This tutorial explains PF-Core without requiring Lean. For formal details see formal-model.md.
| Layer | What it does |
|---|---|
| Lean proves | If JSON is modeled correctly, deciders match safety predicates |
| Runtime validates | Schema, hash chains, compile determinism |
| Assumptions | Emitters are honest enough to produce valid JSON and tenant labels |
- Runtime observation — what an adapter saw (MCP audit line, lab gate, etc.)
- Event — normalized record with
event_kind(actionorhandoff),decision, and hash-chain fields - Trace — ordered events with
trace_hash - Certificate — summary bit
safeover a trace hash
pip install -e pf-core/validator
pf core schema-check --schemas pf-core/schemas
pf core compile-observation --file pf-core/examples/valid/mcp_sidecar_observation.json
pf core check-trace --file pf-core/examples/valid/file_read_allowed_trace.json
pf core emit-artifacts --file pf-core/examples/valid/mcp_sidecar_observation.json --out-dir ./artifactsWindows: powershell -File pf-core/scripts/pf-core-trusted.ps1
Full pipeline gate (sidecar → normalize → compile → check-trace → certificate):
make pf-core-e2e
# or
bash pf-core/scripts/e2e-replay-gate.sh
powershell -File pf-core/scripts/e2e-replay-gate.ps1Scenarios exercised:
| Scenario | Expected |
|---|---|
| File read allow (v1 observation) | PASS through certificate |
| MCP sidecar normalize | PASS through certificate |
| Compile downgrades unsafe allow | decision: denied |
| Handoff subset violation | FAIL at check-trace |
| PCS replay trace | PASS at check-trace |
| Tampered hash chain | FAIL at replay validation |
| Lean replay (3 goldens) | PASS with --lean-check |
| Handoff validate + audit.jsonl | PASS (validate-handoff, handoff trace audit line) |
Single observation walkthrough:
pf core compile-observation --schemas pf-core/schemas \
--file pf-core/examples/valid/mcp_sidecar_observation.json --output /tmp/event.json
pf core validate-event --schemas pf-core/schemas --file /tmp/event.json
pf core check-trace --schemas pf-core/schemas \
--file pf-core/examples/valid/file_read_allowed_trace.json --lean-check
pf core validate-handoff --schemas pf-core/schemas \
--file pf-core/examples/valid/handoff.json
pf core emit-certificate --schemas pf-core/schemas \
--trace pf-core/examples/valid/file_read_allowed_trace.json --output /tmp/cert.json| Kind | Meaning | Safety check |
|---|---|---|
action |
Tool call / effect attempt | Capability + tenant + effect |
handoff |
Authority transfer between principals | Same tenant + bilateral capability |
Handoff trace example: pf-core/examples/valid/handoff_trace.json
- Does not prove LLM outputs are correct
- Does not sandbox MCP servers or OS calls
- Does not guarantee recipients honor handoffs
See claim-boundary.md for allowed wording.
- Adapter contract — map your runtime to observations
- Ecosystem inventory — how PF-Core relates to Provability Fabric
- Examples — valid/invalid fixture catalog