feat(reporting-governance): add profile artifact binding slice
This commit is contained in:
Eve
@@ -9,6 +9,7 @@ Current purpose:
|
||||
- fix boundaries between `core/`, `adapters/`, `storage/`, and reference implementations
|
||||
- prepare the next implementation round for evaluator / decision-runner extraction
|
||||
- provide a minimal package-level policy evaluator and decision runner skeleton that can be verified in isolation
|
||||
- add one minimal package-owned deployment profile artifact / loader / binding contract slice that is executable in tests
|
||||
|
||||
## Package skeleton
|
||||
|
||||
@@ -17,6 +18,7 @@ plugins/reporting-governance/
|
||||
package.json
|
||||
README.md
|
||||
capabilities/
|
||||
profiles/
|
||||
docs/
|
||||
examples/
|
||||
src/
|
||||
@@ -62,6 +64,7 @@ Durable I/O contracts for governance artifacts:
|
||||
- queue items
|
||||
- spool artifacts
|
||||
- receipts
|
||||
- decision/profile/package artifacts
|
||||
- future decisions / audit manifests
|
||||
|
||||
### `src/reference/`
|
||||
@@ -99,6 +102,23 @@ Compatibility posture for this slice:
|
||||
- Adding a symbol to a file under `src/` does **not** mean it is public unless wired through package `exports`.
|
||||
- Future tightening of root/adapters exports may still be a breaking change until a stable `1.0` surface is declared.
|
||||
|
||||
### Compatibility envelope vs legacy compatibility mode
|
||||
|
||||
This slice now makes the boundary explicit:
|
||||
|
||||
- **compatibility envelope present** = caller provides a deployment profile and/or package version pin, so `runCompatibilityPreflight(...)` must enforce canonical schema paths, declared plugin compatibility, required expectations, and action support **fail-closed**.
|
||||
- **legacy compatibility mode** = caller omits profile + package version entirely, so preflight keeps old call sites alive, records the missing version pin as a note, and does **not** fail only because descriptor schema/version metadata drifted.
|
||||
|
||||
Hard rule:
|
||||
|
||||
- legacy mode is a caller-compatibility concession, **not** a relaxed truth model.
|
||||
- once any profile/package compatibility envelope is supplied, schema mismatch becomes blocking again.
|
||||
|
||||
Practical migration rule:
|
||||
|
||||
- new integrations should always send a profile artifact or package version pin.
|
||||
- old integrations may temporarily call without one, but should treat returned notes as migration debt.
|
||||
|
||||
Practical migration rule:
|
||||
|
||||
- depend on package root exports or declared adapter subpaths only
|
||||
@@ -117,6 +137,7 @@ Package-home documentation:
|
||||
|
||||
- `src/reference/openclaw-watchdog-chain.md`
|
||||
- `capabilities/openclaw-watchdog-reference.json`
|
||||
- `profiles/strict-manager-mode.profile.json`
|
||||
|
||||
Mainline background specs remain in:
|
||||
|
||||
@@ -124,6 +145,38 @@ Mainline background specs remain in:
|
||||
- `docs/specs/reporting-governance-adapter-interface.md`
|
||||
- `docs/specs/reporting-governance-deployment-model.md`
|
||||
|
||||
## Minimal profile artifact / loader / binding contract slice
|
||||
|
||||
This round adds one small but real package artifact path:
|
||||
|
||||
- package artifact: `profiles/strict-manager-mode.profile.json`
|
||||
- loader: `src/storage/profile-artifact.mjs#loadDeploymentProfileArtifact(...)`
|
||||
- binding contract: `src/storage/profile-artifact.mjs#createDeploymentBindingContract(...)`
|
||||
|
||||
What this slice does:
|
||||
|
||||
1. package ships a profile artifact snapshot under package boundary
|
||||
2. loader resolves that artifact from package-local path
|
||||
3. binding contract translates profile-declared script/artifact roots into concrete repo/runtime paths
|
||||
4. adapter runtime binding can be instantiated from that contract in tests
|
||||
|
||||
What this slice does **not** claim yet:
|
||||
|
||||
- full profile schema validation pipeline
|
||||
- automatic YAML -> artifact generation
|
||||
- generalized multi-profile packaging
|
||||
- production deployment installer
|
||||
|
||||
It is intentionally the smallest verifiable step that proves package profile artifacts are executable inputs rather than documentation only.
|
||||
|
||||
## Current reference composition
|
||||
|
||||
The current reference composition is the OpenClaw watchdog chain:
|
||||
|
||||
```text
|
||||
watchdog -> queue -> dispatcher -> bridge -> sender binding -> acked|blocked|pending_external_send
|
||||
```
|
||||
|
||||
## Minimal evaluator / decision runner now included
|
||||
|
||||
The current package now includes a small but runnable `core/` implementation:
|
||||
@@ -179,4 +232,4 @@ This package still does **not** claim full implementation of:
|
||||
- complete rewrite / placeholder / review / status-downgrade adapter execution
|
||||
- non-watchdog full runtime governance interception
|
||||
|
||||
It now provides the first package-mainline evaluator / decision-runner core, plus a minimal end-to-end contract proof, but the remaining enforcement surface is still intentionally honest about adapter gaps.
|
||||
It now provides the first package-mainline evaluator / decision-runner core, a compatibility-envelope boundary, and a minimal package profile artifact/binding slice, but the remaining enforcement surface is still intentionally honest about adapter gaps.
|
||||
|
||||
Reference in New Issue
Block a user