verification-ecology-kit 1.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. verification_ecology_kit-1.0.0/.gitignore +33 -0
  2. verification_ecology_kit-1.0.0/CHANGELOG.md +17 -0
  3. verification_ecology_kit-1.0.0/CODE_OF_CONDUCT.md +5 -0
  4. verification_ecology_kit-1.0.0/CONTRIBUTING.md +19 -0
  5. verification_ecology_kit-1.0.0/LICENSE +16 -0
  6. verification_ecology_kit-1.0.0/PKG-INFO +459 -0
  7. verification_ecology_kit-1.0.0/README.md +419 -0
  8. verification_ecology_kit-1.0.0/SECURITY.md +38 -0
  9. verification_ecology_kit-1.0.0/docs/api.md +22 -0
  10. verification_ecology_kit-1.0.0/docs/audits.md +13 -0
  11. verification_ecology_kit-1.0.0/docs/cli.md +42 -0
  12. verification_ecology_kit-1.0.0/docs/concepts.md +13 -0
  13. verification_ecology_kit-1.0.0/docs/conformance.md +32 -0
  14. verification_ecology_kit-1.0.0/docs/data_model.md +5 -0
  15. verification_ecology_kit-1.0.0/docs/examples.md +24 -0
  16. verification_ecology_kit-1.0.0/docs/glossary.md +15 -0
  17. verification_ecology_kit-1.0.0/docs/index.md +9 -0
  18. verification_ecology_kit-1.0.0/docs/pre_publication_audit.md +50 -0
  19. verification_ecology_kit-1.0.0/docs/pyproject-publishing.md +20 -0
  20. verification_ecology_kit-1.0.0/docs/quickstart.md +22 -0
  21. verification_ecology_kit-1.0.0/docs/release_gates.md +64 -0
  22. verification_ecology_kit-1.0.0/docs/release_readiness.md +73 -0
  23. verification_ecology_kit-1.0.0/docs/schemas.md +186 -0
  24. verification_ecology_kit-1.0.0/docs/security.md +13 -0
  25. verification_ecology_kit-1.0.0/docs/theory_mapping.md +67 -0
  26. verification_ecology_kit-1.0.0/docs/v1_audit.md +80 -0
  27. verification_ecology_kit-1.0.0/docs/v1_readiness.md +74 -0
  28. verification_ecology_kit-1.0.0/examples/authority_gate.py +27 -0
  29. verification_ecology_kit-1.0.0/examples/basic_packet.py +9 -0
  30. verification_ecology_kit-1.0.0/examples/external_packet_quarantine.py +6 -0
  31. verification_ecology_kit-1.0.0/examples/federated_bundle.py +32 -0
  32. verification_ecology_kit-1.0.0/examples/operational_bundle.py +16 -0
  33. verification_ecology_kit-1.0.0/examples/overclosure_audit.py +7 -0
  34. verification_ecology_kit-1.0.0/examples/reachability_certificate.py +36 -0
  35. verification_ecology_kit-1.0.0/examples/residual_ledger.py +18 -0
  36. verification_ecology_kit-1.0.0/examples/runtime_loop.py +22 -0
  37. verification_ecology_kit-1.0.0/examples/schema_migration.py +22 -0
  38. verification_ecology_kit-1.0.0/pyproject.toml +164 -0
  39. verification_ecology_kit-1.0.0/scripts/check_v1_readiness.py +454 -0
  40. verification_ecology_kit-1.0.0/scripts/generate_schema_docs.py +23 -0
  41. verification_ecology_kit-1.0.0/scripts/generate_theory_mapping.py +76 -0
  42. verification_ecology_kit-1.0.0/scripts/scan_local_info.py +17 -0
  43. verification_ecology_kit-1.0.0/scripts/smoke_install_wheel.py +46 -0
  44. verification_ecology_kit-1.0.0/scripts/verify_no_secrets.py +17 -0
  45. verification_ecology_kit-1.0.0/scripts/verify_package_contents.py +20 -0
  46. verification_ecology_kit-1.0.0/security/allowlist.example.toml +4 -0
  47. verification_ecology_kit-1.0.0/security/allowlist.toml +5 -0
  48. verification_ecology_kit-1.0.0/src/verification_ecology_kit/__init__.py +58 -0
  49. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/__init__.py +1 -0
  50. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/adversarial_ingress.py +31 -0
  51. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/aperture_regression.py +45 -0
  52. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/local_info.py +82 -0
  53. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/monoculture.py +34 -0
  54. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/packet_ecology.py +39 -0
  55. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/reports.py +97 -0
  56. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/residual_metabolism.py +39 -0
  57. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/schema_overclosure.py +33 -0
  58. verification_ecology_kit-1.0.0/src/verification_ecology_kit/audit/security.py +150 -0
  59. verification_ecology_kit-1.0.0/src/verification_ecology_kit/canonicalization.py +140 -0
  60. verification_ecology_kit-1.0.0/src/verification_ecology_kit/cli.py +886 -0
  61. verification_ecology_kit-1.0.0/src/verification_ecology_kit/digest.py +93 -0
  62. verification_ecology_kit-1.0.0/src/verification_ecology_kit/errors.py +37 -0
  63. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ids.py +17 -0
  64. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/__init__.py +1 -0
  65. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/aperture.py +76 -0
  66. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/authority.py +147 -0
  67. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/boundaries.py +45 -0
  68. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/certification.py +101 -0
  69. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/circulation.py +57 -0
  70. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/conformance.py +289 -0
  71. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/contracts.py +59 -0
  72. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/ecology_state.py +38 -0
  73. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/frontier.py +27 -0
  74. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/history.py +53 -0
  75. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/judgments.py +77 -0
  76. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/ledger.py +239 -0
  77. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/lifecycle.py +101 -0
  78. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/maturity.py +28 -0
  79. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/overclosure.py +97 -0
  80. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/packets.py +298 -0
  81. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/reachability.py +118 -0
  82. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/records.py +145 -0
  83. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/registries.py +93 -0
  84. verification_ecology_kit-1.0.0/src/verification_ecology_kit/model/residuals.py +98 -0
  85. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/__init__.py +1 -0
  86. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/base.py +308 -0
  87. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/compose.py +18 -0
  88. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/contrast.py +18 -0
  89. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/fork.py +18 -0
  90. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/generalize.py +21 -0
  91. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/internalize.py +23 -0
  92. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/quarantine.py +18 -0
  93. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/redact.py +18 -0
  94. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/repair.py +18 -0
  95. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/retire.py +18 -0
  96. verification_ecology_kit-1.0.0/src/verification_ecology_kit/operations/specialize.py +18 -0
  97. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/__init__.py +1 -0
  98. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/checker.py +11 -0
  99. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/clock.py +10 -0
  100. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/generator.py +12 -0
  101. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/policy.py +11 -0
  102. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/reporter.py +9 -0
  103. verification_ecology_kit-1.0.0/src/verification_ecology_kit/ports/storage.py +13 -0
  104. verification_ecology_kit-1.0.0/src/verification_ecology_kit/py.typed +1 -0
  105. verification_ecology_kit-1.0.0/src/verification_ecology_kit/references.py +233 -0
  106. verification_ecology_kit-1.0.0/src/verification_ecology_kit/result.py +238 -0
  107. verification_ecology_kit-1.0.0/src/verification_ecology_kit/runtime/__init__.py +1 -0
  108. verification_ecology_kit-1.0.0/src/verification_ecology_kit/runtime/engine.py +73 -0
  109. verification_ecology_kit-1.0.0/src/verification_ecology_kit/runtime/in_memory.py +18 -0
  110. verification_ecology_kit-1.0.0/src/verification_ecology_kit/runtime/json_store.py +83 -0
  111. verification_ecology_kit-1.0.0/src/verification_ecology_kit/runtime/loop.py +72 -0
  112. verification_ecology_kit-1.0.0/src/verification_ecology_kit/runtime/policies.py +37 -0
  113. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/aperture.schema.json +36 -0
  114. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/audit-report.schema.json +42 -0
  115. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/auth-inputs.schema.json +46 -0
  116. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/authority-decision.schema.json +74 -0
  117. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/boundary-record.schema.json +32 -0
  118. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/carrier-registry.schema.json +44 -0
  119. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/certification-profile.schema.json +30 -0
  120. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/certification-record.schema.json +44 -0
  121. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/check-result.schema.json +27 -0
  122. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/checker-registry.schema.json +44 -0
  123. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/conformance-report.schema.json +38 -0
  124. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/continuation-specification.schema.json +30 -0
  125. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/contract-registry.schema.json +12 -0
  126. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/counterexample-channel.schema.json +34 -0
  127. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/digest-record.schema.json +34 -0
  128. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/frontier-profile.schema.json +30 -0
  129. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/judgment-record.schema.json +52 -0
  130. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/ledger-event.schema.json +36 -0
  131. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/lifecycle-status-event.schema.json +34 -0
  132. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/maturity-profile.schema.json +38 -0
  133. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/overclosure-witness.schema.json +30 -0
  134. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/reachability-certificate.schema.json +40 -0
  135. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/reference-edge.schema.json +26 -0
  136. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/residual-ledger.schema.json +12 -0
  137. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/residual-record.schema.json +35 -0
  138. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/runtime-report.schema.json +20 -0
  139. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/schema-catalogue.schema.json +26 -0
  140. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/schema-migration-witness.schema.json +30 -0
  141. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/schema_catalogue.json +36 -0
  142. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/sound-gap-residual.schema.json +15 -0
  143. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/status-event.schema.json +34 -0
  144. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/status-view.schema.json +13 -0
  145. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/use-context.schema.json +46 -0
  146. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/verifier-packet.schema.json +59 -0
  147. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/vet-bundle.schema.json +30 -0
  148. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/vet-object-envelope.schema.json +45 -0
  149. verification_ecology_kit-1.0.0/src/verification_ecology_kit/schemas/vet-object-ref.schema.json +35 -0
  150. verification_ecology_kit-1.0.0/tests/fixtures/minimal_bundle.json +6 -0
  151. verification_ecology_kit-1.0.0/tests/golden/authority_denial_due_to_stale_support.json +7 -0
  152. verification_ecology_kit-1.0.0/tests/golden/counter_packet_boundary_gap.json +6 -0
  153. verification_ecology_kit-1.0.0/tests/golden/external_packet_quarantine.json +6 -0
  154. verification_ecology_kit-1.0.0/tests/golden/invalid_digest.json +24 -0
  155. verification_ecology_kit-1.0.0/tests/golden/minimal_core_bundle.json +11 -0
  156. verification_ecology_kit-1.0.0/tests/golden/missing_counter_packet_residual.json +7 -0
  157. verification_ecology_kit-1.0.0/tests/golden/overclosure_witness.json +9 -0
  158. verification_ecology_kit-1.0.0/tests/golden/runtime_history_residual.json +6 -0
  159. verification_ecology_kit-1.0.0/tests/golden/schema_overclosure_residual.json +9 -0
  160. verification_ecology_kit-1.0.0/tests/golden/stale_checker.json +7 -0
  161. verification_ecology_kit-1.0.0/tests/golden/theory_coverage.expected.json +537 -0
  162. verification_ecology_kit-1.0.0/tests/golden/unresolved_reference.json +9 -0
  163. verification_ecology_kit-1.0.0/tests/integration/test_cli.py +40 -0
  164. verification_ecology_kit-1.0.0/tests/integration/test_cli_extended.py +140 -0
  165. verification_ecology_kit-1.0.0/tests/property/test_properties.py +63 -0
  166. verification_ecology_kit-1.0.0/tests/security/test_scanners.py +80 -0
  167. verification_ecology_kit-1.0.0/tests/unit/test_audits_runtime.py +66 -0
  168. verification_ecology_kit-1.0.0/tests/unit/test_branch_coverage.py +255 -0
  169. verification_ecology_kit-1.0.0/tests/unit/test_canonical_digest_refs.py +63 -0
  170. verification_ecology_kit-1.0.0/tests/unit/test_cli_json_loaders.py +213 -0
  171. verification_ecology_kit-1.0.0/tests/unit/test_conformance_authority.py +178 -0
  172. verification_ecology_kit-1.0.0/tests/unit/test_extended_models.py +358 -0
  173. verification_ecology_kit-1.0.0/tests/unit/test_golden_fixtures.py +239 -0
  174. verification_ecology_kit-1.0.0/tests/unit/test_history_ledger.py +68 -0
  175. verification_ecology_kit-1.0.0/tests/unit/test_packets_operations.py +58 -0
  176. verification_ecology_kit-1.0.0/tests/unit/test_records_lifecycle.py +97 -0
@@ -0,0 +1,33 @@
1
+ .venv/
2
+ .pytest_cache/
3
+ .ruff_cache/
4
+ .mypy_cache/
5
+ .hypothesis/
6
+ dist/
7
+ build/
8
+ *.egg-info/
9
+ __pycache__/
10
+ **/__pycache__/
11
+ *.py[cod]
12
+ **/*.py[cod]
13
+ .coverage
14
+ coverage.xml
15
+ htmlcov/
16
+ site/
17
+ .env
18
+ .env.*
19
+ !.env.example
20
+ *.aux
21
+ *.bbl
22
+ *.bcf
23
+ *.blg
24
+ *.fdb_latexmk
25
+ *.fls
26
+ *.log
27
+ *.out
28
+ *.run.xml
29
+ *.synctex.gz
30
+ *.toc
31
+ *.pdf
32
+ *.ipynb
33
+ **/.ipynb_checkpoints/
@@ -0,0 +1,17 @@
1
+ # Changelog
2
+
3
+ ## 1.0.0
4
+
5
+ - Stabilized the package metadata and public version for the first stable OSS release.
6
+ - Made `vek packet operate` consume real packet JSON inputs and write output packets to `--out`.
7
+ - Made audit commands consume explicit input files instead of internal sample packets.
8
+ - Added JSON loaders for packets, residual ledgers, bundles, references, and runtime state.
9
+ - Deepened operational conformance checks for lifecycle status, judgment validity, residual liveness, and deny-by-default authority decisions.
10
+ - Improved JSON runtime persistence so saved ecology state loads back into packet population, history, residual ledger, archive, and reusable capital.
11
+ - Raised the test coverage gate to 92% and added focused tests for CLI JSON boundaries.
12
+ - Added v1 readiness and release-gate documentation plus `scripts/check_v1_readiness.py`.
13
+ - Expanded README navigation and first-time-user explanations.
14
+
15
+ ## 0.1.0
16
+
17
+ - Initial implementation of packet models, residual ledgers, canonicalization, digests, references, conformance reports, audits, runtime loop, CLI, schemas, tests, and PyPI publishing preparation.
@@ -0,0 +1,5 @@
1
+ # Code of Conduct
2
+
3
+ This project uses a minimal contributor covenant: keep discussion technical, specific, and respectful. Harassment, threats, or disclosure of private information are not acceptable.
4
+
5
+ Reports can be made through the repository security contact process described in `SECURITY.md`.
@@ -0,0 +1,19 @@
1
+ # Contributing
2
+
3
+ Use `uv sync --all-extras --dev` before development. Run the full local checks before submitting changes:
4
+
5
+ ```bash
6
+ uv run ruff format --check .
7
+ uv run ruff check .
8
+ uv run mypy src
9
+ uv run pytest
10
+ uv run python scripts/verify_no_secrets.py .
11
+ uv run python scripts/scan_local_info.py .
12
+ ```
13
+
14
+ Design rules:
15
+
16
+ - Preserve packet core fields, residuals, boundaries, lineage, and status information.
17
+ - Do not replace evidence records with dashboard labels.
18
+ - Add schemas for normative records before relying on new JSON fields.
19
+ - Keep runtime network access behind explicit adapters.
@@ -0,0 +1,16 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+
4
+ Copyright 2026 K. Takahashi
5
+
6
+ Licensed under the Apache License, Version 2.0 (the "License");
7
+ you may not use this file except in compliance with the License.
8
+ You may obtain a copy of the License at
9
+
10
+ http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+ Unless required by applicable law or agreed to in writing, software
13
+ distributed under the License is distributed on an "AS IS" BASIS,
14
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ See the License for the specific language governing permissions and
16
+ limitations under the License.
@@ -0,0 +1,459 @@
1
+ Metadata-Version: 2.4
2
+ Name: verification-ecology-kit
3
+ Version: 1.0.0
4
+ Summary: Python toolkit for verification auditing, residual ledgers, conformance checks, and verifier packet workflows.
5
+ Project-URL: Homepage, https://doi.org/10.5281/zenodo.21147093
6
+ Project-URL: Repository, https://github.com/kadubon/verification-ecology-kit
7
+ Project-URL: Issues, https://github.com/kadubon/verification-ecology-kit/issues
8
+ Project-URL: Documentation, https://github.com/kadubon/verification-ecology-kit#readme
9
+ Project-URL: Changelog, https://github.com/kadubon/verification-ecology-kit/blob/main/CHANGELOG.md
10
+ Project-URL: Security, https://github.com/kadubon/verification-ecology-kit/blob/main/SECURITY.md
11
+ Author: K. Takahashi
12
+ License-Expression: Apache-2.0
13
+ License-File: LICENSE
14
+ Keywords: audit,conformance,json-schema,residual-accountability,self-verification,software-quality,testing,verification
15
+ Classifier: Development Status :: 5 - Production/Stable
16
+ Classifier: Intended Audience :: Developers
17
+ Classifier: Intended Audience :: Science/Research
18
+ Classifier: License :: OSI Approved :: Apache Software License
19
+ Classifier: Programming Language :: Python :: 3
20
+ Classifier: Programming Language :: Python :: 3.11
21
+ Classifier: Programming Language :: Python :: 3.12
22
+ Classifier: Programming Language :: Python :: 3.13
23
+ Classifier: Topic :: Security
24
+ Classifier: Topic :: Software Development :: Quality Assurance
25
+ Requires-Python: >=3.11
26
+ Requires-Dist: jsonschema>=4.22
27
+ Provides-Extra: dev
28
+ Requires-Dist: bandit>=1.7.9; extra == 'dev'
29
+ Requires-Dist: build>=1.2.1; extra == 'dev'
30
+ Requires-Dist: check-jsonschema>=0.29.0; extra == 'dev'
31
+ Requires-Dist: detect-secrets>=1.5.0; extra == 'dev'
32
+ Requires-Dist: hypothesis>=6.100; extra == 'dev'
33
+ Requires-Dist: mkdocs>=1.6.0; extra == 'dev'
34
+ Requires-Dist: mypy>=1.10; extra == 'dev'
35
+ Requires-Dist: pip-audit>=2.7.3; extra == 'dev'
36
+ Requires-Dist: pytest-cov>=5.0; extra == 'dev'
37
+ Requires-Dist: pytest>=8.2; extra == 'dev'
38
+ Requires-Dist: ruff>=0.5.0; extra == 'dev'
39
+ Description-Content-Type: text/markdown
40
+
41
+ # verification-ecology-kit
42
+
43
+ `verification-ecology-kit` is a Python toolkit for making verification work
44
+ clear, traceable, and reviewable.
45
+
46
+ It helps you answer practical questions such as:
47
+
48
+ - What exactly was checked?
49
+ - What evidence was used?
50
+ - What is still unresolved?
51
+ - Which result is allowed to be reused, shared, or deployed?
52
+ - Did a file, JSON object, reference, or digest change after it was checked?
53
+ - Are failures being recorded, or are they being hidden behind a single
54
+ "passed" label?
55
+
56
+ The project is based on **Verifier Ecology Theory** by K. Takahashi:
57
+ https://doi.org/10.5281/zenodo.21147093
58
+
59
+ The theory uses precise terms. This package turns many of those terms into
60
+ ordinary software objects: JSON records, Python classes, command line checks,
61
+ schemas, audit reports, and release gates.
62
+
63
+ ## What This Package Does
64
+
65
+ Use this package when you need to record verification work in a form that other
66
+ people and other tools can inspect.
67
+
68
+ It can:
69
+
70
+ - describe a verifier, check, review step, or evidence source as a structured
71
+ record
72
+ - record open issues instead of dropping them after a partial pass
73
+ - validate JSON objects against bundled schemas
74
+ - compute stable SHA-256 digests for JSON files
75
+ - check whether references and digests still match
76
+ - run conformance checks over a bundle of related objects
77
+ - keep an append-only ledger of unresolved work
78
+ - make authority decisions explicit, such as "usable as evidence" versus
79
+ "allowed for deployment"
80
+ - run local audits for stale evidence, hidden failures, missing counter-checks,
81
+ schema overclosure, monoculture risk, and local information leakage
82
+ - build and smoke-test the Python package before release
83
+
84
+ It is useful for research tooling, safety review, software quality assurance,
85
+ schema-based workflows, release checks, and projects where verification claims
86
+ need a visible paper trail.
87
+
88
+ ## What This Package Does Not Do
89
+
90
+ This is not a theorem prover and does not claim to prove every property in the
91
+ paper.
92
+
93
+ It does not replace human review, domain expertise, model checking, formal
94
+ proof, fuzzing, or security testing. It gives those activities a shared record
95
+ format and a set of checks so that results, limits, and remaining work are not
96
+ lost.
97
+
98
+ In short:
99
+
100
+ - it records and checks verification evidence
101
+ - it keeps unfinished work visible
102
+ - it helps decide whether evidence can be reused
103
+ - it does not magically prove that a system is correct
104
+
105
+ ## Start Here
106
+
107
+ Choose the path that matches what you want to do.
108
+
109
+ | If you want to... | Start with |
110
+ | --- | --- |
111
+ | Try the tool quickly | [Try It In 5 Minutes](#try-it-in-5-minutes) |
112
+ | Learn the main ideas without theory jargon | [Core Ideas In Plain Words](#core-ideas-in-plain-words) |
113
+ | Use the command line | [Command Line Overview](#command-line-overview) and [docs/cli.md](docs/cli.md) |
114
+ | Use the Python API | [Python Example](#python-example) and [docs/api.md](docs/api.md) |
115
+ | Validate JSON records | [docs/schemas.md](docs/schemas.md) |
116
+ | Check a bundle of related records | [docs/conformance.md](docs/conformance.md) |
117
+ | Track unresolved work | [Track Open Work](#3-track-open-work) |
118
+ | Run audits | [docs/audits.md](docs/audits.md) |
119
+ | Understand the theory mapping | [docs/theory_mapping.md](docs/theory_mapping.md) and [docs/v1_audit.md](docs/v1_audit.md) |
120
+ | Review release readiness | [docs/v1_readiness.md](docs/v1_readiness.md), [docs/release_readiness.md](docs/release_readiness.md), and [docs/release_gates.md](docs/release_gates.md) |
121
+ | Check security posture | [SECURITY.md](SECURITY.md) and [docs/security.md](docs/security.md) |
122
+
123
+ ## Core Ideas In Plain Words
124
+
125
+ The package uses a few terms from the paper. They are easier to understand if
126
+ you map them to everyday review work.
127
+
128
+ | Term | Plain meaning |
129
+ | --- | --- |
130
+ | Verifier | Something that checks a claim, file, object, result, or process |
131
+ | Verifier packet | A structured record that says what a verifier is, where it came from, what it checks, and what limits it has |
132
+ | Residual | Work that is not finished yet, such as a missing check, unknown boundary, exception, warning, or unresolved question |
133
+ | Residual ledger | A history of residuals, including when they were added, changed, retired, quarantined, or redacted |
134
+ | Conformance report | A step-by-step report saying whether a group of records follows the selected rules |
135
+ | Authority gate | A deny-by-default decision layer that says whether evidence may be reused, shared, deployed, or used for repair |
136
+ | Bundle | A JSON object that groups packets, ledgers, decisions, references, and related evidence |
137
+ | Audit | A focused check for a known failure pattern, such as stale evidence or missing counter-checks |
138
+
139
+ These words matter because a simple `pass` or `fail` result is often too small
140
+ for real review work. A check can pass while still depending on assumptions. A
141
+ tool can be useful but too stale for deployment. A record can be valid JSON but
142
+ still unsafe to circulate. This package keeps those differences visible.
143
+
144
+ ## How The Pieces Fit Together
145
+
146
+ A common workflow looks like this:
147
+
148
+ 1. Create or receive a verifier packet.
149
+ 2. Validate the packet against a JSON schema.
150
+ 3. Compute digests for important JSON objects.
151
+ 4. Put related objects into a bundle.
152
+ 5. Run a conformance check on the bundle.
153
+ 6. Record unresolved work in the residual ledger.
154
+ 7. Run audits for common failure patterns.
155
+ 8. Use an authority gate to decide what the evidence is allowed to do.
156
+
157
+ You can use only one part of the package, such as schema validation or digest
158
+ checking, but the full workflow is designed to keep evidence, gaps, and
159
+ decisions connected.
160
+
161
+ ## Installation
162
+
163
+ Install from GitHub:
164
+
165
+ ```bash
166
+ pip install git+https://github.com/kadubon/verification-ecology-kit.git
167
+ ```
168
+
169
+ When the PyPI package is published, installation is:
170
+
171
+ ```bash
172
+ pip install verification-ecology-kit
173
+ ```
174
+
175
+ Requirements:
176
+
177
+ - Python 3.11 or newer
178
+ - No network access is required at runtime by default
179
+
180
+ Check that the command line tool is available:
181
+
182
+ ```bash
183
+ vek doctor
184
+ ```
185
+
186
+ ## Try It In 5 Minutes
187
+
188
+ Create a basic verifier packet:
189
+
190
+ ```bash
191
+ vek packet create --template operational
192
+ ```
193
+
194
+ Create a JSON file and compute its digest:
195
+
196
+ ```bash
197
+ python -c "from pathlib import Path; Path('object.json').write_text('{\"value\":\"demo\"}\\n', encoding='utf-8')"
198
+ vek digest object.json
199
+ ```
200
+
201
+ Create a minimal bundle and run a conformance check:
202
+
203
+ ```bash
204
+ python -c "from pathlib import Path; Path('bundle.json').write_text('{\"bundle_id\":\"demo\",\"schema_version\":\"1\",\"conformance_profile\":\"core\",\"objects\":[]}\\n', encoding='utf-8')"
205
+ vek conformance bundle.json --profile core --format markdown
206
+ ```
207
+
208
+ Scan the current repository for obvious secret-like values and local paths:
209
+
210
+ ```bash
211
+ vek scan leaks .
212
+ vek scan local-info .
213
+ ```
214
+
215
+ Next steps:
216
+
217
+ - read [docs/quickstart.md](docs/quickstart.md) for a short walkthrough
218
+ - read [docs/concepts.md](docs/concepts.md) for the main ideas
219
+ - run the examples in [examples/](examples/)
220
+
221
+ ## Python Example
222
+
223
+ ```python
224
+ from verification_ecology_kit import ResidualLedger, VerifierPacket
225
+
226
+ packet = VerifierPacket.minimal()
227
+ results = packet.validate()
228
+
229
+ ledger = ResidualLedger()
230
+ for residual in packet.residual_obligations:
231
+ ledger.add(residual, justification="packet validation")
232
+
233
+ print([result.to_dict() for result in results])
234
+ print(ledger.trace_ok().to_dict())
235
+ ```
236
+
237
+ This creates a minimal verifier packet, validates its accountability fields,
238
+ records any open residual work, and checks that the ledger trace is internally
239
+ consistent.
240
+
241
+ For more complete examples, see:
242
+
243
+ - [examples/basic_packet.py](examples/basic_packet.py)
244
+ - [examples/residual_ledger.py](examples/residual_ledger.py)
245
+ - [examples/operational_bundle.py](examples/operational_bundle.py)
246
+ - [examples/authority_gate.py](examples/authority_gate.py)
247
+ - [examples/federated_bundle.py](examples/federated_bundle.py)
248
+ - [examples/runtime_loop.py](examples/runtime_loop.py)
249
+
250
+ ## Common Workflows
251
+
252
+ ### 1. Check A JSON Object
253
+
254
+ ```bash
255
+ vek validate object.json --schema verifier-packet.schema.json --profile core
256
+ ```
257
+
258
+ Use this when you want to confirm that a JSON object matches one of the bundled
259
+ schemas.
260
+
261
+ ### 2. Check A Bundle
262
+
263
+ ```bash
264
+ vek conformance bundle.json --profile core --format json
265
+ ```
266
+
267
+ Use this when you want an ordered report for schema checks, digest checks,
268
+ reference checks, residual checks, judgment checks, and authority checks.
269
+
270
+ ### 3. Track Open Work
271
+
272
+ ```python
273
+ from verification_ecology_kit import ResidualLedger, ResidualRecord
274
+ from verification_ecology_kit.model.records import ResidualKind
275
+
276
+ ledger = ResidualLedger()
277
+ residual = ResidualRecord(
278
+ kind=ResidualKind.UNRESOLVED,
279
+ origin="manual-review",
280
+ scope=("boundary",),
281
+ obligation="Review the destructive boundary before reuse.",
282
+ )
283
+ ledger.add(residual, justification="manual audit")
284
+ ```
285
+
286
+ Use this when a check cannot honestly be treated as fully closed.
287
+
288
+ ### 4. Run Local Audits
289
+
290
+ ```bash
291
+ vek audit packet-ecology packet.json
292
+ vek audit residual-metabolism ledger.json
293
+ vek audit schema-overclosure schema-audit.json
294
+ vek audit monoculture packet.json
295
+ ```
296
+
297
+ Use these when reviewing whether verifier packets have counter-checks, whether
298
+ residuals remain live, whether a schema is hiding unknown information, or
299
+ whether the verification process is becoming too uniform.
300
+
301
+ ### 5. Operate On Packets
302
+
303
+ ```bash
304
+ vek packet operate fork packet.json --reason new-scope --out forked.json
305
+ vek packet operate specialize packet.json --scope payment-flow --out scoped.json
306
+ vek packet operate repair packet.json --repair-note "added stale-evidence check" --out repaired.json
307
+ vek packet operate quarantine packet.json --reason digest-mismatch --out quarantined.json
308
+ ```
309
+
310
+ Use these commands when a verifier packet changes state and you need the change
311
+ to be visible.
312
+
313
+ ## Command Line Overview
314
+
315
+ Main commands:
316
+
317
+ ```bash
318
+ vek init
319
+ vek doctor
320
+ vek version
321
+ vek schema list
322
+ vek schema export --out schema-out
323
+ vek validate OBJECT.json --schema SCHEMA
324
+ vek digest OBJECT.json
325
+ vek conformance BUNDLE.json --profile core --format markdown
326
+ vek refs check BUNDLE.json
327
+ vek ledger replay LEDGER.json
328
+ vek packet create --template minimal
329
+ vek packet operate fork PACKET.json --out forked-packet.json
330
+ vek packet operate compose LEFT.json RIGHT.json --out composed-packet.json
331
+ vek audit packet-ecology PACKET.json
332
+ vek audit residual-metabolism LEDGER.json
333
+ vek runtime run CONFIG.json
334
+ vek scan leaks PATH
335
+ vek scan local-info PATH
336
+ ```
337
+
338
+ See [docs/cli.md](docs/cli.md) for the full command list.
339
+
340
+ ## Documentation Map
341
+
342
+ Use this map when you need more detail than the README.
343
+
344
+ | Topic | Document |
345
+ | --- | --- |
346
+ | First steps | [docs/quickstart.md](docs/quickstart.md) |
347
+ | Main ideas | [docs/concepts.md](docs/concepts.md) |
348
+ | Short definitions | [docs/glossary.md](docs/glossary.md) |
349
+ | Command line usage | [docs/cli.md](docs/cli.md) |
350
+ | Python API | [docs/api.md](docs/api.md) |
351
+ | Data model | [docs/data_model.md](docs/data_model.md) |
352
+ | JSON schemas | [docs/schemas.md](docs/schemas.md) |
353
+ | Conformance checks | [docs/conformance.md](docs/conformance.md) |
354
+ | Audit checks | [docs/audits.md](docs/audits.md) |
355
+ | Runnable examples | [docs/examples.md](docs/examples.md) and [examples/](examples/) |
356
+ | Security model | [docs/security.md](docs/security.md) |
357
+ | Theory mapping | [docs/theory_mapping.md](docs/theory_mapping.md) |
358
+ | v1 implementation audit | [docs/v1_audit.md](docs/v1_audit.md) |
359
+ | v1 readiness | [docs/v1_readiness.md](docs/v1_readiness.md) |
360
+ | Release readiness | [docs/release_readiness.md](docs/release_readiness.md) |
361
+ | Release gates | [docs/release_gates.md](docs/release_gates.md) |
362
+ | Pre-publication audit | [docs/pre_publication_audit.md](docs/pre_publication_audit.md) |
363
+
364
+ ## Repository Map
365
+
366
+ - [src/verification_ecology_kit/](src/verification_ecology_kit/): package source
367
+ - [src/verification_ecology_kit/schemas/](src/verification_ecology_kit/schemas/):
368
+ bundled JSON schemas
369
+ - [examples/](examples/): small runnable examples
370
+ - [tests/](tests/): unit, property, security, CLI, and golden tests
371
+ - [tests/golden/](tests/golden/): expected behavior cases
372
+ - [docs/](docs/): user and release documentation
373
+ - [scripts/](scripts/): local verification and release-support scripts
374
+ - [security/](security/): scanner allowlist examples
375
+
376
+ ## Development
377
+
378
+ Install development dependencies:
379
+
380
+ ```bash
381
+ uv sync --all-extras --dev
382
+ ```
383
+
384
+ Run the main local checks:
385
+
386
+ ```bash
387
+ uv run ruff format --check .
388
+ uv run ruff check .
389
+ uv run mypy src
390
+ uv run pytest --cov=verification_ecology_kit --cov-report=term-missing
391
+ ```
392
+
393
+ Run security, schema, docs, and package checks:
394
+
395
+ ```bash
396
+ uv run python scripts/verify_no_secrets.py .
397
+ uv run python scripts/scan_local_info.py .
398
+ uv run check-jsonschema --check-metaschema src/verification_ecology_kit/schemas/*.schema.json
399
+ uv run bandit -c pyproject.toml -r src scripts
400
+ uv run pip-audit
401
+ uvx zizmor .
402
+ uv run mkdocs build --strict
403
+ uv build --no-sources
404
+ uv run python scripts/verify_package_contents.py
405
+ uv run python scripts/smoke_install_wheel.py
406
+ uv run python scripts/check_v1_readiness.py --strict
407
+ ```
408
+
409
+ For release-specific evidence, read
410
+ [docs/release_readiness.md](docs/release_readiness.md) and
411
+ [docs/release_gates.md](docs/release_gates.md).
412
+
413
+ ## Security And Privacy
414
+
415
+ - No telemetry is built in.
416
+ - Runtime network access is not required by default.
417
+ - JSON is used for input data; pickle is not used for untrusted data.
418
+ - CI runs secret scanning, local information scanning, Bandit, pip-audit, and
419
+ GitHub Actions workflow scanning.
420
+ - GitHub Actions are pinned to commit hashes and checkout credentials are not
421
+ persisted in workflow jobs.
422
+
423
+ If you find a security issue, see [SECURITY.md](SECURITY.md).
424
+
425
+ ## Project Status
426
+
427
+ Current version: `1.0.0`
428
+
429
+ Status:
430
+
431
+ - first stable OSS implementation
432
+ - typed Python package
433
+ - command line interface included
434
+ - JSON schemas included
435
+ - runnable examples included
436
+ - golden tests included
437
+ - GitHub repository published
438
+ - local package build and wheel smoke install pass
439
+ - PyPI and GitHub release publication are performed after tagging
440
+
441
+ Before treating the package as v1.0.0-ready, check:
442
+
443
+ - [docs/v1_audit.md](docs/v1_audit.md)
444
+ - [docs/v1_readiness.md](docs/v1_readiness.md)
445
+ - [docs/release_readiness.md](docs/release_readiness.md)
446
+ - [docs/release_gates.md](docs/release_gates.md)
447
+
448
+ The public API is intended to stabilize around the classes exported from
449
+ `verification_ecology_kit`.
450
+
451
+ ## Citation
452
+
453
+ Takahashi, K. (2026). *Verifier Ecology Theory: Packetized
454
+ Self-Verification Under Residual Accountability*. Zenodo.
455
+ https://doi.org/10.5281/zenodo.21147093
456
+
457
+ ## License
458
+
459
+ Apache-2.0.