flowspec2 1.0.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- flowspec2-1.0.0/.gitignore +29 -0
- flowspec2-1.0.0/CHANGELOG.md +178 -0
- flowspec2-1.0.0/CITATION.cff +16 -0
- flowspec2-1.0.0/CODE_OF_CONDUCT.md +67 -0
- flowspec2-1.0.0/CONTRIBUTING.md +89 -0
- flowspec2-1.0.0/LICENSE +21 -0
- flowspec2-1.0.0/PKG-INFO +482 -0
- flowspec2-1.0.0/README.md +439 -0
- flowspec2-1.0.0/SECURITY.md +85 -0
- flowspec2-1.0.0/SUPPORT.md +59 -0
- flowspec2-1.0.0/docs/VERSIONING.md +143 -0
- flowspec2-1.0.0/pyproject.toml +123 -0
- flowspec2-1.0.0/src/flowspec2/__init__.py +105 -0
- flowspec2-1.0.0/src/flowspec2/authoring/__init__.py +275 -0
- flowspec2-1.0.0/src/flowspec2/authoring/authoring-evidence-signature.schema.json +34 -0
- flowspec2-1.0.0/src/flowspec2/authoring/authoring-evidence.schema.json +455 -0
- flowspec2-1.0.0/src/flowspec2/authoring/authoring-operational-evidence.schema.json +160 -0
- flowspec2-1.0.0/src/flowspec2/authoring/benchmark.py +1409 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/await_correction.case.json +220 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/flowspec2.ctk.json +769 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/gated_derive.case.json +100 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/linear.case.json +55 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/manifest.json +31 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/subflow.case.json +66 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus/terminal.case.json +94 -0
- flowspec2-1.0.0/src/flowspec2/authoring/corpus.py +307 -0
- flowspec2-1.0.0/src/flowspec2/authoring/ctk.py +836 -0
- flowspec2-1.0.0/src/flowspec2/authoring/detached_signature.py +120 -0
- flowspec2-1.0.0/src/flowspec2/authoring/evidence.py +311 -0
- flowspec2-1.0.0/src/flowspec2/authoring/evidence_signature.py +187 -0
- flowspec2-1.0.0/src/flowspec2/authoring/evidence_verification.py +229 -0
- flowspec2-1.0.0/src/flowspec2/authoring/gemini.py +215 -0
- flowspec2-1.0.0/src/flowspec2/authoring/operational-corpus.json +61 -0
- flowspec2-1.0.0/src/flowspec2/authoring/operational.py +956 -0
- flowspec2-1.0.0/src/flowspec2/authoring/operational_providers.py +167 -0
- flowspec2-1.0.0/src/flowspec2/authoring/presentation_review.py +1013 -0
- flowspec2-1.0.0/src/flowspec2/authoring/presentation_review_signature.py +305 -0
- flowspec2-1.0.0/src/flowspec2/authoring/projection.py +299 -0
- flowspec2-1.0.0/src/flowspec2/authoring/provider_prompt.py +83 -0
- flowspec2-1.0.0/src/flowspec2/backends/__init__.py +82 -0
- flowspec2-1.0.0/src/flowspec2/backends/http.py +189 -0
- flowspec2-1.0.0/src/flowspec2/checker.py +238 -0
- flowspec2-1.0.0/src/flowspec2/cli.py +789 -0
- flowspec2-1.0.0/src/flowspec2/cli_parser.py +345 -0
- flowspec2-1.0.0/src/flowspec2/clock.py +23 -0
- flowspec2-1.0.0/src/flowspec2/compat/__init__.py +47 -0
- flowspec2-1.0.0/src/flowspec2/compat/models.py +82 -0
- flowspec2-1.0.0/src/flowspec2/compat/open_workflow.py +616 -0
- flowspec2-1.0.0/src/flowspec2/compat/rasa.py +19 -0
- flowspec2-1.0.0/src/flowspec2/compat/rasa_export.py +876 -0
- flowspec2-1.0.0/src/flowspec2/compat/rasa_import.py +992 -0
- flowspec2-1.0.0/src/flowspec2/compat/rasa_shared.py +270 -0
- flowspec2-1.0.0/src/flowspec2/compat/schemas/open-workflow-conversation-1.schema.json +138 -0
- flowspec2-1.0.0/src/flowspec2/compat/schemas/vendor/open-workflow-1.0.3.LICENSE +201 -0
- flowspec2-1.0.0/src/flowspec2/compat/schemas/vendor/open-workflow-1.0.3.provenance.json +13 -0
- flowspec2-1.0.0/src/flowspec2/compat/schemas/vendor/open-workflow-1.0.3.workflow.yaml +1956 -0
- flowspec2-1.0.0/src/flowspec2/compat/tool_profiles.py +149 -0
- flowspec2-1.0.0/src/flowspec2/compat/yaml.py +147 -0
- flowspec2-1.0.0/src/flowspec2/compiler.py +957 -0
- flowspec2-1.0.0/src/flowspec2/compiler_contracts.py +17 -0
- flowspec2-1.0.0/src/flowspec2/compiler_resume_contracts.py +594 -0
- flowspec2-1.0.0/src/flowspec2/compiler_schema_relations.py +1830 -0
- flowspec2-1.0.0/src/flowspec2/compiler_tool_contracts.py +245 -0
- flowspec2-1.0.0/src/flowspec2/compiler_value_contracts.py +447 -0
- flowspec2-1.0.0/src/flowspec2/derive.py +32 -0
- flowspec2-1.0.0/src/flowspec2/diagnostics.py +94 -0
- flowspec2-1.0.0/src/flowspec2/domains.py +489 -0
- flowspec2-1.0.0/src/flowspec2/experimental/__init__.py +57 -0
- flowspec2-1.0.0/src/flowspec2/experimental/flowspec-3-draft.schema.json +923 -0
- flowspec2-1.0.0/src/flowspec2/experimental/v3-preview-loss-policy.json +161 -0
- flowspec2-1.0.0/src/flowspec2/experimental/v3_lowering.py +928 -0
- flowspec2-1.0.0/src/flowspec2/experimental/v3_preview.py +2460 -0
- flowspec2-1.0.0/src/flowspec2/flowspec-2.schema.json +635 -0
- flowspec2-1.0.0/src/flowspec2/interactive.py +300 -0
- flowspec2-1.0.0/src/flowspec2/ir.py +1459 -0
- flowspec2-1.0.0/src/flowspec2/json_codec.py +120 -0
- flowspec2-1.0.0/src/flowspec2/llm.py +366 -0
- flowspec2-1.0.0/src/flowspec2/models.py +121 -0
- flowspec2-1.0.0/src/flowspec2/nodes.py +1537 -0
- flowspec2-1.0.0/src/flowspec2/observability.py +151 -0
- flowspec2-1.0.0/src/flowspec2/predicates.py +89 -0
- flowspec2-1.0.0/src/flowspec2/profiles.py +118 -0
- flowspec2-1.0.0/src/flowspec2/py.typed +0 -0
- flowspec2-1.0.0/src/flowspec2/runtime.py +1059 -0
- flowspec2-1.0.0/src/flowspec2/schema.py +54 -0
- flowspec2-1.0.0/src/flowspec2/schema_contracts.py +203 -0
- flowspec2-1.0.0/src/flowspec2/semantic_derive_contracts.py +530 -0
- flowspec2-1.0.0/src/flowspec2/semantic_path_contracts.py +528 -0
- flowspec2-1.0.0/src/flowspec2/semantic_predicate_contracts.py +355 -0
- flowspec2-1.0.0/src/flowspec2/semantic_schema_contracts.py +137 -0
- flowspec2-1.0.0/src/flowspec2/semantic_source_contracts.py +21 -0
- flowspec2-1.0.0/src/flowspec2/semantic_state_contracts.py +450 -0
- flowspec2-1.0.0/src/flowspec2/semantic_support.py +40 -0
- flowspec2-1.0.0/src/flowspec2/semantics.py +410 -0
- flowspec2-1.0.0/src/flowspec2/state_migration.py +1034 -0
- flowspec2-1.0.0/src/flowspec2/subflows/__init__.py +1117 -0
- flowspec2-1.0.0/src/flowspec2/subflows/address.py +328 -0
- flowspec2-1.0.0/src/flowspec2/subflows/identification.py +1031 -0
- flowspec2-1.0.0/src/flowspec2/tools.py +1154 -0
- flowspec2-1.0.0/uv.lock +1464 -0
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Python
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[cod]
|
|
4
|
+
*.egg-info/
|
|
5
|
+
.eggs/
|
|
6
|
+
build/
|
|
7
|
+
dist/
|
|
8
|
+
|
|
9
|
+
# venv / uv
|
|
10
|
+
.venv/
|
|
11
|
+
|
|
12
|
+
# local environment files
|
|
13
|
+
.env*
|
|
14
|
+
|
|
15
|
+
# tooling caches
|
|
16
|
+
.pytest_cache/
|
|
17
|
+
.ruff_cache/
|
|
18
|
+
.mypy_cache/
|
|
19
|
+
|
|
20
|
+
# OS
|
|
21
|
+
.DS_Store
|
|
22
|
+
|
|
23
|
+
# editors
|
|
24
|
+
.idea/
|
|
25
|
+
.vscode/
|
|
26
|
+
|
|
27
|
+
# Local harness documentation
|
|
28
|
+
/AGENTS.md
|
|
29
|
+
/CLAUDE.md
|
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
<!-- section:toc -->
|
|
2
|
+
|
|
3
|
+
Table of Contents:
|
|
4
|
+
|
|
5
|
+
- Unreleased: 24 <!-- section:unreleased -->
|
|
6
|
+
- Version 1.0.0 — 2026-07-16: 29 <!-- section:version-1-0-0 -->
|
|
7
|
+
- Added: 33 <!-- section:version-1-0-0-added -->
|
|
8
|
+
- Changed: 60 <!-- section:version-1-0-0-changed -->
|
|
9
|
+
- Security: 119 <!-- section:version-1-0-0-security -->
|
|
10
|
+
- Version 0.2.0 — prepared 2026-07-13, not published: 134 <!-- section:version-0-2-0 -->
|
|
11
|
+
- Added: 138 <!-- section:version-0-2-0-added -->
|
|
12
|
+
- Changed: 155 <!-- section:version-0-2-0-changed -->
|
|
13
|
+
- Security: 170 <!-- section:version-0-2-0-security -->
|
|
14
|
+
|
|
15
|
+
<!-- /section:toc -->
|
|
16
|
+
|
|
17
|
+
# Changelog
|
|
18
|
+
|
|
19
|
+
All notable project changes are recorded here. Versioning follows
|
|
20
|
+
[VERSIONING.md](docs/VERSIONING.md).
|
|
21
|
+
|
|
22
|
+
<!-- section:unreleased -->
|
|
23
|
+
|
|
24
|
+
## Unreleased
|
|
25
|
+
|
|
26
|
+
<!-- /section:unreleased -->
|
|
27
|
+
<!-- section:version-1-0-0 -->
|
|
28
|
+
|
|
29
|
+
## Version 1.0.0 — 2026-07-16
|
|
30
|
+
|
|
31
|
+
<!-- section:version-1-0-0-added -->
|
|
32
|
+
|
|
33
|
+
### Added
|
|
34
|
+
|
|
35
|
+
- Public contribution, conduct, citation, issue, and pull-request contracts for
|
|
36
|
+
the stable open-source release.
|
|
37
|
+
- Public support routing for usage questions, reproducible defects, proposals,
|
|
38
|
+
and private vulnerability reports.
|
|
39
|
+
- Deterministic GitHub Pages publication that resolves every project-owned
|
|
40
|
+
schema and compatibility-profile identifier from canonical package sources.
|
|
41
|
+
- Optional persisted `await_external.max_resends` enforcement with a host-facing
|
|
42
|
+
remaining-budget contract, atomic exhaustion rejection, and backward-compatible
|
|
43
|
+
host-owned limiting when omitted.
|
|
44
|
+
- Canonical detached Ed25519 authentication for fully replayed authoring
|
|
45
|
+
evidence, with Python and CLI signing and verification interfaces.
|
|
46
|
+
- Content-addressed human presentation review for candidate route and prompt
|
|
47
|
+
prose, with a fixed public rubric, source-bound subjects, offline
|
|
48
|
+
verification, and detached reviewer authentication.
|
|
49
|
+
- Canonical report-only operational evidence for model-specific routing and
|
|
50
|
+
extraction probes, bound to verified final sources, exact request contracts,
|
|
51
|
+
raw responses, and deterministic offline replay. Authored/counterfactual probe
|
|
52
|
+
pairs isolate the influence of trigger examples and extraction guidance.
|
|
53
|
+
- Deterministic analytical lowering for the supported v3 preview subset, with
|
|
54
|
+
full v2 profile and compilation checks, policy-bound loss rehydration, stable
|
|
55
|
+
rejection diagnostics, and an exact preview fixed-point proof.
|
|
56
|
+
|
|
57
|
+
<!-- /section:version-1-0-0-added -->
|
|
58
|
+
<!-- section:version-1-0-0-changed -->
|
|
59
|
+
|
|
60
|
+
### Changed
|
|
61
|
+
|
|
62
|
+
- Converted the maintained source, schemas, runtime messages, examples,
|
|
63
|
+
documentation, fixtures, and tests to English. This intentionally replaces
|
|
64
|
+
Portuguese public identifiers and accepted aliases with explicit English
|
|
65
|
+
contracts, and adds a repository-wide regression check for language drift.
|
|
66
|
+
- Moved project-owned schema and compatibility-profile identifiers to the
|
|
67
|
+
`wllsena.github.io/flowspec2` namespace, replaced operational-looking example
|
|
68
|
+
hosts with reserved domains, and removed internal editorial annotations.
|
|
69
|
+
- Adopted PEP 639 license metadata and documented the stable package boundary
|
|
70
|
+
around `flowspec/2`, with `flowspec/3-draft` remaining experimental.
|
|
71
|
+
- Removed repository-local harness doctrine and model integrations that depended
|
|
72
|
+
on non-public sibling tooling; the public package now exposes only its
|
|
73
|
+
self-contained transport and provider-neutral evidence contracts.
|
|
74
|
+
- Documented the distinction between source-linked canonical IR and fully
|
|
75
|
+
expanded executable topology, including controlled execution cycles versus
|
|
76
|
+
forbidden dependency cycles and arbitrary author-defined loops.
|
|
77
|
+
- Replaced the v3 preview's untyped passthrough map with ordered, immutable,
|
|
78
|
+
policy-classified migration loss entries; authored previews reject the
|
|
79
|
+
migration-only artifact, and localized awaits now account for resume and
|
|
80
|
+
timeout lifecycle rails. Loss categories now bind their allowed source paths
|
|
81
|
+
so category relabeling cannot authorize unrelated rehydration.
|
|
82
|
+
- Separated graph assembly from schema relations, FlowSpec value contracts,
|
|
83
|
+
tool lifecycle validation, and external-resume validation.
|
|
84
|
+
- Separated semantic orchestration from path, derive, predicate, state, and
|
|
85
|
+
schema contract groups while preserving diagnostic identity.
|
|
86
|
+
- Separated Rasa import from export conversion.
|
|
87
|
+
- Replaced hidden complete-source authoring equality with a versioned public
|
|
88
|
+
semantic acceptance contract, aggregate missing/mismatch/unexpected feedback,
|
|
89
|
+
and explicit variable presentation paths. Authoring case, corpus, provider
|
|
90
|
+
prompt, and evidence-envelope identities advanced together.
|
|
91
|
+
- Expanded the conformance kit with gated-derivation traces for open and closed
|
|
92
|
+
guards, ignored gated input, ordered lookup, and declared fallback behavior.
|
|
93
|
+
- Reused a compiled Draft 2020-12 validator while preserving best-match error
|
|
94
|
+
diagnostics, and made routing catalogs include non-exclusive trigger examples.
|
|
95
|
+
- Advanced authoring acceptance, case, corpus, and provider-prompt contracts so
|
|
96
|
+
trigger examples and extraction hints are presence-checked but graded only by
|
|
97
|
+
report-only operational evidence.
|
|
98
|
+
- Added manually dispatched CI and build-once release verification that uses a
|
|
99
|
+
pinned build backend, validates archive safety and installability, and
|
|
100
|
+
atomically preserves checksummed package artifacts for publication.
|
|
101
|
+
- Added a tag-triggered release workflow that publishes the one verified
|
|
102
|
+
artifact set to PyPI through Trusted Publishing with attestations, then
|
|
103
|
+
attaches the same distributions and checksum manifest to a GitHub Release.
|
|
104
|
+
- Bounded public runtime and optional dependencies to supported major lines and
|
|
105
|
+
added a machine-checked dependency-policy contract.
|
|
106
|
+
- Updated the tested LangGraph floor and made the dependency-policy test verify
|
|
107
|
+
semantic bounds instead of rejecting valid patch upgrades.
|
|
108
|
+
- Added grouped Dependabot updates for the uv lock and immutable GitHub Actions
|
|
109
|
+
references, with repository-wide tests enforcing both automation contracts.
|
|
110
|
+
- Made runtime LLM system prompts deployment-neutral and configurable without
|
|
111
|
+
changing their closed routing or extraction schemas.
|
|
112
|
+
- Expanded prior-art and compatibility analysis across current Rasa CALM,
|
|
113
|
+
Parlant, OpenDialog, Voiceflow, Botpress, Langflow, and Flowise capabilities,
|
|
114
|
+
with explicit format, runtime, and host ownership boundaries.
|
|
115
|
+
|
|
116
|
+
<!-- /section:version-1-0-0-changed -->
|
|
117
|
+
<!-- section:version-1-0-0-security -->
|
|
118
|
+
|
|
119
|
+
### Security
|
|
120
|
+
|
|
121
|
+
- Removed source, documentation, tests, packaging exceptions, and local harness
|
|
122
|
+
artifacts that referenced non-public development infrastructure.
|
|
123
|
+
- Pinned the maintained `cryptography` implementation for Ed25519 operations;
|
|
124
|
+
private keys remain outside evidence and cannot be loaded from environment
|
|
125
|
+
files.
|
|
126
|
+
- Restricted source-distribution discovery to an explicit public allowlist and
|
|
127
|
+
made package verification reject regular files outside that boundary.
|
|
128
|
+
|
|
129
|
+
<!-- /section:version-1-0-0-security -->
|
|
130
|
+
|
|
131
|
+
<!-- /section:version-1-0-0 -->
|
|
132
|
+
<!-- section:version-0-2-0 -->
|
|
133
|
+
|
|
134
|
+
## Version 0.2.0 — prepared 2026-07-13, not published
|
|
135
|
+
|
|
136
|
+
<!-- section:version-0-2-0-added -->
|
|
137
|
+
|
|
138
|
+
### Added
|
|
139
|
+
|
|
140
|
+
- Closed structural, semantic, runtime-profile, and compilation diagnostics.
|
|
141
|
+
- Canonical FlowIR contracts, digests, state compatibility, and declarative
|
|
142
|
+
active-state migration.
|
|
143
|
+
- Typed tool, subflow, external-wait, observability, and HTTP backend contracts.
|
|
144
|
+
- Rasa CALM and Open Workflow interoperability profiles with explicit loss
|
|
145
|
+
accounting.
|
|
146
|
+
- Provider-neutral AI-authoring benchmark, packaged reference corpus,
|
|
147
|
+
conformance kit, Gemini transport, and closed structured-output projection.
|
|
148
|
+
- Content-addressed authoring evidence with provider-reported effective model
|
|
149
|
+
versions and deterministic offline replay verification.
|
|
150
|
+
- Locked cross-version CI and installed-package smoke tests.
|
|
151
|
+
|
|
152
|
+
<!-- /section:version-0-2-0-added -->
|
|
153
|
+
<!-- section:version-0-2-0-changed -->
|
|
154
|
+
|
|
155
|
+
### Changed
|
|
156
|
+
|
|
157
|
+
- Isolated evaluator-private benchmark oracles from author-facing requests.
|
|
158
|
+
- Advanced the authoring evidence envelope to
|
|
159
|
+
`flowspec2/authoring-benchmark-evidence@2`.
|
|
160
|
+
- Bound evidence to the configured correction protocol as well as exact
|
|
161
|
+
captures and execution contracts.
|
|
162
|
+
- Separated the declarative CLI grammar from command handlers and I/O
|
|
163
|
+
boundaries.
|
|
164
|
+
- Extracted closed local-reference and external-resume JSON Schema validation
|
|
165
|
+
from graph compilation.
|
|
166
|
+
|
|
167
|
+
<!-- /section:version-0-2-0-changed -->
|
|
168
|
+
<!-- section:version-0-2-0-security -->
|
|
169
|
+
|
|
170
|
+
### Security
|
|
171
|
+
|
|
172
|
+
- Required explicit network consent for live-model evaluation.
|
|
173
|
+
- Excluded credentials and nondeterministic operational metadata from evidence.
|
|
174
|
+
- Pinned CI actions and toolchains to immutable versions with read-only
|
|
175
|
+
repository permissions.
|
|
176
|
+
|
|
177
|
+
<!-- /section:version-0-2-0-security -->
|
|
178
|
+
<!-- /section:version-0-2-0 -->
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
cff-version: 1.2.0
|
|
2
|
+
message: "If you use flowspec2, cite the software using this metadata."
|
|
3
|
+
title: flowspec2
|
|
4
|
+
type: software
|
|
5
|
+
version: 1.0.0
|
|
6
|
+
date-released: 2026-07-16
|
|
7
|
+
authors:
|
|
8
|
+
- name: wllsena
|
|
9
|
+
repository-code: "https://github.com/wllsena/flowspec2"
|
|
10
|
+
url: "https://github.com/wllsena/flowspec2"
|
|
11
|
+
license: MIT
|
|
12
|
+
keywords:
|
|
13
|
+
- conversational-ai
|
|
14
|
+
- workflow
|
|
15
|
+
- state-machine
|
|
16
|
+
- langgraph
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
<!-- section:toc -->
|
|
2
|
+
|
|
3
|
+
Table of Contents:
|
|
4
|
+
|
|
5
|
+
- Our commitment: 17 <!-- section:commitment -->
|
|
6
|
+
- Expected behavior: 27 <!-- section:expected-behavior -->
|
|
7
|
+
- Unacceptable behavior: 38 <!-- section:unacceptable-behavior -->
|
|
8
|
+
- Reporting: 50 <!-- section:reporting -->
|
|
9
|
+
- Enforcement: 60 <!-- section:enforcement -->
|
|
10
|
+
|
|
11
|
+
<!-- /section:toc -->
|
|
12
|
+
|
|
13
|
+
# Code of Conduct
|
|
14
|
+
|
|
15
|
+
<!-- section:commitment -->
|
|
16
|
+
|
|
17
|
+
## Our commitment
|
|
18
|
+
|
|
19
|
+
We are committed to a respectful, inclusive, and technically constructive
|
|
20
|
+
community. Participation is welcome regardless of background, identity,
|
|
21
|
+
experience, or viewpoint when it follows this code and the GitHub Community
|
|
22
|
+
Guidelines.
|
|
23
|
+
|
|
24
|
+
<!-- /section:commitment -->
|
|
25
|
+
<!-- section:expected-behavior -->
|
|
26
|
+
|
|
27
|
+
## Expected behavior
|
|
28
|
+
|
|
29
|
+
- Discuss ideas and evidence rather than attacking people.
|
|
30
|
+
- Give actionable feedback and accept correction in good faith.
|
|
31
|
+
- Respect privacy, security boundaries, and coordinated disclosure.
|
|
32
|
+
- Keep issues and pull requests relevant to the project.
|
|
33
|
+
- Credit the work of others and disclose material conflicts of interest.
|
|
34
|
+
|
|
35
|
+
<!-- /section:expected-behavior -->
|
|
36
|
+
<!-- section:unacceptable-behavior -->
|
|
37
|
+
|
|
38
|
+
## Unacceptable behavior
|
|
39
|
+
|
|
40
|
+
- Harassment, threats, discrimination, or sexualized attention.
|
|
41
|
+
- Publishing private information, credentials, or security details without
|
|
42
|
+
permission.
|
|
43
|
+
- Deliberate disruption, impersonation, spam, or deceptive attribution.
|
|
44
|
+
- Retaliation against someone who reports a concern in good faith.
|
|
45
|
+
- Conduct that violates the GitHub Terms of Service or Community Guidelines.
|
|
46
|
+
|
|
47
|
+
<!-- /section:unacceptable-behavior -->
|
|
48
|
+
<!-- section:reporting -->
|
|
49
|
+
|
|
50
|
+
## Reporting
|
|
51
|
+
|
|
52
|
+
Report repository conduct concerns privately to the maintainer through the
|
|
53
|
+
contact options on the [maintainer's GitHub profile](https://github.com/wllsena).
|
|
54
|
+
Security vulnerabilities follow [SECURITY.md](SECURITY.md) instead. Reports are
|
|
55
|
+
handled with the minimum disclosure needed to investigate and respond.
|
|
56
|
+
|
|
57
|
+
<!-- /section:reporting -->
|
|
58
|
+
<!-- section:enforcement -->
|
|
59
|
+
|
|
60
|
+
## Enforcement
|
|
61
|
+
|
|
62
|
+
The maintainer may edit or remove content, lock conversations, reject
|
|
63
|
+
contributions, or restrict participation when necessary to protect the
|
|
64
|
+
community. Decisions consider context, impact, prior behavior, and whether the
|
|
65
|
+
participant takes responsibility and repairs harm.
|
|
66
|
+
|
|
67
|
+
<!-- /section:enforcement -->
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
<!-- section:toc -->
|
|
2
|
+
|
|
3
|
+
Table of Contents:
|
|
4
|
+
|
|
5
|
+
- Development setup: 21 <!-- section:development-setup -->
|
|
6
|
+
- Contract changes: 38 <!-- section:contract-changes -->
|
|
7
|
+
- Verification: 53 <!-- section:verification -->
|
|
8
|
+
- Pull requests: 70 <!-- section:pull-requests -->
|
|
9
|
+
- Security reports: 83 <!-- section:security-reports -->
|
|
10
|
+
|
|
11
|
+
<!-- /section:toc -->
|
|
12
|
+
|
|
13
|
+
# Contributing to flowspec2
|
|
14
|
+
|
|
15
|
+
Thank you for improving flowspec2. Contributions must preserve the closed
|
|
16
|
+
format boundary: authors describe valid conversational rails, and the runtime
|
|
17
|
+
rejects behavior outside those declared contracts.
|
|
18
|
+
|
|
19
|
+
<!-- section:development-setup -->
|
|
20
|
+
|
|
21
|
+
## Development setup
|
|
22
|
+
|
|
23
|
+
Clone the repository, install the locked environment, and run the project gate:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
uv sync --extra dev
|
|
27
|
+
make ci
|
|
28
|
+
make package-check
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
Docker is required by the Pyright wrapper used by `make typecheck` and
|
|
32
|
+
`make ci`. Live-model commands are optional, require explicit network consent,
|
|
33
|
+
and are never part of the default test suite.
|
|
34
|
+
|
|
35
|
+
<!-- /section:development-setup -->
|
|
36
|
+
<!-- section:contract-changes -->
|
|
37
|
+
|
|
38
|
+
## Contract changes
|
|
39
|
+
|
|
40
|
+
Changes to public Python APIs, CLI output, JSON Schemas, format identifiers,
|
|
41
|
+
runtime profiles, IR, evidence envelopes, or compatibility adapters must update
|
|
42
|
+
their tests, documentation, callers, and changelog in the same contribution.
|
|
43
|
+
Incompatible contracts receive a new versioned identifier; existing identifiers
|
|
44
|
+
are never silently reinterpreted.
|
|
45
|
+
|
|
46
|
+
Architecture decisions that change a public interface or impose migration cost
|
|
47
|
+
require an ADR in `docs/adr/`. Experimental work remains isolated from the
|
|
48
|
+
stable `flowspec/2` runtime contract.
|
|
49
|
+
|
|
50
|
+
<!-- /section:contract-changes -->
|
|
51
|
+
<!-- section:verification -->
|
|
52
|
+
|
|
53
|
+
## Verification
|
|
54
|
+
|
|
55
|
+
Before opening a pull request, run:
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
make ci
|
|
59
|
+
make package-check
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Add regression tests that exercise the real failure path. Do not skip, delete,
|
|
63
|
+
or weaken a failing test to make a change pass. Generated package artifacts,
|
|
64
|
+
credentials, environment files, and live-model evidence do not belong in the
|
|
65
|
+
repository.
|
|
66
|
+
|
|
67
|
+
<!-- /section:verification -->
|
|
68
|
+
<!-- section:pull-requests -->
|
|
69
|
+
|
|
70
|
+
## Pull requests
|
|
71
|
+
|
|
72
|
+
Use a focused branch and a conventional-commit title. The pull request must
|
|
73
|
+
explain what changed, why it changed, how it was verified, and how to roll it
|
|
74
|
+
back. Keep unrelated refactors out of the diff and disclose AI assistance when
|
|
75
|
+
it materially authored the change.
|
|
76
|
+
|
|
77
|
+
By submitting a contribution, you agree that it may be distributed under the
|
|
78
|
+
project's MIT License and that you have the right to contribute it.
|
|
79
|
+
|
|
80
|
+
<!-- /section:pull-requests -->
|
|
81
|
+
<!-- section:security-reports -->
|
|
82
|
+
|
|
83
|
+
## Security reports
|
|
84
|
+
|
|
85
|
+
Do not disclose a suspected vulnerability in a public issue. Follow
|
|
86
|
+
[SECURITY.md](SECURITY.md) and remove credentials, private flow documents, and
|
|
87
|
+
citizen data from every report and reproduction.
|
|
88
|
+
|
|
89
|
+
<!-- /section:security-reports -->
|
flowspec2-1.0.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 wllsena
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|