-
Notifications
You must be signed in to change notification settings - Fork 0
Validation
pwcli-core now includes a dependency-free repository validator and GitHub
Actions workflow. The goal is to keep the public specification deterministic,
small, and self-checking as schemas, crosswalks, context packs, and docs evolve.
npm run validate- JSON schema files parse and include required metadata.
- Crosswalk fixtures have explicit source/target mappings and reject unknown shape drift.
- Context-pack Markdown files include required YAML frontmatter and public provenance fields.
- Markdown local links resolve and cannot escape the repository.
- Public metadata markers stay present in README, llms.txt, SECURITY, AGENTS, and validation docs.
- Text files remain ASCII-only, LF-normalized, trailing-whitespace-free, and newline-terminated.
- Simple secret-pattern scans pass.
- The GitHub Actions validation workflow exists and calls the same local command.
The repository workflow runs on pull requests and pushes to main across Node
22 and Node 24. The workflow uses read-only permissions, disables persisted
checkout credentials, and has a short timeout because validation is intentionally
small.
Validation landed in PR #2: https://github.com/Protocol-Wealth/pwcli-core/pull/2
Validation now checks runtime-adapter and redaction-policy examples, required untrusted-input defenses, state-change approval/audit invariants, retention metadata, and adapter/policy cross-references.
Validation now includes tighter source/rights fixture shape checks so source
records cannot drift from source.schema.json and nested rights.schema.json.