airlock-protocol
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CLA.md‎
Lines changed: 39 additions & 0 deletions b/‎CLA.md‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 72 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 20 additions & 10 deletions b/‎CONTRIBUTING.md‎
Lines changed: 20 additions & 10 deletions
diff --git a/‎LICENSE-BSL‎
Lines changed: 16 additions & 0 deletions b/‎LICENSE-BSL‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎LICENSE-CC-BY-4.0‎
Lines changed: 10 additions & 0 deletions b/‎LICENSE-CC-BY-4.0‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎airlock/client.py‎
Lines changed: 5 additions & 2 deletions b/‎airlock/client.py‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎airlock/config.py‎
Lines changed: 48 additions & 0 deletions b/‎airlock/config.py‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎airlock/gateway/error_handlers.py‎
Lines changed: 31 additions & 3 deletions b/‎airlock/gateway/error_handlers.py‎
Lines changed: 31 additions & 3 deletions
@@ -81,4 +81,5 @@ WORK_SUMMARY.md
 ROLL_OUT_STATUS.md
 LLM_HANDOFF.md
 .hypothesis/
+COWORK.md
 .claude/
@@ -0,0 +1,39 @@
+# Contributor License Agreement
+
+Thank you for your interest in contributing to the Airlock Protocol.
+
+By submitting a pull request or patch, you agree to the following terms:
+
+## Individual CLA
+
+1. **Grant of Rights.** You grant the Airlock Protocol maintainers a
+   perpetual, worldwide, non-exclusive, royalty-free, irrevocable license
+   to use, reproduce, modify, sublicense, and distribute your contributions
+   under any license chosen by the project.
+
+2. **Original Work.** You represent that your contribution is your original
+   work, or you have sufficient rights to submit it under this agreement.
+
+3. **No Warranty.** Your contributions are provided as-is, without warranty
+   of any kind.
+
+4. **Right to Relicense.** You understand that this CLA allows the project
+   maintainers to change the license of the project in the future, and you
+   consent to such changes applying to your contributions.
+
+## Why a CLA?
+
+Open-source projects that may need to change licenses (e.g., from Apache 2.0
+to BSL, or vice versa) require explicit permission from every contributor.
+Without a CLA, relicensing requires tracking down and getting consent from
+every individual contributor — which becomes impossible at scale.
+
+Projects like Apache, Google, Microsoft, and HashiCorp all use CLAs for
+this reason.
+
+## How to Sign
+
+When you open a pull request, the CLA Assistant bot will ask you to sign
+electronically. You only need to sign once.
+
+If you have questions, open an issue or contact the maintainers.
@@ -0,0 +1,72 @@
+# Airlock Protocol — CLAUDE.md
+
+## What is this project?
+Airlock Protocol — "DMARC for AI Agents". An open trust verification protocol for autonomous AI agents.
+Ed25519 cryptography, DID identifiers, 5-phase verification, live registry at api.airlock.ing.
+
+## Tech Stack
+- **Language:** Python 3.11+
+- **Framework:** FastAPI + Uvicorn
+- **Orchestration:** LangGraph
+- **Crypto:** PyNaCl (Ed25519)
+- **DB:** LanceDB (vector), optional Redis
+- **LLM:** LiteLLM (multi-provider)
+- **Tests:** pytest + pytest-asyncio + hypothesis
+
+## Running Tests
+```bash
+pytest                          # run all tests
+pytest tests/ -x                # stop on first failure
+pytest tests/test_crypto.py     # single file
+pytest -k "test_verify"         # by name pattern
+pytest --cov=airlock            # with coverage
+```
+
+## Running the Gateway
+```bash
+uvicorn airlock.gateway.app:create_app --factory --port 8000 --reload
+```
+
+## Project Structure
+```
+airlock/
+  a2a/          — Agent-to-Agent adapter
+  audit/        — Audit trail
+  crypto/       — Keys, signing, verifiable credentials
+  engine/       — Orchestrator, event bus, state machine
+  gateway/      — FastAPI routes and handlers
+  integrations/ — Anthropic, LangChain, OpenAI SDKs
+  registry/     — Agent registry and store
+  reputation/   — Trust scoring and decay
+  schemas/      — Pydantic models
+  sdk/          — Client SDK and middleware
+  semantic/     — Challenge evaluation + rule engine
+tests/          — 27 test files, 198+ tests
+```
+
+## Conventions
+- **Type hints:** Always use type hints. MyPy strict mode is enabled.
+- **Linting:** Ruff. Run `ruff check .` before committing.
+- **Async:** Use async/await for all I/O operations. pytest-asyncio with `asyncio_mode = "auto"`.
+- **Pydantic:** Use Pydantic v2 models for all data schemas. No raw dicts for structured data.
+- **Error handling:** All API errors must return structured JSON with `error`, `detail`, and `status_code` fields.
+- **Tests:** Every new feature needs tests. Use `fakeredis` for Redis tests, `asgi-lifespan` for gateway tests.
+- **Imports:** Use absolute imports (`from airlock.crypto.keys import ...`), never relative.
+- **No print():** Use `logging` module. Never print() in library code.
+- **DID format:** Always validate DID strings match `did:key:z6Mk...` pattern before processing.
+- **Secrets:** Never log or expose private keys, challenge secrets, or JWT tokens.
+
+## Common Mistakes to Avoid
+- Don't use `json.dumps()` for Pydantic models — use `model.model_dump_json()`
+- Don't forget `await` on async functions — this causes silent failures
+- Don't hardcode ports — use config.py
+- Don't skip input validation on DID strings — always validate format
+- Don't use `datetime.now()` — use `datetime.utcnow()` or `datetime.now(UTC)` for consistency
+- Don't create test files outside of `tests/` directory
+- Don't import from `airlock.gateway` in core modules — gateway depends on core, not the reverse
+
+## Architecture Rules
+- Gateway layer → Engine layer → Crypto/Registry/Reputation layers
+- No circular dependencies between modules
+- All events go through the EventBus — no direct cross-module calls
+- Orchestrator uses LangGraph state machine — don't bypass the graph
@@ -24,7 +24,7 @@ pip install -e ".[dev]"
 python -m pytest tests/ -v
 ```
 
-All new code must include tests. The test suite must maintain 306+ passing tests.
+All new code must include tests. The test suite must maintain 338+ passing tests.
 
 ## Linting
 
@@ -49,21 +49,22 @@ Type hints are required on all function signatures. No `Any` unless justified.
 - **Docstrings**: required on all public APIs (Google style)
 - **Imports**: sorted by ruff, one import per line for clarity
 
-## Developer Certificate of Origin (DCO)
+## Contributor License Agreement (CLA)
 
-This project uses the [Developer Certificate of Origin](https://developercertificate.org/) (DCO).
-All commits must be signed off to certify that you have the right to submit the code under the project's license.
+This project requires a [Contributor License Agreement](CLA.md). When you open
+your first pull request, the CLA Assistant bot will ask you to sign electronically.
+You only need to sign once.
 
-Sign off your commits with the `-s` flag:
+The CLA ensures the project maintainers can manage licensing across the open-core
+model (Apache 2.0 for SDKs, BSL 1.1 for gateway).
+
+All commits must also be signed off (DCO). Sign off your commits with the `-s` flag:
 
 ```bash
 git commit -s -m "feat: add new verification check"
 ```
 
-This adds a `Signed-off-by: Your Name <your@email.com>` line to your commit message.
-The DCO check runs in CI and will fail if any commit in your PR is missing a sign-off.
-
-If you forgot to sign off previous commits, you can amend:
+If you forgot to sign off previous commits:
 
 ```bash
 git rebase HEAD~N --signoff  # sign off the last N commits
@@ -96,4 +97,13 @@ See [SECURITY.md](SECURITY.md) for responsible disclosure instructions.
 
 ## License
 
-By contributing, you agree that your contributions will be licensed under the Apache License 2.0.
+This project uses a multi-license model:
+
+| Component | License |
+|-----------|---------|
+| SDKs, crypto, schemas (`sdks/`, `airlock/crypto/`, `airlock/schemas/`) | Apache 2.0 |
+| Gateway, engine (`airlock/gateway/`, `airlock/engine/`) | BSL 1.1 (converts to Apache 2.0 on 2030-04-04) |
+| Specification (`docs/spec/`) | CC-BY-4.0 |
+
+By contributing, you agree to the terms of the [CLA](CLA.md), which allows your
+contributions to be distributed under the applicable license for the component.
@@ -0,0 +1,16 @@
+Business Source License 1.1
+
+Licensor: Airlock Protocol Contributors
+Licensed Work: Airlock Gateway (airlock/gateway/*, airlock/engine/*)
+Change Date: 2030-04-04
+Change License: Apache License 2.0
+
+For the full BSL 1.1 license text, see:
+https://mariadb.com/bsl11/
+
+Usage Grant: You may use the Licensed Work for any purpose except
+offering a commercial hosted service that competes with the Licensor's
+paid offerings (registry, enterprise gateway, managed trust service).
+
+On the Change Date, the Licensed Work converts to the Change License
+(Apache 2.0) automatically.
@@ -0,0 +1,10 @@
+Creative Commons Attribution 4.0 International (CC-BY-4.0)
+
+Applies to: Protocol specification (docs/spec/*, docs/ietf/*)
+
+For the full license text, see:
+https://creativecommons.org/licenses/by/4.0/legalcode
+
+You are free to share and adapt the specification for any purpose,
+including commercial use, provided you give appropriate credit to
+the Airlock Protocol Contributors.
@@ -132,6 +132,9 @@ async def averify(
         poll_timeout: float = 30.0,
     ) -> VerifyResult:
         """Async version of :meth:`verify`."""
+        from airlock.config import get_config  # noqa: PLC0415
+
+        cfg = get_config()
         did = self._normalize_did(did_or_url)
 
         async with self._http_client() as http:
@@ -157,8 +160,8 @@ async def averify(
                 agent_name=agent_name,
                 trust_score=trust_score,
                 verdict="VERIFIED"
-                if trust_score >= 0.75
-                else ("DEFERRED" if trust_score >= 0.5 else "REJECTED"),
+                if trust_score >= cfg.scoring_threshold_high
+                else ("DEFERRED" if trust_score >= cfg.scoring_initial else "REJECTED"),
                 session_id=None,
             )
 
 
@@ -75,9 +75,57 @@ class AirlockConfig(BaseSettings):
     # Challenge fallback mode when LLM is unavailable: "ambiguous" (default) or "rule_based".
     challenge_fallback_mode: str = "ambiguous"
 
+    # -----------------------------------------------------------------------
+    # Scoring (generic defaults — production overrides via env vars)
+    # -----------------------------------------------------------------------
+    scoring_initial: float = 0.5
+    scoring_half_life_days: float = 30.0
+    scoring_verified_delta: float = 0.05
+    scoring_rejected_delta: float = -0.15
+    scoring_deferred_delta: float = -0.02
+    scoring_threshold_high: float = 0.75
+    scoring_threshold_blacklist: float = 0.15
+    scoring_diminishing_factor: float = 0.1
+
+    # -----------------------------------------------------------------------
+    # Challenge questions (path to external JSON, empty = use built-in generic set)
+    # -----------------------------------------------------------------------
+    challenge_questions_path: str = ""
+
+    # -----------------------------------------------------------------------
+    # Rule evaluator thresholds (generic defaults)
+    # -----------------------------------------------------------------------
+    rule_keyword_density_max: float = 0.30
+    rule_coherence_min: float = 0.25
+    rule_complexity_min_words: int = 25
+    rule_cross_domain_max: int = 3
+    rule_min_answer_length: int = 20
+    rule_min_sentences: int = 2
+
     # Event bus drain timeout during shutdown (seconds).
     event_bus_drain_timeout_seconds: float = Field(default=30.0, ge=1.0, le=600.0)
 
     @property
     def is_production(self) -> bool:
         return self.env == "production"
+
+
+# ---------------------------------------------------------------------------
+# Singleton accessor — avoids re-parsing env vars on every call.
+# ---------------------------------------------------------------------------
+
+_config_instance: AirlockConfig | None = None
+
+
+def get_config() -> AirlockConfig:
+    """Return the global AirlockConfig singleton (created on first call)."""
+    global _config_instance  # noqa: PLW0603
+    if _config_instance is None:
+        _config_instance = AirlockConfig()
+    return _config_instance
+
+
+def _reset_config() -> None:
+    """Reset the singleton — for use in tests only."""
+    global _config_instance  # noqa: PLW0603
+    _config_instance = None
@@ -9,18 +9,29 @@
 from fastapi.exceptions import HTTPException, RequestValidationError
 from fastapi.responses import JSONResponse
 
+from airlock.gateway.rate_limit import RateLimitResult
+
 logger = logging.getLogger(__name__)
 
 _PROBLEM_BASE = "https://airlock.ing/problems/"
 
 
+class RateLimitExceeded(HTTPException):
+    """HTTPException enriched with RFC 6585 rate-limit metadata."""
+
+    def __init__(self, detail: str, rl: RateLimitResult) -> None:
+        super().__init__(status_code=status.HTTP_429_TOO_MANY_REQUESTS, detail=detail)
+        self.rate_limit_result: RateLimitResult = rl
+
+
 def _problem_response(
     *,
     request: Request,
     status_code: int,
     type_path: str,
     title: str,
     detail: str | list[Any] | dict[str, Any],
+    headers: dict[str, str] | None = None,
 ) -> JSONResponse:
     return JSONResponse(
         status_code=status_code,
@@ -31,9 +42,20 @@ def _problem_response(
             "detail": detail,
             "instance": str(request.url.path),
         },
+        headers=headers,
     )
 
 
+def _rate_limit_headers(rl: RateLimitResult) -> dict[str, str]:
+    """Build RFC 6585 rate-limit response headers."""
+    return {
+        "Retry-After": str(rl.retry_after),
+        "X-RateLimit-Limit": str(rl.limit),
+        "X-RateLimit-Remaining": str(rl.remaining),
+        "X-RateLimit-Reset": str(int(rl.reset_at)),
+    }
+
+
 async def http_exception_handler(request: Request, exc: HTTPException) -> JSONResponse:
     title = "HTTP Error"
     if exc.status_code == status.HTTP_404_NOT_FOUND:
@@ -47,16 +69,22 @@ async def http_exception_handler(request: Request, exc: HTTPException) -> JSONRe
     elif exc.status_code == status.HTTP_503_SERVICE_UNAVAILABLE:
         title = "Service Unavailable"
     detail: str | list[Any] | dict[str, Any]
-    if isinstance(exc.detail, (str, list, dict)):
+    if isinstance(exc.detail, str):
         detail = exc.detail
     else:
-        detail = str(exc.detail)
+        detail = exc.detail  # type: ignore[assignment]
+
+    headers: dict[str, str] | None = None
+    if isinstance(exc, RateLimitExceeded):
+        headers = _rate_limit_headers(exc.rate_limit_result)
+
     return _problem_response(
         request=request,
         status_code=exc.status_code,
         type_path=f"http-{exc.status_code}",
         title=title,
         detail=detail,
+        headers=headers,
     )
 
 
@@ -68,7 +96,7 @@ async def validation_exception_handler(
         status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
         type_path="validation-error",
         title="Validation Error",
-        detail=list(exc.errors()),
+        detail=exc.errors(),
     )