@kungfu-tech/kfd 1.0.0-alpha.2 → 1.0.0-alpha.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.buildchain/kfd-1/contract-world.witness.json +753 -0
- package/.buildchain/kfd-2/kfd-foundation.trust-assessment.json +238 -0
- package/.buildchain/kfd-2/kfd-foundation.trust-claims.json +225 -0
- package/.buildchain/kfd-2/public-release-trust.claim.json +131 -0
- package/.buildchain/kfd-3/collaboration-interface.artifact.json +774 -0
- package/.buildchain/kfd-3/collaboration-interface.json +421 -0
- package/.buildchain/kfd-3/collaboration-interface.prebuild.json +1141 -0
- package/README.md +149 -29
- package/TRADEMARKS.md +60 -0
- package/buildchain.contract-lock.json +86 -0
- package/buildchain.release-propagation.json +32 -0
- package/decisions/{kfd-1.md → KFD-1.md} +77 -35
- package/decisions/{kfd-2.md → KFD-2.md} +63 -11
- package/decisions/{kfd-3.md → KFD-3.md} +54 -16
- package/decisions/KFD-4.md +182 -0
- package/docs/KFD-1-usage.md +37 -0
- package/docs/KFD-2-usage.md +123 -0
- package/docs/KFD-3-usage.md +98 -0
- package/docs/KFD-4-usage.md +31 -0
- package/docs/MAP.md +20 -3
- package/docs/release-governance.md +28 -0
- package/kfd.release.json +13 -0
- package/package.json +28 -2
- package/registry.json +15 -5
- package/release-impact.json +113 -0
- package/schemas/kfd-1/contract-world.schema.json +67 -4
- package/schemas/kfd-1/witness.schema.json +113 -0
- package/schemas/kfd-2/release-claims.schema.json +331 -0
- package/schemas/kfd-2/release-trust-passport.schema.json +276 -0
- package/schemas/kfd-2/trust-assessment.schema.json +313 -0
- package/schemas/kfd-2/trust-claims.schema.json +334 -0
- package/schemas/kfd-2/trust-taxonomy.schema.json +219 -0
- package/schemas/kfd-3/collaboration-interface.schema.json +542 -0
- package/schemas/kfd-3/witness.schema.json +167 -0
- package/schemas/kfd-4/observer-perspective.schema.json +272 -0
- package/schemas/kfd-standards.schema.json +163 -0
- package/scripts/check.mjs +930 -0
- package/scripts/npm-publish-transaction.mjs +220 -0
- package/scripts/update-kfd-1-witness.mjs +35 -0
- package/scripts/update-kfd-2-claim.mjs +304 -0
- package/scripts/update-kfd-3-witness.mjs +261 -0
- package/scripts/update-site-bundle.mjs +353 -0
- package/site/kfd-site.json +251 -12
- package/standards.json +775 -15
|
@@ -0,0 +1,238 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"contract": "kfd-2-trust-assessment",
|
|
4
|
+
"standard": "kfd-2",
|
|
5
|
+
"assessedClaims": {
|
|
6
|
+
"schemaId": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-claims.schema.json",
|
|
7
|
+
"path": ".buildchain/kfd-2/kfd-foundation.trust-claims.json",
|
|
8
|
+
"digest": "sha256:516fe8d96ddecbf4ebb32315fc1b5658e3e56c4180aca97eac2a9ab2c9208679"
|
|
9
|
+
},
|
|
10
|
+
"result": "warning",
|
|
11
|
+
"projection": {
|
|
12
|
+
"kind": "generic",
|
|
13
|
+
"description": "Generic KFD-2 assessment of KFD-owned foundation and practice guideline claims."
|
|
14
|
+
},
|
|
15
|
+
"assessments": [
|
|
16
|
+
{
|
|
17
|
+
"id": "assess-kfd-1-contract-world-trust",
|
|
18
|
+
"claimId": "kfd-1-contract-world-trust",
|
|
19
|
+
"subject": {
|
|
20
|
+
"kind": "contract-world",
|
|
21
|
+
"id": "kfd-1-surface-register",
|
|
22
|
+
"standard": "kfd-1",
|
|
23
|
+
"description": "KFD-1 non-drifting fact-source and compatibility-impact surface register."
|
|
24
|
+
},
|
|
25
|
+
"result": "pass",
|
|
26
|
+
"facts": [
|
|
27
|
+
{
|
|
28
|
+
"type": "file",
|
|
29
|
+
"result": "pass",
|
|
30
|
+
"machineProvability": "machine-verifiable",
|
|
31
|
+
"path": "standards.json",
|
|
32
|
+
"digest": "sha256:68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4",
|
|
33
|
+
"description": "Fact standards.json is present and hashable."
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
"type": "schema",
|
|
37
|
+
"result": "pass",
|
|
38
|
+
"machineProvability": "machine-verifiable",
|
|
39
|
+
"path": "schemas/kfd-1/contract-world.schema.json",
|
|
40
|
+
"digest": "sha256:412d22385cd81a72798cc649c5ddfa961b6ae91ec2727d4300261a55fa5036f3",
|
|
41
|
+
"description": "Fact schemas/kfd-1/contract-world.schema.json is present and hashable."
|
|
42
|
+
}
|
|
43
|
+
],
|
|
44
|
+
"evidence": [
|
|
45
|
+
{
|
|
46
|
+
"type": "schema",
|
|
47
|
+
"result": "pass",
|
|
48
|
+
"machineProvability": "machine-verifiable",
|
|
49
|
+
"path": "schemas/kfd-1/contract-world.schema.json",
|
|
50
|
+
"digest": "sha256:412d22385cd81a72798cc649c5ddfa961b6ae91ec2727d4300261a55fa5036f3",
|
|
51
|
+
"description": "KFD-1 contract-world schema is published as a package surface."
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"type": "file",
|
|
55
|
+
"result": "pass",
|
|
56
|
+
"machineProvability": "machine-verifiable",
|
|
57
|
+
"path": "scripts/check.mjs",
|
|
58
|
+
"digest": "sha256:43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82",
|
|
59
|
+
"description": "The package check gate validates the KFD-1 schema, surface register, witness, and hashes."
|
|
60
|
+
}
|
|
61
|
+
],
|
|
62
|
+
"auditBoundary": {
|
|
63
|
+
"scope": "KFD package KFD-1 surface-register, schema, witness, and self-verification gate",
|
|
64
|
+
"enumerability": "closed-world"
|
|
65
|
+
},
|
|
66
|
+
"responsibility": {
|
|
67
|
+
"owner": "KFD maintainers",
|
|
68
|
+
"sourceOwner": "KFD maintainers",
|
|
69
|
+
"verificationOwner": "KFD package self-verification",
|
|
70
|
+
"decisionOwner": "KFD maintainers"
|
|
71
|
+
},
|
|
72
|
+
"residualRisk": []
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
"id": "assess-kfd-3-collaboration-interface-trust",
|
|
76
|
+
"claimId": "kfd-3-collaboration-interface-trust",
|
|
77
|
+
"subject": {
|
|
78
|
+
"kind": "collaboration-interface",
|
|
79
|
+
"id": "kfd-3-collaboration-interface",
|
|
80
|
+
"standard": "kfd-3",
|
|
81
|
+
"description": "KFD package collaboration interface for humans, agents, maintainers, package consumers, site consumers, and release systems."
|
|
82
|
+
},
|
|
83
|
+
"result": "warning",
|
|
84
|
+
"facts": [
|
|
85
|
+
{
|
|
86
|
+
"type": "file",
|
|
87
|
+
"result": "pass",
|
|
88
|
+
"machineProvability": "machine-verifiable",
|
|
89
|
+
"path": ".buildchain/kfd-3/collaboration-interface.json",
|
|
90
|
+
"digest": "sha256:fa41128be4ee57a4a40b76d4d7a063c01d7c2e5c53aec2b9c6db819c7a27b22b",
|
|
91
|
+
"description": "Fact .buildchain/kfd-3/collaboration-interface.json is present and hashable."
|
|
92
|
+
}
|
|
93
|
+
],
|
|
94
|
+
"evidence": [
|
|
95
|
+
{
|
|
96
|
+
"type": "schema",
|
|
97
|
+
"result": "pass",
|
|
98
|
+
"machineProvability": "machine-verifiable",
|
|
99
|
+
"path": "schemas/kfd-3/collaboration-interface.schema.json",
|
|
100
|
+
"digest": "sha256:6526be8e59d2f0f645e7f67a8f63a93f017a2dac62701147d49c5f391c5483a3",
|
|
101
|
+
"description": "KFD-3 collaboration interface schema is published."
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
"type": "file",
|
|
105
|
+
"result": "pass",
|
|
106
|
+
"machineProvability": "machine-verifiable",
|
|
107
|
+
"path": ".buildchain/kfd-3/collaboration-interface.json",
|
|
108
|
+
"digest": "sha256:fa41128be4ee57a4a40b76d4d7a063c01d7c2e5c53aec2b9c6db819c7a27b22b",
|
|
109
|
+
"description": "KFD-3 source collaboration interface declares reachable participant-facing surfaces and value evidence."
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
"type": "file",
|
|
113
|
+
"result": "pass",
|
|
114
|
+
"machineProvability": "machine-verifiable",
|
|
115
|
+
"path": "scripts/check.mjs",
|
|
116
|
+
"digest": "sha256:43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82",
|
|
117
|
+
"description": "The package check gate validates KFD-3 interface closure and witness parity."
|
|
118
|
+
}
|
|
119
|
+
],
|
|
120
|
+
"auditBoundary": {
|
|
121
|
+
"scope": "KFD participant-facing collaboration surfaces, extension paths, and shipped witness files",
|
|
122
|
+
"enumerability": "closed-world"
|
|
123
|
+
},
|
|
124
|
+
"responsibility": {
|
|
125
|
+
"owner": "KFD maintainers",
|
|
126
|
+
"sourceOwner": "KFD maintainers",
|
|
127
|
+
"verificationOwner": "KFD package self-verification",
|
|
128
|
+
"decisionOwner": "KFD maintainers"
|
|
129
|
+
},
|
|
130
|
+
"residualRisk": [
|
|
131
|
+
{
|
|
132
|
+
"id": "human-language-interpretation",
|
|
133
|
+
"definedBy": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk",
|
|
134
|
+
"riskType": "natural-language-semantic-risk",
|
|
135
|
+
"trustImpact": "downgrade-warning",
|
|
136
|
+
"machineProvability": "not-exhaustively-enumerable",
|
|
137
|
+
"agentAction": "semantic-review-required",
|
|
138
|
+
"reason": "Natural-language standard interpretation is inspectable and reviewable but cannot be exhaustively proved from package bytes.",
|
|
139
|
+
"owner": "KFD maintainers"
|
|
140
|
+
}
|
|
141
|
+
]
|
|
142
|
+
},
|
|
143
|
+
{
|
|
144
|
+
"id": "assess-kfd-4-observer-perspective-trust",
|
|
145
|
+
"claimId": "kfd-4-observer-perspective-trust",
|
|
146
|
+
"subject": {
|
|
147
|
+
"kind": "observer-perspective",
|
|
148
|
+
"id": "kfd-4-observer-perspective",
|
|
149
|
+
"standard": "kfd-4",
|
|
150
|
+
"description": "KFD-4 observer-perspective schema for perspective-bearing timeline views."
|
|
151
|
+
},
|
|
152
|
+
"result": "pass",
|
|
153
|
+
"facts": [
|
|
154
|
+
{
|
|
155
|
+
"type": "file",
|
|
156
|
+
"result": "pass",
|
|
157
|
+
"machineProvability": "machine-verifiable",
|
|
158
|
+
"path": "decisions/KFD-4.md",
|
|
159
|
+
"digest": "sha256:7077a6446c8baa60d85426780cb7b2bee488133196b6f53d74f0eb151f6e26e4",
|
|
160
|
+
"description": "Fact decisions/KFD-4.md is present and hashable."
|
|
161
|
+
},
|
|
162
|
+
{
|
|
163
|
+
"type": "file",
|
|
164
|
+
"result": "pass",
|
|
165
|
+
"machineProvability": "machine-verifiable",
|
|
166
|
+
"path": "standards.json",
|
|
167
|
+
"digest": "sha256:68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4",
|
|
168
|
+
"description": "Fact standards.json is present and hashable."
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
"type": "schema",
|
|
172
|
+
"result": "pass",
|
|
173
|
+
"machineProvability": "machine-verifiable",
|
|
174
|
+
"path": "schemas/kfd-4/observer-perspective.schema.json",
|
|
175
|
+
"digest": "sha256:e6ae8849b04c326b4ae5efafa08b08dc0f3fcf6844f6956735ff7327c2cfd69c",
|
|
176
|
+
"description": "Fact schemas/kfd-4/observer-perspective.schema.json is present and hashable."
|
|
177
|
+
}
|
|
178
|
+
],
|
|
179
|
+
"evidence": [
|
|
180
|
+
{
|
|
181
|
+
"type": "schema",
|
|
182
|
+
"result": "pass",
|
|
183
|
+
"machineProvability": "machine-verifiable",
|
|
184
|
+
"path": "schemas/kfd-4/observer-perspective.schema.json",
|
|
185
|
+
"digest": "sha256:e6ae8849b04c326b4ae5efafa08b08dc0f3fcf6844f6956735ff7327c2cfd69c",
|
|
186
|
+
"description": "KFD-4 observer-perspective schema is published."
|
|
187
|
+
},
|
|
188
|
+
{
|
|
189
|
+
"type": "file",
|
|
190
|
+
"result": "pass",
|
|
191
|
+
"machineProvability": "machine-verifiable",
|
|
192
|
+
"path": "standards.json",
|
|
193
|
+
"digest": "sha256:68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4",
|
|
194
|
+
"description": "Standards metadata exposes the KFD-4 schema ID, path, interface version, and concept names."
|
|
195
|
+
},
|
|
196
|
+
{
|
|
197
|
+
"type": "file",
|
|
198
|
+
"result": "pass",
|
|
199
|
+
"machineProvability": "machine-verifiable",
|
|
200
|
+
"path": "scripts/check.mjs",
|
|
201
|
+
"digest": "sha256:43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82",
|
|
202
|
+
"description": "The package check gate validates the KFD-4 schema and standards metadata."
|
|
203
|
+
}
|
|
204
|
+
],
|
|
205
|
+
"auditBoundary": {
|
|
206
|
+
"scope": "KFD-4 decision text, observer-perspective schema, standards metadata, and self-verification gate",
|
|
207
|
+
"enumerability": "closed-world"
|
|
208
|
+
},
|
|
209
|
+
"responsibility": {
|
|
210
|
+
"owner": "KFD maintainers",
|
|
211
|
+
"sourceOwner": "KFD maintainers",
|
|
212
|
+
"verificationOwner": "KFD package self-verification",
|
|
213
|
+
"decisionOwner": "KFD maintainers"
|
|
214
|
+
},
|
|
215
|
+
"residualRisk": []
|
|
216
|
+
}
|
|
217
|
+
],
|
|
218
|
+
"unboundClaims": [],
|
|
219
|
+
"downgradeReasons": [
|
|
220
|
+
{
|
|
221
|
+
"id": "kfd-3-natural-language-semantics",
|
|
222
|
+
"riskType": "natural-language-semantic-risk",
|
|
223
|
+
"trustImpact": "downgrade-warning",
|
|
224
|
+
"reason": "KFD-3 exposes machine-checkable collaboration surfaces and value evidence, but the human-language meaning of trusted value and non-coercive cooperation remains a reviewable semantic responsibility.",
|
|
225
|
+
"agentAction": "semantic-review-required",
|
|
226
|
+
"source": "kfd-3-collaboration-interface-trust"
|
|
227
|
+
}
|
|
228
|
+
],
|
|
229
|
+
"responsibility": {
|
|
230
|
+
"owner": "KFD maintainers",
|
|
231
|
+
"sourceOwner": "KFD maintainers",
|
|
232
|
+
"verificationOwner": "KFD package self-verification",
|
|
233
|
+
"decisionOwner": "KFD maintainers"
|
|
234
|
+
},
|
|
235
|
+
"schemaEvolution": {
|
|
236
|
+
"compatibilityRule": "Compatible additions may keep schemaVersion 1; semantic, required-field, verification-meaning, or responsibility-boundary changes require a new interface version or contract."
|
|
237
|
+
}
|
|
238
|
+
}
|
|
@@ -0,0 +1,225 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"contract": "kfd-2-trust-claims",
|
|
4
|
+
"standard": "kfd-2",
|
|
5
|
+
"projection": {
|
|
6
|
+
"kind": "generic",
|
|
7
|
+
"description": "KFD self-dogfood claims for assessing KFD-1, KFD-3, and KFD-4 from the generic KFD-2 trust model."
|
|
8
|
+
},
|
|
9
|
+
"claims": [
|
|
10
|
+
{
|
|
11
|
+
"id": "kfd-1-contract-world-trust",
|
|
12
|
+
"statement": "KFD-1 is trustable as the KFD package contract-world rule because its surface register, schema, witness, and verification command are inspectable from committed package facts.",
|
|
13
|
+
"subject": {
|
|
14
|
+
"kind": "contract-world",
|
|
15
|
+
"id": "kfd-1-surface-register",
|
|
16
|
+
"standard": "kfd-1",
|
|
17
|
+
"description": "KFD-1 non-drifting fact-source and compatibility-impact surface register."
|
|
18
|
+
},
|
|
19
|
+
"facts": [
|
|
20
|
+
{
|
|
21
|
+
"kind": "file",
|
|
22
|
+
"path": "standards.json",
|
|
23
|
+
"sha256": "68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4"
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
"kind": "schema",
|
|
27
|
+
"path": "schemas/kfd-1/contract-world.schema.json",
|
|
28
|
+
"sha256": "412d22385cd81a72798cc649c5ddfa961b6ae91ec2727d4300261a55fa5036f3"
|
|
29
|
+
}
|
|
30
|
+
],
|
|
31
|
+
"evidence": [
|
|
32
|
+
{
|
|
33
|
+
"type": "schema",
|
|
34
|
+
"pointer": {
|
|
35
|
+
"kind": "schema",
|
|
36
|
+
"path": "schemas/kfd-1/contract-world.schema.json",
|
|
37
|
+
"sha256": "412d22385cd81a72798cc649c5ddfa961b6ae91ec2727d4300261a55fa5036f3"
|
|
38
|
+
},
|
|
39
|
+
"machineProvability": "machine-verifiable",
|
|
40
|
+
"description": "KFD-1 contract-world schema is published as a package surface."
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
"type": "file",
|
|
44
|
+
"pointer": {
|
|
45
|
+
"kind": "file",
|
|
46
|
+
"path": "scripts/check.mjs",
|
|
47
|
+
"sha256": "43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82"
|
|
48
|
+
},
|
|
49
|
+
"machineProvability": "machine-verifiable",
|
|
50
|
+
"description": "The package check gate validates the KFD-1 schema, surface register, witness, and hashes."
|
|
51
|
+
}
|
|
52
|
+
],
|
|
53
|
+
"verification": {
|
|
54
|
+
"command": "node scripts/check.mjs",
|
|
55
|
+
"expectedResult": "pass"
|
|
56
|
+
},
|
|
57
|
+
"auditBoundary": {
|
|
58
|
+
"scope": "KFD package KFD-1 surface-register, schema, witness, and self-verification gate",
|
|
59
|
+
"enumerability": "closed-world"
|
|
60
|
+
},
|
|
61
|
+
"residualRisk": [],
|
|
62
|
+
"responsibility": {
|
|
63
|
+
"owner": "KFD maintainers",
|
|
64
|
+
"sourceOwner": "KFD maintainers",
|
|
65
|
+
"verificationOwner": "KFD package self-verification",
|
|
66
|
+
"decisionOwner": "KFD maintainers"
|
|
67
|
+
},
|
|
68
|
+
"status": "enforced"
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
"id": "kfd-3-collaboration-interface-trust",
|
|
72
|
+
"statement": "KFD-3 is trustable as a participant-facing collaboration interface because KFD publishes the declared interface, explicit value evidence, prebuild witness, artifact witness, extension path, and closure check.",
|
|
73
|
+
"subject": {
|
|
74
|
+
"kind": "collaboration-interface",
|
|
75
|
+
"id": "kfd-3-collaboration-interface",
|
|
76
|
+
"standard": "kfd-3",
|
|
77
|
+
"description": "KFD package collaboration interface for humans, agents, maintainers, package consumers, site consumers, and release systems."
|
|
78
|
+
},
|
|
79
|
+
"facts": [
|
|
80
|
+
{
|
|
81
|
+
"kind": "file",
|
|
82
|
+
"path": ".buildchain/kfd-3/collaboration-interface.json",
|
|
83
|
+
"sha256": "fa41128be4ee57a4a40b76d4d7a063c01d7c2e5c53aec2b9c6db819c7a27b22b"
|
|
84
|
+
}
|
|
85
|
+
],
|
|
86
|
+
"evidence": [
|
|
87
|
+
{
|
|
88
|
+
"type": "schema",
|
|
89
|
+
"pointer": {
|
|
90
|
+
"kind": "schema",
|
|
91
|
+
"path": "schemas/kfd-3/collaboration-interface.schema.json",
|
|
92
|
+
"sha256": "6526be8e59d2f0f645e7f67a8f63a93f017a2dac62701147d49c5f391c5483a3"
|
|
93
|
+
},
|
|
94
|
+
"machineProvability": "machine-verifiable",
|
|
95
|
+
"description": "KFD-3 collaboration interface schema is published."
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"type": "file",
|
|
99
|
+
"pointer": {
|
|
100
|
+
"kind": "file",
|
|
101
|
+
"path": ".buildchain/kfd-3/collaboration-interface.json",
|
|
102
|
+
"sha256": "fa41128be4ee57a4a40b76d4d7a063c01d7c2e5c53aec2b9c6db819c7a27b22b"
|
|
103
|
+
},
|
|
104
|
+
"machineProvability": "machine-verifiable",
|
|
105
|
+
"description": "KFD-3 source collaboration interface declares reachable participant-facing surfaces and value evidence."
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
"type": "file",
|
|
109
|
+
"pointer": {
|
|
110
|
+
"kind": "file",
|
|
111
|
+
"path": "scripts/check.mjs",
|
|
112
|
+
"sha256": "43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82"
|
|
113
|
+
},
|
|
114
|
+
"machineProvability": "machine-verifiable",
|
|
115
|
+
"description": "The package check gate validates KFD-3 interface closure and witness parity."
|
|
116
|
+
}
|
|
117
|
+
],
|
|
118
|
+
"verification": {
|
|
119
|
+
"command": "node scripts/check.mjs",
|
|
120
|
+
"expectedResult": "warning"
|
|
121
|
+
},
|
|
122
|
+
"auditBoundary": {
|
|
123
|
+
"scope": "KFD participant-facing collaboration surfaces, extension paths, and shipped witness files",
|
|
124
|
+
"enumerability": "closed-world"
|
|
125
|
+
},
|
|
126
|
+
"residualRisk": [
|
|
127
|
+
{
|
|
128
|
+
"id": "human-language-interpretation",
|
|
129
|
+
"definedBy": "https://kfd.libkungfu.dev/schemas/kfd-2/trust-taxonomy.schema.json#/$defs/residualRisk",
|
|
130
|
+
"riskType": "natural-language-semantic-risk",
|
|
131
|
+
"trustImpact": "downgrade-warning",
|
|
132
|
+
"machineProvability": "not-exhaustively-enumerable",
|
|
133
|
+
"agentAction": "semantic-review-required",
|
|
134
|
+
"reason": "Natural-language standard interpretation is inspectable and reviewable but cannot be exhaustively proved from package bytes.",
|
|
135
|
+
"owner": "KFD maintainers"
|
|
136
|
+
}
|
|
137
|
+
],
|
|
138
|
+
"responsibility": {
|
|
139
|
+
"owner": "KFD maintainers",
|
|
140
|
+
"sourceOwner": "KFD maintainers",
|
|
141
|
+
"verificationOwner": "KFD package self-verification",
|
|
142
|
+
"decisionOwner": "KFD maintainers"
|
|
143
|
+
},
|
|
144
|
+
"status": "enforced"
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"id": "kfd-4-observer-perspective-trust",
|
|
148
|
+
"statement": "KFD-4 is trustable as an observer-perspective interface because KFD publishes the schema, standards metadata, decision text, and verification gate for observer-relative timeline views.",
|
|
149
|
+
"subject": {
|
|
150
|
+
"kind": "observer-perspective",
|
|
151
|
+
"id": "kfd-4-observer-perspective",
|
|
152
|
+
"standard": "kfd-4",
|
|
153
|
+
"description": "KFD-4 observer-perspective schema for perspective-bearing timeline views."
|
|
154
|
+
},
|
|
155
|
+
"facts": [
|
|
156
|
+
{
|
|
157
|
+
"kind": "file",
|
|
158
|
+
"path": "decisions/KFD-4.md",
|
|
159
|
+
"sha256": "7077a6446c8baa60d85426780cb7b2bee488133196b6f53d74f0eb151f6e26e4"
|
|
160
|
+
},
|
|
161
|
+
{
|
|
162
|
+
"kind": "file",
|
|
163
|
+
"path": "standards.json",
|
|
164
|
+
"sha256": "68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4"
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
"kind": "schema",
|
|
168
|
+
"path": "schemas/kfd-4/observer-perspective.schema.json",
|
|
169
|
+
"sha256": "e6ae8849b04c326b4ae5efafa08b08dc0f3fcf6844f6956735ff7327c2cfd69c"
|
|
170
|
+
}
|
|
171
|
+
],
|
|
172
|
+
"evidence": [
|
|
173
|
+
{
|
|
174
|
+
"type": "schema",
|
|
175
|
+
"pointer": {
|
|
176
|
+
"kind": "schema",
|
|
177
|
+
"path": "schemas/kfd-4/observer-perspective.schema.json",
|
|
178
|
+
"sha256": "e6ae8849b04c326b4ae5efafa08b08dc0f3fcf6844f6956735ff7327c2cfd69c"
|
|
179
|
+
},
|
|
180
|
+
"machineProvability": "machine-verifiable",
|
|
181
|
+
"description": "KFD-4 observer-perspective schema is published."
|
|
182
|
+
},
|
|
183
|
+
{
|
|
184
|
+
"type": "file",
|
|
185
|
+
"pointer": {
|
|
186
|
+
"kind": "file",
|
|
187
|
+
"path": "standards.json",
|
|
188
|
+
"sha256": "68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4"
|
|
189
|
+
},
|
|
190
|
+
"machineProvability": "machine-verifiable",
|
|
191
|
+
"description": "Standards metadata exposes the KFD-4 schema ID, path, interface version, and concept names."
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
"type": "file",
|
|
195
|
+
"pointer": {
|
|
196
|
+
"kind": "file",
|
|
197
|
+
"path": "scripts/check.mjs",
|
|
198
|
+
"sha256": "43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82"
|
|
199
|
+
},
|
|
200
|
+
"machineProvability": "machine-verifiable",
|
|
201
|
+
"description": "The package check gate validates the KFD-4 schema and standards metadata."
|
|
202
|
+
}
|
|
203
|
+
],
|
|
204
|
+
"verification": {
|
|
205
|
+
"command": "node scripts/check.mjs",
|
|
206
|
+
"expectedResult": "pass"
|
|
207
|
+
},
|
|
208
|
+
"auditBoundary": {
|
|
209
|
+
"scope": "KFD-4 decision text, observer-perspective schema, standards metadata, and self-verification gate",
|
|
210
|
+
"enumerability": "closed-world"
|
|
211
|
+
},
|
|
212
|
+
"residualRisk": [],
|
|
213
|
+
"responsibility": {
|
|
214
|
+
"owner": "KFD maintainers",
|
|
215
|
+
"sourceOwner": "KFD maintainers",
|
|
216
|
+
"verificationOwner": "KFD package self-verification",
|
|
217
|
+
"decisionOwner": "KFD maintainers"
|
|
218
|
+
},
|
|
219
|
+
"status": "enforced"
|
|
220
|
+
}
|
|
221
|
+
],
|
|
222
|
+
"schemaEvolution": {
|
|
223
|
+
"compatibilityRule": "Compatible additions may keep schemaVersion 1; semantic, required-field, verification-meaning, or responsibility-boundary changes require a new interface version or contract."
|
|
224
|
+
}
|
|
225
|
+
}
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "kfd-public-release-trust",
|
|
3
|
+
"public": true,
|
|
4
|
+
"claim": "The KFD npm release is backed by declared source facts, machine-readable evidence, artifact coordinates, verification, audit boundary, responsibility, and explicit residual-risk state.",
|
|
5
|
+
"sourceBindings": [
|
|
6
|
+
{
|
|
7
|
+
"path": "package.json",
|
|
8
|
+
"sha256": "25ae49f5ab1c34d07d066b7e8fbe49284808bbf10b3c3b2ebe06373be1020854",
|
|
9
|
+
"id": "package-version-and-exports"
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
"path": "kfd.release.json",
|
|
13
|
+
"sha256": "128788929dadbf25aa60283c5c5a7f79afd971627c378edd7d85546ee2038f22",
|
|
14
|
+
"id": "anchored-release-version"
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"path": "registry.json",
|
|
18
|
+
"sha256": "003842480fb9b3b8847735db729bc94bace4f60a25e730df839f4cb74c9f1ab5",
|
|
19
|
+
"id": "decision-registry"
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"path": "standards.json",
|
|
23
|
+
"sha256": "68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4",
|
|
24
|
+
"id": "standards-metadata"
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
"path": "release-impact.json",
|
|
28
|
+
"sha256": "685f65d10491593d28321431eee315bb5fbbedd2d1ccec0747f4a37547b3124a",
|
|
29
|
+
"id": "release-impact-ledger"
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
"path": "buildchain.toml",
|
|
33
|
+
"sha256": "0dc1179d59b634df364871ea18a66251781321c80a6f7bcb9e3fcf5a48ef738a",
|
|
34
|
+
"id": "buildchain-release-contract"
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
"path": "buildchain.contract-lock.json",
|
|
38
|
+
"sha256": "b01c166a59bec6d73e882a69d9d91fbb98f1132558a417f4654c19889af6f0b9",
|
|
39
|
+
"id": "buildchain-runtime-contract-lock"
|
|
40
|
+
}
|
|
41
|
+
],
|
|
42
|
+
"machineEvidence": [
|
|
43
|
+
{
|
|
44
|
+
"path": "scripts/check.mjs",
|
|
45
|
+
"sha256": "43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82",
|
|
46
|
+
"id": "self-verification-command"
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"path": ".github/workflows/build.yml",
|
|
50
|
+
"sha256": "264cd15db6f872c72fc58bcd476d1a3a476ec54b520b05268e213f5b59692f5b",
|
|
51
|
+
"id": "buildchain-build-workflow"
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"path": ".github/workflows/buildchain-ref-promotion.yml",
|
|
55
|
+
"sha256": "754a44cedfc174f35dcf54414c04b636bbc0a85e2272f5de8e899a70ee05d7bd",
|
|
56
|
+
"id": "buildchain-promotion-workflow"
|
|
57
|
+
},
|
|
58
|
+
{
|
|
59
|
+
"path": "schemas/kfd-2/trust-taxonomy.schema.json",
|
|
60
|
+
"sha256": "a663d301a663cadb8567e3010361f5a630b76b6518ed7603dfd58cbd4e64a658",
|
|
61
|
+
"id": "kfd-2-trust-taxonomy-schema"
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
"path": "schemas/kfd-2/trust-claims.schema.json",
|
|
65
|
+
"sha256": "5f452a5973502273f0249116b3a4171549a84515d8ba5286a09f173db4f0e03a",
|
|
66
|
+
"id": "kfd-2-trust-claims-schema"
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
"path": "schemas/kfd-2/trust-assessment.schema.json",
|
|
70
|
+
"sha256": "cdb56fb16d0d2e91e4a9ebaff9cefc212a70fd22701e1185ca75d66af6172a51",
|
|
71
|
+
"id": "kfd-2-trust-assessment-schema"
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
"path": "schemas/kfd-2/release-claims.schema.json",
|
|
75
|
+
"sha256": "0f52c4a9949f62163a0fbe14fefc2f2f93f548ae18b6b5c07eb87aedca4c0be0",
|
|
76
|
+
"id": "kfd-2-release-claims-schema"
|
|
77
|
+
},
|
|
78
|
+
{
|
|
79
|
+
"path": "schemas/kfd-2/release-trust-passport.schema.json",
|
|
80
|
+
"sha256": "df7f828605f680f3ff52fe3468cbf8f5e20151fac0d5c31cd9a0de9765efecc1",
|
|
81
|
+
"id": "kfd-2-release-trust-passport-schema"
|
|
82
|
+
}
|
|
83
|
+
],
|
|
84
|
+
"hashes": {
|
|
85
|
+
"package-version-and-exports": "25ae49f5ab1c34d07d066b7e8fbe49284808bbf10b3c3b2ebe06373be1020854",
|
|
86
|
+
"anchored-release-version": "128788929dadbf25aa60283c5c5a7f79afd971627c378edd7d85546ee2038f22",
|
|
87
|
+
"decision-registry": "003842480fb9b3b8847735db729bc94bace4f60a25e730df839f4cb74c9f1ab5",
|
|
88
|
+
"standards-metadata": "68aae8bbfcce0776e5f5317e133ae1b494a41ecdea1f992bb51f71d1e75f2ca4",
|
|
89
|
+
"release-impact-ledger": "685f65d10491593d28321431eee315bb5fbbedd2d1ccec0747f4a37547b3124a",
|
|
90
|
+
"buildchain-release-contract": "0dc1179d59b634df364871ea18a66251781321c80a6f7bcb9e3fcf5a48ef738a",
|
|
91
|
+
"buildchain-runtime-contract-lock": "b01c166a59bec6d73e882a69d9d91fbb98f1132558a417f4654c19889af6f0b9",
|
|
92
|
+
"self-verification-command": "43cd81dcff761004098722f4b69a7e9939fe9559d4785344dd3344933e241f82",
|
|
93
|
+
"buildchain-build-workflow": "264cd15db6f872c72fc58bcd476d1a3a476ec54b520b05268e213f5b59692f5b",
|
|
94
|
+
"buildchain-promotion-workflow": "754a44cedfc174f35dcf54414c04b636bbc0a85e2272f5de8e899a70ee05d7bd",
|
|
95
|
+
"kfd-2-trust-taxonomy-schema": "a663d301a663cadb8567e3010361f5a630b76b6518ed7603dfd58cbd4e64a658",
|
|
96
|
+
"kfd-2-trust-claims-schema": "5f452a5973502273f0249116b3a4171549a84515d8ba5286a09f173db4f0e03a",
|
|
97
|
+
"kfd-2-trust-assessment-schema": "cdb56fb16d0d2e91e4a9ebaff9cefc212a70fd22701e1185ca75d66af6172a51",
|
|
98
|
+
"kfd-2-release-claims-schema": "0f52c4a9949f62163a0fbe14fefc2f2f93f548ae18b6b5c07eb87aedca4c0be0",
|
|
99
|
+
"kfd-2-release-trust-passport-schema": "df7f828605f680f3ff52fe3468cbf8f5e20151fac0d5c31cd9a0de9765efecc1"
|
|
100
|
+
},
|
|
101
|
+
"artifacts": [
|
|
102
|
+
{
|
|
103
|
+
"name": "@kungfu-tech/kfd",
|
|
104
|
+
"version": "1.0.0-alpha.20",
|
|
105
|
+
"path": "package.json",
|
|
106
|
+
"sha256": "25ae49f5ab1c34d07d066b7e8fbe49284808bbf10b3c3b2ebe06373be1020854"
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
"name": "kfd-release-anchor",
|
|
110
|
+
"version": "1.0.0-alpha.20",
|
|
111
|
+
"path": "kfd.release.json",
|
|
112
|
+
"sha256": "128788929dadbf25aa60283c5c5a7f79afd971627c378edd7d85546ee2038f22"
|
|
113
|
+
}
|
|
114
|
+
],
|
|
115
|
+
"verification": {
|
|
116
|
+
"result": "passed",
|
|
117
|
+
"command": "node scripts/check.mjs"
|
|
118
|
+
},
|
|
119
|
+
"auditBoundary": {
|
|
120
|
+
"scope": "KFD public npm package release facts, package exports, release governance files, and Buildchain release-passport inputs",
|
|
121
|
+
"enumerability": "closed-world"
|
|
122
|
+
},
|
|
123
|
+
"responsibility": {
|
|
124
|
+
"owner": "KFD maintainers",
|
|
125
|
+
"sourceOwner": "KFD maintainers",
|
|
126
|
+
"verificationOwner": "KFD package self-verification",
|
|
127
|
+
"releaseDecisionOwner": "KFD maintainers",
|
|
128
|
+
"releasePassportProofOwner": "Buildchain"
|
|
129
|
+
},
|
|
130
|
+
"residualRisk": []
|
|
131
|
+
}
|