apcore is a language-agnostic protocol specification — not a runtime library. This repo contains specs, docs, JSON Schemas, and conformance fixtures. The SDKs live in separate repos.
| Repo | Role |
|---|---|
apcore (here) |
Protocol spec, docs, schemas, conformance tests |
apcore-python / apcore-typescript / apcore-rust |
Language SDK implementations |
Tech stack: MkDocs Material + GitHub Pages + JSON Schema Draft 2020-12.
apcore/
├── docs/spec/protocol-spec.md # Single source of truth (RFC 2119)
├── schemas/ # Canonical JSON Schema files (*.schema.json)
├── conformance/fixtures/ # Cross-language test fixtures (*.json)
├── docs/
│ ├── features/ # Feature-level specs (one file per feature) — module interface, context object, executor, registry, ACL, etc.
│ ├── guides/ # How-to tutorials for SDK users
│ └── spec/ # Cross-language algorithms, type mapping, conformance
├── planning/ # Internal only — implementation task tracking
│ └── <feature>/ # index.md + plan.md + state.json + tasks/NN-*.md
└── mkdocs.yml # Doc site navigation and extensions
Where to put new files:
- New feature spec →
docs/features/<feature-name>.md - New user guide →
docs/guides/<topic>.md - New conformance fixture →
conformance/fixtures/<feature>.json - New JSON schema →
schemas/<name>.schema.json
Naming: Markdown files use kebab-case.md. JSON fixtures use snake_case.json.
mkdocs serve # Local preview at http://127.0.0.1:8000
mkdocs build # Build static site to site/
git commit -s # DCO sign-off (auto-added by .githooks/prepare-commit-msg)Deploy: push to main → GitHub Actions builds and deploys to GitHub Pages automatically.
- Create the
.mdfile in the correctdocs/subdirectory - Add entry to
mkdocs.ymlnav:section - Add entry to
README.mdDocumentation Index if user-facing - Verify internal links resolve:
mkdocs buildshould produce no warnings
- Create
conformance/fixtures/<name>.jsonwith structure:{ "description": "...", "test_cases": [...] } - Each test case needs:
id, input fields,expectedresult - Use
caller_id/target_idterminology (notcaller/target) - Add row to
conformance/README.mdfixtures table
- Edit file in
schemas/ - Must use JSON Schema Draft 2020-12 (
$schemafield) - Every
propertymust have adescription - Check all
$refreferences still resolve
- Requires a linked issue and 2 maintainer reviews
- Do NOT remove/weaken a
MUST/MUST NOTwithout deprecation notice + version bump - Do NOT delete or rename anchor IDs — external SDKs link to them
- Update
CHANGELOG.mdwith the change
In docs/spec/protocol-spec.md and docs/spec/: use uppercase MUST, MUST NOT, SHOULD, SHOULD NOT, MAY for normative statements. Never use lowercase "should"/"must" for normative intent.
All feature docs must show Python, TypeScript, and Rust examples using MkDocs tabbed sections (=== "Python" / === "TypeScript" / === "Rust"). See .claude/rules/documentation.md for the full template.
| Field | Max | Format |
|---|---|---|
description |
200 chars | Plain text, no Markdown. Always required. |
documentation |
5000 chars | Markdown allowed. Optional. |
- Must be syntactically correct and complete (imports, initialization, invocation)
- Never truncate for brevity — incomplete examples cause integration errors
- Specify language in fenced code blocks (
```python,```yaml, etc.)
Use standardized terms consistently:
caller_id/target_id(notcaller/targetalone)module(notextensionwhen referring to the abstract concept)default_effect: deny(always — never showallowas default without a warning)
- Do NOT modify
docs/spec/protocol-spec.mdwithout a linked issue and dual maintainer approval - Do NOT add normative requirements without bumping the relevant version number
- Do NOT contradict existing normative statements — search for conflicts first
- Do NOT document behavior changes for one SDK without noting cross-language impact
- Do NOT add Python-specific idioms to language-agnostic spec sections
- Do NOT assume SDK behavior matches without verifying the relevant SDK repo
- Do NOT change
default_effectfromdenytoallowwithout a prominent warning - Do NOT show ACL examples that skip the audit block
- Do NOT bypass
requires_approvalenforcement at the Executor level
- Do NOT suggest
api.*callingexecutor.*directly — must go throughorchestrator.* - Do NOT store sensitive data in
context.datawithout notingx-sensitiveredaction - Do NOT conflate apcore (module standard) with MCP (communication protocol)
- Do NOT add user-facing docs to
planning/— internal only - Do NOT create top-level
.mdfiles without updatingREADME.mdDocumentation Index - Do NOT use Schema drafts other than Draft 2020-12 in examples
Follow existing CHANGELOG.md entries. Sections per release: ### Added, ### Changed, ### Fixed, ### Deprecated, ### Removed. Semantic versioning: MAJOR.MINOR.PATCH. Spec-breaking changes increment MAJOR.
<type>(<scope>): <short imperative summary>
Types: feat, fix, docs, refactor, test, chore. DCO sign-off is required (automated by git hook).
CONTRIBUTING.md— PR and commit processSECURITY.md— Vulnerability reporting (never open public issues for security bugs)
These are the five pillars — read the linked docs before modifying related content:
- Module ID = Directory Path —
executor.email.send_emailderived from file path. Seedocs/spec/protocol-spec.md§"Module ID Specification" - Three-Layer Metadata — Core (required:
input_schema/output_schema/description) → Annotation → Extension (x-prefix). Seedocs/features/schema-system.md - Execution Pipeline — 11 ordered stages, strict invariants. See
docs/features/core-executor.md - ACL Default-Deny — All inter-module calls require explicit
allow. Seedocs/features/acl-system.md - Layer Hierarchy —
api.*→orchestrator.*→executor.*→common.*. Downward only.