ssot-core 0.2.16.dev1__tar.gz → 0.2.17.dev1__tar.gz

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ssot-core
-Version: 0.2.16.dev1
+Version: 0.2.17.dev1
 Summary: Core Python runtime, registry model, validation, and release workflow APIs for SSOT.
 Author-email: Jacob Stewart <jacob@swarmauri.com>
 License-Expression: Apache-2.0
@@ -34,8 +34,9 @@ Classifier: Topic :: System :: Archiving
 Classifier: Topic :: Utilities
 Requires-Python: <3.14,>=3.10
 Description-Content-Type: text/markdown
-Requires-Dist: ssot-contracts==0.2.16.dev1
-Requires-Dist: ssot-views==0.2.16.dev1
+Requires-Dist: orjson<4.0,>=3.10
+Requires-Dist: ssot-contracts==0.2.17.dev1
+Requires-Dist: ssot-views==0.2.17.dev1
 Requires-Dist: tomli>=2.0.1; python_version < "3.11"
 
 <div align="center">

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/pyproject.toml

@@ -4,15 +4,16 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ssot-core"
-version = "0.2.16.dev1"
+version = "0.2.17.dev1"
 description = "Core Python runtime, registry model, validation, and release workflow APIs for SSOT."
 readme = "README.md"
 requires-python = ">=3.10,<3.14"
 license = "Apache-2.0"
 authors = [{ name = "Jacob Stewart", email = "jacob@swarmauri.com" }]
 dependencies = [
-  "ssot-contracts==0.2.16.dev1",
-  "ssot-views==0.2.16.dev1",
+  "orjson>=3.10,<4.0",
+  "ssot-contracts==0.2.17.dev1",
+  "ssot-views==0.2.17.dev1",
   "tomli>=2.0.1; python_version < '3.11'",
 ]
 keywords = ["ssot", "core", "registry", "validation", "release-management", "governance", "compliance"]

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_core.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ssot-core
-Version: 0.2.16.dev1
+Version: 0.2.17.dev1
 Summary: Core Python runtime, registry model, validation, and release workflow APIs for SSOT.
 Author-email: Jacob Stewart <jacob@swarmauri.com>
 License-Expression: Apache-2.0
@@ -34,8 +34,9 @@ Classifier: Topic :: System :: Archiving
 Classifier: Topic :: Utilities
 Requires-Python: <3.14,>=3.10
 Description-Content-Type: text/markdown
-Requires-Dist: ssot-contracts==0.2.16.dev1
-Requires-Dist: ssot-views==0.2.16.dev1
+Requires-Dist: orjson<4.0,>=3.10
+Requires-Dist: ssot-contracts==0.2.17.dev1
+Requires-Dist: ssot-views==0.2.17.dev1
 Requires-Dist: tomli>=2.0.1; python_version < "3.11"
 
 <div align="center">

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_core.egg-info/SOURCES.txt

@@ -55,6 +55,7 @@ src/ssot_registry/guards/certification.py
 src/ssot_registry/guards/claim_closure.py
 src/ssot_registry/guards/document_lifecycle.py
 src/ssot_registry/guards/document_supersession.py
+src/ssot_registry/guards/feature_claims.py
 src/ssot_registry/guards/feature_requirements.py
 src/ssot_registry/guards/lifecycle.py
 src/ssot_registry/guards/profile_requirements.py

ssot_core-0.2.17.dev1/src/ssot_core.egg-info/requires.txt

@@ -0,0 +1,6 @@
+orjson<4.0,>=3.10
+ssot-contracts==0.2.17.dev1
+ssot-views==0.2.17.dev1
+
+[:python_version < "3.11"]
+tomli>=2.0.1

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/api/documents.py

@@ -12,14 +12,17 @@ from ssot_registry.guards.document_lifecycle import (
 )
 from ssot_registry.guards.document_supersession import apply_supersession
 from ssot_registry.model.document import (
+    DOCUMENT_ORIGINS,
     DOCUMENT_STATUSES,
     DOCUMENT_SLUG_PATTERN,
+    EXTENSION_PACK_RESERVATION_PREFIX,
     SPEC_KINDS,
     build_document_path,
     default_document_id_reservations,
+    is_extension_pack_reservation_owner,
     load_document_manifest as load_packaged_document_manifest,
     normalize_document_id,
-    read_packaged_document_bytes,
+    read_manifest_document_bytes,
     read_packaged_document_text,
     reservation_kind_key,
     section_for_document_kind,
@@ -199,6 +202,53 @@ def _manifest_row_to_registry_row(registry: dict[str, Any], kind: str, manifest_
     return row
 
 
+def _packaged_manifest_entries(kind: str) -> list[dict[str, Any]]:
+    manifest_entries = load_packaged_document_manifest(kind, include_untrusted=True)
+    untrusted_extension_catalogs = sorted(
+        {
+            str(entry.get("catalog_id", ""))
+            for entry in manifest_entries
+            if entry.get("origin") == "extension-pack" and not bool(entry.get("trusted", False))
+        }
+    )
+    if untrusted_extension_catalogs:
+        raise ValidationError(
+            "Untrusted extension-pack catalogs are available but not allowed for sync: "
+            + ", ".join(untrusted_extension_catalogs)
+        )
+
+    trusted_entries = [entry for entry in manifest_entries if bool(entry.get("trusted", False))]
+    seen_ids: dict[str, str] = {}
+    seen_numbers: dict[int, str] = {}
+    seen_paths: dict[str, str] = {}
+    for entry in trusted_entries:
+        entry_id = str(entry.get("id", ""))
+        catalog_id = str(entry.get("catalog_id", ""))
+        number = entry.get("number")
+        target_path = str(entry.get("target_path", ""))
+        origin = entry.get("origin")
+        if origin not in {"ssot-origin", "extension-pack"}:
+            raise ValidationError(f"Packaged {kind} manifest entry {entry_id} must use origin 'ssot-origin' or 'extension-pack'")
+        if entry_id in seen_ids:
+            raise ValidationError(
+                f"Packaged {kind} id conflict: {entry_id} is present in both {seen_ids[entry_id]} and {catalog_id}"
+            )
+        if isinstance(number, int) and number in seen_numbers:
+            raise ValidationError(
+                f"Packaged {kind} number conflict: {number:04d} is present in both {seen_numbers[number]} and {catalog_id}"
+            )
+        if target_path and target_path in seen_paths:
+            raise ValidationError(
+                f"Packaged {kind} target_path conflict: {target_path} is present in both {seen_paths[target_path]} and {catalog_id}"
+            )
+        seen_ids[entry_id] = catalog_id
+        if isinstance(number, int):
+            seen_numbers[number] = catalog_id
+        if target_path:
+            seen_paths[target_path] = catalog_id
+    return trusted_entries
+
+
 def _existing_numbers(registry: dict[str, Any], kind: str) -> set[int]:
     return {
         row["number"]
@@ -318,7 +368,7 @@ def create_document(
     spec_kind: str | None = None,
     adr_ids: list[str] | None = None,
 ) -> dict[str, Any]:
-    if origin not in {"repo-local", "ssot-core", "ssot-origin"}:
+    if origin not in DOCUMENT_ORIGINS:
         raise ValidationError(f"Unsupported origin '{origin}' for {_document_label(kind)} creation")
     if not isinstance(title, str) or not title.strip():
         raise ValidationError(f"{_document_label(kind)} title must be a non-empty string")
@@ -335,24 +385,33 @@ def create_document(
     repo_kind = _repo_kind(registry)
     if repo_kind == "repo-local" and origin != "repo-local":
         raise ValidationError(f"Repo-local repositories may only create repo-local {_document_label(kind)} rows")
-    if repo_kind in {"ssot-core", "ssot-origin"} and origin == "repo-local":
+    if repo_kind in {"ssot-core", "ssot-origin"} and origin not in {"ssot-core", "ssot-origin"}:
         raise ValidationError(f"{repo_kind} repositories may only create ssot-core or ssot-origin {_document_label(kind)} rows")
+    if repo_kind == "extension-pack" and origin != "extension-pack":
+        raise ValidationError(f"extension-pack repositories may only create extension-pack {_document_label(kind)} rows")
     if number is None:
         if repo_kind in {"ssot-core", "ssot-origin"} and origin in {"ssot-core", "ssot-origin"}:
             raise ValidationError(f"{repo_kind} {_document_label(kind)} creation for {origin} requires an explicit --number")
+        if repo_kind == "extension-pack" and origin == "extension-pack":
+            raise ValidationError(f"extension-pack {_document_label(kind)} creation for {origin} requires an explicit --number")
         number = _allocate_number(registry, kind, reserve_range)
     else:
         _ensure_assignable_number(
             registry,
             kind,
             number,
-            allow_non_assignable=repo_kind in {"ssot-core", "ssot-origin"} and origin in {"ssot-core", "ssot-origin"},
+            allow_non_assignable=repo_kind in {"ssot-core", "ssot-origin", "extension-pack"}
+            and origin in {"ssot-core", "ssot-origin", "extension-pack"},
         )
     reservation = _reservation_for_number(registry, kind, number)
     if origin in {"ssot-core", "ssot-origin"} and reservation.get("owner") != origin:
         raise ValidationError(
             f"{_document_label(kind)} number {number} must use reservation owned by {origin}; got {reservation.get('owner')}"
         )
+    if origin == "extension-pack" and not is_extension_pack_reservation_owner(reservation.get("owner")):
+        raise ValidationError(
+            f"{_document_label(kind)} number {number} must use reservation owned by {EXTENSION_PACK_RESERVATION_PREFIX}<catalog-id>; got {reservation.get('owner')}"
+        )
 
     authored_payload = _resolve_authored_payload(kind, title=title, body=body, body_file=body_file, require_one=True)
     authored_payload = _apply_spec_adr_ids(authored_payload, adr_ids) if kind == "spec" else authored_payload
@@ -596,7 +655,7 @@ def _sync_manifest_document(
                 raise ValidationError(
                     f"Cannot sync {document_id}; number {expected_row['number']} is already used by {row.get('id')}"
                 )
-        payload = read_packaged_document_bytes(kind, manifest_entry["filename"])
+        payload = read_manifest_document_bytes(kind, manifest_entry)
         target = repo_root / expected_row["path"]
         target.parent.mkdir(parents=True, exist_ok=True)
         target.write_bytes(payload)
@@ -610,7 +669,7 @@ def _sync_manifest_document(
                 f"Cannot sync {document_id}; field {field_name} was locally modified from {expected_row.get(field_name)} to {current.get(field_name)}"
             )
 
-    payload = read_packaged_document_bytes(kind, manifest_entry["filename"])
+    payload = read_manifest_document_bytes(kind, manifest_entry)
     target = repo_root / expected_row["path"]
     target.parent.mkdir(parents=True, exist_ok=True)
     actual_hash = sha256_normalized_text_path(target) if target.exists() else None
@@ -641,9 +700,7 @@ def sync_documents_in_memory(registry: dict[str, Any], repo_root: Path, kind: st
     lookup = _row_lookup(registry, kind)
     summary: dict[str, list[str]] = {"created": [], "updated": [], "unchanged": []}
 
-    for manifest_entry in load_packaged_document_manifest(kind):
-        if manifest_entry.get("origin") != "ssot-origin":
-            raise ValidationError(f"Packaged {kind} manifest entry {manifest_entry.get('id')} must use origin 'ssot-origin'")
+    for manifest_entry in _packaged_manifest_entries(kind):
         if not schema_version_meets_minimum(registry.get("schema_version", 0), manifest_entry.get("minimum_schema_version", 0)):
             continue
         outcome, document_id = _sync_manifest_document(registry, repo_root, kind, manifest_entry, lookup)
@@ -658,7 +715,7 @@ def sync_documents_in_memory(registry: dict[str, Any], repo_root: Path, kind: st
 def sync_documents(path: str | Path, kind: str) -> dict[str, Any]:
     registry_path, repo_root, registry = load_registry(path)
     section = section_for_document_kind(kind)
-    if _repo_kind(registry) in {"ssot-core", "ssot-origin"}:
+    if _repo_kind(registry) in {"ssot-core", "ssot-origin", "extension-pack"}:
         return {
             "passed": True,
             "registry_path": registry_path.as_posix(),

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/api/profile_eval.py

@@ -3,6 +3,10 @@ from __future__ import annotations
 from typing import Any
 
 from ssot_registry.guards.claim_closure import evaluate_claim_guard
+from ssot_registry.guards.feature_claims import (
+    active_required_feature_claims,
+    feature_claim_ceiling_failures,
+)
 from ssot_registry.guards.feature_requirements import evaluate_required_feature_failures
 from ssot_registry.model.enums import CLAIM_TIER_RANK
 from ssot_registry.validators.identity import build_index
@@ -42,24 +46,23 @@ def evaluate_feature_passing(
 
     checked_claim_ids: list[str] = []
     satisfying_claim_ids: list[str] = []
-    for claim_id in feature.get("claim_ids", []):
-        if claim_id not in index["claims"]:
-            continue
+    active_claims = active_required_feature_claims(feature, index)
+    for claim in active_claims:
+        claim_id = str(claim["id"])
         checked_claim_ids.append(claim_id)
-        claim = index["claims"][claim_id]
         guard = evaluate_claim_guard(claim, index, guard_policies)
         if not guard.get("passed"):
             continue
-        if required_tier is not None and CLAIM_TIER_RANK[claim["tier"]] < CLAIM_TIER_RANK[required_tier]:
-            continue
-        satisfying_claim_ids.append(claim_id)
+        if claim.get("tier") != "T0" and (required_tier is None or CLAIM_TIER_RANK[claim["tier"]] >= CLAIM_TIER_RANK[required_tier]):
+            satisfying_claim_ids.append(claim_id)
 
-    checks["claim_target_met"] = bool(satisfying_claim_ids) if required_tier is not None else bool(checked_claim_ids)
+    checks["claim_target_met"] = bool(active_claims) and len(satisfying_claim_ids) == len(active_claims)
     if not checks["claim_target_met"]:
         if required_tier is None:
             failures.append(f"Feature {feature_id} has no effective required claim tier")
         else:
-            failures.append(f"Feature {feature_id} has no satisfying claim at or above tier {required_tier}")
+            failures.append(f"Feature {feature_id} does not have all active required claims satisfying tier {required_tier}")
+        failures.extend(failure.removeprefix(f"features.{feature_id} ") for failure in feature_claim_ceiling_failures(feature, index))
 
     return {
         "feature_id": feature_id,

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/api/status_sync.py

@@ -5,6 +5,11 @@ from pathlib import Path
 from typing import Any
 
 from ssot_registry.guards.claim_closure import evaluate_claim_guard
+from ssot_registry.guards.feature_claims import (
+    active_required_feature_claims,
+    claim_satisfies_feature_implementation,
+    feature_claim_ceiling_failures,
+)
 from ssot_registry.model.enums import CLAIM_STATUS_RANK, CLAIM_TIER_RANK
 from ssot_registry.validators.identity import build_index
 
@@ -184,9 +189,7 @@ def _sync_claims(registry: dict[str, Any]) -> list[dict[str, object]]:
 
 
 def _claim_satisfies_feature(claim: dict[str, Any], required_tier: str | None) -> bool:
-    if required_tier is not None and CLAIM_TIER_RANK[claim["tier"]] < CLAIM_TIER_RANK[required_tier]:
-        return False
-    return CLAIM_STATUS_RANK.get(claim.get("status"), -999) >= CLAIM_STATUS_RANK["evidenced"]
+    return claim_satisfies_feature_implementation(claim, required_tier)
 
 
 def _sync_features_once(registry: dict[str, Any]) -> list[dict[str, object]]:
@@ -203,25 +206,27 @@ def _sync_features_once(registry: dict[str, Any]) -> list[dict[str, object]]:
         else:
             linked_tests = [index["tests"][test_id] for test_id in feature.get("test_ids", []) if test_id in index["tests"]]
             linked_claims = [index["claims"][claim_id] for claim_id in feature.get("claim_ids", []) if claim_id in index["claims"]]
+            active_claims = active_required_feature_claims(feature, index)
             required_features = [index["features"][required_id] for required_id in feature.get("requires", []) if required_id in index["features"]]
             required_tier = feature.get("plan", {}).get("target_claim_tier")
             tests_pass = bool(linked_tests) and all(test.get("status") == "passing" for test in linked_tests)
-            claims_pass = any(_claim_satisfies_feature(claim, required_tier) for claim in linked_claims)
+            claims_pass = bool(active_claims) and all(_claim_satisfies_feature(claim, required_tier) for claim in active_claims)
             requirements_pass = all(required.get("implementation_status") == "implemented" for required in required_features)
             only_planned_support = (
                 bool(linked_tests or linked_claims)
                 and all(test.get("status") == "planned" for test in linked_tests)
-                and all(CLAIM_STATUS_RANK.get(claim.get("status"), -999) <= CLAIM_STATUS_RANK["proposed"] for claim in linked_claims)
+                and all(CLAIM_STATUS_RANK.get(claim.get("status"), -999) <= CLAIM_STATUS_RANK["proposed"] for claim in active_claims)
             )
             if tests_pass and claims_pass and requirements_pass:
                 status = "implemented"
-                reason = "feature has passing tests, satisfying claims, and implemented requirements"
+                reason = "feature has passing tests, all active required claims satisfy implementation, and implemented requirements"
             elif only_planned_support:
                 status = "absent"
                 reason = "feature has only planned verification support"
             elif linked_tests or linked_claims or required_features:
                 status = "partial"
-                reason = "feature has linked support but does not yet satisfy implementation criteria"
+                ceiling_failures = feature_claim_ceiling_failures(feature, index)
+                reason = "; ".join(ceiling_failures) if ceiling_failures else "feature has linked support but does not yet satisfy implementation criteria"
             else:
                 status = "absent"
                 reason = "feature has no linked implementation support"

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/api/upgrade.py

@@ -37,6 +37,7 @@ LEGACY_V3_VERSION = "0.1.2"
 SSOT_ORIGIN_V8_OFFSET = 599
 SCHEMA_V0_1_0 = "0.1.0"
 SCHEMA_V0_2_0 = "0.2.0"
+SCHEMA_V0_3_0 = "0.3.0"
 MIGRATION_RELEASE_WINDOWS = {
     (3, 4): "0.1.x->0.2.1",
     (4, 5): "0.2.1->0.2.2",
@@ -47,7 +48,8 @@ MIGRATION_RELEASE_WINDOWS = {
     (9, 10): "0.2.6->0.2.7",
     (10, SCHEMA_V0_1_0): "0.2.7->0.2.7",
     (SCHEMA_V0_1_0, SCHEMA_V0_2_0): "0.2.10->0.2.10",
-    (SCHEMA_V0_2_0, "0.3.0"): "0.2.10->0.3.0",
+    (SCHEMA_V0_2_0, SCHEMA_V0_3_0): "0.2.10->0.3.0",
+    (SCHEMA_V0_3_0, SCHEMA_VERSION): "0.2.10->0.4.0",
 }
 
 MIGRATION_PATHS = (
@@ -60,7 +62,8 @@ MIGRATION_PATHS = (
     (9, 10, "migrate_v9_to_v10"),
     (10, SCHEMA_V0_1_0, "migrate_v10_to_v0_1_0"),
     (SCHEMA_V0_1_0, SCHEMA_V0_2_0, "migrate_v0_1_0_to_v0_2_0"),
-    (SCHEMA_V0_2_0, SCHEMA_VERSION, "migrate_v0_2_0_to_v0_3_0"),
+    (SCHEMA_V0_2_0, SCHEMA_V0_3_0, "migrate_v0_2_0_to_v0_3_0"),
+    (SCHEMA_V0_3_0, SCHEMA_VERSION, "migrate_v0_3_0_to_v0_4_0"),
 )
 
 
@@ -527,11 +530,24 @@ def migrate_v0_2_0_to_v0_3_0(
 ) -> dict[str, Any]:
     _ = repo_root, previous_version, target_version
     migrated = deepcopy(registry)
-    migrated["schema_version"] = SCHEMA_VERSION
+    migrated["schema_version"] = SCHEMA_V0_3_0
     _seed_release_boundary_ids(migrated)
     return migrated
 
 
+def migrate_v0_3_0_to_v0_4_0(
+    registry: dict[str, Any],
+    repo_root: Path,
+    *,
+    previous_version: str,
+    target_version: str,
+) -> dict[str, Any]:
+    _ = repo_root, previous_version, target_version
+    migrated = deepcopy(registry)
+    migrated["schema_version"] = SCHEMA_VERSION
+    return migrated
+
+
 def target_version_from_registry(registry: dict[str, Any]) -> str:
     tooling = registry.get("tooling")
     if isinstance(tooling, dict):
@@ -668,11 +684,21 @@ def upgrade_registry(
             target_version=target_version,
         )
         schema_migrations.append("migrate_v0_2_0_to_v0_3_0")
-        migrations.append(_migration_window_label(SCHEMA_V0_2_0, SCHEMA_VERSION))
+        migrations.append(_migration_window_label(SCHEMA_V0_2_0, SCHEMA_V0_3_0))
+        source_schema = SCHEMA_V0_3_0
+    if source_schema == SCHEMA_V0_3_0:
+        working = migrate_v0_3_0_to_v0_4_0(
+            working,
+            repo_root,
+            previous_version=source_tooling_version,
+            target_version=target_version,
+        )
+        schema_migrations.append("migrate_v0_3_0_to_v0_4_0")
+        migrations.append(_migration_window_label(SCHEMA_V0_3_0, SCHEMA_VERSION))
         source_schema = SCHEMA_VERSION
     elif source_schema != SCHEMA_VERSION:
         raise RegistryError(
-            f"Unsupported registry schema_version {source_schema}; expected 3, 4, 5, 6, 7, 8, 9, 10, 0.1.0, 0.2.0 or {SCHEMA_VERSION}"
+            f"Unsupported registry schema_version {source_schema}; expected 3, 4, 5, 6, 7, 8, 9, 10, 0.1.0, 0.2.0, 0.3.0 or {SCHEMA_VERSION}"
         )
 
     normalized_current = _normalize_current_registry(working)

ssot_core-0.2.17.dev1/src/ssot_registry/guards/feature_claims.py

@@ -0,0 +1,57 @@
+from __future__ import annotations
+
+from typing import Any
+
+from ssot_registry.model.enums import CLAIM_STATUS_RANK, CLAIM_TIER_RANK
+
+INACTIVE_CLAIM_STATUSES = {"retired"}
+
+
+def active_required_feature_claims(
+    feature: dict[str, Any],
+    index: dict[str, dict[str, dict[str, object]]],
+) -> list[dict[str, object]]:
+    return [
+        index["claims"][claim_id]
+        for claim_id in feature.get("claim_ids", [])
+        if claim_id in index["claims"] and index["claims"][claim_id].get("status") not in INACTIVE_CLAIM_STATUSES
+    ]
+
+
+def claim_satisfies_feature_implementation(
+    claim: dict[str, object],
+    required_tier: str | None,
+) -> bool:
+    if claim.get("tier") == "T0":
+        return False
+    if required_tier is not None and CLAIM_TIER_RANK[claim["tier"]] < CLAIM_TIER_RANK[required_tier]:
+        return False
+    return CLAIM_STATUS_RANK.get(claim.get("status"), -999) >= CLAIM_STATUS_RANK["evidenced"]
+
+
+def feature_claim_ceiling_failures(
+    feature: dict[str, Any],
+    index: dict[str, dict[str, dict[str, object]]],
+    *,
+    require_evidenced_status: bool = True,
+) -> list[str]:
+    feature_id = str(feature["id"])
+    required_tier = feature.get("plan", {}).get("target_claim_tier")
+    failures: list[str] = []
+    for claim in active_required_feature_claims(feature, index):
+        claim_id = str(claim["id"])
+        claim_tier = str(claim["tier"])
+        claim_status = str(claim.get("status"))
+        if claim_tier == "T0":
+            failures.append(f"features.{feature_id} is capped below implemented by active T0 claim {claim_id}")
+            continue
+        if required_tier is not None and CLAIM_TIER_RANK[claim_tier] < CLAIM_TIER_RANK[required_tier]:
+            failures.append(
+                f"features.{feature_id} is capped below implemented by claim {claim_id} tier {claim_tier} below target {required_tier}"
+            )
+            continue
+        if require_evidenced_status and CLAIM_STATUS_RANK.get(claim_status, -999) < CLAIM_STATUS_RANK["evidenced"]:
+            failures.append(
+                f"features.{feature_id} is capped below implemented by claim {claim_id} status {claim_status} below evidenced"
+            )
+    return failures

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/__init__.py

@@ -12,10 +12,14 @@ from .document import (
     document_path_has_supported_suffix,
     document_path_variants,
     default_document_id_reservations,
+    extension_pack_reservation_owner,
     format_document_number,
+    is_extension_pack_reservation_owner,
     load_document_manifest,
     normalize_document_id,
     parse_document_filename,
+    read_manifest_document_bytes,
+    read_manifest_document_text,
     read_packaged_document_bytes,
     read_packaged_document_text,
 )
@@ -39,15 +43,19 @@ __all__ = [
     "build_minimal_registry",
     "count_entities",
     "default_document_id_reservations",
+    "extension_pack_reservation_owner",
     "default_guard_policies",
     "default_paths",
     "filesystem_safe_id",
     "format_document_number",
+    "is_extension_pack_reservation_owner",
     "is_normalized_id",
     "load_document_manifest",
     "normalize_document_id",
     "parse_document_filename",
     "ProfileRow",
+    "read_manifest_document_bytes",
+    "read_manifest_document_text",
     "read_packaged_document_bytes",
     "read_packaged_document_text",
 ]

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/boundary.py

@@ -6,6 +6,7 @@ from typing import TypedDict
 class BoundaryRow(TypedDict, total=False):
     id: str
     title: str
+    body: str
     status: str
     frozen: bool
     feature_ids: list[str]

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/claim.py

@@ -6,6 +6,7 @@ from typing import TypedDict
 class ClaimRow(TypedDict, total=False):
     id: str
     title: str
+    body: str
     status: str
     tier: str
     kind: str

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/document.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 import re
 from pathlib import Path
-from typing import Any, TypedDict
+from typing import Any, Callable, TypedDict
 
 from ssot_contracts import load_document_manifest as contracts_load_document_manifest
 from ssot_contracts import read_packaged_document_bytes as contracts_read_packaged_document_bytes
@@ -17,7 +17,8 @@ DOCUMENT_FILENAME_PREFIXES = CONTRACT_DATA["document_contract"]["filename_prefix
 DOCUMENT_PATH_KEYS = CONTRACT_DATA["document_contract"]["path_keys"]
 DOCUMENT_RESERVATION_KEYS = CONTRACT_DATA["document_contract"]["reservation_keys"]
 DOCUMENT_FILE_SUFFIXES = (".json", ".yaml")
-DOCUMENT_ORIGINS = {"ssot-core", "ssot-origin", "repo-local"}
+DOCUMENT_ORIGINS = {"ssot-core", "ssot-origin", "repo-local", "extension-pack"}
+EXTENSION_PACK_RESERVATION_PREFIX = "extension-pack:"
 DOCUMENT_STATUSES = tuple(CONTRACT_DATA["choice_sets"]["document_statuses"])
 CREATE_ALLOWED_STATUSES = ("draft", "in_review", "accepted", "rejected", "withdrawn")
 TERMINAL_STATUSES = ("rejected", "withdrawn", "superseded", "retired")
@@ -65,6 +66,14 @@ class SpecRow(TypedDict, total=False):
     status_notes: list[StatusNote]
 
 
+class DocumentCatalogProvider(TypedDict):
+    catalog_id: str
+    trusted_by_default: bool
+    load_manifest: Callable[[str], list[dict[str, Any]]]
+    read_text: Callable[[str, str], str]
+    read_bytes: Callable[[str, str], bytes]
+
+
 def format_document_number(number: int) -> str:
     return f"{number:04d}"
 
@@ -114,8 +123,54 @@ def default_document_id_reservations() -> dict[str, list[dict[str, Any]]]:
     }
 
 
-def load_document_manifest(kind: str) -> list[dict[str, Any]]:
-    return contracts_load_document_manifest(kind)
+_DOCUMENT_CATALOG_PROVIDERS: list[DocumentCatalogProvider] = [
+    {
+        "catalog_id": "ssot-origin",
+        "trusted_by_default": True,
+        "load_manifest": contracts_load_document_manifest,
+        "read_text": contracts_read_packaged_document_text,
+        "read_bytes": contracts_read_packaged_document_bytes,
+    }
+]
+
+
+def extension_pack_reservation_owner(catalog_id: str) -> str:
+    return f"{EXTENSION_PACK_RESERVATION_PREFIX}{catalog_id}"
+
+
+def is_extension_pack_reservation_owner(owner: object) -> bool:
+    return isinstance(owner, str) and owner.startswith(EXTENSION_PACK_RESERVATION_PREFIX) and len(owner) > len(
+        EXTENSION_PACK_RESERVATION_PREFIX
+    )
+
+
+def load_document_manifest(kind: str, *, include_untrusted: bool = False) -> list[dict[str, Any]]:
+    entries: list[dict[str, Any]] = []
+    for provider in _DOCUMENT_CATALOG_PROVIDERS:
+        if not include_untrusted and not provider["trusted_by_default"]:
+            continue
+        for raw_entry in provider["load_manifest"](kind):
+            entry = dict(raw_entry)
+            entry.setdefault("catalog_id", provider["catalog_id"])
+            entry.setdefault("trusted", provider["trusted_by_default"])
+            entries.append(entry)
+    return entries
+
+
+def read_manifest_document_text(kind: str, manifest_entry: dict[str, Any]) -> str:
+    catalog_id = str(manifest_entry.get("catalog_id", "ssot-origin"))
+    for provider in _DOCUMENT_CATALOG_PROVIDERS:
+        if provider["catalog_id"] == catalog_id:
+            return provider["read_text"](kind, str(manifest_entry["filename"]))
+    raise ValueError(f"Unknown document catalog provider: {catalog_id}")
+
+
+def read_manifest_document_bytes(kind: str, manifest_entry: dict[str, Any]) -> bytes:
+    catalog_id = str(manifest_entry.get("catalog_id", "ssot-origin"))
+    for provider in _DOCUMENT_CATALOG_PROVIDERS:
+        if provider["catalog_id"] == catalog_id:
+            return provider["read_bytes"](kind, str(manifest_entry["filename"]))
+    raise ValueError(f"Unknown document catalog provider: {catalog_id}")
 
 
 def read_packaged_document_text(kind: str, filename: str) -> str:

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/evidence.py

@@ -6,6 +6,7 @@ from typing import TypedDict
 class EvidenceRow(TypedDict, total=False):
     id: str
     title: str
+    body: str
     status: str
     kind: str
     tier: str

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/feature.py

@@ -7,6 +7,7 @@ class FeatureRow(TypedDict, total=False):
     id: str
     title: str
     description: str
+    body: str
     implementation_status: str
     lifecycle: dict[str, object]
     plan: dict[str, object]

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/issue.py

@@ -6,6 +6,7 @@ from typing import TypedDict
 class IssueRow(TypedDict, total=False):
     id: str
     title: str
+    body: str
     status: str
     severity: str
     description: str

{ssot_core-0.2.16.dev1 → ssot_core-0.2.17.dev1}/src/ssot_registry/model/profile.py

@@ -7,6 +7,7 @@ class ProfileRow(TypedDict, total=False):
     id: str
     title: str
     description: str
+    body: str
     status: str
     kind: str
     feature_ids: list[str]