The Consiliency cross-repo contract package — the single, neutral rulebook that
agent-harness and governed-pipeline vendor (owned by neither). It defines:
- the
.consiliency/layout + manifest schema - the archetype registry —
product/service/library/infra/tooling-meta/experiment/document, plus modifiers (data-bearing/public/regulated/user-facing), withbaseline-onlyas a legal declaration - the required-document sets per archetype (the 7 document classes)
- the interface-declaration schema (realized + promised cross-repo edges)
- the loop-gate protocol (presence / freshness / integrity / version-skew)
- the
canonical_html.v1display schema - the version-skew protocol
- adoption + governance-scoping (CS-0.12) — the adoption profile (a partial-adoption profile, not a boolean; its presence = consent to be governed), the governed-set allowlist-by-declaration, the default ignore-set registry, and the
present-nonconforming/foreign/unmanagedgovernance labels - lease + inbox coordination (CS-0.10b) — the
lease(TTL + heartbeat + auto-expiry, soft/hard, repo/path-set/symbol scope), the append-onlylease_eventstream, thelease_storeprotocol (sole source of truth) and thecoordination_channelinbox protocol (never authoritative) - projection discovery + git-discipline (Slice C0) — the
projections.index.v1schema (a deterministic pure-merge index of per-artifact projection manifests, nogenerated_at, so every driver reproduces byte-identical entries), thegit_discipline_protocol(pipeline-owned ref classes, lease + write-footprint, merge policy, and the NEVER-DELETE-HUMAN-REFS invariant as a schema-level rule), and thepipeline_ref_classesregistry both runtimes read to agree on ref ownership - interchangeability conformance (Slice X) —
scripts/interchangeability/run_driver_equivalence.pyproves the pure-merge claim above isn't just asserted by this package's own reference mergers: it feeds theprojections-index-pure-merge-deterministicvector through the realspec-render/build_projections_index.pyproducer and asserts byte-identical output, honestly scoped (seescripts/interchangeability/README.md) - authority-event contract core (XG-1 Slice 1) — the single, cryptographically-authenticated
authority_event_protocol.v1schema with the core/chain signing split (Portal signs the slot-independentcore; spec appendschainOUTSIDE the signature and never re-signs), one canonical-bytes algorithm implementable in dependency-free JS on Node 20 (seedocs/design/authority-event-canonical-bytes.md), the vendored digest-pinnedauthority_key_registry.v1Ed25519 root of trust (public keys only), an Ed25519 verify reference in both readers, and 13 conformance vectors — a valid event VERIFIES in both readers and every forgery class (bad/missing signature, unknown/attacker key_id, algorithm-confusion, signer↔approver mismatch, revoked/expired key, cert_digest mismatch) REJECTS - the certified label rescope (CS-1.4, XG-1 Slice 5) — splits the single
certifiedevidence label intoparity-certified(byte-reproducible parity cert, no authority event — what CS proj-S certification ships today) andauthority-certified(parity PLUS a verified, human-ratified authority event — reserved until the XG-1 authority loop lands end-to-end);certifiedsurvives only as a deprecated alias ofparity-certified, neverauthority-certified, so existing producers/consumers keep validating (seedocs/design/CS-1.4-certified-label-rescope.md)
Dual-published: npm @consiliency/contract + PyPI consiliency-contract, from shared JSON data + conformance vectors so the two language readers stay byte-identical.
Status —
0.6.0splits thecertifiedevidence label intoparity-certified(byte-parity cert, no authority event — what CS proj-S certification ships today) andauthority-certified(parity PLUS a verified, human-ratified authority event — reserved until the XG-1 authority loop lands end-to-end), keepingcertifiedas a deprecated alias ofparity-certifiedonly, so existing producers/consumers keep validating (CS-1.4, XG-1 Slice 5; seedocs/design/CS-1.4-certified-label-rescope.md).0.5.1pins the authority canonical-bytes to spec canon-core v2 (canonical_bytes, not a 4th canon — proven byte-identical + digest-pinned incore/authority-canon/provenance.json) and applies the settled XG-4 domain-separation decision: the Ed25519 signature covers the authority-profile digest preimagespec-canon:v2:authority\n ‖ canonical_bytes(core), converging to zero re-signing when canon-core adds the profile.0.5.0added the XG-1 Slice 1 authority-event contract core: theauthority_event_protocol.v1schema (core/chain signing split), theauthority_key_registry.v1Ed25519 root of trust, the canonical-bytes interop algorithm + Ed25519 verify reference in both readers, and 13 forgery conformance vectors.0.4.2makes theprojections.index.v1per-kind maturity caps two-sided: proj-code is[presence-only, hash-checked]andproj-S-certifiedis[realized-edge-observed, certified](floor-revert), replacing the one-sidednot:certifiedguard.0.4.1made the entry per-kind (proj-code pins a code commit + facts;proj-S-certifiedrequiressource_S_digest, no facts/commit).0.4.0added the Slice C0 projection-discovery + git-discipline contracts (projections.index.v1,git_discipline_protocol,pipeline_ref_classes) on top of the0.3.0required-document rebalance, the0.2.0CS-0.12 adoption/governance-scoping + CS-0.10b lease/inbox coordination, and the0.1.0Phase-0 L0 content. The shared JSON data lives undercore/andconformance/; npm and PyPI readers are intentionally thin loaders over those same bytes.
JavaScript:
import {
CONTRACT,
CONTRACT_VERSION,
listVectors,
loadContract,
loadRegistry,
loadSchema,
loadVector,
// authority-event core (XG-1 Slice 1)
canonicalCoreBytes,
verifyAuthorityEvent,
} from "@consiliency/contract";Python:
from consiliency_contract import (
CONTRACT,
CONTRACT_VERSION,
list_vectors,
load_contract,
load_registry,
load_schema,
load_vector,
)
# authority-event core (XG-1 Slice 1); needs the optional `authority` extra
# (cryptography) only for signature verification.
from consiliency_contract.authority import (
canonical_core_bytes,
verify_authority_event,
)npm test
python -m unittest discover -s tests -p 'test_*.py'
python -m build