@kungfu-tech/kfd 1.0.0-alpha.2 → 1.0.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.buildchain/kfd-1/contract-world.witness.json +161 -0
- package/README.md +27 -3
- package/buildchain.release-propagation.json +25 -0
- package/docs/MAP.md +2 -0
- package/docs/kfd-2-release-trust.md +46 -0
- package/docs/kfd-3-collaboration-interface.md +59 -0
- package/package.json +5 -1
- package/schemas/kfd-2/release-claims.schema.json +332 -0
- package/schemas/kfd-2/release-trust-passport.schema.json +278 -0
- package/schemas/kfd-3/collaboration-interface.schema.json +348 -0
- package/schemas/kfd-3/witness.schema.json +153 -0
- package/schemas/kfd-standards.schema.json +39 -0
- package/standards.json +79 -8
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "kfd-standard-package",
|
|
3
|
+
"standard": "kfd-1",
|
|
4
|
+
"source": {
|
|
5
|
+
"repo": "kungfu-systems/kfd",
|
|
6
|
+
"factSource": "standards.json"
|
|
7
|
+
},
|
|
8
|
+
"contractWorld": {
|
|
9
|
+
"id": "kfd-standard-package",
|
|
10
|
+
"kind": "standard-metadata",
|
|
11
|
+
"name": "KFD standards metadata and release propagation surfaces",
|
|
12
|
+
"schemaId": "https://kfd.libkungfu.dev/schemas/kfd-1/contract-world.schema.json",
|
|
13
|
+
"digest": "sha256:394139c8915426e81eee7f7ea9f3d8209eb0e2b566ddadfccbddea2a3563585d"
|
|
14
|
+
},
|
|
15
|
+
"canonicalPolicy": {
|
|
16
|
+
"path": "standards.json",
|
|
17
|
+
"sha256": "394139c8915426e81eee7f7ea9f3d8209eb0e2b566ddadfccbddea2a3563585d"
|
|
18
|
+
},
|
|
19
|
+
"registry": {
|
|
20
|
+
"path": "registry.json",
|
|
21
|
+
"sha256": "b83cfadeb726e18f96ec4f7451c66091892f4964420dd81939d1120108991c38"
|
|
22
|
+
},
|
|
23
|
+
"surfaces": [
|
|
24
|
+
{
|
|
25
|
+
"name": "kfd-1-document",
|
|
26
|
+
"sourcePath": "decisions/kfd-1.md",
|
|
27
|
+
"sourceSha256": "2ef7438b0737009d36da248d2ecec5f788d46a93b184efadf5e2e31ca20254f0",
|
|
28
|
+
"artifactPath": "decisions/kfd-1.md",
|
|
29
|
+
"expectedSha256": "2ef7438b0737009d36da248d2ecec5f788d46a93b184efadf5e2e31ca20254f0",
|
|
30
|
+
"byteForByte": true
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
"name": "kfd-2-document",
|
|
34
|
+
"sourcePath": "decisions/kfd-2.md",
|
|
35
|
+
"sourceSha256": "b8be7b7526dcec9ea501998056c55f546492abc4eb63484a9bb8856eb434b710",
|
|
36
|
+
"artifactPath": "decisions/kfd-2.md",
|
|
37
|
+
"expectedSha256": "b8be7b7526dcec9ea501998056c55f546492abc4eb63484a9bb8856eb434b710",
|
|
38
|
+
"byteForByte": true
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
"name": "kfd-3-document",
|
|
42
|
+
"sourcePath": "decisions/kfd-3.md",
|
|
43
|
+
"sourceSha256": "e329bef41ab5cb689346333df317b39918ea1016424a872e438eea8090070b96",
|
|
44
|
+
"artifactPath": "decisions/kfd-3.md",
|
|
45
|
+
"expectedSha256": "e329bef41ab5cb689346333df317b39918ea1016424a872e438eea8090070b96",
|
|
46
|
+
"byteForByte": true
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
"name": "kfd-registry",
|
|
50
|
+
"sourcePath": "registry.json",
|
|
51
|
+
"sourceSha256": "b83cfadeb726e18f96ec4f7451c66091892f4964420dd81939d1120108991c38",
|
|
52
|
+
"artifactPath": "registry.json",
|
|
53
|
+
"expectedSha256": "b83cfadeb726e18f96ec4f7451c66091892f4964420dd81939d1120108991c38",
|
|
54
|
+
"byteForByte": true
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
"name": "kfd-standards",
|
|
58
|
+
"sourcePath": "standards.json",
|
|
59
|
+
"sourceSha256": "394139c8915426e81eee7f7ea9f3d8209eb0e2b566ddadfccbddea2a3563585d",
|
|
60
|
+
"artifactPath": "standards.json",
|
|
61
|
+
"expectedSha256": "394139c8915426e81eee7f7ea9f3d8209eb0e2b566ddadfccbddea2a3563585d",
|
|
62
|
+
"byteForByte": true
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"name": "kfd-standards-schema",
|
|
66
|
+
"sourcePath": "schemas/kfd-standards.schema.json",
|
|
67
|
+
"sourceSha256": "2ecc7049d13463700f143f4e8c40488d6587484c94d26e827c239eeedc892336",
|
|
68
|
+
"artifactPath": "schemas/kfd-standards.schema.json",
|
|
69
|
+
"expectedSha256": "2ecc7049d13463700f143f4e8c40488d6587484c94d26e827c239eeedc892336",
|
|
70
|
+
"byteForByte": true
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
"name": "kfd-1-contract-world-schema",
|
|
74
|
+
"sourcePath": "schemas/kfd-1/contract-world.schema.json",
|
|
75
|
+
"sourceSha256": "6be00cca75c80bf96429eb62336989d8931ea380d86388fcb8b834dcf8d3c13b",
|
|
76
|
+
"artifactPath": "schemas/kfd-1/contract-world.schema.json",
|
|
77
|
+
"expectedSha256": "6be00cca75c80bf96429eb62336989d8931ea380d86388fcb8b834dcf8d3c13b",
|
|
78
|
+
"byteForByte": true
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
"name": "kfd-1-witness-schema",
|
|
82
|
+
"sourcePath": "schemas/kfd-1/witness.schema.json",
|
|
83
|
+
"sourceSha256": "50104a2962cb75cc1da634fa65553e993f87d8fb9b3c237f0609a2208ad4c1f3",
|
|
84
|
+
"artifactPath": "schemas/kfd-1/witness.schema.json",
|
|
85
|
+
"expectedSha256": "50104a2962cb75cc1da634fa65553e993f87d8fb9b3c237f0609a2208ad4c1f3",
|
|
86
|
+
"byteForByte": true
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
"name": "kfd-2-release-claims-schema",
|
|
90
|
+
"sourcePath": "schemas/kfd-2/release-claims.schema.json",
|
|
91
|
+
"sourceSha256": "cf90ef7d0a7c2abc33af0d97d793b7e9c3ed96335da0b79a082523139282963e",
|
|
92
|
+
"artifactPath": "schemas/kfd-2/release-claims.schema.json",
|
|
93
|
+
"expectedSha256": "cf90ef7d0a7c2abc33af0d97d793b7e9c3ed96335da0b79a082523139282963e",
|
|
94
|
+
"byteForByte": true
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
"name": "kfd-2-release-trust-passport-schema",
|
|
98
|
+
"sourcePath": "schemas/kfd-2/release-trust-passport.schema.json",
|
|
99
|
+
"sourceSha256": "92bdd34c0575d18240d1c8be12e86034209f54819048ead9617e7aa2e539aaef",
|
|
100
|
+
"artifactPath": "schemas/kfd-2/release-trust-passport.schema.json",
|
|
101
|
+
"expectedSha256": "92bdd34c0575d18240d1c8be12e86034209f54819048ead9617e7aa2e539aaef",
|
|
102
|
+
"byteForByte": true
|
|
103
|
+
},
|
|
104
|
+
{
|
|
105
|
+
"name": "kfd-3-collaboration-interface-schema",
|
|
106
|
+
"sourcePath": "schemas/kfd-3/collaboration-interface.schema.json",
|
|
107
|
+
"sourceSha256": "03e8d54c08f26bf8aff570995142684b04f0c97578c5fb58d29bc9f1559206d6",
|
|
108
|
+
"artifactPath": "schemas/kfd-3/collaboration-interface.schema.json",
|
|
109
|
+
"expectedSha256": "03e8d54c08f26bf8aff570995142684b04f0c97578c5fb58d29bc9f1559206d6",
|
|
110
|
+
"byteForByte": true
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
"name": "kfd-3-witness-schema",
|
|
114
|
+
"sourcePath": "schemas/kfd-3/witness.schema.json",
|
|
115
|
+
"sourceSha256": "cb80768ab8a4f90f86d256555b1995ddb516371ccbe291a8c28581fa371ccd10",
|
|
116
|
+
"artifactPath": "schemas/kfd-3/witness.schema.json",
|
|
117
|
+
"expectedSha256": "cb80768ab8a4f90f86d256555b1995ddb516371ccbe291a8c28581fa371ccd10",
|
|
118
|
+
"byteForByte": true
|
|
119
|
+
},
|
|
120
|
+
{
|
|
121
|
+
"name": "release-propagation-graph",
|
|
122
|
+
"sourcePath": "buildchain.release-propagation.json",
|
|
123
|
+
"sourceSha256": "007b465f3a69b25cf9bb7554e8c0e8727dbd5d5440b2e496d8c257f0ef69c011",
|
|
124
|
+
"artifactPath": "buildchain.release-propagation.json",
|
|
125
|
+
"expectedSha256": "007b465f3a69b25cf9bb7554e8c0e8727dbd5d5440b2e496d8c257f0ef69c011",
|
|
126
|
+
"byteForByte": true
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
"name": "buildchain-build-workflow",
|
|
130
|
+
"sourcePath": ".github/workflows/build.yml",
|
|
131
|
+
"sourceSha256": "a3e3f935897f16af86f468c8ee0a4500e2d68828e62411df88684087c65a73ad",
|
|
132
|
+
"artifactPath": ".github/workflows/build.yml",
|
|
133
|
+
"expectedSha256": "a3e3f935897f16af86f468c8ee0a4500e2d68828e62411df88684087c65a73ad",
|
|
134
|
+
"byteForByte": true
|
|
135
|
+
},
|
|
136
|
+
{
|
|
137
|
+
"name": "buildchain-ref-promotion-workflow",
|
|
138
|
+
"sourcePath": ".github/workflows/buildchain-ref-promotion.yml",
|
|
139
|
+
"sourceSha256": "f947f5ab19a856914ea03fb094580c9c7cf4b63d6690b88240b7558b40778e2e",
|
|
140
|
+
"artifactPath": ".github/workflows/buildchain-ref-promotion.yml",
|
|
141
|
+
"expectedSha256": "f947f5ab19a856914ea03fb094580c9c7cf4b63d6690b88240b7558b40778e2e",
|
|
142
|
+
"byteForByte": true
|
|
143
|
+
},
|
|
144
|
+
{
|
|
145
|
+
"name": "release-propagation-workflow",
|
|
146
|
+
"sourcePath": ".github/workflows/release-propagation.yml",
|
|
147
|
+
"sourceSha256": "216710af3be1ac6e85dc50836f21e4bdfe7a28fdec47647e843baa2cc7c9b4e7",
|
|
148
|
+
"artifactPath": ".github/workflows/release-propagation.yml",
|
|
149
|
+
"expectedSha256": "216710af3be1ac6e85dc50836f21e4bdfe7a28fdec47647e843baa2cc7c9b4e7",
|
|
150
|
+
"byteForByte": true
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
"name": "verify-workflow",
|
|
154
|
+
"sourcePath": ".github/workflows/verify.yml",
|
|
155
|
+
"sourceSha256": "448f4b6b8263399005a9866cee7906f5334cf5e3daea7d13c70768e586576947",
|
|
156
|
+
"artifactPath": ".github/workflows/verify.yml",
|
|
157
|
+
"expectedSha256": "448f4b6b8263399005a9866cee7906f5334cf5e3daea7d13c70768e586576947",
|
|
158
|
+
"byteForByte": true
|
|
159
|
+
}
|
|
160
|
+
]
|
|
161
|
+
}
|
package/README.md
CHANGED
|
@@ -115,13 +115,34 @@ e.g. `https://kfd.libkungfu.dev/1`). This repository publishes
|
|
|
115
115
|
|
|
116
116
|
Machine consumers that need KFD-owned standard identity should read
|
|
117
117
|
`standards.json`. It is the versioned metadata surface for stable standard
|
|
118
|
-
keys, document routes, schema IDs,
|
|
119
|
-
TypeScript projects, import
|
|
118
|
+
keys, document routes and SHA-256 digests, schema IDs, KFD-owned concept names,
|
|
119
|
+
and machine-interface contract versions. In Node or TypeScript projects, import
|
|
120
|
+
it as:
|
|
120
121
|
|
|
121
122
|
```js
|
|
122
123
|
import standards from "@kungfu-tech/kfd/standards.json" with { type: "json" };
|
|
123
124
|
```
|
|
124
125
|
|
|
126
|
+
KFD package semver is only the distribution version. KFD-owned machine
|
|
127
|
+
interfaces carry their own `schemaVersion` and `contract` fields. Compatible
|
|
128
|
+
additions may keep the same interface version; semantic changes, required-field
|
|
129
|
+
changes, verification meaning changes, or responsibility-boundary changes must
|
|
130
|
+
use a new interface version or contract.
|
|
131
|
+
|
|
132
|
+
KFD-2 publishes release-claims and release-trust-passport schemas under
|
|
133
|
+
`schemas/kfd-2/`. These schemas let Buildchain and other release systems audit
|
|
134
|
+
whether public release claims are bound to source facts, evidence, hashes,
|
|
135
|
+
audit boundaries, residual risk, and responsibility state. See
|
|
136
|
+
[`docs/kfd-2-release-trust.md`](docs/kfd-2-release-trust.md).
|
|
137
|
+
|
|
138
|
+
KFD-3 also publishes a general collaboration-interface schema and witness
|
|
139
|
+
schema under `schemas/kfd-3/`. These schemas are for participant-facing product
|
|
140
|
+
interfaces, not only agent APIs. A product such as Kungfu may implement an
|
|
141
|
+
agent-first profile, but that profile remains a product-specific realization of
|
|
142
|
+
KFD-3. The KFD-owned boundary is the standard vocabulary, schema IDs, and
|
|
143
|
+
closed-world evidence shape. See
|
|
144
|
+
[`docs/kfd-3-collaboration-interface.md`](docs/kfd-3-collaboration-interface.md).
|
|
145
|
+
|
|
125
146
|
## Current decisions
|
|
126
147
|
|
|
127
148
|
| ID | Kind | Title | Status |
|
|
@@ -150,6 +171,8 @@ standards.json machine-readable KFD standard metadata (schemaVersion 1,
|
|
|
150
171
|
contract kfd-standards-metadata)
|
|
151
172
|
schemas/ JSON schemas for package metadata and KFD-owned schema IDs
|
|
152
173
|
site/ machine-readable site bundle for kfd.libkungfu.dev renderers
|
|
174
|
+
buildchain.release-propagation.json
|
|
175
|
+
Buildchain release propagation graph for KFD -> site consumers
|
|
153
176
|
release-impact.json
|
|
154
177
|
Buildchain surface-aware impact ledger for production release passports
|
|
155
178
|
scripts/ conformance check: registry and documents must agree
|
|
@@ -157,7 +180,8 @@ scripts/ conformance check: registry and documents must agree
|
|
|
157
180
|
|
|
158
181
|
`node scripts/check.mjs` (also `pnpm run check`) verifies numbering
|
|
159
182
|
uniqueness, registry/document agreement, standards metadata/schema agreement,
|
|
160
|
-
status validity,
|
|
183
|
+
status validity, decision document SHA-256 bindings, interface contract
|
|
184
|
+
version bindings, and the release impact ledger required by Buildchain
|
|
161
185
|
production release passports. Releases are governed by Buildchain; this package
|
|
162
186
|
versions itself under KFD-1's own rules: the outer package line remains `v1.0`,
|
|
163
187
|
while patch and prerelease numbers are advanced by Buildchain release
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schemaVersion": 1,
|
|
3
|
+
"contract": "kungfu-buildchain-release-propagation-graph",
|
|
4
|
+
"nodes": [
|
|
5
|
+
{
|
|
6
|
+
"id": "kfd",
|
|
7
|
+
"repository": "kungfu-systems/kfd",
|
|
8
|
+
"package": "@kungfu-tech/kfd"
|
|
9
|
+
},
|
|
10
|
+
{
|
|
11
|
+
"id": "site-libkungfu-dev",
|
|
12
|
+
"repository": "kungfu-systems/site-libkungfu-dev",
|
|
13
|
+
"lockPath": "buildchain.upstreams/kfd.release.json",
|
|
14
|
+
"baseRef": "dev/v2/v2.7"
|
|
15
|
+
}
|
|
16
|
+
],
|
|
17
|
+
"edges": [
|
|
18
|
+
{
|
|
19
|
+
"id": "kfd-to-site-libkungfu-dev",
|
|
20
|
+
"from": "kfd",
|
|
21
|
+
"to": "site-libkungfu-dev",
|
|
22
|
+
"channelPolicy": "preserve"
|
|
23
|
+
}
|
|
24
|
+
]
|
|
25
|
+
}
|
package/docs/MAP.md
CHANGED
|
@@ -8,9 +8,11 @@
|
|
|
8
8
|
| What should a site renderer consume to render `kfd.libkungfu.dev`? | [`../site/kfd-site.json`](../site/kfd-site.json) |
|
|
9
9
|
| What is the top-level product accountability principle? | [KFD-2](../decisions/kfd-2.md) |
|
|
10
10
|
| What stance should products take toward humans and agents as reasoning participants? | [KFD-3](../decisions/kfd-3.md) |
|
|
11
|
+
| What schema should products use for KFD-3 participant-facing collaboration interfaces? | [`kfd-3-collaboration-interface.md`](kfd-3-collaboration-interface.md) |
|
|
11
12
|
| What does a specific decision say? | [`../decisions/`](../decisions) (index: [`../registry.json`](../registry.json)) |
|
|
12
13
|
| What machine metadata should Buildchain or another consumer import for KFD standard identity and schema IDs? | [`../standards.json`](../standards.json) |
|
|
13
14
|
| What schema validates the standards metadata surface? | [`../schemas/kfd-standards.schema.json`](../schemas/kfd-standards.schema.json) |
|
|
15
|
+
| What schema should release systems use for KFD-2 release claims and trust passports? | [`kfd-2-release-trust.md`](kfd-2-release-trust.md) |
|
|
14
16
|
| How do I cite a decision? | [`../README.md`](../README.md) — cite by number, e.g. `KFD-1` |
|
|
15
17
|
| How do decisions change over time? | [`../CONTRIBUTING.md`](../CONTRIBUTING.md) — append-only; explicit supersession mints a new number |
|
|
16
18
|
| How is this package versioned and released? | [KFD-1](../decisions/kfd-1.md) applied to itself; Buildchain governs releases |
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# KFD-2 Release Trust Metadata
|
|
2
|
+
|
|
3
|
+
KFD-2 says that trust must start from inspectable facts and responsibility
|
|
4
|
+
state. For releases, that means a product must not ask users or agents to trust
|
|
5
|
+
release claims only because they appear in prose, changelogs, or repository
|
|
6
|
+
history.
|
|
7
|
+
|
|
8
|
+
This package defines two KFD-owned machine interfaces:
|
|
9
|
+
|
|
10
|
+
- `schemas/kfd-2/release-claims.schema.json`: the product's declared public
|
|
11
|
+
release claims.
|
|
12
|
+
- `schemas/kfd-2/release-trust-passport.schema.json`: the verifier's result
|
|
13
|
+
after auditing those claims against evidence.
|
|
14
|
+
|
|
15
|
+
The intended Buildchain flow is:
|
|
16
|
+
|
|
17
|
+
```text
|
|
18
|
+
release claims -> evidence audit -> release trust passport -> release passport
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
Each claim should declare the statement being made, the source of the claim,
|
|
22
|
+
machine-readable evidence, the audit boundary, residual risk, and responsibility
|
|
23
|
+
state. The trust passport should then record whether each claim is bound to
|
|
24
|
+
evidence, which evidence was checked, what the result was, and who owns the
|
|
25
|
+
release decision.
|
|
26
|
+
|
|
27
|
+
## Interface Versioning
|
|
28
|
+
|
|
29
|
+
KFD package semver is only the distribution version. It is not the version of a
|
|
30
|
+
KFD-owned machine interface.
|
|
31
|
+
|
|
32
|
+
Every KFD-owned machine interface uses:
|
|
33
|
+
|
|
34
|
+
- `schemaVersion`: the interface version consumed by tools.
|
|
35
|
+
- `contract`: the stable contract name, such as `kfd-2-release-claims`.
|
|
36
|
+
- `$id`: the canonical schema URL for the current stable interface.
|
|
37
|
+
|
|
38
|
+
Compatible additions may keep `schemaVersion: 1`. A change that alters required
|
|
39
|
+
fields, field semantics, verification meaning, audit boundary semantics, or
|
|
40
|
+
responsibility semantics must not silently reuse the same interface contract.
|
|
41
|
+
It must introduce a new interface version or, when the standard itself changes,
|
|
42
|
+
a new KFD decision or amendment path.
|
|
43
|
+
|
|
44
|
+
The same rule applies to KFD-1 and KFD-3 schemas. Their current schemas already
|
|
45
|
+
carry `schemaVersion: 1` and a `contract` value; this document makes the
|
|
46
|
+
evolution rule explicit across the KFD package.
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
# KFD-3 Collaboration Interface
|
|
2
|
+
|
|
3
|
+
KFD-3 is a cooperation standard for intelligent participants. It is not an
|
|
4
|
+
agent-only standard. Products can use it for humans, agents, operators,
|
|
5
|
+
extension authors, API consumers, hosted-service users, service integrators,
|
|
6
|
+
maintainers, and other participants who need to understand value, choices, and
|
|
7
|
+
constraints before cooperating.
|
|
8
|
+
|
|
9
|
+
The KFD-owned schema surface is intentionally general:
|
|
10
|
+
|
|
11
|
+
- `schemas/kfd-3/collaboration-interface.schema.json` declares a product's
|
|
12
|
+
participant-facing collaboration interface.
|
|
13
|
+
- `schemas/kfd-3/witness.schema.json` declares release or build evidence that
|
|
14
|
+
the interface is discoverable, classified, constraint-transparent, and closed
|
|
15
|
+
over reachable participant-facing entrypoints.
|
|
16
|
+
|
|
17
|
+
KFD owns the standard identity, schema IDs, concept names, and compatibility
|
|
18
|
+
rules. Product repositories own their concrete profiles. For example, Kungfu
|
|
19
|
+
may expose an agent-first profile because agents are a first-class participant
|
|
20
|
+
in the current product, but that profile remains a Kungfu implementation of
|
|
21
|
+
KFD-3 rather than the definition of KFD-3 itself.
|
|
22
|
+
|
|
23
|
+
## Required shape
|
|
24
|
+
|
|
25
|
+
A product collaboration interface should identify:
|
|
26
|
+
|
|
27
|
+
- participant profiles, such as `human`, `agent`, `operator`,
|
|
28
|
+
`extension-author`, or `api-consumer`;
|
|
29
|
+
- minimal entrypoints that let each participant discover the rest of the
|
|
30
|
+
interface;
|
|
31
|
+
- participant-visible surfaces, such as CLI commands, JSON APIs, manuals,
|
|
32
|
+
skills, GUI routes, envelopes, packages, or protocols;
|
|
33
|
+
- visible constraints, including what is restricted, why, and where review or
|
|
34
|
+
escalation happens;
|
|
35
|
+
- choice paths that let participants choose or decline safe cooperation modes;
|
|
36
|
+
- a closure policy for reachable participant-facing entrypoints.
|
|
37
|
+
|
|
38
|
+
The KFD-3 witness schema is intentionally stricter about closure: a passing
|
|
39
|
+
closed-world proof reports reachable entrypoints, classified entrypoints, and
|
|
40
|
+
an empty `unclassifiedEntrypoints` list. This prevents a product from exposing
|
|
41
|
+
a participant-facing or callable backdoor API outside the declared interface.
|
|
42
|
+
|
|
43
|
+
## Product profile boundary
|
|
44
|
+
|
|
45
|
+
Concrete product profiles may add their own contracts, registry fields, command
|
|
46
|
+
metadata, generated manuals, or audit output. Those fields should reference the
|
|
47
|
+
KFD-3 schema IDs from `standards.json` instead of copying KFD-owned terms.
|
|
48
|
+
|
|
49
|
+
Examples:
|
|
50
|
+
|
|
51
|
+
- A Kungfu agent-first bridge can map local commands, provider skills, command
|
|
52
|
+
metadata, and operating manuals into a KFD-3 collaboration interface.
|
|
53
|
+
- A Buildchain release passport can carry a KFD-3 witness once a downstream
|
|
54
|
+
product can freeze and verify the concrete interface artifact.
|
|
55
|
+
- A hosted surface can use the same standard to show where policy constraints,
|
|
56
|
+
permission gates, and user choices are visible before cooperation is
|
|
57
|
+
requested.
|
|
58
|
+
|
|
59
|
+
This keeps KFD-3 general while making real product interfaces testable.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kungfu-tech/kfd",
|
|
3
|
-
"version": "1.0.0-alpha.
|
|
3
|
+
"version": "1.0.0-alpha.4",
|
|
4
4
|
"description": "Kung Fu Decisions (KFD): the kungfu-systems organization-wide decision registry, as a consumable artifact",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"files": [
|
|
@@ -10,6 +10,8 @@
|
|
|
10
10
|
"standards.json",
|
|
11
11
|
"schemas",
|
|
12
12
|
"site",
|
|
13
|
+
"buildchain.release-propagation.json",
|
|
14
|
+
".buildchain/kfd-1/contract-world.witness.json",
|
|
13
15
|
"docs"
|
|
14
16
|
],
|
|
15
17
|
"exports": {
|
|
@@ -18,6 +20,8 @@
|
|
|
18
20
|
"./registry.json": "./registry.json",
|
|
19
21
|
"./standards.json": "./standards.json",
|
|
20
22
|
"./site/kfd-site.json": "./site/kfd-site.json",
|
|
23
|
+
"./buildchain.release-propagation.json": "./buildchain.release-propagation.json",
|
|
24
|
+
"./buildchain/kfd-1/contract-world.witness.json": "./.buildchain/kfd-1/contract-world.witness.json",
|
|
21
25
|
"./schemas/*.json": "./schemas/*.json",
|
|
22
26
|
"./schemas/*/*.json": "./schemas/*/*.json",
|
|
23
27
|
"./decisions/*.md": "./decisions/*.md",
|