hachure 0.5.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -128,6 +128,11 @@ anchors, policy references, derivation edges, and confidence basis metadata.
128
128
  Derived trust status is never stored on the claim itself as source of truth; it is
129
129
  computed from the surrounding bundle at evaluation time.
130
130
 
131
+ Claims also carry two optional round-trip fields, tolerated but never producer-authored:
132
+ `producerStatus` (the producer's own declared status, present when a TrustReport's
133
+ derived claims are re-fed as bundle input) and `freshness` ({ `asOf`, `expiresAt`?,
134
+ `stale` }, a freshness stamp on derived/report claims).
135
+
131
136
  ### Evidence
132
137
 
133
138
  An item of support for a claim. Evidence is linked to a claim via `claimId`. Each
@@ -186,7 +191,7 @@ re-evaluation if the derivation algorithm changes.
186
191
  ### DerivationRule
187
192
 
188
193
  A named, versioned rule that derives a boolean answer from existing claims (ADR 0003 §5).
189
- Rules compose claims using value predicates (`eq`, `gt`, `gte`, `lte`, `in`, `exists`)
194
+ Rules compose claims using value predicates (`eq`, `neq`, `gt`, `gte`, `lt`, `lte`, `in`, `exists`)
190
195
  and status predicates (`acceptedStatuses`), combined with `"all"` or `"any"`. Rules
191
196
  are promoted from Flow's gate-expectation language. The weakest-link confidence ceiling
192
197
  propagates through rule evaluation unchanged.
@@ -198,7 +203,7 @@ propagates through rule evaluation unchanged.
198
203
  Status is a pure, versioned function of the bundle data and a `now` timestamp. The
199
204
  full specification of the derivation algorithm is in [status-function.md](status-function.md).
200
205
 
201
- The eight possible statuses:
206
+ The nine possible statuses:
202
207
 
203
208
  | Status | Meaning |
204
209
  |---|---|
@@ -210,6 +215,7 @@ The eight possible statuses:
210
215
  | `disputed` | A verified claim has blocking contradicting evidence, or a terminal dispute event exists. |
211
216
  | `superseded` | A terminal event marks the claim as superseded. |
212
217
  | `rejected` | A terminal event marks the claim as rejected. |
218
+ | `revoked` | An explicit invalidation event has revoked the claim's verification. For single-claim status derivation this folds to `stale` (see [status-function.md](status-function.md), Step 2) unless a later verification event re-asserts the claim; the reference implementation still tracks `revoked` as a distinct, weakest-ranked raw status for `Claim.status`/`VerificationEvent.status`, claim-group rollups, and weakest-link ordering. |
213
219
 
214
220
  ---
215
221
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hachure",
3
- "version": "0.5.1",
3
+ "version": "0.6.0",
4
4
  "statusFunctionVersion": "2",
5
5
  "description": "Hachure — canonical distribution of the open trust format: normative JSON schemas, conformance test vectors, and spec constants.",
6
6
  "type": "module",
@@ -21,7 +21,10 @@
21
21
  "assurance.md"
22
22
  ],
23
23
  "scripts": {
24
- "test": "node --test test/index.test.mjs"
24
+ "test": "node --test test/*.test.mjs"
25
+ },
26
+ "devDependencies": {
27
+ "ajv": "^8"
25
28
  },
26
29
  "keywords": [
27
30
  "trust",
@@ -12,7 +12,7 @@
12
12
  "claimType": { "type": "string" },
13
13
  "fieldOrBehavior": { "type": "string" },
14
14
  "value": {},
15
- "status": { "enum": ["unknown", "proposed", "assumed", "verified", "stale", "disputed", "superseded", "rejected", "revoked"] },
15
+ "status": { "$ref": "#/$defs/trustStatus" },
16
16
  "createdAt": { "type": "string", "format": "date-time" },
17
17
  "updatedAt": { "type": "string", "format": "date-time" },
18
18
  "expiresAt": {
@@ -67,9 +67,23 @@
67
67
  "type": "object",
68
68
  "additionalProperties": { "type": "string" }
69
69
  },
70
- "metadata": { "type": "object" }
70
+ "metadata": { "type": "object" },
71
+ "producerStatus": { "$ref": "#/$defs/trustStatus" },
72
+ "freshness": {
73
+ "type": "object",
74
+ "required": ["asOf", "stale"],
75
+ "properties": {
76
+ "asOf": { "type": "string", "format": "date-time" },
77
+ "expiresAt": { "type": "string", "format": "date-time" },
78
+ "stale": { "type": "boolean" }
79
+ },
80
+ "additionalProperties": false
81
+ }
71
82
  },
72
83
  "$defs": {
84
+ "trustStatus": {
85
+ "enum": ["unknown", "proposed", "assumed", "verified", "stale", "disputed", "superseded", "rejected", "revoked"]
86
+ },
73
87
  "integrityAnchor": {
74
88
  "type": "object",
75
89
  "required": ["id", "kind", "algorithm", "value", "sourceRef"],
@@ -40,7 +40,7 @@
40
40
  "target": { "$ref": "#/$defs/canonicalClaimTarget" },
41
41
  "acceptedStatuses": {
42
42
  "type": "array",
43
- "items": { "enum": ["unknown", "proposed", "assumed", "verified", "stale", "disputed", "superseded", "rejected"] }
43
+ "items": { "enum": ["unknown", "proposed", "assumed", "verified", "stale", "disputed", "superseded", "rejected", "revoked"] }
44
44
  },
45
45
  "predicate": {
46
46
  "type": "object",
@@ -18,36 +18,15 @@
18
18
  },
19
19
  "policies": {
20
20
  "type": "array",
21
- "items": { "type": "object" }
21
+ "items": { "$ref": "verification-policy.schema.json" }
22
22
  },
23
23
  "events": {
24
24
  "type": "array",
25
- "items": { "type": "object" }
25
+ "items": { "$ref": "verification-event.schema.json" }
26
26
  },
27
27
  "identityLinks": {
28
28
  "type": "array",
29
- "items": {
30
- "type": "object",
31
- "required": ["subjects"],
32
- "properties": {
33
- "subjects": {
34
- "type": "array",
35
- "minItems": 2,
36
- "items": {
37
- "type": "object",
38
- "required": ["subjectType", "subjectId"],
39
- "properties": {
40
- "subjectType": { "type": "string" },
41
- "subjectId": { "type": "string" }
42
- },
43
- "additionalProperties": false
44
- }
45
- },
46
- "reason": { "type": "string" },
47
- "attestedBy": { "type": "string" }
48
- },
49
- "additionalProperties": false
50
- }
29
+ "items": { "$ref": "#/$defs/identityLink" }
51
30
  },
52
31
  "claimGroups": {
53
32
  "type": "array",
@@ -68,6 +47,32 @@
68
47
  },
69
48
  "additionalProperties": false
70
49
  },
50
+ "identityLink": {
51
+ "type": "object",
52
+ "required": ["subjects"],
53
+ "properties": {
54
+ "id": { "type": "string" },
55
+ "subjects": {
56
+ "type": "array",
57
+ "minItems": 2,
58
+ "items": { "$ref": "#/$defs/subjectRef" }
59
+ },
60
+ "reason": { "type": "string" },
61
+ "attestedBy": { "type": "string" },
62
+ "relation": { "enum": ["equivalent", "subsumes", "converts"] },
63
+ "conversion": {
64
+ "type": "object",
65
+ "properties": {
66
+ "factor": { "type": "number" },
67
+ "offset": { "type": "number" },
68
+ "note": { "type": "string" }
69
+ },
70
+ "additionalProperties": false
71
+ },
72
+ "mappingClaimId": { "type": "string" }
73
+ },
74
+ "additionalProperties": false
75
+ },
71
76
  "authorityTrace": {
72
77
  "type": "object",
73
78
  "required": ["id", "subject", "actorRef", "authorityType", "authorityRef", "sourceRef", "observedAt"],
@@ -0,0 +1,86 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://kontourai.io/schemas/surface/trust-report.schema.json",
4
+ "title": "Surface TrustReport",
5
+ "$comment": "transparencyGaps, changeRecords, subjectGroups, claimGroupRollups, summary, and evidenceRequirementsByClaimId are intentionally loosely typed pending dedicated normative sub-schemas (no existing schema for TransparencyGap/DerivationChangeRecord/SubjectGroup/ClaimGroupRollup/TrustReportSummary/EvidenceRequirement exists anywhere in the ecosystem today); only the top-level report shape and the pass-through bundle fields are strictly validated.",
6
+ "type": "object",
7
+ "additionalProperties": false,
8
+ "required": [
9
+ "schemaVersion",
10
+ "id",
11
+ "generatedAt",
12
+ "source",
13
+ "claims",
14
+ "evidence",
15
+ "policies",
16
+ "events",
17
+ "evidenceRequirementsByClaimId",
18
+ "transparencyGaps",
19
+ "changeRecords",
20
+ "subjectGroups",
21
+ "claimGroupRollups",
22
+ "summary",
23
+ "statusFunctionVersion"
24
+ ],
25
+ "properties": {
26
+ "schemaVersion": { "enum": [2, 3, 4] },
27
+ "id": { "type": "string" },
28
+ "generatedAt": { "type": "string", "format": "date-time" },
29
+ "source": { "type": "string" },
30
+ "claims": {
31
+ "type": "array",
32
+ "items": {
33
+ "allOf": [
34
+ { "$ref": "claim.schema.json" },
35
+ { "type": "object", "required": ["status"] }
36
+ ]
37
+ }
38
+ },
39
+ "evidence": {
40
+ "type": "array",
41
+ "items": { "$ref": "evidence.schema.json" }
42
+ },
43
+ "policies": {
44
+ "type": "array",
45
+ "items": { "$ref": "verification-policy.schema.json" }
46
+ },
47
+ "events": {
48
+ "type": "array",
49
+ "items": { "$ref": "verification-event.schema.json" }
50
+ },
51
+ "identityLinks": {
52
+ "type": "array",
53
+ "items": { "$ref": "trust-bundle.schema.json#/$defs/identityLink" }
54
+ },
55
+ "claimGroups": {
56
+ "type": "array",
57
+ "items": { "$ref": "trust-bundle.schema.json#/$defs/claimGroup" }
58
+ },
59
+ "authorityTrace": {
60
+ "type": "array",
61
+ "items": { "$ref": "trust-bundle.schema.json#/$defs/authorityTrace" }
62
+ },
63
+ "evidenceRequirementsByClaimId": {
64
+ "type": "object",
65
+ "additionalProperties": { "type": "object" }
66
+ },
67
+ "transparencyGaps": {
68
+ "type": "array",
69
+ "items": { "type": "object" }
70
+ },
71
+ "changeRecords": {
72
+ "type": "array",
73
+ "items": { "type": "object" }
74
+ },
75
+ "subjectGroups": {
76
+ "type": "array",
77
+ "items": { "type": "object" }
78
+ },
79
+ "claimGroupRollups": {
80
+ "type": "array",
81
+ "items": { "type": "object" }
82
+ },
83
+ "summary": { "type": "object" },
84
+ "statusFunctionVersion": { "type": "string" }
85
+ }
86
+ }
@@ -10,7 +10,7 @@
10
10
  "parentType": { "type": "string" },
11
11
  "requiredEvidence": {
12
12
  "type": "array",
13
- "items": { "enum": ["source_excerpt", "test_output", "human_attestation", "calculation_trace", "document_citation", "crawl_observation", "policy_rule"] }
13
+ "items": { "enum": ["source_excerpt", "test_output", "human_attestation", "attestation", "calculation_trace", "document_citation", "crawl_observation", "policy_rule"] }
14
14
  },
15
15
  "requiredMethods": {
16
16
  "type": "array",
@@ -53,7 +53,7 @@
53
53
  "type": "array",
54
54
  "minItems": 2,
55
55
  "maxItems": 2,
56
- "items": { "enum": ["unknown", "proposed", "assumed", "verified", "stale", "disputed", "superseded", "rejected"] }
56
+ "items": { "enum": ["unknown", "proposed", "assumed", "verified", "stale", "disputed", "superseded", "rejected", "revoked"] }
57
57
  },
58
58
  "message": { "type": "string" }
59
59
  },