|
1 | 1 | # COMMANDLAYER GOVERNANCE — CORE PROTOCOLS |
2 | | -Applies To: Protocol-Commons, Agent-Cards |
3 | | -Status: v1.0.0 — Stable-Lock |
4 | 2 |
|
5 | | -> This document is **NORMATIVE and ENFORCEABLE**. |
| 3 | +**Applies To:** Protocol-Commons, Agent-Cards |
| 4 | +**Status:** v1.0.0 — Stable-Lock |
| 5 | + |
| 6 | +> This document is **NORMATIVE and ENFORCEABLE**. |
| 7 | +> Governance is custodial today and **designed to decentralize** over time. |
6 | 8 |
|
7 | 9 | --- |
8 | 10 |
|
9 | | -## 1. Authority Model |
| 11 | +## 1. Stewardship Model |
| 12 | + |
| 13 | +**Founding Steward:** `commandlayer.eth` |
| 14 | + |
| 15 | +Responsible for: |
| 16 | + |
| 17 | +- Maintaining canonical Protocol-Commons + Agent-Cards standards |
| 18 | +- Publishing signed manifest + checksum sets |
| 19 | +- Ensuring ENS TXT correctness |
| 20 | +- Approving and versioning normative changes |
| 21 | +- Security revocation + incident handling |
| 22 | + |
| 23 | +> The Founding Steward **does not own** the ecosystem — |
| 24 | +> it **protects** stability until broader stewardship is in place. |
| 25 | +
|
| 26 | +### Future Decentralization Intent |
10 | 27 |
|
11 | | -- **Sole Governance Council:** commandlayer.eth |
12 | | -- Holds exclusive authority over: |
13 | | - - Approving and publishing normative changes |
14 | | - - Signing `manifest.json` and checksum sets |
15 | | - - Updating ENS TXT canonical fields |
16 | | - - Issuing and locking version releases |
17 | | - - Revocation and security incident handling |
| 28 | +Governance will evolve in **phases**: |
18 | 29 |
|
19 | | -No external party may alter canonical standards without Council approval. |
| 30 | +| Phase | Governance Structure | Trigger | |
| 31 | +|------|---------------------|--------| |
| 32 | +| 1 — Bootstrap (now) | Single steward | Initial adoption | |
| 33 | +| 2 — Multi-maintainer | ≥3 independent implementers | Cross-vendor usage | |
| 34 | +| 3 — Standards Committee | Formal proposal & review | Widespread ecosystem reliance | |
| 35 | +| 4 — Neutral Standards Body | Community-elected representatives | Global adoption & academic participation | |
20 | 36 |
|
| 37 | +Governance will remain permissionless and open to ecosystem implementers. |
21 | 38 | --- |
22 | 39 |
|
23 | 40 | ## 2. Change Classes |
24 | 41 |
|
25 | | -| Change Type | Examples | Version Requirement | Logging Requirement | |
26 | | -|------------|----------|-------------------|--------------------| |
27 | | -| **Normative** | Schema shapes, `$id` format, ENS TXT rules | Major: `v1 → v2` | `RESOLUTION.md` | |
28 | | -| **Compatibility-affecting** | Request/receipt structure tightening | Minor: `v1.0 → v1.1` | `RESOLUTION.md` | |
29 | | -| **Non-behavioral** | Docs, comments, logo | Patch: `v1.0.0 → v1.0.1` | Commit message OK | |
| 42 | +| Change Type | Examples | Version Rule | Audit Log | |
| 43 | +|------------|----------|--------------|-----------| |
| 44 | +| **Normative** | Schema rules, ENS TXT semantics | Major: `1 → 2` | `RESOLUTION.md` | |
| 45 | +| **Compatibility-affecting** | Required field tightening | Minor: `1.0 → 1.1` | `RESOLUTION.md` | |
| 46 | +| **Non-behavioral** | Docs, comments, naming | Patch: `1.0.0 → 1.0.1` | Commit message | |
30 | 47 |
|
31 | | -No change is valid until **CIDs + checksums** are published and signed. |
| 48 | +CIDs + checksums MUST be published for the change to become effective. |
32 | 49 |
|
33 | 50 | --- |
34 | 51 |
|
35 | 52 | ## 3. Immutability Guarantees |
36 | 53 |
|
37 | | -Once published: |
| 54 | +Once a version is published: |
38 | 55 |
|
39 | | -- Version directories MUST NOT mutate |
40 | | -- `$id` and CID MUST remain stable forever |
41 | | -- ENS TXT MUST continue to resolve to matching artifacts |
| 56 | +- No file mutation |
| 57 | +- No `$id` or CID changes |
| 58 | +- ENS TXT MUST still resolve correctly |
42 | 59 |
|
43 | | -Violations trigger: |
44 | | -- Immediate revocation event in `RESOLUTION.md` |
45 | | -- Replacement version required |
| 60 | +**Violation triggers:** revocation + new version. |
46 | 61 |
|
47 | 62 | --- |
48 | 63 |
|
49 | | -## 4. Release Requirements |
| 64 | +## 4. Release Policy |
50 | 65 |
|
51 | | -Every Protocol-Commons or Agent-Cards release MUST include: |
| 66 | +Every release MUST include: |
52 | 67 |
|
53 | | -- Validated schemas under **Ajv strict** |
54 | | -- IPFS CID root pinned and verified |
55 | | -- Updated manifest with: |
56 | | - - checksum mappings |
57 | | - - `$id` integrity |
58 | | - - version and status fields |
59 | | -- ENS TXT updates propagated |
| 68 | +- Strict validation via CI |
| 69 | +- Signed IPFS CID and checksums |
| 70 | +- Complete transparency artifacts updated **together**: |
| 71 | + - `SPEC.md` |
| 72 | + - `POLICY.md` |
| 73 | + - `SECURITY_PROVENANCE.md` |
| 74 | + - `RESOLUTION.md` |
| 75 | + - `VERSIONING.md` |
60 | 76 |
|
61 | | -CI enforcement is mandatory. |
| 77 | +**Atomic and provable — or it isn’t real.** |
62 | 78 |
|
63 | 79 | --- |
64 | 80 |
|
65 | 81 | ## 5. ENS TXT Enforcement |
66 | 82 |
|
67 | | -Council MUST validate: |
| 83 | +Resolvers MUST reject identity bindings when: |
68 | 84 |
|
69 | | -- `cl.verb` matches **implements[0]** |
70 | | -- `cl.version` matches card `version` |
71 | | -- All `cl.schema.*` mappings match `$id` values |
72 | | -- All CID + checksum fields resolve and match |
| 85 | +- TXT keys mismatch card values |
| 86 | +- CIDs or checksums fail |
| 87 | +- Required TXT fields are missing |
73 | 88 |
|
74 | | -Any mismatch → **Resolver MUST reject as untrusted** |
| 89 | +**Correct TXT = trusted identity** |
| 90 | +**Anything else = untrusted.** |
75 | 91 |
|
76 | 92 | --- |
77 | 93 |
|
78 | | -## 6. Security Oversight |
| 94 | +## 6. Security Governance |
79 | 95 |
|
80 | | -Governance responsibilities include: |
| 96 | +Responsibilities: |
81 | 97 |
|
82 | | -- Enforcing policies in: |
| 98 | +- Enforce security requirements under: |
83 | 99 | - `SECURITY.md` |
84 | 100 | - `SECURITY_PROVENANCE.md` |
85 | | -- Revoking compromised artifacts |
86 | | -- Requiring replacement CID publication |
87 | | -- Maintaining audit trail in `RESOLUTION.md` |
| 101 | +- Respond to incidents within **7 days** |
| 102 | +- Record revocations transparently |
| 103 | +- Require signed replacements for compromised artifacts |
88 | 104 |
|
89 | | -Security reports MUST receive a response within **7 days**. |
| 105 | +Emergency revocations MAY bypass full review |
| 106 | +if required to protect the network. |
90 | 107 |
|
91 | 108 | --- |
92 | 109 |
|
93 | | -## 7. Dispute / Revocation Handling |
| 110 | +## 7. Dispute Resolution |
94 | 111 |
|
95 | | -If an artifact becomes compromised: |
| 112 | +If an artifact or claim is contested: |
96 | 113 |
|
97 | | -1. Record revocation in `RESOLUTION.md` |
98 | | -2. Mark deprecated or blocked in metadata |
99 | | -3. Update ENS TXT with appropriate state |
100 | | -4. Issue a new signed replacement version if viable |
| 114 | +1. Log issue publicly |
| 115 | +2. Review evidence and ecosystem impact |
| 116 | +3. Decide outcome via steward + public comment |
| 117 | +4. Log resolution action in `RESOLUTION.md` |
101 | 118 |
|
102 | | -Council judgment is final. |
| 119 | +**Collaborative — not arbitrary.** |
103 | 120 |
|
104 | 121 | --- |
105 | 122 |
|
106 | 123 | ## 8. Compatibility Claims |
107 | 124 |
|
108 | 125 | Software MAY claim: |
109 | 126 |
|
110 | | -- **Protocol-Commons-Compatible** |
| 127 | +- **Commons-Compatible** |
111 | 128 | - **Agent-Cards-Compatible** |
112 | 129 |
|
113 | | -…only if it completely: |
114 | | - |
115 | | -- Resolves ENS TXT → identity → schemas |
116 | | -- Validates all artifacts in strict mode |
117 | | -- Enforces trace and status guarantees |
118 | | -- Invokes via x402 canonical `entry` URIs |
119 | | - |
120 | | -False claims are governance violations. |
121 | | - |
122 | | ---- |
123 | | - |
124 | | -## 9. Transparency Artifacts |
| 130 | +…only if ALL of the following hold: |
125 | 131 |
|
126 | | -| Doc | Purpose | |
127 | | -|-----|---------| |
128 | | -| `SPEC.md` | Normative standard requirements | |
129 | | -| `POLICY.md` | Publication + correctness rules | |
130 | | -| `RESOLUTION.md` | Lifecycle + incident log | |
131 | | -| `SECURITY.md` | Incident intake + expectations | |
132 | | -| `SECURITY_PROVENANCE.md` | CID + checksum signing | |
133 | | -| `VERSIONING.md` | Change class mapping | |
| 132 | +✔ ENS TXT → Card → Schema → CID validation |
| 133 | +✔ Ajv strict JSON Schema conformance |
| 134 | +✔ Canonical x402 entry format |
| 135 | +✔ Trace echo + status rules enforced |
134 | 136 |
|
135 | | -All MUST be updated atomically with each release. |
| 137 | +False compatibility claims are governance violations. |
136 | 138 |
|
137 | 139 | --- |
138 | 140 |
|
139 | | -_Last updated: v1.0.0 Stable-Lock_ |
140 | | -Signed: **commandlayer.eth** |
| 141 | +_Last updated: v1.0.0 — Stable-Lock_ |
| 142 | +Signed: **commandlayer.eth** |
| 143 | +*Founding Steward — CommandLayer Standards* |
0 commit comments