Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
9a62cf6
chore(release): bump package version to 0.8.1
fraware Jun 29, 2026
f5e4648
chore(release): align scope._version with 0.8.1
fraware Jun 29, 2026
4a00a7e
feat(akta): bump AKTA review contract to scope-akta-review-v0.8.1
fraware Jun 29, 2026
49ce348
test: expect packet_version 0.8.1 in golden and pilot packets
fraware Jun 29, 2026
56b4c69
test: expect scope-akta-review-v0.8.1 adapter contract in summaries
fraware Jun 29, 2026
038eb17
feat(schema): restrict completed AKTA summary to status completed
fraware Jun 29, 2026
a7f16db
feat(schema): restrict session AKTA summary to status session_required
fraware Jun 29, 2026
13f08dc
feat(akta): centralize resolve_reviewer_id for all entry points
fraware Jun 29, 2026
c66243b
test(akta): assert completed status on summary contract fixtures
fraware Jun 29, 2026
a83d78f
test(akta): cover split summary schemas and validate_summary_artifact
fraware Jun 29, 2026
1904d1c
chore(pilot): align single_reviewer_protocol_draft summary with contract
fraware Jun 29, 2026
bd23163
chore(pilot): align registry_signed_decision summary with contract
fraware Jun 29, 2026
b608020
chore(pilot): align multi_role_genomics_review summary with contract
fraware Jun 29, 2026
1b3675c
feat(schema): require session grant provenance when IAL markers present
fraware Jun 29, 2026
178e971
feat(grants): validate session grant provenance at runtime
fraware Jun 29, 2026
0430a67
feat(grants): wire session provenance checks in grant issuance
fraware Jun 29, 2026
a9ebeee
test(grants): require full session provenance on session grants
fraware Jun 29, 2026
6ce0fd5
test(grants): update session provenance aggregation expectations
fraware Jun 29, 2026
4105dac
test(akta): cover centralized resolve_reviewer_id helper
fraware Jun 29, 2026
eae6e3f
feat(pilot): add offline pilot fixture verification script
fraware Jun 29, 2026
a48ed97
ci: run pilot fixture verifier on Windows CI
fraware Jun 29, 2026
011a220
ci: run pilot fixture verifier on Unix CI
fraware Jun 29, 2026
9f83564
chore(pilot): add verification manifest for single reviewer draft
fraware Jun 29, 2026
5101467
chore(pilot): add verification manifest for registry signed decision
fraware Jun 29, 2026
e04bda9
chore(pilot): add verification manifest for multi-role genomics review
fraware Jun 29, 2026
08bd440
chore(pilot): add verification manifest for needs information flow
fraware Jun 29, 2026
fead648
chore(pilot): add verification manifest for expired queue reopen
fraware Jun 29, 2026
c625de9
test(pilot): integrate manifest verification into fixture tests
fraware Jun 29, 2026
8aa147f
docs(pilot): document manifest and expected_verification fixtures
fraware Jun 29, 2026
3005f01
docs: document split AKTA summary contract in akta_review_contract
fraware Jun 29, 2026
a1789cb
docs: note v0.8.1 contract changes in limitations
fraware Jun 29, 2026
59ce02c
docs: update external integration contracts for v0.8.1
fraware Jun 29, 2026
240e810
docs: refresh AKTA demo doc for v0.8.1
fraware Jun 29, 2026
50f2046
docs: bump README release badge to v0.8.1
fraware Jun 29, 2026
564f682
docs: refresh package docstring for v0.8.1
fraware Jun 29, 2026
42b77fa
docs(changelog): add v0.8.1 release notes
fraware Jun 29, 2026
e078d02
fix(ci): resolve Linux CI failure for v0.8.1
fraware Jun 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Changelog

## v0.8.1 (2026-06-29)

Contract hardening and verifiable pilot fixtures:

- **Summary contract split**: `scope_akta_review_summary.schema.json` (status `completed` only) and `scope_akta_review_session_summary.schema.json` (status `session_required` only); consumers branch on `summary.status`; `validate_summary_artifact()` in `scope/akta_review.py`
- **Conditional session grant provenance**: `scope_grant.schema.json` if/then requires full session provenance block when `contributing_identity_assurance_levels` present; runtime check in `scope/session_provenance.py`
- **Reviewer-ID binding**: centralized `resolve_reviewer_id()` used by CLI, REST, and Python API
- **Verifiable pilot fixture pack**: `manifest.json` and `expected_verification.json` per scenario; `scripts/verify_pilot_fixtures.py` for offline validation
- AKTA review contract bumped to `scope-akta-review-v0.8.1` (incompatible summary schema split)

## v0.8.0 (2026-06-29)

Session workflow and provenance release:
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

**Scoped authorization for AI-shaped scientific work**

[![Version](https://img.shields.io/badge/version-0.8.0-blue)](https://github.com/fraware/SCOPE/releases)
[![Version](https://img.shields.io/badge/version-0.8.1-blue)](https://github.com/fraware/SCOPE/releases)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
[![CI](https://github.com/fraware/SCOPE/actions/workflows/ci.yml/badge.svg)](https://github.com/fraware/SCOPE/actions/workflows/ci.yml)
Expand Down
45 changes: 33 additions & 12 deletions docs/akta_review_contract.md
Original file line number Diff line number Diff line change
@@ -1,37 +1,49 @@
# AKTA Review Output Contract

SCOPE v0.8 freezes the `scope akta review` output contract under `out_dir/`.
SCOPE v0.8.1 splits the `scope akta review` output contract by `summary.status`.

## Branching rule

Consumers **must** branch on `summary.status`:

| `summary.status` | Schema | Artifacts |
|------------------|--------|-----------|
| `completed` | `schemas/scope_akta_review_summary.schema.json` | packet, decision, grant, summary |
| `session_required` | `schemas/scope_akta_review_session_summary.schema.json` | packet, summary only |

The two schemas are mutually exclusive: completed summaries cannot carry session fields (`session_id`, `required_roles`, `message`); session summaries cannot carry grant/decision fields (`decision_path`, `grant_path`, `approved_scope`, IAL/SAL, etc.).

Contract version constant: `scope-akta-review-v0.8.1` (`scope.integration_versions.AKTA_REVIEW_CONTRACT_VERSION`).

## Artifacts

| File | Description |
|------|-------------|
| `scope_review_packet.json` | Review packet |
| `scope_decision.json` | Signed or unsigned decision (completed path only) |
| `scope_grant.json` | Issued grant (completed path only) |
| `summary.json` | Adapter summary (validated against schema) |
| `scope_decision.json` | Signed or unsigned decision (`completed` only) |
| `scope_grant.json` | Issued grant (`completed` only) |
| `summary.json` | Adapter summary (schema selected by `status`) |

## summary.json contract (completed review)

Contract version constant: `scope-akta-review-v0.8` (`scope.integration_versions.AKTA_REVIEW_CONTRACT_VERSION`).

Required fields:

```json
{
"status": "completed",
"packet_path": "...",
"decision_path": "...",
"grant_path": "...",
"approved_scope": "...",
"requested_scope": "...",
"adapter_contract_version": "scope-akta-review-v0.8",
"adapter_contract_version": "scope-akta-review-v0.8.1",
"identity_assurance_level": "IAL0",
"signing_assurance_level": "SAL1",
"production_mode": false
}
```

Optional fields: `status`, `packet_id`, `decision_id`, `grant_id`, `allowed_tools`, `blocked_tools`, `decision_type`, `scope_trust_root_hash`, `queue_id`.
Optional fields: `packet_id`, `decision_id`, `grant_id`, `allowed_tools`, `blocked_tools`, `decision_type`, `scope_trust_root_hash`, `queue_id`.

Schema: `schemas/scope_akta_review_summary.schema.json`

Expand All @@ -48,7 +60,7 @@ Required fields:
"session_id": "SCOPE-SESS-...",
"required_roles": ["domain_scientist", "protocol_owner"],
"message": "Multi-role review session created; submit votes before grant issue.",
"adapter_contract_version": "scope-akta-review-v0.8",
"adapter_contract_version": "scope-akta-review-v0.8.1",
"production_mode": false
}
```
Expand All @@ -59,6 +71,8 @@ Schema: `schemas/scope_akta_review_session_summary.schema.json`

Without `--session`, multi-role packets fail with an explicit error directing operators to re-run with `--session` or use `scope review session create`.

Runtime validation: `scope.akta_review.validate_summary_artifact(summary)` selects the schema from `summary.status`.

## Session grant provenance

When a grant is issued from a multi-reviewer session (`issue_grant_from_session`), provenance includes aggregated session fields:
Expand All @@ -72,17 +86,24 @@ When a grant is issued from a multi-reviewer session (`issue_grant_from_session`
| `veto_roles_applied` | Safety veto roles from quorum policy |
| `quorum_policy_hash` | Digest of session quorum policy |

These fields are optional in `schemas/scope_grant.schema.json` (present only on session grants). Single-reviewer grants omit them.
When `contributing_identity_assurance_levels` is present, `schemas/scope_grant.schema.json` requires all session provenance fields. Single-reviewer grants omit them entirely.

Runtime double-check: `scope.session_provenance.validate_session_grant_provenance`.

## Reviewer ID binding

When `--signing-provider registry` is used, pass `--reviewer-id` to bind the registry lookup. If provided, it must match `reviewer.json` `reviewer_id`; mismatch fails before signing.
All entry points (CLI, REST, Python API) call `scope.akta_review.resolve_reviewer_id()` before signing:

- When `--signing-provider registry` is used, pass `--reviewer-id` to bind the registry lookup.
- If provided, it must match `reviewer.json` `reviewer_id`; mismatch fails before signing.
- Registry signing cannot proceed without an explicit, validated reviewer identity.

## Acceptance criteria

`scope akta review` enforces:

- Summary validates against schema (completed or session mode)
- Summary validates against the schema for its `status` branch
- Completed and session summaries cannot be confused
- Overbroad approval fails (approved scope stronger than requested)
- Unsigned production grant fails without signing key/provider
- Missing reviewer authority fails (two-stage RBAC + SCOPE policy)
Expand Down
2 changes: 1 addition & 1 deletion docs/akta_scope_demo.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ Outputs in `/tmp/akta_review_out/`:
| `scope_grant.json` | Bounded authorization grant |
| `summary.json` | Machine-readable contract summary (validated against schema) |

`summary.json` includes `adapter_contract_version` (`scope-akta-review-v0.7`), `identity_assurance_level`, `signing_assurance_level`, and `production_mode`.
`summary.json` includes `adapter_contract_version` (`scope-akta-review-v0.8.1`), branches on `status` (`completed` or `session_required`), and records `identity_assurance_level`, `signing_assurance_level`, and `production_mode` on completed summaries.

SCOPE rejects overbroad `--grant-scope` values against the packet's `requested_scope`.

Expand Down
15 changes: 11 additions & 4 deletions docs/external_integration_contracts.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,18 @@ Evidence vocabulary mapping: [evidence_vocab_mapping.md](evidence_vocab_mapping.
| File | Description |
|------|-------------|
| `scope_review_packet.json` | Review packet |
| `scope_decision.json` | Decision (signed in production mode) |
| `scope_grant.json` | Issued grant |
| `summary.json` | Adapter summary validated against `schemas/scope_akta_review_summary.schema.json` |
| `scope_decision.json` | Decision (signed in production mode; `completed` only) |
| `scope_grant.json` | Issued grant (`completed` only) |
| `summary.json` | Adapter summary; schema selected by `summary.status` |

Contract version: `scope-akta-review-v0.7`. Required `summary.json` fields include `adapter_contract_version`, `identity_assurance_level`, `signing_assurance_level`, and `production_mode`.
Contract version: `scope-akta-review-v0.8.1`. Branch on `summary.status`:

| `summary.status` | Schema |
|------------------|--------|
| `completed` | `schemas/scope_akta_review_summary.schema.json` (paths, IAL/SAL, approved scope) |
| `session_required` | `schemas/scope_akta_review_session_summary.schema.json` (session_id, required_roles; no decision/grant artifacts) |

Runtime validation: `scope.akta_review.validate_summary_artifact(summary)`.

Full contract: [akta_review_contract.md](akta_review_contract.md).

Expand Down
11 changes: 10 additions & 1 deletion docs/limitations.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,21 @@
# Limitations

## Implemented in v0.8.1

- Summary contract split: `completed` vs `session_required` schemas; consumers branch on `summary.status`
- `validate_summary_artifact()` on all AKTA review write paths (CLI, REST, Python API)
- Conditional session grant provenance: schema if/then plus runtime check in `scope/session_provenance.py`
- Centralized `resolve_reviewer_id()` for CLI, REST, and Python API
- Verifiable pilot fixtures: per-scenario `manifest.json`, `expected_verification.json`, and `scripts/verify_pilot_fixtures.py`
- AKTA review contract `scope-akta-review-v0.8.1` (incompatible summary schema split; supersedes v0.8.0 contract shape)

## Implemented in v0.8

- `scope akta review --session` for multi-role packets: session summary schema, explicit failure without `--session`
- `--reviewer-id` binding for registry signing (must match reviewer artifact)
- Session grant provenance aggregation: contributing IAL/SAL, authority checks, veto roles, quorum policy hash
- Pilot fixture pack under `examples/pilot/` (five institutional scenarios)
- Policy bundle `scope-core-v0.8`; AKTA review contract `scope-akta-review-v0.8`
- Policy bundle `scope-core-v0.8`

## Implemented in v0.7

Expand Down
12 changes: 9 additions & 3 deletions examples/pilot/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# SCOPE Pilot Fixture Pack (v0.8)
# SCOPE Pilot Fixture Pack (v0.8.1)

Institutional pilot scenarios generated with SCOPE v0.8 CLI and engine APIs. Each subdirectory is self-contained with review artifacts, queue state where applicable, rendered packet markdown, and a quality report snippet.
Institutional pilot scenarios generated with SCOPE v0.8.1 CLI and engine APIs. Each subdirectory is self-contained with review artifacts, queue state where applicable, rendered packet markdown, and a quality report snippet.

| Scenario | Directory | Highlights |
|----------|-----------|------------|
Expand All @@ -10,4 +10,10 @@ Institutional pilot scenarios generated with SCOPE v0.8 CLI and engine APIs. Eac
| Needs information flow | [needs_information_flow](needs_information_flow/) | `needs_information` to `in_review` |
| Registry-signed decision | [registry_signed_decision](registry_signed_decision/) | `--signing-provider registry --reviewer-id` |

Policy bundle: `scope-core-v0.8`. AKTA review contract: `scope-akta-review-v0.8`.
Policy bundle: `scope-core-v0.8`. AKTA review contract: `scope-akta-review-v0.8.1`.

Each scenario includes `manifest.json` (artifact inventory and schema versions) and `expected_verification.json` (checksums, status values, queue states). Verify offline:

```bash
python scripts/verify_pilot_fixtures.py
```
21 changes: 21 additions & 0 deletions examples/pilot/expired_queue_reopen/expected_verification.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"checksums": {
"quality_report_snippet.json": "sha256:a6906f08514b0fe2b9e20ff574a388ab6e4298ee627e3c4d8b5313ad94fff778",
"review_queue_expired.json": "sha256:84e4a0b4b1bae21342a03f5beda110d0659cd4b3293cbf5ad7f5ea90c6c8e123",
"review_queue_reopened.json": "sha256:f1a30e848026ca360bcaa0cc5983cb4677a74a04b549967e4a67ad9a913cbfae",
"scope_review_packet.json": "sha256:0d575e95909dad39bd40df93d336acc140495ba812be5aaaec4277359772b4d1"
},
"quality_report_snippet": {
"policy_version": "scope-core-v0.8"
},
"queue_states": {
"review_queue_expired.json": {
"packet_id": "SCOPE-PKT-2F8C44",
"status": "expired"
},
"review_queue_reopened.json": {
"packet_id": "SCOPE-PKT-2F8C44",
"status": "open"
}
}
}
22 changes: 22 additions & 0 deletions examples/pilot/expired_queue_reopen/manifest.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"scenario": "expired_queue_reopen",
"scope_version": "0.8.1",
"policy_version": "scope-core-v0.8",
"artifacts": [
{
"path": "scope_review_packet.json",
"schema": "scope_packet.schema.json"
},
{
"path": "review_queue_expired.json",
"schema": "scope_review_queue.schema.json"
},
{
"path": "review_queue_reopened.json",
"schema": "scope_review_queue.schema.json"
},
{
"path": "quality_report_snippet.json"
}
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"checksums": {
"quality_report_snippet.json": "sha256:c949d9e671baa36c95d6c8bb20fb0f30e571173835dff2bc269a4c9d95da8051",
"scope_review_packet.json": "sha256:654292d3b72dfef1fbd5aa38ed191abdfdab4b3a7244255226fa8e74fb9752ac",
"summary.json": "sha256:9061c4c9d4e517d5ed60ce562fcdbe2bb0fc2d98143ad3d3b9826e090dbda9b3"
},
"forbidden_files": [
"scope_grant.json"
],
"quality_report_snippet": {
"policy_version": "scope-core-v0.8"
},
"summary": {
"adapter_contract_version": "scope-akta-review-v0.8.1",
"status": "session_required"
}
}
25 changes: 25 additions & 0 deletions examples/pilot/multi_role_genomics_review/manifest.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"scenario": "multi_role_genomics_review",
"scope_version": "0.8.1",
"policy_version": "scope-core-v0.8",
"akta_review_contract_version": "scope-akta-review-v0.8.1",
"artifacts": [
{
"path": "scope_review_packet.json",
"schema": "scope_packet.schema.json"
},
{
"path": "summary.json",
"schema": "scope_akta_review_session_summary.schema.json"
},
{
"path": "decision_protocol_owner.json"
},
{
"path": "decision_domain_scientist.json"
},
{
"path": "quality_report_snippet.json"
}
]
}
2 changes: 1 addition & 1 deletion examples/pilot/multi_role_genomics_review/summary.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"adapter_contract_version": "scope-akta-review-v0.8",
"adapter_contract_version": "scope-akta-review-v0.8.1",
"message": "Multi-role review session created; submit votes before grant issue.",
"packet_id": "SCOPE-PKT-42A16F",
"packet_path": "examples/pilot/multi_role_genomics_review/scope_review_packet.json",
Expand Down
21 changes: 21 additions & 0 deletions examples/pilot/needs_information_flow/expected_verification.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"checksums": {
"quality_report_snippet.json": "sha256:a6906f08514b0fe2b9e20ff574a388ab6e4298ee627e3c4d8b5313ad94fff778",
"review_queue_in_review.json": "sha256:a9dd176ba8d1dbe31e904e662a48d42875437136874f16807beb70d098068e14",
"review_queue_needs_information.json": "sha256:287003adb074f06d01f5f76d9c00255ebcf2e10a4a34ab77453011817d75b871",
"scope_review_packet.json": "sha256:fa8aa72047c2bbc29ec2e8b214ac2dfc8ee8b97c080a2286321f746496018960"
},
"quality_report_snippet": {
"policy_version": "scope-core-v0.8"
},
"queue_states": {
"review_queue_in_review.json": {
"packet_id": "SCOPE-PKT-92CBAD",
"status": "in_review"
},
"review_queue_needs_information.json": {
"packet_id": "SCOPE-PKT-92CBAD",
"status": "needs_information"
}
}
}
22 changes: 22 additions & 0 deletions examples/pilot/needs_information_flow/manifest.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"scenario": "needs_information_flow",
"scope_version": "0.8.1",
"policy_version": "scope-core-v0.8",
"artifacts": [
{
"path": "scope_review_packet.json",
"schema": "scope_packet.schema.json"
},
{
"path": "review_queue_needs_information.json",
"schema": "scope_review_queue.schema.json"
},
{
"path": "review_queue_in_review.json",
"schema": "scope_review_queue.schema.json"
},
{
"path": "quality_report_snippet.json"
}
]
}
17 changes: 17 additions & 0 deletions examples/pilot/registry_signed_decision/expected_verification.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"checksums": {
"quality_report_snippet.json": "sha256:a6906f08514b0fe2b9e20ff574a388ab6e4298ee627e3c4d8b5313ad94fff778",
"scope_decision.json": "sha256:1627726d073cff8ff14ac149e8ed9be94e3b2a5f55596885925ea4f77e2a74e9",
"scope_grant.json": "sha256:cafe5cccb559769e20c3a5d1ef0242f3f388db66ce80161cffe6a01b5d3bde1c",
"scope_review_packet.json": "sha256:84eba11c3b0632906d74334b4c93b7a6630ddb7ed65441d22f25c14eb2ea1f8e",
"summary.json": "sha256:8b06e3c0832d779ce361ca91e8720e455b7dd291c4fafda0505896920d072132"
},
"quality_report_snippet": {
"policy_version": "scope-core-v0.8"
},
"summary": {
"adapter_contract_version": "scope-akta-review-v0.8.1",
"approved_scope": "protocol_draft",
"status": "completed"
}
}
27 changes: 27 additions & 0 deletions examples/pilot/registry_signed_decision/manifest.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"scenario": "registry_signed_decision",
"scope_version": "0.8.1",
"policy_version": "scope-core-v0.8",
"akta_review_contract_version": "scope-akta-review-v0.8.1",
"artifacts": [
{
"path": "scope_review_packet.json",
"schema": "scope_packet.schema.json"
},
{
"path": "scope_decision.json",
"schema": "scope_decision.schema.json"
},
{
"path": "scope_grant.json",
"schema": "scope_grant.schema.json"
},
{
"path": "summary.json",
"schema": "scope_akta_review_summary.schema.json"
},
{
"path": "quality_report_snippet.json"
}
]
}
2 changes: 1 addition & 1 deletion examples/pilot/registry_signed_decision/summary.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"adapter_contract_version": "scope-akta-review-v0.8",
"adapter_contract_version": "scope-akta-review-v0.8.1",
"allowed_tools": [
"protocol_editor.draft_change"
],
Expand Down
Loading
Loading