cricore 0.6.0__tar.gz

cricore-0.6.0/LICENSE

@@ -0,0 +1,17 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+Copyright (c) 2025 Shawn C. Wright and contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

cricore-0.6.0/PKG-INFO

@@ -0,0 +1,263 @@
+Metadata-Version: 2.4
+Name: cricore
+Version: 0.6.0
+Summary: CRI-CORE — Deterministic structural enforcement kernel for governed state transitions.
+Author-email: "Shawn C. Wright" <swright@waveframelabs.org>
+License: Apache-2.0
+Project-URL: Homepage, https://waveframelabs.org
+Project-URL: Source, https://github.com/Waveframe-Labs/CRI-CORE
+Project-URL: Issues, https://github.com/Waveframe-Labs/CRI-CORE/issues
+Keywords: governance,enforcement,deterministic,reproducibility,separation-of-duties
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Science/Research
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+---
+title: "CRI-CORE — Deterministic Enforcement Kernel"
+filetype: "documentation"
+type: "repository-overview"
+domain: "enforcement"
+version: "0.6.0"
+doi: "TBD"
+status: "Active"
+created: "2026-02-19"
+updated: "2026-03-02"
+
+author:
+  name: "Shawn C. Wright"
+  email: "swright@waveframelabs.org"
+  orcid: "https://orcid.org/0009-0006-6043-9295"
+
+maintainer:
+  name: "Waveframe Labs"
+  url: "https://waveframelabs.org"
+
+license: "Apache-2.0"
+
+copyright:
+  holder: "Waveframe Labs"
+  year: "2026"
+
+ai_assisted: "partial"
+
+dependencies: []
+
+anchors:
+  - "CRI-CORE v0.6.0"
+  - "Deterministic Enforcement Kernel"
+---
+
+# CRI-CORE
+
+**CRI-CORE v0.6.0 --- Deterministic Enforcement Kernel**
+
+CRI-CORE is a deterministic structural enforcement engine for governed
+state transitions.
+
+It evaluates a run directory against explicit structural, authority,
+integrity, binding, sealing, and publication constraints and returns a
+single authoritative mutation decision.
+
+The kernel does not interpret meaning.\
+It evaluates structure and invariants only.
+
+------------------------------------------------------------------------
+
+## Installation
+
+Install from PyPI:
+
+    pip install cricore
+
+Requires Python 3.10+.
+
+------------------------------------------------------------------------
+
+## Minimal Usage
+
+The supported public entrypoint is:
+
+    from cricore.enforcement.execution import run_enforcement_pipeline
+
+Example:
+
+    from cricore.enforcement.execution import run_enforcement_pipeline
+
+    results, commit_allowed = run_enforcement_pipeline(
+        run_path=".",
+        expected_contract_version="0.3.0"
+    )
+
+The function returns:
+
+    (results: List[StageResult], commit_allowed: bool)
+
+`commit_allowed` is the sole commit authorization signal.
+
+------------------------------------------------------------------------
+
+## Core Model
+
+    Exploration (high velocity, non-deterministic)
+        →
+    Deterministic structural gate (CRI-CORE)
+        →
+    Governed state mutation
+
+The kernel ensures that only structurally valid and cryptographically
+sealed runs are permitted to mutate governed state.
+
+------------------------------------------------------------------------
+
+## Enforcement Pipeline (v0.6.0)
+
+Canonical stage order:
+
+1.  run-structure\
+2.  structure-contract-version-gate\
+3.  independence\
+4.  integrity (verification)\
+5.  integrity-finalization\
+6.  publication\
+7.  publication-commit
+
+The pipeline is deterministic and ordered.
+
+------------------------------------------------------------------------
+
+## Contract-Version Behavior
+
+CRI-CORE enforces versioned structural guarantees:
+
+For `contract_version < 0.3.0`: - Structural validation - Independence
+enforcement - Integrity manifest verification
+
+For `contract_version ≥ 0.3.0`: - binding.json required - SEAL.json
+required - Strict cryptographic seal validation - Immutable artifact
+boundary enforcement
+
+Enforcement meaning is isolated per declared contract version.\
+Historical runs are validated under their declared version.
+
+------------------------------------------------------------------------
+
+## Independence Model
+
+The kernel enforces structural role separation:
+
+-   Explicit actor identities
+-   Optional declared role requirements (`required_roles`)
+-   Strict prohibition on multi-role identity when roles are required
+-   Explicit override pathway (recorded, never implicit)
+
+The kernel evaluates identity structure only.\
+It does not evaluate competence or review quality.
+
+------------------------------------------------------------------------
+
+## Cryptographic Guarantees
+
+Finalized runs must include:
+
+-   Deterministic SHA256 manifest
+-   Payload archive
+-   Structural binding artifact
+-   Deterministic SEAL.json
+
+The seal covers:
+
+-   All run files (deterministic ordering)
+-   Binding artifact
+-   Manifest hash
+-   Payload hash
+
+Any mutation changes the seal hash.
+
+The seal provides tamper evidence.\
+It is not a signature.
+
+------------------------------------------------------------------------
+
+## Atomic Commit Semantics
+
+CRI-CORE does not mutate state.
+
+It emits a deterministic authorization decision:
+
+    commit_allowed = publication_commit_stage.passed
+
+The caller decides whether to mutate.
+
+The kernel centralizes the commit decision.\
+It does not enforce it outside its invocation boundary.
+
+------------------------------------------------------------------------
+
+## What CRI-CORE Does Not Do
+
+CRI-CORE does not:
+
+-   Interpret lifecycle semantics
+-   Judge correctness of domain objects
+-   Evaluate epistemic sufficiency
+-   Enforce governance policy meaning
+-   Perform distributed consensus
+-   Prevent bypass outside invocation
+
+It is a deterministic structural gate only.
+
+------------------------------------------------------------------------
+
+## Design Principles
+
+-   Deterministic evaluation
+-   No network calls
+-   No model calls
+-   No semantic inference
+-   Opaque reference handling
+-   Versioned enforcement meaning
+-   Strict immutability after finalization
+
+------------------------------------------------------------------------
+
+## Intended Use
+
+CRI-CORE is designed to sit beneath:
+
+-   Workflow engines
+-   CI pipelines
+-   Agent execution runtimes
+-   Domain governance systems
+
+It provides:
+
+-   Structural admissibility validation
+-   Cryptographic immutability guarantees
+-   Centralized commit authorization
+
+It is domain-agnostic.
+
+------------------------------------------------------------------------
+
+## Status
+
+v0.6.0 represents the first public PyPI distribution of CRI-CORE.
+
+The enforcement interface is stable within the 0.x series but may evolve
+prior to 1.0.
+
+---
+
+<div align="center">
+  <sub>© 2025 Waveframe Labs — Independent Open-Science Research Entity • Governed under the Aurora Research Initiative (ARI)</sub>
+</div>

cricore-0.6.0/README.md

@@ -0,0 +1,239 @@
+---
+title: "CRI-CORE — Deterministic Enforcement Kernel"
+filetype: "documentation"
+type: "repository-overview"
+domain: "enforcement"
+version: "0.6.0"
+doi: "TBD"
+status: "Active"
+created: "2026-02-19"
+updated: "2026-03-02"
+
+author:
+  name: "Shawn C. Wright"
+  email: "swright@waveframelabs.org"
+  orcid: "https://orcid.org/0009-0006-6043-9295"
+
+maintainer:
+  name: "Waveframe Labs"
+  url: "https://waveframelabs.org"
+
+license: "Apache-2.0"
+
+copyright:
+  holder: "Waveframe Labs"
+  year: "2026"
+
+ai_assisted: "partial"
+
+dependencies: []
+
+anchors:
+  - "CRI-CORE v0.6.0"
+  - "Deterministic Enforcement Kernel"
+---
+
+# CRI-CORE
+
+**CRI-CORE v0.6.0 --- Deterministic Enforcement Kernel**
+
+CRI-CORE is a deterministic structural enforcement engine for governed
+state transitions.
+
+It evaluates a run directory against explicit structural, authority,
+integrity, binding, sealing, and publication constraints and returns a
+single authoritative mutation decision.
+
+The kernel does not interpret meaning.\
+It evaluates structure and invariants only.
+
+------------------------------------------------------------------------
+
+## Installation
+
+Install from PyPI:
+
+    pip install cricore
+
+Requires Python 3.10+.
+
+------------------------------------------------------------------------
+
+## Minimal Usage
+
+The supported public entrypoint is:
+
+    from cricore.enforcement.execution import run_enforcement_pipeline
+
+Example:
+
+    from cricore.enforcement.execution import run_enforcement_pipeline
+
+    results, commit_allowed = run_enforcement_pipeline(
+        run_path=".",
+        expected_contract_version="0.3.0"
+    )
+
+The function returns:
+
+    (results: List[StageResult], commit_allowed: bool)
+
+`commit_allowed` is the sole commit authorization signal.
+
+------------------------------------------------------------------------
+
+## Core Model
+
+    Exploration (high velocity, non-deterministic)
+        →
+    Deterministic structural gate (CRI-CORE)
+        →
+    Governed state mutation
+
+The kernel ensures that only structurally valid and cryptographically
+sealed runs are permitted to mutate governed state.
+
+------------------------------------------------------------------------
+
+## Enforcement Pipeline (v0.6.0)
+
+Canonical stage order:
+
+1.  run-structure\
+2.  structure-contract-version-gate\
+3.  independence\
+4.  integrity (verification)\
+5.  integrity-finalization\
+6.  publication\
+7.  publication-commit
+
+The pipeline is deterministic and ordered.
+
+------------------------------------------------------------------------
+
+## Contract-Version Behavior
+
+CRI-CORE enforces versioned structural guarantees:
+
+For `contract_version < 0.3.0`: - Structural validation - Independence
+enforcement - Integrity manifest verification
+
+For `contract_version ≥ 0.3.0`: - binding.json required - SEAL.json
+required - Strict cryptographic seal validation - Immutable artifact
+boundary enforcement
+
+Enforcement meaning is isolated per declared contract version.\
+Historical runs are validated under their declared version.
+
+------------------------------------------------------------------------
+
+## Independence Model
+
+The kernel enforces structural role separation:
+
+-   Explicit actor identities
+-   Optional declared role requirements (`required_roles`)
+-   Strict prohibition on multi-role identity when roles are required
+-   Explicit override pathway (recorded, never implicit)
+
+The kernel evaluates identity structure only.\
+It does not evaluate competence or review quality.
+
+------------------------------------------------------------------------
+
+## Cryptographic Guarantees
+
+Finalized runs must include:
+
+-   Deterministic SHA256 manifest
+-   Payload archive
+-   Structural binding artifact
+-   Deterministic SEAL.json
+
+The seal covers:
+
+-   All run files (deterministic ordering)
+-   Binding artifact
+-   Manifest hash
+-   Payload hash
+
+Any mutation changes the seal hash.
+
+The seal provides tamper evidence.\
+It is not a signature.
+
+------------------------------------------------------------------------
+
+## Atomic Commit Semantics
+
+CRI-CORE does not mutate state.
+
+It emits a deterministic authorization decision:
+
+    commit_allowed = publication_commit_stage.passed
+
+The caller decides whether to mutate.
+
+The kernel centralizes the commit decision.\
+It does not enforce it outside its invocation boundary.
+
+------------------------------------------------------------------------
+
+## What CRI-CORE Does Not Do
+
+CRI-CORE does not:
+
+-   Interpret lifecycle semantics
+-   Judge correctness of domain objects
+-   Evaluate epistemic sufficiency
+-   Enforce governance policy meaning
+-   Perform distributed consensus
+-   Prevent bypass outside invocation
+
+It is a deterministic structural gate only.
+
+------------------------------------------------------------------------
+
+## Design Principles
+
+-   Deterministic evaluation
+-   No network calls
+-   No model calls
+-   No semantic inference
+-   Opaque reference handling
+-   Versioned enforcement meaning
+-   Strict immutability after finalization
+
+------------------------------------------------------------------------
+
+## Intended Use
+
+CRI-CORE is designed to sit beneath:
+
+-   Workflow engines
+-   CI pipelines
+-   Agent execution runtimes
+-   Domain governance systems
+
+It provides:
+
+-   Structural admissibility validation
+-   Cryptographic immutability guarantees
+-   Centralized commit authorization
+
+It is domain-agnostic.
+
+------------------------------------------------------------------------
+
+## Status
+
+v0.6.0 represents the first public PyPI distribution of CRI-CORE.
+
+The enforcement interface is stable within the 0.x series but may evolve
+prior to 1.0.
+
+---
+
+<div align="center">
+  <sub>© 2025 Waveframe Labs — Independent Open-Science Research Entity • Governed under the Aurora Research Initiative (ARI)</sub>
+</div>

cricore-0.6.0/pyproject.toml

@@ -0,0 +1,42 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "cricore"
+version = "0.6.0"
+description = "CRI-CORE — Deterministic structural enforcement kernel for governed state transitions."
+readme = "README.md"
+requires-python = ">=3.10"
+license = { text = "Apache-2.0" }
+
+authors = [
+    { name = "Shawn C. Wright", email = "swright@waveframelabs.org" }
+]
+
+keywords = ["governance", "enforcement", "deterministic", "reproducibility", "separation-of-duties"]
+
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Science/Research",
+    "License :: OSI Approved :: Apache Software License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+]
+
+dependencies = []
+
+[project.urls]
+Homepage = "https://waveframelabs.org"
+Source = "https://github.com/Waveframe-Labs/CRI-CORE"
+Issues = "https://github.com/Waveframe-Labs/CRI-CORE/issues"
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+
+[tool.setuptools.packages.find]
+where = ["src"]

cricore-0.6.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

cricore-0.6.0/src/cricore/__init__.py

@@ -0,0 +1,20 @@
+"""
+CRI-CORE — Deterministic Enforcement Kernel
+Public package surface.
+"""
+
+from importlib.metadata import version, PackageNotFoundError
+
+try:
+    __version__ = version("cricore")
+except PackageNotFoundError:
+    __version__ = "0.6.0"
+
+
+# Public API surface
+from .enforcement.execution import run_enforcement_pipeline
+
+__all__ = [
+    "__version__",
+    "run_enforcement_pipeline",
+]

cricore-0.6.0/src/cricore/contract/loader.py

@@ -0,0 +1,109 @@
+"""
+---
+title: "CRI-CORE Run Contract Declaration Loader"
+filetype: "operational"
+type: "specification"
+domain: "enforcement"
+version: "0.1.0"
+doi: "TBD-0.1.0"
+status: "Active"
+created: "2026-02-09"
+updated: "2026-02-11"
+
+author:
+  name: "Shawn C. Wright"
+  email: "swright@waveframelabs.org"
+  orcid: "https://orcid.org/0009-0006-6043-9295"
+
+maintainer:
+  name: "Waveframe Labs"
+  url: "https://waveframelabs.org"
+
+license: "Apache-2.0"
+
+copyright:
+  holder: "Waveframe Labs"
+  year: "2026"
+
+ai_assisted: "partial"
+ai_assistance_details: "AI-assisted implementation of a minimal structural loader for CRI run contract declarations, enforcing only presence and structural fields required by the CRI-CORE enforcement contract."
+
+dependencies:
+  - "../errors.py"
+
+anchors:
+  - "CRI-CORE-ContractDeclarationLoader-v0.1.0"
+---
+"""
+
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import Any, Mapping, Optional
+
+
+class ContractDeclarationError(Exception):
+    """
+    Raised when a run contract declaration cannot be loaded or parsed.
+    """
+    pass
+
+
+def load_contract_declaration(run_root: Path) -> Mapping[str, Any]:
+    """
+    Load and minimally parse runs/<RUN_ID>/contract.json.
+
+    Structural enforcement only:
+      - file exists
+      - valid JSON
+      - root is an object
+    """
+
+    contract_path = run_root / "contract.json"
+
+    if not contract_path.exists():
+        raise ContractDeclarationError("contract.json is missing")
+
+    if not contract_path.is_file():
+        raise ContractDeclarationError("contract.json is not a file")
+
+    try:
+        raw = contract_path.read_text(encoding="utf-8")
+    except OSError as exc:
+        raise ContractDeclarationError(
+            f"failed to read contract.json: {exc}"
+        ) from exc
+
+    try:
+        obj = json.loads(raw)
+    except json.JSONDecodeError as exc:
+        raise ContractDeclarationError(
+            f"invalid JSON in contract.json: {exc}"
+        ) from exc
+
+    if not isinstance(obj, Mapping):
+        raise ContractDeclarationError("contract.json must contain a JSON object")
+
+    return obj
+
+
+def extract_contract_version(contract_obj: Mapping[str, Any]) -> Optional[str]:
+    value = contract_obj.get("contract_version")
+    if isinstance(value, str):
+        return value
+    return None
+
+
+def extract_run_id(contract_obj: Mapping[str, Any]) -> Optional[str]:
+    value = contract_obj.get("run_id")
+    if isinstance(value, str):
+        return value
+    return None
+
+
+def extract_created_utc(contract_obj: Mapping[str, Any]) -> Optional[str]:
+    value = contract_obj.get("created_utc")
+    if isinstance(value, str):
+        return value
+    return None