Skip to content

RFC: formal contract for read-only adapters for external providers #7

Description

@klssxx

Context

THEKEY may consume outputs from external providers (compilers, linters, prompt optimizers) without executing them. NPSC is the reference read-only adapter. There is no formal, versioned contract that external adapters must satisfy.

Requisito o riesgo al que responde

  • Requisito: THEKEY_CONTRACT §4 (verifier does not trust the implementer) + §5 — an external adapter is untrusted input by design.
  • Riesgo cubierto: THREAT-T4 (untrusted input via adapter) — without a contract, a new adapter could assume privileges THEKEY never grants.

Impacto si no se resuelve

Each new adapter reinvents the boundary; contributors may couple to the core or assume write access, defeating the read-only guarantee.

Acceptance criteria

  • A versioned adapter contract doc under governance/ defining: input schema, output schema, read-only guarantee, no-execution rule, error envelope.
  • A conformance test that any adapter must pass to be accepted.
  • NPSC adapter updated to satisfy the contract (or documented as the reference implementation).

Cómo se verifica

python -m pytest -q tests/test_adapter_contract.py
# expected: pass; demonstrates a fake adapter passing and a violating one failing
python -m thekey demo
# expected: RELEASE_ELIGIBLE, gates_passed: 4/4

Evidencia en event store

On merge record Closes #7 + the conformance test output in the PR body. The decision must reach RELEASE_ELIGIBLE with evidence_mismatches: [] (core unchanged, only the contract doc + tests added).

Docs afectados

  • README / README.en actualizado (adapters contract section)
  • CHANGELOG entrada añadida
  • DECISIONS.md si hay decisión de diseño

Metadata

Metadata

Assignees

No one assigned

    Labels

    phase-cbacklog labelrfcbacklog label

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions