Tighten release metadata validation (#29)

Author: GsCommand

GOVERNANCE.md

@@ -15,6 +15,16 @@ Steward duties include:
 - preventing schema, example, manifest, checksum, and public-doc drift
 - coordinating with Protocol-Commons, Agent Cards, and commandlayer.org mirrors so that current-line path teaching stays coherent
 
+## Succession and continuity
+
+If the founding steward becomes unavailable or chooses to step down, a successor steward may be designated by a signed repository update that:
+
+- names the incoming steward explicitly
+- updates this document and any mirrored governance metadata in the same change set
+- preserves the rule that published release lines remain immutable
+
+Until such a designation lands, no other party may claim unilateral authority to mutate published artifacts or redefine the current line retroactively.
+
 ## Decision rules
 
 | Change type | Requirement |

README.md

@@ -261,6 +261,8 @@ sha256sum -c checksums.txt
 
 Agent Cards v1.1.0 should bind directly to the current flat commercial schema URIs published by this repository. They should not point at the historical v1.0.0 `requests/` or `receipts/` paths when declaring current-line commercial capability.
 
+The `manifest.json` alignment metadata is intentionally declarative only. It records the intended version pairing with Protocol-Commons and Agent Cards, but it must not be read as machine-verified cross-repository enforcement on its own.
+
 Protocol-Commons and Protocol-Commercial therefore tell one coherent story:
 
 - Commons defines base actions.

checksums.txt

@@ -28,7 +28,7 @@ a2a5e61fa04e12786a848e03bbabbc3f9d066ca55a6f48cb1ae1140f6373bf94  examples/v1.1.
 9492d90ea14ad35eeb8acd03248ce6061ccdc04a7aff4ed538d8c42be3abc015  examples/v1.1.0/commercial/verify/valid/002-verify.request.valid.json
 50874f3eea69a51ac132873b05e39318e4c2241078ca5e258e466934935ec945  examples/v1.1.0/commercial/verify/valid/900-verify.receipt.valid.json
 455d19ad1b7ef98e436d8f1c675fee7f2716eb17d301da8d2cc4e2e2c51e624a  examples/v1.1.0/commercial/verify/valid/901-verify.receipt.valid.json
-0e4a8b868fa2f7d68bd5f65d7687a91ed97cd380b1b979dd7dc15b44a5a28939  manifest.json
+a2d3d327da30d33a96e9bc2fa9ccbc3689963c920c136df0e4ba452a7e7284da  manifest.json
 4d1178e63f6c5a9e1e4d9cc4d386fbad023dd5a85c000ff193285b1fed9af243  schemas/v1.1.0/commercial/authorize/authorize.receipt.schema.json
 ef5da55ba5acdd43e8d2715204938762a63819dd370ebc8dfedad014617259c3  schemas/v1.1.0/commercial/authorize/authorize.request.schema.json
 66e39d85a503ec2fa096d789b5b3136a451387186fa33424c4bcb07ce9aea49b  schemas/v1.1.0/commercial/checkout/checkout.receipt.schema.json
@@ -39,4 +39,4 @@ e9b62cf29d5f58fed922e9bc77c8d3e13e6f7ed04785baad7a7e4fc600ab44b8  schemas/v1.1.0
 b876f8ffbfd87e5554374de114414f9e4091ba09c80d07b9b99a40ff1befd7c5  schemas/v1.1.0/commercial/ship/ship.request.schema.json
 7abc8e8a2dec058298ba5dd0603f20d9f95f6bc411fcd429fdb3c7a116dcbcca  schemas/v1.1.0/commercial/verify/verify.receipt.schema.json
 09707b90a6317d10d13f6e5339bc17a7ddc4d5938970ff7e25842876b7f2eea5  schemas/v1.1.0/commercial/verify/verify.request.schema.json
-ef4d9050f892c9d4b86382b9fd3018ee8496e6ad26c2fa9a64cbb44b7d549598  schemas/v1.1.0/index.json
+0993bbc6dee0ccefa624ef95c47d87398cc3585b0e95f0f6a7e55d4eed176c4f  schemas/v1.1.0/index.json

manifest.json

@@ -7,6 +7,8 @@
   "repository": "https://github.com/commandlayer/protocol-commercial",
   "homepage": "https://commandlayer.org",
   "license": "Apache-2.0",
+  "path_base": ".",
+  "paths_are_repo_relative": true,
   "schemas_root": "schemas/v1.1.0",
   "examples_root": "examples/v1.1.0",
   "current_index": "schemas/v1.1.0/index.json",
@@ -38,6 +40,7 @@
     "protocol_commons": "1.1.0",
     "agent_cards": "1.1.0"
   },
+  "alignment_verification": "declarative-only",
   "verbs": [
     {
       "verb": "authorize",

package.json

@@ -77,8 +77,5 @@
     "ajv": "^8.17.1",
     "ajv-errors": "^3.0.0",
     "ajv-formats": "^3.0.1"
-  },
-  "publishConfig": {
-    "access": "public"
   }
 }

schemas/v1.1.0/index.json

@@ -2,6 +2,8 @@
   "name": "@commandlayer/commercial",
   "version": "1.1.0",
   "class": "commercial",
+  "path_base": ".",
+  "paths_are_repo_relative": true,
   "schemas_root": "schemas/v1.1.0",
   "verbs": [
     {

scripts/validate-all.mjs

@@ -96,11 +96,14 @@ async function validateManifest() {
   assert(!("$schema" in manifest), "manifest.json must not carry a decorative $schema field");
   assert(manifest.version === CURRENT_VERSION, `manifest version must be ${CURRENT_VERSION}`);
   assert(manifest.status === "current", "manifest status must be current");
+  assert(manifest.path_base === ".", "manifest path_base must anchor repo-relative paths");
+  assert(manifest.paths_are_repo_relative === true, "manifest must declare repo-relative path semantics");
   assert(manifest.schemas_root === `schemas/v${CURRENT_VERSION}`, "manifest schemas_root drift");
   assert(manifest.examples_root === `examples/v${CURRENT_VERSION}`, "manifest examples_root drift");
   assert(manifest.current_index === `schemas/v${CURRENT_VERSION}/index.json`, "manifest current_index drift");
   assert(manifest.checksums_file === "checksums.txt", "manifest checksums_file drift");
   assert("declared_alignment" in manifest, "manifest must expose declarative alignment metadata");
+  assert(manifest.alignment_verification === "declarative-only", "manifest alignment verification mode drift");
   assert(!("aligns_with" in manifest), "manifest aligns_with field must not imply verified enforcement");
   assert(JSON.stringify(manifest.verbs.map((v) => v.verb)) === JSON.stringify(EXPECTED_VERBS), "manifest verb list drift");
 }
@@ -171,6 +174,8 @@ async function validateIndex() {
   const indexPath = path.join(SCHEMAS_ROOT, "index.json");
   const indexJson = await loadJsonStrict(indexPath);
   assert(indexJson.version === CURRENT_VERSION, "index.json version drift");
+  assert(indexJson.path_base === ".", "index.json path_base must anchor repo-relative paths");
+  assert(indexJson.paths_are_repo_relative === true, "index.json must declare repo-relative path semantics");
   assert(indexJson.schemas_root === `schemas/v${CURRENT_VERSION}`, "index.json schemas_root drift");
   assert(JSON.stringify(indexJson.verbs) === JSON.stringify(EXPECTED_VERBS.map(expectedVerbEntry)), "index.json verb inventory drift");
 

scripts/validate-examples.mjs

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
-import { readdir } from "fs/promises";
 import path from "path";
 import Ajv2020 from "ajv/dist/2020.js";
 import addFormats from "ajv-formats";
 import ajvErrors from "ajv-errors";
 import { loadJsonStrict } from "./load-json-strict.mjs";
+import { readdir } from "fs/promises";
 
 const ROOT_DIR = process.cwd();
 const CURRENT_VERSION = "1.1.0";
@@ -24,7 +24,7 @@ async function validateVerb(verb) {
 
   for (const group of ["valid", "invalid"]) {
     const dir = path.join(EXAMPLES_ROOT, verb, group);
-    const files = (await fs.readdir(dir)).filter((file) => file.endsWith(".json")).sort();
+    const files = (await readdir(dir)).filter((file) => file.endsWith(".json")).sort();
     const requestFiles = files.filter((file) => file.includes("request"));
     const receiptFiles = files.filter((file) => file.includes("receipt"));
     if (requestFiles.length === 0 || receiptFiles.length === 0) {