|
| 1 | +## 2️⃣ `protocol-commons/COMPLIANCE.md` |
| 2 | + |
| 3 | +```markdown |
| 4 | +# COMPLIANCE — Protocol-Commons |
| 5 | + |
| 6 | +This document defines what it means to be **Protocol-Commons compliant** and how to keep that status over time. |
| 7 | + |
| 8 | +If you claim compatibility but break these rules, you’re lying to your own users. |
| 9 | + |
| 10 | +--- |
| 11 | + |
| 12 | +## 1. Scope |
| 13 | + |
| 14 | +These rules apply to: |
| 15 | + |
| 16 | +- All schemas under `schemas/v*/commons/` |
| 17 | +- All shared primitives under `schemas/v*/_shared/` |
| 18 | +- All examples under `examples/v*/commons/` |
| 19 | +- The ENS TXT fields governed by Protocol-Commons: |
| 20 | + |
| 21 | + ```txt |
| 22 | + cl.verb |
| 23 | + cl.version |
| 24 | + cl.schema.request |
| 25 | + cl.schema.receipt |
| 26 | + cl.cid.schemas |
| 27 | + cl.schemas.mirror.ipfs |
| 28 | +Everything here is normative for semantics and schema integrity. |
| 29 | +
|
| 30 | +2. Versioning & Immutability |
| 31 | +For any directory schemas/vX.Y.Z/: |
| 32 | +
|
| 33 | +No in-place edits to: |
| 34 | +
|
| 35 | +Request/receipt schemas |
| 36 | +
|
| 37 | +_shared primitives |
| 38 | +
|
| 39 | +$id strings |
| 40 | +
|
| 41 | +No silent behavior changes. |
| 42 | +
|
| 43 | +Any change to schema shape, $id, or semantics requires: |
| 44 | +
|
| 45 | +A new version directory (vX.Y+1.Z or vX+1.0.0) |
| 46 | +
|
| 47 | +New CID |
| 48 | +
|
| 49 | +Updated checksums.txt + manifest.json |
| 50 | +
|
| 51 | +A logged entry in RESOLUTION.md |
| 52 | +
|
| 53 | +Governance approval as defined in GOVERNANCE.md |
| 54 | +
|
| 55 | +If you mutate a published version directory, you are no longer compliant. |
| 56 | +
|
| 57 | +3. JSON Schema Requirements |
| 58 | +All Protocol-Commons schemas MUST: |
| 59 | +
|
| 60 | +Use JSON Schema Draft 2020-12 |
| 61 | +
|
| 62 | +Validate under Ajv strict mode (see SPEC.md) |
| 63 | +
|
| 64 | +Disallow unexpected fields unless explicitly allowed via additionalProperties: true |
| 65 | +
|
| 66 | +Use deterministic, HTTPS-resolvable $id values: |
| 67 | +
|
| 68 | +text |
| 69 | +Copy code |
| 70 | +https://commandlayer.org/schemas/v1.0.0/commons/<verb>/requests/<verb>.request.schema.json |
| 71 | +https://commandlayer.org/schemas/v1.0.0/commons/<verb>/receipts/<verb>.receipt.schema.json |
| 72 | +Shared primitives follow: |
| 73 | +
|
| 74 | +text |
| 75 | +Copy code |
| 76 | +https://commandlayer.org/schemas/v1.0.0/_shared/x402.schema.json |
| 77 | +https://commandlayer.org/schemas/v1.0.0/_shared/trace.schema.json |
| 78 | +https://commandlayer.org/schemas/v1.0.0/_shared/receipt.base.schema.json |
| 79 | +If your implementation uses different $id values or looser validation, you are not fully compliant. |
| 80 | +
|
| 81 | +4. ENS TXT Responsibilities |
| 82 | +Protocol-Commons is responsible only for the following TXT records on ENS: |
| 83 | +
|
| 84 | +txt |
| 85 | +Copy code |
| 86 | +cl.verb |
| 87 | +cl.version |
| 88 | +cl.schema.request |
| 89 | +cl.schema.receipt |
| 90 | +cl.cid.schemas |
| 91 | +cl.schemas.mirror.ipfs |
| 92 | +Compliance requires that: |
| 93 | +
|
| 94 | +These fields map exactly to the canonical schemas and the published CID. |
| 95 | +
|
| 96 | +They reflect the correct version directory. |
| 97 | +
|
| 98 | +They are updated only when a new version is published and recorded in SECURITY_PROVENANCE.md and RESOLUTION.md. |
| 99 | +
|
| 100 | +Identity-specific TXT fields (cl.agentcard, cl.entry, etc.) are governed by Agent-Cards, not Protocol-Commons. |
| 101 | +
|
| 102 | +5. CIDs & Checksums |
| 103 | +For each release: |
| 104 | +
|
| 105 | +The entire schemas/vX.Y.Z/ tree MUST be: |
| 106 | +
|
| 107 | +Pinned to IPFS (see SECURITY_PROVENANCE.md) |
| 108 | +
|
| 109 | +Indexed in checksums.txt using SHA-256 |
| 110 | +
|
| 111 | +Described in manifest.json |
| 112 | +
|
| 113 | +Compliance requires: |
| 114 | +
|
| 115 | +The CID used in cl.cid.schemas matches the pinned content. |
| 116 | +
|
| 117 | +The HTTP mirror at cl.schemas.mirror.ipfs serves the same content. |
| 118 | +
|
| 119 | +Any mismatch between CID, checksum, and actual content is treated as an integrity failure. |
| 120 | +
|
| 121 | +6. Security & Privacy |
| 122 | +Protocol-Commons is semantic infra, not application data: |
| 123 | +
|
| 124 | +No PII in schemas or examples. |
| 125 | +
|
| 126 | +No runtime secrets, keys, or hostnames. |
| 127 | +
|
| 128 | +No transport-specific tokens. |
| 129 | +
|
| 130 | +If your downstream usage adds sensitive data, that is outside this repo and must be governed by your own security model. |
| 131 | +
|
| 132 | +Security incidents in Commons itself (e.g., malicious modification of schemas, hijacked $id hosts, or CID poisoning) must follow the procedure in SECURITY.md. |
| 133 | +
|
| 134 | +7. Governance Traceability |
| 135 | +Compliance requires a paper trail: |
| 136 | +
|
| 137 | +Every semantic change has a corresponding entry in RESOLUTION.md. |
| 138 | +
|
| 139 | +Every published version and CID appears in SECURITY_PROVENANCE.md. |
| 140 | +
|
| 141 | +Every ENS TXT mutation for Commons-controlled keys is: |
| 142 | +
|
| 143 | +Justified (new version, bugfix, etc.) |
| 144 | +
|
| 145 | +Logged and reviewable |
| 146 | +
|
| 147 | +If a schema or version exists without a trail in these files, it is not canonical, regardless of where it is hosted. |
| 148 | +
|
| 149 | +8. Ecosystem Alignment |
| 150 | +To be a good citizen, a Commons-compliant implementation should: |
| 151 | +
|
| 152 | +Respect ERC-8004 discovery flows where applicable. |
| 153 | +
|
| 154 | +Respect x402 envelope semantics: |
| 155 | +
|
| 156 | +x402.verb = canonical verb name |
| 157 | +
|
| 158 | +x402.version = Commons version |
| 159 | +
|
| 160 | +x402.status ∈ {"ok", "error"} for receipts |
| 161 | +
|
| 162 | +Embed trace and status primitives exactly as defined in _shared/ schemas. |
| 163 | +
|
| 164 | +If you diverge from x402 or related standards, you are still free to run locally — just don’t claim compliance. |
| 165 | +
|
| 166 | +9. Deviation Handling |
| 167 | +If you discover a deviation (your own or the repo’s): |
| 168 | +
|
| 169 | +File an Issue in this repository. |
| 170 | +
|
| 171 | +Describe: |
| 172 | +
|
| 173 | +What is wrong (schema mismatch, CID mismatch, TXT mismatch, etc.) |
| 174 | +
|
| 175 | +Which versions, verbs, and endpoints are affected |
| 176 | +
|
| 177 | +Potential impact on runtimes |
| 178 | +
|
| 179 | +If it’s a security issue, follow SECURITY.md instead of posting full details publicly. |
| 180 | +
|
| 181 | +Work with maintainers to: |
| 182 | +
|
| 183 | +Decide if a new version is required |
| 184 | +
|
| 185 | +Update provenance and ENS records |
| 186 | +
|
| 187 | +Document the incident in RESOLUTION.md |
| 188 | +
|
| 189 | +10. Compliance Checklist |
| 190 | +You can reasonably say you are Protocol-Commons compliant if: |
| 191 | +
|
| 192 | + You validate requests and receipts using the canonical schemas with strict Ajv. |
| 193 | +
|
| 194 | + You treat version directories as immutable once published. |
| 195 | +
|
| 196 | + You resolve $id URLs to the canonical HTTP mirrors. |
| 197 | +
|
| 198 | + You verify CIDs and checksums before trusting schemas. |
| 199 | +
|
| 200 | + You respect the ENS TXT division of responsibilities. |
| 201 | +
|
| 202 | + You log any verb/schema lifecycle changes in RESOLUTION.md. |
| 203 | +
|
| 204 | +If any of the above is false, treat your implementation as experimental and avoid claiming full compliance. |
0 commit comments