|
+
result: "pass",
|
|
283
|
+
facts: trustClaims.claims[2].facts.map((entry) => evidenceResult(entry.kind, entry.path, `Fact ${entry.path} is present and hashable.`)),
|
|
284
|
+
evidence: trustClaims.claims[2].evidence.map((entry) => evidenceResult(entry.type, entry.pointer.path, entry.description)),
|
|
285
|
+
auditBoundary: trustClaims.claims[2].auditBoundary,
|
|
286
|
+
responsibility,
|
|
287
|
+
residualRisk: [],
|
|
288
|
+
},
|
|
289
|
+
],
|
|
290
|
+
unboundClaims: [],
|
|
291
|
+
downgradeReasons: [
|
|
292
|
+
{
|
|
293
|
+
id: "kfd-3-natural-language-semantics",
|
|
294
|
+
riskType: "natural-language-semantic-risk",
|
|
295
|
+
trustImpact: "downgrade-warning",
|
|
296
|
+
reason: "KFD-3 exposes machine-checkable collaboration surfaces and value evidence, but the human-language meaning of trusted value and non-coercive cooperation remains a reviewable semantic responsibility.",
|
|
297
|
+
agentAction: "semantic-review-required",
|
|
298
|
+
source: "kfd-3-collaboration-interface-trust",
|
|
299
|
+
},
|
|
300
|
+
],
|
|
301
|
+
responsibility,
|
|
302
|
+
schemaEvolution: trustClaims.schemaEvolution,
|
|
303
|
+
};
|
|
304
|
+
writeJson(trustAssessmentPath, assessment);
|
|
@@ -37,6 +37,8 @@ const schemaSurfaces = [
|
|
|
37
37
|
"schemas/kfd-1/contract-world.schema.json",
|
|
38
38
|
"schemas/kfd-1/witness.schema.json",
|
|
39
39
|
"schemas/kfd-2/trust-taxonomy.schema.json",
|
|
40
|
+
"schemas/kfd-2/trust-claims.schema.json",
|
|
41
|
+
"schemas/kfd-2/trust-assessment.schema.json",
|
|
40
42
|
"schemas/kfd-2/release-claims.schema.json",
|
|
41
43
|
"schemas/kfd-2/release-trust-passport.schema.json",
|
|
42
44
|
"schemas/kfd-3/collaboration-interface.schema.json",
|
|
@@ -53,8 +55,10 @@ const groupedSurfaces = {
|
|
|
53
55
|
{ id: "doc:readme", sourcePath: "README.md", sha256: sha256File("README.md") },
|
|
54
56
|
{ id: "doc:trademarks", sourcePath: "TRADEMARKS.md", sha256: sha256File("TRADEMARKS.md") },
|
|
55
57
|
{ id: "doc:docs-map", sourcePath: "docs/MAP.md", sha256: sha256File("docs/MAP.md") },
|
|
56
|
-
{ id: "doc:kfd-
|
|
57
|
-
{ id: "doc:kfd-
|
|
58
|
+
{ id: "doc:kfd-1-usage", sourcePath: "docs/KFD-1-usage.md", sha256: sha256File("docs/KFD-1-usage.md") },
|
|
59
|
+
{ id: "doc:kfd-2-usage", sourcePath: "docs/KFD-2-usage.md", sha256: sha256File("docs/KFD-2-usage.md") },
|
|
60
|
+
{ id: "doc:kfd-3-usage", sourcePath: "docs/KFD-3-usage.md", sha256: sha256File("docs/KFD-3-usage.md") },
|
|
61
|
+
{ id: "doc:kfd-4-usage", sourcePath: "docs/KFD-4-usage.md", sha256: sha256File("docs/KFD-4-usage.md") },
|
|
58
62
|
...decisionDocs,
|
|
59
63
|
],
|
|
60
64
|
schemas: schemaSurfaces,
|
|
@@ -65,6 +69,8 @@ const groupedSurfaces = {
|
|
|
65
69
|
{ id: "metadata:release-anchor", sourcePath: "kfd.release.json", sha256: sha256File("kfd.release.json") },
|
|
66
70
|
{ id: "metadata:buildchain-contract-lock", sourcePath: "buildchain.contract-lock.json", sha256: sha256File("buildchain.contract-lock.json") },
|
|
67
71
|
{ id: "metadata:kfd-2-public-release-trust-claim", sourcePath: ".buildchain/kfd-2/public-release-trust.claim.json", sha256: sha256File(".buildchain/kfd-2/public-release-trust.claim.json") },
|
|
72
|
+
{ id: "metadata:kfd-2-foundation-trust-claims", sourcePath: ".buildchain/kfd-2/kfd-foundation.trust-claims.json", sha256: sha256File(".buildchain/kfd-2/kfd-foundation.trust-claims.json") },
|
|
73
|
+
{ id: "metadata:kfd-2-foundation-trust-assessment", sourcePath: ".buildchain/kfd-2/kfd-foundation.trust-assessment.json", sha256: sha256File(".buildchain/kfd-2/kfd-foundation.trust-assessment.json") },
|
|
68
74
|
],
|
|
69
75
|
packageExports: [
|
|
70
76
|
{ id: "export:package-json", sourcePath: "package.json#exports", sha256: sha256File("package.json") },
|
|
@@ -105,6 +111,24 @@ for (const entrypoint of collaborationInterface.minimalEntrypoints) {
|
|
|
105
111
|
declaredSurfaceIds.add(entrypoint.id);
|
|
106
112
|
}
|
|
107
113
|
|
|
114
|
+
const valueEvidencePointers = (() => {
|
|
115
|
+
const entriesByPath = new Map();
|
|
116
|
+
for (const valueClaim of collaborationInterface.valueEvidence ?? []) {
|
|
117
|
+
for (const entry of [
|
|
118
|
+
...(valueClaim.facts ?? []),
|
|
119
|
+
...(valueClaim.evidence ?? []),
|
|
120
|
+
...(valueClaim.trustAssessment ? [valueClaim.trustAssessment] : []),
|
|
121
|
+
]) {
|
|
122
|
+
if (!entry?.path || entriesByPath.has(entry.path)) continue;
|
|
123
|
+
entriesByPath.set(
|
|
124
|
+
entry.path,
|
|
125
|
+
pointer(entry.path, `KFD-3 value evidence for ${valueClaim.id}: ${valueClaim.claim}`)
|
|
126
|
+
);
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
return [...entriesByPath.values()];
|
|
130
|
+
})();
|
|
131
|
+
|
|
108
132
|
const participantProfiles = collaborationInterface.participants.map((entry) => entry.id);
|
|
109
133
|
const responsibility = {
|
|
110
134
|
registryFactsOwner: "KFD maintainers",
|
|
@@ -187,9 +211,12 @@ const artifact = {
|
|
|
187
211
|
pointer("registry.json", "Machine-readable decision index"),
|
|
188
212
|
pointer("standards.json", "Machine-readable standards metadata"),
|
|
189
213
|
pointer(".buildchain/kfd-2/public-release-trust.claim.json", "KFD-2 public release trust claim"),
|
|
214
|
+
pointer(".buildchain/kfd-2/kfd-foundation.trust-claims.json", "KFD-2 generic trust claims for KFD self-dogfood"),
|
|
215
|
+
pointer(".buildchain/kfd-2/kfd-foundation.trust-assessment.json", "KFD-2 generic trust assessment for KFD self-dogfood"),
|
|
190
216
|
pointer("package.json", "Package export map"),
|
|
191
217
|
pointer("site/kfd-site.json", "Site content projection"),
|
|
192
218
|
],
|
|
219
|
+
valueEvidence: valueEvidencePointers,
|
|
193
220
|
transparentConstraints: [
|
|
194
221
|
pointer("CONTRIBUTING.md", "Append-only decision and contribution constraints"),
|
|
195
222
|
pointer("TRADEMARKS.md", "Trademark and official-status constraints"),
|
|
@@ -201,12 +228,17 @@ const artifact = {
|
|
|
201
228
|
pointer("registry.json", "Agent registry path"),
|
|
202
229
|
pointer("standards.json", "Agent standards metadata path"),
|
|
203
230
|
pointer(".buildchain/kfd-2/public-release-trust.claim.json", "Agent release trust claim path"),
|
|
231
|
+
pointer(".buildchain/kfd-2/kfd-foundation.trust-claims.json", "Agent generic trust claims path"),
|
|
232
|
+
pointer(".buildchain/kfd-2/kfd-foundation.trust-assessment.json", "Agent generic trust assessment path"),
|
|
204
233
|
pointer("package.json", "Package consumption path"),
|
|
205
234
|
],
|
|
206
235
|
manuals: [
|
|
207
236
|
pointer("docs/MAP.md"),
|
|
208
237
|
pointer("TRADEMARKS.md"),
|
|
209
|
-
pointer("docs/
|
|
238
|
+
pointer("docs/KFD-1-usage.md"),
|
|
239
|
+
pointer("docs/KFD-2-usage.md"),
|
|
240
|
+
pointer("docs/KFD-3-usage.md"),
|
|
241
|
+
pointer("docs/KFD-4-usage.md"),
|
|
210
242
|
],
|
|
211
243
|
},
|
|
212
244
|
closure: {
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { readFileSync, writeFileSync } from "node:fs";
|
|
1
|
+
import { existsSync, readFileSync, writeFileSync } from "node:fs";
|
|
2
2
|
import { pathToFileURL } from "node:url";
|
|
3
3
|
|
|
4
4
|
const README_PATH = "README.md";
|
|
@@ -105,6 +105,26 @@ const parseProductProofPath = (markdown) => ({
|
|
|
105
105
|
body: paragraphBlocks(markdown)[0] || "",
|
|
106
106
|
});
|
|
107
107
|
|
|
108
|
+
const usagePathForEntry = (entry) => `docs/KFD-${entry.number}-usage.md`;
|
|
109
|
+
const usageUrlForEntry = (entry) => `${entry.url}/usage`;
|
|
110
|
+
|
|
111
|
+
const buildUsagePages = (entries) => entries.map((entry) => {
|
|
112
|
+
const usagePath = usagePathForEntry(entry);
|
|
113
|
+
return {
|
|
114
|
+
id: `${entry.id}-usage`,
|
|
115
|
+
decisionId: entry.id,
|
|
116
|
+
decisionNumber: entry.number,
|
|
117
|
+
parentPath: entry.path,
|
|
118
|
+
parentUrl: entry.url,
|
|
119
|
+
path: usagePath,
|
|
120
|
+
url: usageUrlForEntry(entry),
|
|
121
|
+
sourcePath: usagePath,
|
|
122
|
+
sourceExists: existsSync(usagePath),
|
|
123
|
+
relationship: "usage-child-of-decision",
|
|
124
|
+
title: `${entry.id} usage`,
|
|
125
|
+
};
|
|
126
|
+
});
|
|
127
|
+
|
|
108
128
|
const section = ({ id, sourceHeading, title, markdown, role, priority, presentation, firstScreen = false }) => ({
|
|
109
129
|
id,
|
|
110
130
|
sourcePath: README_PATH,
|
|
@@ -206,6 +226,7 @@ export const buildSiteBundle = ({ readmeText, registry }) => {
|
|
|
206
226
|
routes: {
|
|
207
227
|
home: "/",
|
|
208
228
|
decisionPattern: "/{number}",
|
|
229
|
+
decisionUsagePattern: "/{number}/usage",
|
|
209
230
|
llms: "/llms.txt",
|
|
210
231
|
manifest: "/manifest.json",
|
|
211
232
|
},
|
|
@@ -254,6 +275,13 @@ export const buildSiteBundle = ({ readmeText, registry }) => {
|
|
|
254
275
|
source: REGISTRY_PATH,
|
|
255
276
|
bodySource: "registry.entries[].path",
|
|
256
277
|
stableUrlField: "url",
|
|
278
|
+
usagePages: {
|
|
279
|
+
source: "registry.entries[] + docs/KFD-N-usage.md",
|
|
280
|
+
bodySource: "docs/KFD-{number}-usage.md",
|
|
281
|
+
stableUrlPattern: "/{number}/usage",
|
|
282
|
+
relationship: "usage-child-of-decision",
|
|
283
|
+
pages: buildUsagePages(entries),
|
|
284
|
+
},
|
|
257
285
|
metadata: {
|
|
258
286
|
licenseBoundary: {
|
|
259
287
|
license: "Apache-2.0",
|
|
@@ -269,7 +297,7 @@ export const buildSiteBundle = ({ readmeText, registry }) => {
|
|
|
269
297
|
loadBearingCoordinate: "commit-addressed repository contents",
|
|
270
298
|
stableRenderedIndex: "https://kfd.libkungfu.dev",
|
|
271
299
|
canonicalPaths: [
|
|
272
|
-
"decisions/
|
|
300
|
+
"decisions/KFD-N.md",
|
|
273
301
|
REGISTRY_PATH,
|
|
274
302
|
"standards.json",
|
|
275
303
|
],
|
|
@@ -294,6 +322,8 @@ export const buildSiteBundle = ({ readmeText, registry }) => {
|
|
|
294
322
|
"decision metadata fact source",
|
|
295
323
|
"license and official-status boundary",
|
|
296
324
|
"decision markdown bodies",
|
|
325
|
+
"decision usage page mapping",
|
|
326
|
+
"decision usage markdown bodies",
|
|
297
327
|
],
|
|
298
328
|
ownedBySite: [
|
|
299
329
|
"HTML structure",
|
package/site/kfd-site.json
CHANGED
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
"routes": {
|
|
11
11
|
"home": "/",
|
|
12
12
|
"decisionPattern": "/{number}",
|
|
13
|
+
"decisionUsagePattern": "/{number}/usage",
|
|
13
14
|
"llms": "/llms.txt",
|
|
14
15
|
"manifest": "/manifest.json"
|
|
15
16
|
},
|
|
@@ -157,7 +158,7 @@
|
|
|
157
158
|
"homepagePriority": 40,
|
|
158
159
|
"defaultPresentation": "ordered-steps",
|
|
159
160
|
"includeInFirstScreen": false,
|
|
160
|
-
"markdown": "Agents consuming this package should start from the same sources as humans:\n\n1. Read this README for the foundation model and package map.\n2. Read `standards.json` for canonical KFD numbers, schema IDs, concept names,\n and interface contracts.\n3. Use `site/kfd-site.json` decision metadata or the KFD-3 collaboration\n interface fact-source metadata to identify the public KFD fact source.\n4. Use `schemas/kfd-2/trust-taxonomy.schema.json` for KFD-2 residual-risk and\n trust-downgrade values. Unknown taxonomy values are invalid.\n5. Use `schemas/kfd-3/collaboration-interface.schema.json` and\n `schemas/kfd-3/witness.schema.json` to inspect collaboration interfaces.\
|
|
161
|
+
"markdown": "Agents consuming this package should start from the same sources as humans:\n\n1. Read this README for the foundation model and package map.\n2. Read `standards.json` for canonical KFD numbers, schema IDs, concept names,\n and interface contracts.\n3. Use `site/kfd-site.json` decision metadata or the KFD-3 collaboration\n interface fact-source metadata to identify the public KFD fact source.\n4. Use `schemas/kfd-2/trust-taxonomy.schema.json` for KFD-2 residual-risk and\n trust-downgrade values. Unknown taxonomy values are invalid.\n5. Use `schemas/kfd-2/trust-claims.schema.json` and\n `schemas/kfd-2/trust-assessment.schema.json` when a claim needs generic\n KFD-2 assessment instead of a release-specific passport.\n6. Use `schemas/kfd-3/collaboration-interface.schema.json` and\n `schemas/kfd-3/witness.schema.json` to inspect collaboration interfaces.\n7. If a needed KFD-2 taxonomy value is missing, open a KFD GitHub issue rather\n than inventing a local value:\n `https://github.com/kungfu-systems/kfd/issues/new?title=KFD-2%20trust%20taxonomy%20extension%20request`.\n\nKFD package semver is only the distribution version. KFD-owned machine\ninterfaces carry their own `schemaVersion` and `contract` fields. Compatible\nadditions may keep the same interface version; semantic changes, required-field\nchanges, verification meaning changes, or responsibility-boundary changes must\nuse a new interface version or contract.\n\nKFD-2 publishes trust-taxonomy, trust-claims, trust-assessment,\nrelease-claims, and release-trust-passport schemas under `schemas/kfd-2/`.\nThe generic schemas let humans, agents, Buildchain, and other systems assess\nwhether claims about KFD-1, KFD-3, KFD-4, future KFDs, or product surfaces are\nbound to source facts, evidence, hashes, audit boundaries, residual risk, and\nresponsibility state. The release schemas are a release-specific projection of\nthat model. See [`docs/KFD-2-usage.md`](docs/KFD-2-usage.md).\n\nKFD-3 also publishes a general collaboration-interface schema and witness\nschema under `schemas/kfd-3/`. These schemas are for participant-facing product\ninterfaces, not only agent APIs. A product such as Kungfu may implement an\nagent-first profile, but that profile remains a product-specific realization of\nKFD-3. The KFD-owned boundary is the standard vocabulary, schema IDs, and\nclosed-world evidence shape. See\n[`docs/KFD-3-usage.md`](docs/KFD-3-usage.md).\n\nKFD-4 publishes an observer-perspective schema under `schemas/kfd-4/`. It gives\nhumans and agents a standard vocabulary for observer, accepted facts,\nprojection policy, causal constraints, degraded evidence, and verification\nstate when a product shows a perspective-bearing timeline."
|
|
161
162
|
},
|
|
162
163
|
{
|
|
163
164
|
"id": "decision-metadata",
|
|
@@ -168,7 +169,7 @@
|
|
|
168
169
|
"homepagePriority": 50,
|
|
169
170
|
"defaultPresentation": "fact-source",
|
|
170
171
|
"includeInFirstScreen": false,
|
|
171
|
-
"markdown": "Every rendered decision page should make the KFD fact source explicit. The\npublic KFD fact source is the GitHub-hosted `kungfu-systems/kfd` git\nrepository. GitHub is the current canonical coordination and hosting surface;\nthe load-bearing facts are the commit-addressed repository contents.\n\nDecision metadata should expose:\n\n- Public fact source: `https://github.com/kungfu-systems/kfd`\n- Load-bearing coordinate: commit-addressed repository contents.\n- Canonical paths: `decisions/
|
|
172
|
+
"markdown": "Every rendered decision page should make the KFD fact source explicit. The\npublic KFD fact source is the GitHub-hosted `kungfu-systems/kfd` git\nrepository. GitHub is the current canonical coordination and hosting surface;\nthe load-bearing facts are the commit-addressed repository contents.\n\nDecision metadata should expose:\n\n- Public fact source: `https://github.com/kungfu-systems/kfd`\n- Load-bearing coordinate: commit-addressed repository contents.\n- Canonical paths: `decisions/KFD-N.md`, `registry.json`, `standards.json`.\n- Stable rendered index: `https://kfd.libkungfu.dev`.\n- Rendered URL: `https://kfd.libkungfu.dev/N`.\n\nRendered pages, npm package contents, Buildchain release passports, and\n`kfd.libkungfu.dev` are projections or evidence surfaces. A GitHub issue is an\nextension request path, not a KFD fact by itself; it becomes part of the KFD\nfact source only after the resulting change is committed to the repository."
|
|
172
173
|
}
|
|
173
174
|
],
|
|
174
175
|
"displayPlan": {
|
|
@@ -222,6 +223,66 @@
|
|
|
222
223
|
"source": "registry.json",
|
|
223
224
|
"bodySource": "registry.entries[].path",
|
|
224
225
|
"stableUrlField": "url",
|
|
226
|
+
"usagePages": {
|
|
227
|
+
"source": "registry.entries[] + docs/KFD-N-usage.md",
|
|
228
|
+
"bodySource": "docs/KFD-{number}-usage.md",
|
|
229
|
+
"stableUrlPattern": "/{number}/usage",
|
|
230
|
+
"relationship": "usage-child-of-decision",
|
|
231
|
+
"pages": [
|
|
232
|
+
{
|
|
233
|
+
"id": "KFD-1-usage",
|
|
234
|
+
"decisionId": "KFD-1",
|
|
235
|
+
"decisionNumber": 1,
|
|
236
|
+
"parentPath": "decisions/KFD-1.md",
|
|
237
|
+
"parentUrl": "https://kfd.libkungfu.dev/1",
|
|
238
|
+
"path": "docs/KFD-1-usage.md",
|
|
239
|
+
"url": "https://kfd.libkungfu.dev/1/usage",
|
|
240
|
+
"sourcePath": "docs/KFD-1-usage.md",
|
|
241
|
+
"sourceExists": true,
|
|
242
|
+
"relationship": "usage-child-of-decision",
|
|
243
|
+
"title": "KFD-1 usage"
|
|
244
|
+
},
|
|
245
|
+
{
|
|
246
|
+
"id": "KFD-2-usage",
|
|
247
|
+
"decisionId": "KFD-2",
|
|
248
|
+
"decisionNumber": 2,
|
|
249
|
+
"parentPath": "decisions/KFD-2.md",
|
|
250
|
+
"parentUrl": "https://kfd.libkungfu.dev/2",
|
|
251
|
+
"path": "docs/KFD-2-usage.md",
|
|
252
|
+
"url": "https://kfd.libkungfu.dev/2/usage",
|
|
253
|
+
"sourcePath": "docs/KFD-2-usage.md",
|
|
254
|
+
"sourceExists": true,
|
|
255
|
+
"relationship": "usage-child-of-decision",
|
|
256
|
+
"title": "KFD-2 usage"
|
|
257
|
+
},
|
|
258
|
+
{
|
|
259
|
+
"id": "KFD-3-usage",
|
|
260
|
+
"decisionId": "KFD-3",
|
|
261
|
+
"decisionNumber": 3,
|
|
262
|
+
"parentPath": "decisions/KFD-3.md",
|
|
263
|
+
"parentUrl": "https://kfd.libkungfu.dev/3",
|
|
264
|
+
"path": "docs/KFD-3-usage.md",
|
|
265
|
+
"url": "https://kfd.libkungfu.dev/3/usage",
|
|
266
|
+
"sourcePath": "docs/KFD-3-usage.md",
|
|
267
|
+
"sourceExists": true,
|
|
268
|
+
"relationship": "usage-child-of-decision",
|
|
269
|
+
"title": "KFD-3 usage"
|
|
270
|
+
},
|
|
271
|
+
{
|
|
272
|
+
"id": "KFD-4-usage",
|
|
273
|
+
"decisionId": "KFD-4",
|
|
274
|
+
"decisionNumber": 4,
|
|
275
|
+
"parentPath": "decisions/KFD-4.md",
|
|
276
|
+
"parentUrl": "https://kfd.libkungfu.dev/4",
|
|
277
|
+
"path": "docs/KFD-4-usage.md",
|
|
278
|
+
"url": "https://kfd.libkungfu.dev/4/usage",
|
|
279
|
+
"sourcePath": "docs/KFD-4-usage.md",
|
|
280
|
+
"sourceExists": true,
|
|
281
|
+
"relationship": "usage-child-of-decision",
|
|
282
|
+
"title": "KFD-4 usage"
|
|
283
|
+
}
|
|
284
|
+
]
|
|
285
|
+
},
|
|
225
286
|
"metadata": {
|
|
226
287
|
"licenseBoundary": {
|
|
227
288
|
"license": "Apache-2.0",
|
|
@@ -237,7 +298,7 @@
|
|
|
237
298
|
"loadBearingCoordinate": "commit-addressed repository contents",
|
|
238
299
|
"stableRenderedIndex": "https://kfd.libkungfu.dev",
|
|
239
300
|
"canonicalPaths": [
|
|
240
|
-
"decisions/
|
|
301
|
+
"decisions/KFD-N.md",
|
|
241
302
|
"registry.json",
|
|
242
303
|
"standards.json"
|
|
243
304
|
],
|
|
@@ -261,7 +322,9 @@
|
|
|
261
322
|
"decision metadata",
|
|
262
323
|
"decision metadata fact source",
|
|
263
324
|
"license and official-status boundary",
|
|
264
|
-
"decision markdown bodies"
|
|
325
|
+
"decision markdown bodies",
|
|
326
|
+
"decision usage page mapping",
|
|
327
|
+
"decision usage markdown bodies"
|
|
265
328
|
],
|
|
266
329
|
"ownedBySite": [
|
|
267
330
|
"HTML structure",
|