Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
142 commits
Select commit Hold shift + click to select a range
5af8581
chore(release): bump package version to 0.7.0
fraware Jun 28, 2026
1b3a10f
chore(release): set __version__ to 0.7.0
fraware Jun 28, 2026
38adbd7
feat(identity): add identity assurance levels IAL0 through IAL4
fraware Jun 28, 2026
a2f4b72
feat(identity): add identity assurance JSON schema
fraware Jun 28, 2026
0b2a8db
test(identity): cover assurance resolution and provenance merge
fraware Jun 28, 2026
be2fe20
docs(identity): document assurance levels and enforcement
fraware Jun 28, 2026
ccc809a
feat(authority): separate scope and policy decision gates
fraware Jun 28, 2026
c236961
feat(rbac): harden role checks and delegation expiry
fraware Jun 28, 2026
3fc9142
test(rbac): assert scope and action authority boundaries
fraware Jun 28, 2026
47ed604
docs(rbac): document scope authority separation
fraware Jun 28, 2026
9eb83a5
feat(ledger): add delivery modes, spool, and remote sink hardening
fraware Jun 28, 2026
4d184c9
feat(ledger): track delivery state and fail_closed grant emission
fraware Jun 28, 2026
ed95aa3
feat(quality): expose ledger_delivery_failure_count metric
fraware Jun 28, 2026
d6a66ea
test(ledger): cover spool replay and fail_closed delivery
fraware Jun 28, 2026
03bedd3
feat(queue): add review workflow state machine helpers
fraware Jun 28, 2026
0a6218e
feat(queue): extend review queue schema for workflow states
fraware Jun 28, 2026
a2fcf24
feat(queue): enforce valid status transitions on queue updates
fraware Jun 28, 2026
7bf9ffc
feat(queue): wire escalation rules to workflow states
fraware Jun 28, 2026
e2df667
feat(queue): show workflow state in queue dashboard render
fraware Jun 28, 2026
05b68b9
feat(cli): add review queue state transition commands
fraware Jun 28, 2026
3d2ed86
test(queue): cover forbidden transitions and happy path
fraware Jun 28, 2026
b9a1287
feat(signing): add signing assurance levels and policy gate
fraware Jun 28, 2026
e752945
policy(signing): add minimum signing assurance defaults
fraware Jun 28, 2026
5a0cc80
feat(signing): register env and HSM provider hooks for assurance
fraware Jun 28, 2026
a58c38f
test(signing): cover SAL tiers and production minimum enforcement
fraware Jun 28, 2026
7f249de
docs(signing): document signing assurance levels
fraware Jun 28, 2026
76d2e96
feat(akta): freeze review summary contract schema
fraware Jun 28, 2026
523e6e9
feat(akta): emit contract-stable review summaries
fraware Jun 28, 2026
b5bd934
chore(akta): bump integration contract version constant
fraware Jun 28, 2026
5cc9835
test(akta): lock review summary contract shape
fraware Jun 28, 2026
998bf7f
docs(akta): document frozen review summary contract
fraware Jun 28, 2026
ee3afaf
feat(engine): wire identity, authority, and assurance into ScopeEngine
fraware Jun 28, 2026
50b59f4
test(evals): add identity assurance caller IAL0 scenario
fraware Jun 28, 2026
8193acc
test(evals): add queue invalid transition scenario
fraware Jun 28, 2026
23e9710
test(evals): add fail_closed grant blocked scenario
fraware Jun 28, 2026
1baf563
test(evals): extend runner for v0.7 institutional scenarios
fraware Jun 28, 2026
cab1262
test(decisions): cover session grant provenance finalization
fraware Jun 28, 2026
f6686e0
test(review-queue): align queue tests with workflow states
fraware Jun 28, 2026
d5ebb37
test(rest): adjust API tests for v0.7 queue and ledger behavior
fraware Jun 28, 2026
6ae68b8
test(institutional): update pilot fixtures expectations
fraware Jun 28, 2026
1684dc5
test(akta): refresh golden and command tests for contract
fraware Jun 28, 2026
dfa0714
test(eval): sync extended eval harness assertions
fraware Jun 28, 2026
c48951f
test(metrics): update quality metrics fixtures
fraware Jun 28, 2026
3251eb2
test(signing): align identity signing tests with assurance
fraware Jun 28, 2026
48e7db3
test(keys): update key registry expectations
fraware Jun 28, 2026
531867d
policy(v0.7): refresh approval_scopes.yaml for pilot bundle
fraware Jun 28, 2026
8ccbe8a
policy(v0.7): refresh blocked_tool_severity.yaml for pilot bundle
fraware Jun 28, 2026
eebbbea
policy(v0.7): refresh decision_options.yaml for pilot bundle
fraware Jun 28, 2026
d20da64
policy(v0.7): refresh expiration_rules.yaml for pilot bundle
fraware Jun 28, 2026
6e06e2f
policy(v0.7): refresh identity_mapping.yaml for pilot bundle
fraware Jun 28, 2026
4b4bf89
policy(v0.7): refresh org_rbac.yaml for pilot bundle
fraware Jun 28, 2026
c3bb5c5
policy(v0.7): refresh quality_metrics.yaml for pilot bundle
fraware Jun 28, 2026
d5570a6
policy(v0.7): refresh reviewer_assignments.yaml for pilot bundle
fraware Jun 28, 2026
6621a7f
policy(v0.7): refresh reviewer_key_registry.yaml for pilot bundle
fraware Jun 28, 2026
9582f56
policy(v0.7): refresh reviewer_roles.yaml for pilot bundle
fraware Jun 28, 2026
c178e4d
policy(v0.7): refresh role_to_action_matrix.yaml for pilot bundle
fraware Jun 28, 2026
9f39384
policy(v0.7): refresh scope_to_tool_matrix.yaml for pilot bundle
fraware Jun 28, 2026
21cae33
policy(v0.7): refresh workflow_escalation.yaml for pilot bundle
fraware Jun 28, 2026
3de7068
chore(examples): refresh institutional pilot artifacts
fraware Jun 28, 2026
33496cd
chore(examples): bump context versions in protocol change review
fraware Jun 28, 2026
200e3fe
chore(examples): bump context versions in protocol drift
fraware Jun 28, 2026
059480d
chore(examples): bump stale grant attempt contexts
fraware Jun 28, 2026
88b297c
chore(examples): bump weak evidence review context
fraware Jun 28, 2026
1c765d7
docs: note v0.7 institutional limitations
fraware Jun 28, 2026
f564b86
docs: clarify trusted boundary for v0.7
fraware Jun 28, 2026
970cb9a
docs: update README for v0.7 pilot features
fraware Jun 28, 2026
ca164a1
docs(changelog): add v0.7.0 institutional pilot hardening notes
fraware Jun 28, 2026
330635b
feat(schema): extend decision provenance for identity and authority a…
fraware Jun 28, 2026
8e6e85d
feat(schema): mirror grant provenance fields for authority_checks
fraware Jun 28, 2026
25facf2
feat(schema): add identity_source to identity assurance records
fraware Jun 28, 2026
e044a2d
feat(schema): document production_mode on AKTA review summary
fraware Jun 28, 2026
6761a82
feat(schema): allow escalation metadata on review queue entries
fraware Jun 28, 2026
ca4b770
feat(authority): record authority_checks separate from RBAC permission
fraware Jun 28, 2026
04c53b7
feat(identity): align identity_source with role_resolution_source
fraware Jun 28, 2026
d2f26a3
fix(validation): defer schema validation until provenance is merged
fraware Jun 28, 2026
9125143
feat(engine): wire authority provenance, IAL1 signing, and queue work…
fraware Jun 28, 2026
14badb5
feat(review): support information_received queue transition
fraware Jun 28, 2026
be4592c
feat(review): persist escalation reason and actor on queue entries
fraware Jun 28, 2026
8dbe4cf
feat(dashboard): style review queue states for operator clarity
fraware Jun 28, 2026
57289bf
feat(akta): include production_mode in review summary artifact
fraware Jun 28, 2026
b80dd9c
feat(cli): expose queue information_received and escalation options
fraware Jun 28, 2026
2dd19be
feat(rest): add review queue transition endpoints
fraware Jun 28, 2026
e04f2ff
test(authority): cover authority_checks provenance on decisions
fraware Jun 28, 2026
2f97f7f
test(identity): expand IAL resolution and local signed paths
fraware Jun 28, 2026
32a87a3
test(akta): assert signed summary and production_mode contract
fraware Jun 28, 2026
c44972a
test(review): cover information_received and escalation ledger
fraware Jun 28, 2026
3c6beb6
test(dashboard): render extended review queue workflow states
fraware Jun 28, 2026
f120124
test(rest): exercise queue transitions and validation errors
fraware Jun 28, 2026
d8a8ee3
test(session): propagate authority provenance into session grants
fraware Jun 28, 2026
fd70491
ci: run extended eval scenarios in PowerShell pipeline
fraware Jun 28, 2026
68b6269
ci: run extended eval scenarios in shell pipeline
fraware Jun 28, 2026
3b6f1a8
feat(evals): extend runner for AKTA, OIDC, and SAL scenarios
fraware Jun 28, 2026
4dac6f6
test(evals): expect 21 extended review-case scenarios
fraware Jun 28, 2026
596241c
eval: add local signed IAL1 identity assurance scenario
fraware Jun 28, 2026
d8486d6
eval: add signed AKTA review summary scenario
fraware Jun 28, 2026
8dccfa6
eval: tighten IAL0 caller-supplied identity scenario
fraware Jun 28, 2026
f76300d
eval: assert IAL3 on OIDC mock identity path
fraware Jun 28, 2026
bb2bff1
eval: align production signing sequence with SAL1 policy
fraware Jun 28, 2026
d805668
docs(readme): pilot onboarding for v0.7 assurance features
fraware Jun 28, 2026
efc11d9
docs(pilot): update institutional pilot guide for v0.7
fraware Jun 28, 2026
4c508a2
docs(rbac): document authority_checks two-stage model
fraware Jun 28, 2026
651a04b
docs(identity): describe identity_source and IAL aliases
fraware Jun 28, 2026
fff1b6c
docs(akta): note production_mode on review summary contract
fraware Jun 28, 2026
c00bf78
docs(changelog): record v0.7 audit and assurance fixes
fraware Jun 28, 2026
5ee3a2d
docs(examples): refresh institutional pilot example README
fraware Jun 28, 2026
e68c24f
docs(readme): polish landing page for v0.7 release
fraware Jun 28, 2026
f945135
docs(trusted_boundary): clarify in-repo vs external trust
fraware Jun 28, 2026
c6cac89
docs(limitations): state non-goals and deployment boundaries
fraware Jun 28, 2026
84ada71
docs(identity_assurance): refine IAL tiers for operators
fraware Jun 28, 2026
e144828
docs(rbac): tighten scope authority role rules
fraware Jun 28, 2026
4b58ba7
docs(signing): document SAL tiers and production gates
fraware Jun 28, 2026
c3561cd
docs(akta): sharpen review packet contract
fraware Jun 28, 2026
95ae0a0
docs(akta): update integration walkthrough
fraware Jun 28, 2026
6114530
docs(akta): polish scope demo narrative
fraware Jun 28, 2026
26626f8
docs(integration): unify external adapter contracts
fraware Jun 28, 2026
fdd91b7
docs(keys): clarify registry and rotation guidance
fraware Jun 28, 2026
8f6d1cf
docs(quality): explain queue and review metrics
fraware Jun 28, 2026
d7d72d3
docs(pilot): streamline institutional onboarding
fraware Jun 28, 2026
aa395b5
docs(reviewer): improve decision workflow guidance
fraware Jun 28, 2026
a605f91
docs(threat): refresh assumptions and mitigations
fraware Jun 28, 2026
db1b1b1
docs(ssa): clarify scoped authorization model
fraware Jun 28, 2026
f973a4c
docs(doctrine): state review principles
fraware Jun 28, 2026
0db2cc7
docs(thesis): refine field narrative for v0.7
fraware Jun 28, 2026
387eeda
docs(pf_core): update obligation bridge notes
fraware Jun 28, 2026
74c8c0a
docs(pcs): document packaging export format
fraware Jun 28, 2026
40aaf0d
docs(evidence): align vocabulary with packet fields
fraware Jun 28, 2026
ec4063c
docs(akta/examples): refresh adapter sample README
fraware Jun 28, 2026
6f47729
docs(pcs/examples): refresh PCS adapter README
fraware Jun 28, 2026
09dc1e5
docs(pf_core/examples): refresh PF-Core adapter README
fraware Jun 28, 2026
0c19614
fix(pf_core): align sample obligation protocol version
fraware Jun 28, 2026
3c96dbd
docs(examples): update institutional pilot scenario README
fraware Jun 28, 2026
62341cd
docs(examples): clarify protocol change review scenario
fraware Jun 28, 2026
c1a7031
docs(examples): clarify protocol drift scenario
fraware Jun 28, 2026
0f3e7fd
docs(examples): clarify publication claim review scenario
fraware Jun 28, 2026
70b215e
docs(examples): clarify queue prioritization scenario
fraware Jun 28, 2026
5238542
docs(examples): clarify stale grant attempt scenario
fraware Jun 28, 2026
5ccd624
docs(examples): clarify weak evidence validation scenario
fraware Jun 28, 2026
229be9d
examples: add domain scientist reviewer fixture
fraware Jun 28, 2026
742d506
examples: add domain scientist decision fixture
fraware Jun 28, 2026
156a323
examples: add protocol owner decision fixture
fraware Jun 28, 2026
d009477
examples(weak_evidence): fix primary decision fixture
fraware Jun 28, 2026
3129519
examples(weak_evidence): add domain scientist decision
fraware Jun 28, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,24 @@
# Changelog

## v0.7.0 (2026-06-28)

Institutional pilot hardening release:

- **Identity assurance (IAL0–IAL4)**: `scope/identity_assurance.py`, provenance on decisions/grants (including session grants), OIDC + org RBAC wiring; `identity_source` and `authority_checks` on decision/grant provenance
- **RBAC vs SCOPE authority separation**: two-stage checks in `scope/authority.py` with explicit `authority_checks` provenance block
- **Ledger delivery semantics**: `best_effort`, `at_least_once`, `fail_closed` modes with spool, `delivery_state`, and fail-closed blocking on high-risk grant issuance
- **Review queue state machine**: explicit transitions (`in_review`, `needs_information`, `escalated`, `expired`, reopen)
- **Signing assurance (SAL0–SAL4)**: minimum policy, production enforcement, HSM/KMS external interface
- **Frozen AKTA review contract**: `summary.json` schema, `scope-akta-review-v0.7` adapter version
- Policy bundle tagged `scope-core-v0.7`

### Audit fixes (pre-release)

- Grant provenance inherits `identity_claim_hash`, `authority_checks`, and `delegation_id` from issuing decisions (including session grants)
- `summary.json` includes `production_mode` on all AKTA review paths; schema and docs aligned
- Review queue: `information_received_at`, escalation reason/actor fields, ledger event on engine escalation
- End-to-end tests and extended evals assert decision/grant provenance field parity

## v0.6.0 (2026-06-28)

Institutional foundations release:
Expand Down
381 changes: 202 additions & 179 deletions README.md

Large diffs are not rendered by default.

33 changes: 30 additions & 3 deletions adapters/akta/examples/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,39 @@

Sample inputs for `adapters/akta/import_record.py` and `import_trigger.py`.

## Fixtures

| File | Description |
|------|-------------|
| `akta_record.json` | Minimal flat record stub |
| `akta_record_nested.json` | Nested v0.4-style record (golden fixture) |
| `akta_review_trigger_v04.json` | v0.4 trigger with alias fields |
| `review_trigger.json` | Simple flat trigger |

Richer scenario fixtures live under [examples/protocol_change_review/](../../examples/protocol_change_review/).

## Primary integration path (v0.7)

```bash
scope akta review \
--akta-record adapters/akta/examples/akta_record_nested.json \
--akta-trigger adapters/akta/examples/akta_review_trigger_v04.json \
--grant-scope protocol_draft \
--reviewer examples/protocol_drift/reviewer_protocol_owner.json \
--decision-rationale "Narrow protocol draft approval only." \
--out-dir /tmp/akta_review_out
```

Output contract: [docs/akta_review_contract.md](../../docs/akta_review_contract.md).

## Low-level Python import

```python
from adapters.akta.import_record import load_akta_record
from adapters.akta.import_trigger import load_review_trigger

record = load_akta_record("adapters/akta/examples/akta_record.json")
trigger = load_review_trigger("adapters/akta/examples/review_trigger.json")
record = load_akta_record("adapters/akta/examples/akta_record_nested.json")
trigger = load_review_trigger("adapters/akta/examples/akta_review_trigger_v04.json")
```

These mirror `examples/protocol_change_review/` fixtures.
Field mappings: [docs/external_integration_contracts.md](../../docs/external_integration_contracts.md).
122 changes: 122 additions & 0 deletions adapters/generic_rest/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,20 @@ class ReviewQueueCloseRequest(BaseModel):
reason: str = ""


class ReviewQueueNeedsInformationRequest(BaseModel):
reason: str = ""


class ReviewQueueCancelRequest(BaseModel):
reason: str = ""


class ReviewQueueEscalateEntryRequest(BaseModel):
reviewer: dict[str, Any] | None = None
reason: str = ""
actor_id: str | None = None


class KeyRegisterRequest(BaseModel):
reviewer_id: str
public_key_path: str
Expand Down Expand Up @@ -208,6 +222,16 @@ def _http_error(exc: Exception) -> HTTPException:
return HTTPException(status_code=400, detail=str(exc))


@app.exception_handler(ScopeValidationError)
async def _scope_validation_handler(_request: Request, exc: ScopeValidationError) -> HTTPException:
raise _http_error(exc)


@app.exception_handler(GrantValidationError)
async def _grant_validation_handler(_request: Request, exc: GrantValidationError) -> HTTPException:
raise _http_error(exc)


@app.get("/v0/health")
def health() -> dict[str, str]:
return {"status": "ok", "version": __version__}
Expand Down Expand Up @@ -460,6 +484,104 @@ def close_review_queue(
return ReviewQueue.load(path).status_summary()


@app.post("/v0/review-queue/{queue_id}/in-review", dependencies=[Depends(_require_api_key)])
def in_review_review_queue(
queue_id: str,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().in_review_review_queue(path)
return ReviewQueue.load(path).status_summary()


@app.post(
"/v0/review-queue/{queue_id}/needs-information",
dependencies=[Depends(_require_api_key)],
)
def needs_information_review_queue(
queue_id: str,
req: ReviewQueueNeedsInformationRequest,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().needs_information_review_queue(path, reason=req.reason)
return ReviewQueue.load(path).status_summary()


@app.post(
"/v0/review-queue/{queue_id}/information-received",
dependencies=[Depends(_require_api_key)],
)
def information_received_review_queue(
queue_id: str,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().information_received_review_queue(path)
return ReviewQueue.load(path).status_summary()


@app.post("/v0/review-queue/{queue_id}/reopen", dependencies=[Depends(_require_api_key)])
def reopen_review_queue(
queue_id: str,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().reopen_review_queue(path)
return ReviewQueue.load(path).status_summary()


@app.post("/v0/review-queue/{queue_id}/expire", dependencies=[Depends(_require_api_key)])
def expire_review_queue(
queue_id: str,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().expire_review_queue(path)
return ReviewQueue.load(path).status_summary()


@app.post("/v0/review-queue/{queue_id}/cancel", dependencies=[Depends(_require_api_key)])
def cancel_review_queue(
queue_id: str,
req: ReviewQueueCancelRequest,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().cancel_review_queue(path, reason=req.reason)
return ReviewQueue.load(path).status_summary()


@app.post("/v0/review-queue/{queue_id}/escalate", dependencies=[Depends(_require_api_key)])
def escalate_review_queue_entry(
queue_id: str,
req: ReviewQueueEscalateEntryRequest,
queue_dir: str | None = None,
) -> dict[str, Any]:
from scope.review_queue import ReviewQueue

path = _find_queue_path(queue_id, queue_dir)
get_engine().escalate_review_queue_entry(
path,
req.reviewer,
reason=req.reason,
actor_id=req.actor_id,
)
return ReviewQueue.load(path).status_summary()


def _policy_dir() -> Path:
return Path(get_engine().policy.policy_dir)

Expand Down
32 changes: 25 additions & 7 deletions adapters/pcs/examples/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,34 @@ Sample PCS release layout produced by `adapters/pcs/export_artifact.py`:
- `scope_decision.json`
- `scope_grant.json`
- `pf_obligation.json`
- `release_manifest.json` (artifact hashes and source IDs)
- `release_manifest.json` (artifact hashes, trust root, registry metadata)

Generate live output:
Manifest version: `pcs-v0.5`. See [docs/pcs_export.md](../../docs/pcs_export.md).

## Generate live output

Use artifacts from [examples/institutional_pilot/](../../examples/institutional_pilot/) or your own grant workflow:

```bash
scope export pcs \
--packet examples/institutional_pilot/scope_packet.json \
--decision examples/institutional_pilot/scope_decision.json \
--grant examples/institutional_pilot/scope_grant.json \
--out dist/pcs_scope_artifact/ \
--validate
```

Optional live contract validation:

```bash
export PCS_CORE_REPO_PATH=/path/to/pcs-core
scope export pcs \
--packet /tmp/packet.json \
--decision /tmp/decision.json \
--grant /tmp/grant.json \
--out dist/pcs_scope_artifact/
--packet examples/institutional_pilot/scope_packet.json \
--decision examples/institutional_pilot/scope_decision.json \
--grant examples/institutional_pilot/scope_grant.json \
--out dist/pcs_scope_artifact/ --validate --live
```

The manifest includes canonical `sha256:` hashes for each artifact file.
The manifest includes canonical `sha256:` hashes for each artifact file plus `scope_trust_root_hash` when policy and registry are configured.

Field mapping: [docs/external_integration_contracts.md](../../docs/external_integration_contracts.md).
25 changes: 20 additions & 5 deletions adapters/pf_core/examples/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,28 @@

Sample output from `adapters/pf_core/export_obligation.py` after issuing a protocol-draft grant.

Generate live output:
Contract version: `pf-core-v0.5`. See [docs/pf_core_bridge.md](../../docs/pf_core_bridge.md).

## Generate live output

After running a grant workflow (e.g. [examples/stale_grant_attempt/](../../examples/stale_grant_attempt/) or [examples/institutional_pilot/](../../examples/institutional_pilot/)):

```bash
scope export pf \
--grant examples/protocol_change_review/scope_grant.json \
--out dist/pf_obligation.json
--grant examples/institutional_pilot/scope_grant.json \
--out dist/pf_obligation.json \
--validate
```

Or from Python:
Optional live contract validation:

```bash
export PF_CORE_REPO_PATH=/path/to/pf-core
scope export pf --grant examples/institutional_pilot/scope_grant.json \
--out dist/pf_obligation.json --validate --live
```

## Python API

```python
from adapters.pf_core.export_obligation import export_pf_obligation
Expand All @@ -19,4 +32,6 @@ import json
obligation = export_pf_obligation(json.load(open("scope_grant.json")))
```

See `pf_obligation.json` in this directory for the expected shape.
## Sample shape

See `pf_obligation.json` in this directory for a representative obligation layout. Regenerate from a live grant for current contract fields and signature metadata.
2 changes: 1 addition & 1 deletion adapters/pf_core/examples/pf_obligation.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"obligation_version": "pf-core-v0.1",
"obligation_version": "pf-core-v0.5",
"grant_id": "SCOPE-GRANT-EXAMPLE",
"grant_hash": "sha256:example",
"permitted_tools": ["protocol_editor.draft_change"],
Expand Down
32 changes: 31 additions & 1 deletion docs/akta_integration.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,32 @@

SCOPE begins when AKTA returns `review_required` or `authorization_required`.

## Primary integration path

For packet → decision → grant in one step, use:

```bash
scope akta review \
--akta-record path/to/akta_record.json \
--akta-trigger path/to/review_trigger.json \
--grant-scope protocol_draft \
--reviewer path/to/reviewer.json \
--decision-rationale "Rationale text." \
--out-dir /tmp/akta_review_out
```

REST equivalent: `POST /v0/akta/review`.

Output contract: [akta_review_contract.md](akta_review_contract.md). Full demo: [akta_scope_demo.md](akta_scope_demo.md). Field mappings: [external_integration_contracts.md](external_integration_contracts.md).

## Inputs

- **AKTA Record** — scientific action context, artifacts, constraints
- **Review trigger** — requested tool, action type, admissibility

## Adapter
Golden fixtures: `adapters/akta/examples/` (see [adapters/akta/examples/README.md](../adapters/akta/examples/README.md)).

## Low-level adapter (Python)

```python
from adapters.akta.import_trigger import load_review_trigger
Expand All @@ -18,10 +38,20 @@ engine = ScopeEngine.from_policy_dir("policy/")
packet = engine.create_packet("akta_record.json", trigger)
```

Use this path when you need custom packet enrichment (VSA reports, manual review steps) before decision submit.

## Required trigger fields

- `scientific_action_type` (e.g. `A5_protocol_modification`)
- `akta_admissibility` (`review_required` or `authorization_required`)
- `requested_tool`

SCOPE resolves required reviewer roles from `policy/role_to_action_matrix.yaml`.

## v0.7 provenance on review output

Decisions and grants from `scope akta review` record:

- Identity assurance level (IAL0–IAL4) — see [identity_assurance.md](identity_assurance.md)
- Signing assurance level (SAL0–SAL4) — see [signing_assurance.md](signing_assurance.md)
- Two-stage `authority_checks` when RBAC is enforced — see [rbac_scope_authority.md](rbac_scope_authority.md)
Loading
Loading