feat(catalog): SourceOS model/adapter catalog entry admission contract v0.1#19
Merged
Conversation
…t v0.1 Implements the ModelCatalogEntry admission contract for model-router. Designed from forensic analysis of Apple Foundation Models delivery, Claude Code/Codex lifecycle failures, and SourceOS differentiators (SAE interpretability, SCOPE-D epistemic labeling, guardrail-fabric policy, Ontogenesis ontologies, TriTRPC provenance wire). Seven hard admission gates — a single failure denies, no silent admission: 1. content_hash_mismatch — sha256 format + payload verification; encrypted=true invariant 2. attestation_invalid — signer identity, signature, hash-chain (provenance anchor) 3. base_version_mismatch — adapters/steering/guardrail must declare exact base binding 4. capability_not_granted — highPrivilege requires non-empty requiredPermissions 5. missing_epistemic_label — SCOPE-D level required; no label = inadmissible 6. epistemic_rejected — retained for audit, never loadable 7. steering_diff_unsupported — steeringTier full/local requires emitsSteeringDiff=true Artifacts: contracts/sourceos/model-catalog-entry.v0.1.ts — TypeScript source of truth schemas/model-catalog-entry.v0.1.schema.json — JSON Schema (draft-07) examples/model-catalog-entry.admitted.json — valid admitted entry examples/model-catalog-entry.denied.epistemic-rejected.json examples/model-catalog-entry.denied.steering-diff-unsupported.json tools/validate_model_catalog_entry.py — Python admission implementation tools/tests/test_model_catalog_entry.py — 35 tests, all gates covered Makefile: validate-model-catalog-entry wired into make validate .github/workflows/model-catalog-entry.yml — path-scoped CI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ModelCatalogEntryadmission contract from the SourceOS model/adapter catalog entry TypeScript specmake validate-model-catalog-entrywired intomake validate— gated on every full validation runDesign decisions
TypeScript is the source of truth (
contracts/sourceos/model-catalog-entry.v0.1.ts). The JSON Schema and Python validator are derived from it. The TypeScript file is the canonical contract document; the other files are implementations.encrypted: trueis a const, not a flag. The JSON Schema uses"const": true. The Python validator treats it as an admission invariant —encrypted: false→content_hash_mismatch. This is the Apple discipline: encryption-at-rest is identity, not a configuration option.base_version_mismatchis structural at validation time, runtime at delivery time. The static validator checks that adapters declare a fully-specified base binding (non-empty IDs + valid sha256). The runtime check (comparingbaseVersionagainst the currently-loaded base) lives at delivery and is not in scope here.High-privilege requires declared permissions.
highPrivilege: truewith emptyrequiredPermissions→capability_not_granted. guardrail-fabric has nothing to check against without an explicit permission surface.All denials are accumulated. Multiple failures produce multiple denial reasons. No early exit — the full set is surfaced in
AdmissionResult.denials.Admission gates (all hard — single failure denies)
content_hash_mismatchencrypted≠true, or payload hash divergenceattestation_invalidbase_version_mismatchcapability_not_grantedhighPrivilege: true+ emptyrequiredPermissionsmissing_epistemic_labelepistemicLevelepistemic_rejectedepistemicLevel: "rejected"steering_diff_unsupportedsteeringTier full/local+emitsSteeringDiff: falseVerification
make validate-model-catalog-entry python3 -m pytest tools/tests/test_model_catalog_entry.py -v # 35 passed