Releases: Davincc77/klickdskill
Release list
.klickd v4.0.0 — One Soul, Any Model, Any Agent
.klickd v4.0.0 — One Soul, Any Model, Any Agent
This is the general-availability release of the v4 track.
Zenodo DOI: https://doi.org/10.5281/zenodo.20383133
Record: https://zenodo.org/records/20383133
Highlights:
- Portable AI memory and continuity layer for models, agents and sessions.
- User-controlled encrypted file format with AES-256-GCM and Argon2id.
- Stable encrypted envelope: klickd_version 3.0.
- v4 payload schema signaled via payload_schema_version 4.0.
- Strict JSON Schemas, Python and TypeScript SDKs, non-destructive v3.x to v4 migrator, and cross-implementation test vectors.
This release does not claim adoption as an industry standard, universal compatibility across all AI products, or guaranteed end-to-end security beyond the documented SPEC and schemas.
v4.0.0-preview.1 (preview, NOT GA)
.klickd v4.0.0-preview.1 — Release Notes
Status: PREVIEW / NON-NORMATIVE / NOT GA.
This is a preview release intended for early implementers. The stable,
recommended production format remains v3.5.1.Distribution mapping for this preview:
- git tag:
v4.0.0-preview.1(GitHub Release marked Pre-release)- npm:
@klickd/core@4.0.0-preview.1published under thepreviewdist-tag (notlatest)- PyPI:
klickd==4.0.0a1(PEP 440 pre-release;pip install klickdcontinues to resolve to 3.5.1)- Zenodo: deferred — no DOI minted for the preview pending field-by-field validation
TL;DR
v4.0.0-preview.1 is the first preview milestone of the .klickd v4 track. It
is additive over v3.5.1: the wire envelope, crypto, and AAD construction
are unchanged (klickd_version stays at "3.0"); only the inner payload may
opt in to v4 preview fields via payload_schema_version = "4.0.0-preview.1".
The goal of this preview is to expose the v4 payload surface (verification
gates, media profile, migration reporting, context-cost telemetry) to early
implementers and gather feedback before any GA decision is made.
Production users should continue to use v3.5.1.
What's in the preview
1. Specification — SPEC §33 (non-normative)
A new section in SPEC.md describes the v4 preview track:
- preview payload fields,
- the unknown-field preservation rule (
must_preserve_fields), - dual-reader contract (v3.x readers MUST ignore preview fields; v4-preview
readers MUST round-trip them), - preview deprecation / sunset policy.
2. Permissive schemas
schemas/klickd-payload-v4-preview.schema.jsonschema/klickd-v4-preview.schema.json
JSON Schema Draft 2020-12, deliberately permissive
(additionalProperties: true), no strict business validation.
3. SDK round-trip preservation (additive)
Both reference SDKs preserve unknown / preview fields verbatim:
- Python:
packages/pypi/klickd - TypeScript:
packages/@klickd/core
No new public API surface for v4 validation. No migration helpers. Preview
fields are opaque to the libraries — they round-trip, nothing more.
4. Test vectors and cross-implementation verifiers
tests/vectors_v40_preview.json— 7 positive vectors (minimal payload,
media_profile,verification_gates,claim_sources+
verification_artifacts,migrationreport,context_cost, unknown-field
passthrough).- Byte-stable regeneration via
scripts/generate_v40_preview_vectors.py
(fixed salts / IVs). verify_vectors.pyandverify_vectors.mjseach gain a v4 preview suite
asserting decrypt success,payload_schema_versionmatch, and deep-equality
ofmust_preserve_fields. v2.5 / v3.0 / negative / adversarial suites are
unchanged.
5. Benchmarks — Context Cost (RFC-003)
benchmarks/context_cost/— fixtures-only scaffold with a local dry-run
runner. No provider calls, no network, no API keys. Produces deterministic
local artefacts.- Optional edge-case fixtures: migration, tool-failure, multi-session.
- Provider scoring is not yet wired up.
6. Integrations — Hermes Agent POC
integrations/hermes/— experimental POC scaffold. Local dry-run only;
not a production integration. Useful as a reference for how.klickdcan
serve as portable state for an external workflow runner.
7. Design documents (drafts, non-normative)
All under docs/rfcs/:
- RFC-001 —
media_profile(v4-preview surface). - RFC-002 —
verification_gates+human_veto, plusverification_artifacts
/ artifact-tee rule. - RFC-003 — Context Cost Benchmark (fixtures + dry-run runner).
- RFC-004 — Migration & Backward Compatibility (docs-only).
These are explicitly non-normative until promoted by a future GA release.
Install
Stable (recommended for production)
pip install klickd # v3.5.1
npm install @klickd/core # v3.5.1Preview (opt-in)
- npm:
npm install @klickd/core@4.0.0-preview.1— published under the
previewdist-tag, notlatest. Default installs continue to resolve to
v3.5.1. - PyPI:
pip install klickd==4.0.0a1(PEP 440 pre-release form;
pip install klickdwill continue to resolve to v3.5.1 because pre-releases
are excluded by default). - PyPI authentication: uploads use the project's existing PyPI Trusted
Publisher workflow (.github/workflows/) — no long-lived API tokens. - Zenodo: deferred. No DOI has been minted for the preview; a
preview-tagged deposit may be created in a follow-up after field-by-field
validation. The concept DOI (10.5281/zenodo.20262530) is unchanged.
What stays unchanged
- The stable, current production format remains v3.5.1.
- The v3.5.1 published artefacts (npm
@klickd/core, PyPIklickd, Zenodo
DOI10.5281/zenodo.20320480) are not modified. - v3.x readers MUST ignore preview fields; nothing in this preview changes the
v3 wire format or crypto.
Known limitations
- No strict v4 validator and no migration runner ship with the preview.
- The Hermes integration is a POC scaffold — local dry-run only.
- The Context Cost benchmark is fixtures-only; provider scoring is not yet
wired up. - No GA timeline is committed. Field names, shapes, and semantics under SPEC
§33 may change before GA without backwards-compatibility guarantees.
Upgrade / migration
There is no migration to perform. v3.5.1 files continue to load and validate
unchanged. Files that opt in to payload_schema_version = "4.0.0-preview.1"
will be ignored as opaque payload by v3.x consumers and preserved verbatim by
v4-preview-aware consumers.
References
- Spec:
SPEC.md§33 - Schemas:
schemas/klickd-payload-v4-preview.schema.json,
schema/klickd-v4-preview.schema.json - Minimal example:
examples/v4-preview/minimal.klickd - RFCs:
docs/rfcs/ - Context Cost benchmark:
benchmarks/context_cost/ - Hermes POC:
integrations/hermes/ - Publication checklist (for a future preview release):
CHECKLIST_v4_preview.md
v3.5.1 — P0 conformance + SDK alignment
v3.5.1 — P0 conformance + SDK alignment
ATLAS-audit P0 alignment across schemas, libs, vectors, docs, and SDKs.
Spec / Schema
cipher.namecanonical =AES-256-GCM(uppercase). Readers accept legacyaes-256-gcm(lowercase) with a deprecation warning.user_preferencescanonical type =string(max 32 KiB UTF-8). Object form retained for pre-v3.4 backward compat.- Schema directory disambiguation:
SCHEMA_INDEX.mddistinguishes the unified vs split v3 schema directories.
SDKs
- npm
@klickd/core→ 3.5.1: cipher legacy compat already in decode; types acceptuser_preferences: string | object; cleandtsbuild (addedargon2-browserambient declaration). - PyPI
klickd→ 3.5.1: cipher.name validation added withKLICKD_E_CIPHERcode andDeprecationWarningfor legacy lowercase;user_preferences: Union[str, dict].
Tests
- All 52/52 Python vectors + 29/29 JS vectors pass (6 JS skipped: argon2 not installed locally).
- npm package: 7/7 tests pass. PyPI package: 12/12 tests pass (added
user_preferencesstring|object roundtrip + cipher legacy/unknown coverage).
Note on envelope vs SDK versions
The envelope-format constant (klickd_version field) stays at "3.0" per the format spec — it tracks the on-disk envelope format, not the SDK release version (envelope_version (skill_revision) convention from CHANGELOG).
See CHANGELOG.md for full details.
.klickd v3.1.0 — Demo + Examples + Advanced Vectors
.klickd v3.1.0
Added
Browser demo (demo/index.html)
- Pure JS + Web Crypto encrypt/decrypt — zero dependencies
- Passphrase strength meter, file upload, live example
- Works offline
Agent integration examples (examples/)
python_agent_integration.py— ethics check, growth adapter, personality tone adapterjs_agent_integration.js— ES module, PBKDF2 + Argon2id, whitehat scan (12 patterns)
Advanced test vectors (tests/vectors_v31_advanced.json — 8 vectors)
- Ethics block: basic + immutable=false
- Growth: valid + level-5 with insufficient memory_refs
- Personality: full + invalid strength
- Whitehat: audit finding + patch
- Combined: full soul (ethics + growth + personality + whitehat)
Closes
Grok audit items G-5, G-6, G-7
One soul. Any model. Any body.
.klickd v3.0.0 — Envelope v3.0 / Skill v6.0
.klickd v3.0.0
Envelope v3.0 / Skill revision v6.0 — 18 May 2026
What's new
- Argon2id default KDF (m=65536/t=3/p=1), replacing PBKDF2
- RFC 8785 JCS canonicalization for AAD — deterministic, cross-language
- Structured
kdf+cipherenvelope blocks - 6-field tamper-evident AAD
- Normative
memory[]array (UUID v4, hard limits) ethicsblock at SYSTEM authority — immutable, anti-blackhatgrowthcompetency graph (levels 1–5)personalityblock (traits, temperament, voice, values, evolution)whitehatswarm entries (distributed security audit)- Knowledge Commons registry (CC0, multilingual)
agent_instructions32 KiB cap- 32/32 Python + 17/17 JS test vectors
- JSON Schema 2020-12
Breaking change
v2.x readers MUST reject v3.0 files with KLICKD_E_VERSION. See SPEC_v30.md for migration.
Security
All 8 Bankr audit findings fixed. Grok/xAI technical review: doc fragmentation resolved.
See AUDIT_v60.md and SECURITY.md.
DOI
One soul. Any model. Any body.