Skip to content

Releases: Davincc77/klickdskill

.klickd v4.0.0 — One Soul, Any Model, Any Agent

Choose a tag to compare

@Davincc77 Davincc77 released this 25 May 17:21
9453b42

.klickd v4.0.0 — One Soul, Any Model, Any Agent

This is the general-availability release of the v4 track.

Zenodo DOI: https://doi.org/10.5281/zenodo.20383133
Record: https://zenodo.org/records/20383133

Highlights:

  • Portable AI memory and continuity layer for models, agents and sessions.
  • User-controlled encrypted file format with AES-256-GCM and Argon2id.
  • Stable encrypted envelope: klickd_version 3.0.
  • v4 payload schema signaled via payload_schema_version 4.0.
  • Strict JSON Schemas, Python and TypeScript SDKs, non-destructive v3.x to v4 migrator, and cross-implementation test vectors.

This release does not claim adoption as an industry standard, universal compatibility across all AI products, or guaranteed end-to-end security beyond the documented SPEC and schemas.

v4.0.0-preview.1 (preview, NOT GA)

Pre-release

Choose a tag to compare

@Davincc77 Davincc77 released this 23 May 07:47
c4282ed

.klickd v4.0.0-preview.1 — Release Notes

Status: PREVIEW / NON-NORMATIVE / NOT GA.
This is a preview release intended for early implementers. The stable,
recommended production format remains v3.5.1.

Distribution mapping for this preview:

  • git tag: v4.0.0-preview.1 (GitHub Release marked Pre-release)
  • npm: @klickd/core@4.0.0-preview.1 published under the preview dist-tag (not latest)
  • PyPI: klickd==4.0.0a1 (PEP 440 pre-release; pip install klickd continues to resolve to 3.5.1)
  • Zenodo: deferred — no DOI minted for the preview pending field-by-field validation

TL;DR

v4.0.0-preview.1 is the first preview milestone of the .klickd v4 track. It
is additive over v3.5.1: the wire envelope, crypto, and AAD construction
are unchanged (klickd_version stays at "3.0"); only the inner payload may
opt in to v4 preview fields via payload_schema_version = "4.0.0-preview.1".

The goal of this preview is to expose the v4 payload surface (verification
gates, media profile, migration reporting, context-cost telemetry) to early
implementers and gather feedback before any GA decision is made.

Production users should continue to use v3.5.1.


What's in the preview

1. Specification — SPEC §33 (non-normative)

A new section in SPEC.md describes the v4 preview track:

  • preview payload fields,
  • the unknown-field preservation rule (must_preserve_fields),
  • dual-reader contract (v3.x readers MUST ignore preview fields; v4-preview
    readers MUST round-trip them),
  • preview deprecation / sunset policy.

2. Permissive schemas

  • schemas/klickd-payload-v4-preview.schema.json
  • schema/klickd-v4-preview.schema.json

JSON Schema Draft 2020-12, deliberately permissive
(additionalProperties: true), no strict business validation.

3. SDK round-trip preservation (additive)

Both reference SDKs preserve unknown / preview fields verbatim:

  • Python: packages/pypi/klickd
  • TypeScript: packages/@klickd/core

No new public API surface for v4 validation. No migration helpers. Preview
fields are opaque to the libraries — they round-trip, nothing more.

4. Test vectors and cross-implementation verifiers

  • tests/vectors_v40_preview.json — 7 positive vectors (minimal payload,
    media_profile, verification_gates, claim_sources +
    verification_artifacts, migration report, context_cost, unknown-field
    passthrough).
  • Byte-stable regeneration via scripts/generate_v40_preview_vectors.py
    (fixed salts / IVs).
  • verify_vectors.py and verify_vectors.mjs each gain a v4 preview suite
    asserting decrypt success, payload_schema_version match, and deep-equality
    of must_preserve_fields. v2.5 / v3.0 / negative / adversarial suites are
    unchanged.

5. Benchmarks — Context Cost (RFC-003)

  • benchmarks/context_cost/ — fixtures-only scaffold with a local dry-run
    runner. No provider calls, no network, no API keys. Produces deterministic
    local artefacts.
  • Optional edge-case fixtures: migration, tool-failure, multi-session.
  • Provider scoring is not yet wired up.

6. Integrations — Hermes Agent POC

  • integrations/hermes/ — experimental POC scaffold. Local dry-run only;
    not a production integration. Useful as a reference for how .klickd can
    serve as portable state for an external workflow runner.

7. Design documents (drafts, non-normative)

All under docs/rfcs/:

  • RFC-001media_profile (v4-preview surface).
  • RFC-002verification_gates + human_veto, plus verification_artifacts
    / artifact-tee rule.
  • RFC-003 — Context Cost Benchmark (fixtures + dry-run runner).
  • RFC-004 — Migration & Backward Compatibility (docs-only).

These are explicitly non-normative until promoted by a future GA release.


Install

Stable (recommended for production)

pip install klickd          # v3.5.1
npm install @klickd/core    # v3.5.1

Preview (opt-in)

  • npm: npm install @klickd/core@4.0.0-preview.1 — published under the
    preview dist-tag, not latest. Default installs continue to resolve to
    v3.5.1.
  • PyPI: pip install klickd==4.0.0a1 (PEP 440 pre-release form;
    pip install klickd will continue to resolve to v3.5.1 because pre-releases
    are excluded by default).
  • PyPI authentication: uploads use the project's existing PyPI Trusted
    Publisher
    workflow (.github/workflows/) — no long-lived API tokens.
  • Zenodo: deferred. No DOI has been minted for the preview; a
    preview-tagged deposit may be created in a follow-up after field-by-field
    validation. The concept DOI (10.5281/zenodo.20262530) is unchanged.

What stays unchanged

  • The stable, current production format remains v3.5.1.
  • The v3.5.1 published artefacts (npm @klickd/core, PyPI klickd, Zenodo
    DOI 10.5281/zenodo.20320480) are not modified.
  • v3.x readers MUST ignore preview fields; nothing in this preview changes the
    v3 wire format or crypto.

Known limitations

  • No strict v4 validator and no migration runner ship with the preview.
  • The Hermes integration is a POC scaffold — local dry-run only.
  • The Context Cost benchmark is fixtures-only; provider scoring is not yet
    wired up.
  • No GA timeline is committed. Field names, shapes, and semantics under SPEC
    §33 may change before GA without backwards-compatibility guarantees.

Upgrade / migration

There is no migration to perform. v3.5.1 files continue to load and validate
unchanged. Files that opt in to payload_schema_version = "4.0.0-preview.1"
will be ignored as opaque payload by v3.x consumers and preserved verbatim by
v4-preview-aware consumers.


References

v3.5.1 — P0 conformance + SDK alignment

Choose a tag to compare

@Davincc77 Davincc77 released this 22 May 15:36

v3.5.1 — P0 conformance + SDK alignment

ATLAS-audit P0 alignment across schemas, libs, vectors, docs, and SDKs.

Spec / Schema

  • cipher.name canonical = AES-256-GCM (uppercase). Readers accept legacy aes-256-gcm (lowercase) with a deprecation warning.
  • user_preferences canonical type = string (max 32 KiB UTF-8). Object form retained for pre-v3.4 backward compat.
  • Schema directory disambiguation: SCHEMA_INDEX.md distinguishes the unified vs split v3 schema directories.

SDKs

  • npm @klickd/core3.5.1: cipher legacy compat already in decode; types accept user_preferences: string | object; clean dts build (added argon2-browser ambient declaration).
  • PyPI klickd3.5.1: cipher.name validation added with KLICKD_E_CIPHER code and DeprecationWarning for legacy lowercase; user_preferences: Union[str, dict].

Tests

  • All 52/52 Python vectors + 29/29 JS vectors pass (6 JS skipped: argon2 not installed locally).
  • npm package: 7/7 tests pass. PyPI package: 12/12 tests pass (added user_preferences string|object roundtrip + cipher legacy/unknown coverage).

Note on envelope vs SDK versions

The envelope-format constant (klickd_version field) stays at "3.0" per the format spec — it tracks the on-disk envelope format, not the SDK release version (envelope_version (skill_revision) convention from CHANGELOG).

See CHANGELOG.md for full details.

.klickd v3.1.0 — Demo + Examples + Advanced Vectors

Choose a tag to compare

@Davincc77 Davincc77 released this 18 May 11:04

.klickd v3.1.0

Added

Browser demo (demo/index.html)

  • Pure JS + Web Crypto encrypt/decrypt — zero dependencies
  • Passphrase strength meter, file upload, live example
  • Works offline

Agent integration examples (examples/)

  • python_agent_integration.py — ethics check, growth adapter, personality tone adapter
  • js_agent_integration.js — ES module, PBKDF2 + Argon2id, whitehat scan (12 patterns)

Advanced test vectors (tests/vectors_v31_advanced.json — 8 vectors)

  • Ethics block: basic + immutable=false
  • Growth: valid + level-5 with insufficient memory_refs
  • Personality: full + invalid strength
  • Whitehat: audit finding + patch
  • Combined: full soul (ethics + growth + personality + whitehat)

Closes

Grok audit items G-5, G-6, G-7


One soul. Any model. Any body.

.klickd v3.0.0 — Envelope v3.0 / Skill v6.0

Choose a tag to compare

@Davincc77 Davincc77 released this 18 May 11:00

.klickd v3.0.0

Envelope v3.0 / Skill revision v6.0 — 18 May 2026

What's new

  • Argon2id default KDF (m=65536/t=3/p=1), replacing PBKDF2
  • RFC 8785 JCS canonicalization for AAD — deterministic, cross-language
  • Structured kdf + cipher envelope blocks
  • 6-field tamper-evident AAD
  • Normative memory[] array (UUID v4, hard limits)
  • ethics block at SYSTEM authority — immutable, anti-blackhat
  • growth competency graph (levels 1–5)
  • personality block (traits, temperament, voice, values, evolution)
  • whitehat swarm entries (distributed security audit)
  • Knowledge Commons registry (CC0, multilingual)
  • agent_instructions 32 KiB cap
  • 32/32 Python + 17/17 JS test vectors
  • JSON Schema 2020-12

Breaking change

v2.x readers MUST reject v3.0 files with KLICKD_E_VERSION. See SPEC_v30.md for migration.

Security

All 8 Bankr audit findings fixed. Grok/xAI technical review: doc fragmentation resolved.
See AUDIT_v60.md and SECURITY.md.

DOI

10.5281/zenodo.20262530


One soul. Any model. Any body.