hachure 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -6
- package/index.mjs +10 -10
- package/interop-in-toto.md +1 -1
- package/package.json +1 -1
- package/status-function.md +5 -5
package/README.md
CHANGED
|
@@ -14,17 +14,17 @@ npm i -D hachure
|
|
|
14
14
|
```
|
|
15
15
|
|
|
16
16
|
The package ships the normative JSON schemas, conformance test vectors, and the
|
|
17
|
-
`
|
|
17
|
+
`statusFunctionVersion` constant that ties implementations to a specific
|
|
18
18
|
algorithm revision.
|
|
19
19
|
|
|
20
20
|
**Claiming conformance:** run the test vectors from `testVectors` against your
|
|
21
21
|
implementation. For each vector, call your status-derivation function with
|
|
22
22
|
`vector.input` and `vector.now`, then assert that the derived status for every
|
|
23
23
|
claim ID matches `vector.expect.statusByClaimId`. Passing all vectors for a given
|
|
24
|
-
|
|
24
|
+
status function version is the bar for a conforming implementation.
|
|
25
25
|
|
|
26
26
|
```js
|
|
27
|
-
import { testVectors,
|
|
27
|
+
import { testVectors, statusFunctionVersion } from 'hachure';
|
|
28
28
|
|
|
29
29
|
for (const { name, vector } of testVectors) {
|
|
30
30
|
const results = deriveStatuses(vector.input, new Date(vector.now));
|
|
@@ -36,7 +36,6 @@ for (const { name, vector } of testVectors) {
|
|
|
36
36
|
|
|
37
37
|
---
|
|
38
38
|
|
|
39
|
-
|
|
40
39
|
## What this is
|
|
41
40
|
|
|
42
41
|
Hachure is an open format for portable trust state. It defines how claims about
|
|
@@ -74,8 +73,8 @@ Resource Shape envelope. Product-specific records use product-scoped namespaces
|
|
|
74
73
|
Pre-1.0: the format uses hard breaking changes rather than compatibility aliases.
|
|
75
74
|
No forward or backward compatibility guarantees are made across versions. Version
|
|
76
75
|
bumps are reflected in `schemaVersion` (an integer field in TrustBundle, currently
|
|
77
|
-
`3`) and in
|
|
78
|
-
implementation
|
|
76
|
+
`3`) and in the status function version (a string exported by the reference
|
|
77
|
+
implementation as `statusFunctionVersion`, currently `"1"`).
|
|
79
78
|
|
|
80
79
|
---
|
|
81
80
|
|
package/index.mjs
CHANGED
|
@@ -2,15 +2,15 @@
|
|
|
2
2
|
* hachure — canonical npm distribution of the Hachure trust format spec.
|
|
3
3
|
*
|
|
4
4
|
* Exports:
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
* schemas
|
|
9
|
-
*
|
|
10
|
-
* testVectors
|
|
11
|
-
*
|
|
12
|
-
*
|
|
13
|
-
*
|
|
5
|
+
* statusFunctionVersion — spec-side declaration of the current status
|
|
6
|
+
* derivation algorithm version. Reference
|
|
7
|
+
* implementations must export a matching value.
|
|
8
|
+
* schemas — Map<recordName, parsedSchemaObject> for every
|
|
9
|
+
* normative schema shipped with this package.
|
|
10
|
+
* testVectors — Array<{name, vector}> of all conformance test
|
|
11
|
+
* vectors. Each vector has `input`, `expect`, and
|
|
12
|
+
* `now` fields; run them against your implementation
|
|
13
|
+
* to claim conformance.
|
|
14
14
|
*/
|
|
15
15
|
|
|
16
16
|
import { readFileSync, readdirSync } from 'node:fs';
|
|
@@ -24,7 +24,7 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
|
24
24
|
// Any implementation claiming conformance at this version must produce the
|
|
25
25
|
// same status outputs as the test vectors for all cases in conformance/.
|
|
26
26
|
// ---------------------------------------------------------------------------
|
|
27
|
-
export const
|
|
27
|
+
export const statusFunctionVersion = '1';
|
|
28
28
|
|
|
29
29
|
// ---------------------------------------------------------------------------
|
|
30
30
|
// Schemas — Map of record name (filename without .schema.json) → parsed JSON.
|
package/interop-in-toto.md
CHANGED
|
@@ -124,7 +124,7 @@ A Kontour `TrustBundle` adds **living status** on top:
|
|
|
124
124
|
|---|---|
|
|
125
125
|
| Status is sealed at signing time. | Status is recomputed from events at query time: `f(claim, events, policy, now)`. |
|
|
126
126
|
| Tamper-evident; content cannot change. | Append-only; new events and evidence accumulate. |
|
|
127
|
-
| Verifier trusts the signer's identity. | Verifier trusts the derivation algorithm (`
|
|
127
|
+
| Verifier trusts the signer's identity. | Verifier trusts the derivation algorithm (`statusFunctionVersion`). |
|
|
128
128
|
| Useful for supply-chain audits and legal holds. | Useful for operational dashboards, gates, and consumer inquiries. |
|
|
129
129
|
|
|
130
130
|
The two are complementary: embed the bundle in an in-toto envelope to
|
package/package.json
CHANGED
package/status-function.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# Status Derivation — Specification
|
|
2
2
|
|
|
3
3
|
**Function:** `status = f(claim, evidence, events, policy, authorityTrace, now)`
|
|
4
|
-
**Version constant:** `
|
|
4
|
+
**Version constant:** `statusFunctionVersion` (currently `"1"`)
|
|
5
5
|
**Source of truth:** `src/status.ts` in `@kontourai/surface`
|
|
6
6
|
|
|
7
7
|
---
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
## Principle
|
|
10
10
|
|
|
11
11
|
Claim status is a pure, versioned, deterministic function (ADR 0003 §7). Given the
|
|
12
|
-
same inputs and the same
|
|
12
|
+
same inputs and the same status function version, any conforming implementation
|
|
13
13
|
must derive the same status. There is no stored status field that overrides
|
|
14
14
|
computation; the derived status is always recomputed from the input bundle at
|
|
15
15
|
evaluation time.
|
|
@@ -20,7 +20,7 @@ no clock-tick events and no background expiry.
|
|
|
20
20
|
|
|
21
21
|
Reproducibility guarantee: if two independent implementations receive the same
|
|
22
22
|
`(claim, evidence, events, policies, authorityTrace, now)` and the same
|
|
23
|
-
|
|
23
|
+
status function version, they must return the same `TrustStatus`.
|
|
24
24
|
|
|
25
25
|
---
|
|
26
26
|
|
|
@@ -214,12 +214,12 @@ From weakest to strongest: `unknown` < `rejected` < `superseded` < `disputed` <
|
|
|
214
214
|
|
|
215
215
|
## Versioning
|
|
216
216
|
|
|
217
|
-
`
|
|
217
|
+
`statusFunctionVersion` is a string exported by `@kontourai/surface`. It is
|
|
218
218
|
incremented when the algorithm changes in a way that could produce different outputs
|
|
219
219
|
for the same inputs. `InquiryRecord.statusFunctionVersion` captures which version
|
|
220
220
|
was active at resolution time, enabling re-evaluation when the algorithm version
|
|
221
221
|
changes.
|
|
222
222
|
|
|
223
|
-
Conforming implementations must declare which
|
|
223
|
+
Conforming implementations must declare which status function version value they
|
|
224
224
|
implement. Implementations claiming version `"1"` must satisfy all conformance
|
|
225
225
|
cases in `spec/conformance/`.
|