|
1 | | - |
2 | 1 | # COMPLIANCE — Protocol-Commons |
3 | 2 |
|
4 | | -This document defines what it means to be **Protocol-Commons compliant** and how to keep that status over time. |
5 | | - |
6 | | -If you claim compatibility but break these rules, you’re lying to your own users. |
| 3 | +This document defines what it means to be **Protocol-Commons compliant** and how to maintain that status over time. |
7 | 4 |
|
8 | 5 | --- |
9 | 6 |
|
10 | 7 | ## 1. Scope |
11 | 8 |
|
12 | 9 | These rules apply to: |
13 | 10 |
|
14 | | -- All schemas under `schemas/v*/commons/` |
15 | | -- All shared primitives under `schemas/v*/_shared/` |
16 | | -- All examples under `examples/v*/commons/` |
17 | | -- The ENS TXT fields governed by Protocol-Commons: |
18 | | - |
19 | | - ```txt |
20 | | - cl.verb |
21 | | - cl.version |
22 | | - cl.schema.request |
23 | | - cl.schema.receipt |
24 | | - cl.cid.schemas |
25 | | - cl.schemas.mirror.ipfs |
26 | | - ``` |
27 | | - |
28 | | -Everything here is normative for semantics and schema integrity. |
29 | | - |
30 | | -## 2. Versioning & Immutability |
31 | | -For any directory schemas/vX.Y.Z/: |
32 | | - |
33 | | -No in-place edits to: |
| 11 | +- Schemas under `schemas/v*/commons/` |
| 12 | +- Shared primitives under `schemas/v*/_shared/` |
| 13 | +- Examples under `examples/v*/commons/` |
34 | 14 |
|
35 | | -Request/receipt schemas |
| 15 | +**ENS TXT Summary** |
| 16 | +This document only summarizes TXT responsibilities. |
| 17 | +The canonical definitions and enforcement rules are specified in: |
| 18 | +- `SPEC.md` (Protocol-Commons) |
36 | 19 |
|
37 | | -_shared primitives |
| 20 | +In case of discrepancy, SPEC.md is authoritative. |
38 | 21 |
|
39 | | -$id strings |
| 22 | +Compliance covers semantics and schema integrity only—identity bindings are governed by Agent-Cards. |
40 | 23 |
|
41 | | -No silent behavior changes. |
| 24 | +--- |
42 | 25 |
|
43 | | -Any change to schema shape, $id, or semantics requires: |
| 26 | +## 2. Versioning & Immutability |
44 | 27 |
|
45 | | -A new version directory (vX.Y+1.Z or vX+1.0.0) |
| 28 | +For any directory `schemas/vX.Y.Z/`: |
46 | 29 |
|
47 | | -New CID |
| 30 | +No in-place edits to: |
| 31 | +- Request/receipt schemas |
| 32 | +- `_shared` primitives |
| 33 | +- `$id` values |
| 34 | +- Normative behavior |
48 | 35 |
|
49 | | -Updated checksums.txt + manifest.json |
| 36 | +Any semantic change requires: |
| 37 | +- New version directory |
| 38 | +- Updated CIDs + checksums |
| 39 | +- Logged update in `RESOLUTION.md` |
| 40 | +- Governance approval |
50 | 41 |
|
51 | | -A logged entry in RESOLUTION.md |
| 42 | +Mutating a published version is **not compliant**. |
52 | 43 |
|
53 | | -Governance approval as defined in GOVERNANCE.md |
| 44 | +--- |
54 | 45 |
|
55 | | -If you mutate a published version directory, you are no longer compliant. |
| 46 | +## 3. JSON Schema Requirements |
56 | 47 |
|
57 | | -3. JSON Schema Requirements |
58 | 48 | All Protocol-Commons schemas MUST: |
59 | 49 |
|
60 | | -Use JSON Schema Draft 2020-12 |
61 | | - |
62 | | -Validate under Ajv strict mode (see SPEC.md) |
63 | | - |
64 | | -Disallow unexpected fields unless explicitly allowed via additionalProperties: true |
| 50 | +- Use JSON Schema Draft 2020-12 |
| 51 | +- Validate under **Ajv strict mode** |
| 52 | +- Use deterministic HTTPS-resolvable `$id` values matching SPEC.md |
| 53 | +- Enforce verb-specific input + receipt contract |
65 | 54 |
|
66 | | -Use deterministic, HTTPS-resolvable $id values: |
| 55 | +Loose validation or altered `$id` resolution is **not compliant**. |
67 | 56 |
|
68 | | -text |
69 | | -Copy code |
70 | | -https://commandlayer.org/schemas/v1.0.0/commons/<verb>/requests/<verb>.request.schema.json |
71 | | -https://commandlayer.org/schemas/v1.0.0/commons/<verb>/receipts/<verb>.receipt.schema.json |
72 | | -Shared primitives follow: |
73 | | - |
74 | | -text |
75 | | -Copy code |
76 | | -https://commandlayer.org/schemas/v1.0.0/_shared/x402.schema.json |
77 | | -https://commandlayer.org/schemas/v1.0.0/_shared/trace.schema.json |
78 | | -https://commandlayer.org/schemas/v1.0.0/_shared/receipt.base.schema.json |
79 | | -If your implementation uses different $id values or looser validation, you are not fully compliant. |
80 | | - |
81 | | -4. ENS TXT Responsibilities |
82 | | -Protocol-Commons is responsible only for the following TXT records on ENS: |
83 | | - |
84 | | -txt |
85 | | -Copy code |
86 | | -cl.verb |
87 | | -cl.version |
88 | | -cl.schema.request |
89 | | -cl.schema.receipt |
90 | | -cl.cid.schemas |
91 | | -cl.schemas.mirror.ipfs |
92 | | -Compliance requires that: |
93 | | - |
94 | | -These fields map exactly to the canonical schemas and the published CID. |
95 | | - |
96 | | -They reflect the correct version directory. |
97 | | - |
98 | | -They are updated only when a new version is published and recorded in SECURITY_PROVENANCE.md and RESOLUTION.md. |
99 | | - |
100 | | -Identity-specific TXT fields (cl.agentcard, cl.entry, etc.) are governed by Agent-Cards, not Protocol-Commons. |
101 | | - |
102 | | -5. CIDs & Checksums |
103 | | -For each release: |
104 | | - |
105 | | -The entire schemas/vX.Y.Z/ tree MUST be: |
| 57 | +--- |
106 | 58 |
|
107 | | -Pinned to IPFS (see SECURITY_PROVENANCE.md) |
| 59 | +## 4. CIDs & Checksums |
108 | 60 |
|
109 | | -Indexed in checksums.txt using SHA-256 |
| 61 | +Each release MUST: |
110 | 62 |
|
111 | | -Described in manifest.json |
| 63 | +- Pin the entire version folder to IPFS |
| 64 | +- Provide SHA-256 checksums |
| 65 | +- Publish manifest.json |
112 | 66 |
|
113 | 67 | Compliance requires: |
| 68 | +- `cl.cid.schemas` resolves to the correct CID |
| 69 | +- IPFS mirrors match HTTP mirrors exactly |
114 | 70 |
|
115 | | -The CID used in cl.cid.schemas matches the pinned content. |
116 | | - |
117 | | -The HTTP mirror at cl.schemas.mirror.ipfs serves the same content. |
| 71 | +Mismatch = **integrity failure** |
118 | 72 |
|
119 | | -Any mismatch between CID, checksum, and actual content is treated as an integrity failure. |
120 | | - |
121 | | -6. Security & Privacy |
122 | | -Protocol-Commons is semantic infra, not application data: |
123 | | - |
124 | | -No PII in schemas or examples. |
125 | | - |
126 | | -No runtime secrets, keys, or hostnames. |
127 | | - |
128 | | -No transport-specific tokens. |
129 | | - |
130 | | -If your downstream usage adds sensitive data, that is outside this repo and must be governed by your own security model. |
131 | | - |
132 | | -Security incidents in Commons itself (e.g., malicious modification of schemas, hijacked $id hosts, or CID poisoning) must follow the procedure in SECURITY.md. |
133 | | - |
134 | | -7. Governance Traceability |
135 | | -Compliance requires a paper trail: |
136 | | - |
137 | | -Every semantic change has a corresponding entry in RESOLUTION.md. |
138 | | - |
139 | | -Every published version and CID appears in SECURITY_PROVENANCE.md. |
140 | | - |
141 | | -Every ENS TXT mutation for Commons-controlled keys is: |
142 | | - |
143 | | -Justified (new version, bugfix, etc.) |
144 | | - |
145 | | -Logged and reviewable |
146 | | - |
147 | | -If a schema or version exists without a trail in these files, it is not canonical, regardless of where it is hosted. |
148 | | - |
149 | | -8. Ecosystem Alignment |
150 | | -To be a good citizen, a Commons-compliant implementation should: |
151 | | - |
152 | | -Respect ERC-8004 discovery flows where applicable. |
153 | | - |
154 | | -Respect x402 envelope semantics: |
155 | | - |
156 | | -x402.verb = canonical verb name |
157 | | - |
158 | | -x402.version = Commons version |
| 73 | +--- |
159 | 74 |
|
160 | | -x402.status ∈ {"ok", "error"} for receipts |
| 75 | +## 5. Security & Privacy |
161 | 76 |
|
162 | | -Embed trace and status primitives exactly as defined in _shared/ schemas. |
| 77 | +Schemas are **semantic infrastructure**, not application output. |
163 | 78 |
|
164 | | -If you diverge from x402 or related standards, you are still free to run locally — just don’t claim compliance. |
| 79 | +Therefore: |
| 80 | +- No PII |
| 81 | +- No secrets or private routing data |
| 82 | +- No execution logic |
165 | 83 |
|
166 | | -9. Deviation Handling |
167 | | -If you discover a deviation (your own or the repo’s): |
| 84 | +Security incidents MUST follow `SECURITY.md`. |
168 | 85 |
|
169 | | -File an Issue in this repository. |
| 86 | +--- |
170 | 87 |
|
171 | | -Describe: |
| 88 | +## 6. Governance Traceability |
172 | 89 |
|
173 | | -What is wrong (schema mismatch, CID mismatch, TXT mismatch, etc.) |
| 90 | +Every canonical change MUST be reflected in: |
| 91 | +- `RESOLUTION.md` (what + why + who) |
| 92 | +- `SECURITY_PROVENANCE.md` (CIDs + checksums) |
174 | 93 |
|
175 | | -Which versions, verbs, and endpoints are affected |
| 94 | +An artifact **without a governance trail** is not canonical. |
176 | 95 |
|
177 | | -Potential impact on runtimes |
| 96 | +--- |
178 | 97 |
|
179 | | -If it’s a security issue, follow SECURITY.md instead of posting full details publicly. |
| 98 | +## 7. Ecosystem Alignment |
180 | 99 |
|
181 | | -Work with maintainers to: |
| 100 | +Commons-compliant implementations SHOULD: |
182 | 101 |
|
183 | | -Decide if a new version is required |
| 102 | +- Support ERC-8004 discovery where relevant |
| 103 | +- Enforce canonical x402 envelope + trace rules |
184 | 104 |
|
185 | | -Update provenance and ENS records |
| 105 | +Divergence is allowed — but **compliance claims then MUST NOT be made**. |
186 | 106 |
|
187 | | -Document the incident in RESOLUTION.md |
| 107 | +--- |
188 | 108 |
|
189 | | -10. Compliance Checklist |
190 | | -You can reasonably say you are Protocol-Commons compliant if: |
| 109 | +## 8. Deviation Handling |
191 | 110 |
|
192 | | - You validate requests and receipts using the canonical schemas with strict Ajv. |
| 111 | +If a deviation is found: |
193 | 112 |
|
194 | | - You treat version directories as immutable once published. |
| 113 | +1. File an Issue (or follow `SECURITY.md` if sensitive) |
| 114 | +2. Describe affected version and impact |
| 115 | +3. Steward determines whether to publish a corrected version |
| 116 | +4. Changes documented in `RESOLUTION.md` |
195 | 117 |
|
196 | | - You resolve $id URLs to the canonical HTTP mirrors. |
| 118 | +--- |
197 | 119 |
|
198 | | - You verify CIDs and checksums before trusting schemas. |
| 120 | +## 9. Compliance Checklist |
199 | 121 |
|
200 | | - You respect the ENS TXT division of responsibilities. |
| 122 | +You may claim **Protocol-Commons compliant** if: |
201 | 123 |
|
202 | | - You log any verb/schema lifecycle changes in RESOLUTION.md. |
| 124 | +- Strict Ajv validation enforced |
| 125 | +- Version directories treated as immutable |
| 126 | +- `$id` URLs resolve correctly |
| 127 | +- CIDs and checksums match content |
| 128 | +- Changes logged and signed |
| 129 | +- ENS TXT duties respected per SPEC.md |
203 | 130 |
|
204 | | -If any of the above is false, treat your implementation as experimental and avoid claiming full compliance. |
| 131 | +If uncertain → treat the implementation as **experimental**. |
0 commit comments