feat: initial registry with seeded artefacts and CI

Content-addressed artefact registry for AgentVault bounded-disclosure
contracts. Seeded with existing artefacts from agentvault relay:

- 2 schemas (compatibility_signal_v2, mediation_signal_v2)
- 1 policy (compatibility_safe_v1)
- 1 profile (api-claude-sonnet-v1)
- 2 programs (mediation_system_v2, compatibility_system_v2)

Includes type-validation schemas in _schemas/, per-kind indexes with
aliases and channels, CI validation script (digest, type, consistency),
and GitHub Actions workflow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: tobytkershaw

.github/workflows/ci.yml

@@ -0,0 +1,23 @@
+name: Registry CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Validate registry
+        run: node scripts/validate.mjs

.gitignore

@@ -0,0 +1 @@
+node_modules/

CONTRIBUTING.md

@@ -0,0 +1,50 @@
+# Contributing to the AgentVault Registry
+
+## Submitting an artefact
+
+1. **Create the payload file** — pure JSON matching the type-validation schema in `_schemas/<kind>.schema.json`. No metadata envelope; the file contains exactly the artefact payload.
+
+2. **Compute the digest**:
+   - Parse the JSON
+   - Canonicalize with JCS (RFC 8785)
+   - SHA-256 hash the canonical form
+   - Name the file `sha256-<hex>.json`
+
+3. **Add an index entry** in `<kind>s/index.json`:
+   ```json
+   {
+     "sha256:<hex>": {
+       "id": "your_artefact_id",
+       "version": "1.0.0",
+       "description": "What this artefact does",
+       "status": "experimental",
+       "published_at": "2026-03-07",
+       "compatibility": {}
+     }
+   }
+   ```
+
+4. **Add an alias** (optional but recommended):
+   ```json
+   "aliases": {
+     "your_artefact_id": "sha256:<hex>"
+   }
+   ```
+
+5. **Open a pull request**. CI will validate digest, type schema, and index consistency.
+
+## Rules
+
+- **Aliases are immutable.** Once created, an alias always points to the same digest. New versions get new aliases.
+- **Artefacts are append-only.** Entries are never removed. Set `status` to `"deprecated"` to signal an artefact should not be used in new contracts.
+- **Channels are mutable.** `name@latest` pointers may be retargeted. Do not rely on channels for reproducible contract construction — use aliases or raw digests.
+- **Status values**: `"active"`, `"experimental"`, `"deprecated"`.
+
+## Compatibility metadata
+
+Schemas and policies should declare a `safety_class` in their `compatibility` object:
+
+- `"SAFE"` — enum-only output, no free text, deterministic policy gate
+- `"RICH"` — may include bounded free text, must declare explicit entropy controls
+
+The contract builder validates that a `SAFE` policy is not paired with a `RICH` schema.

README.md

@@ -0,0 +1,52 @@
+# AgentVault Registry
+
+Content-addressed artefact registry for [AgentVault](https://github.com/vcav-io/agentvault) bounded-disclosure contracts.
+
+## What this is
+
+A shared, append-only collection of canonical artefacts that agents reference when constructing contracts. Each artefact is identified by its SHA-256 digest over JCS-canonicalized (RFC 8785) JSON.
+
+**This registry defines what exists.** Relay operators independently decide which artefacts they admit and execute via their local `relay-admission.toml`.
+
+## Artefact kinds
+
+| Kind | Directory | Description |
+|------|-----------|-------------|
+| `schema` | `schemas/` | JSON Schema for output validation |
+| `policy` | `policies/` | Enforcement policy (rules, entropy constraints) |
+| `profile` | `profiles/` | Model/provider configuration |
+| `program` | `programs/` | Prompt template + assembly logic |
+
+## Structure
+
+```
+agentvault-registry/
++-- registry.json              # top-level manifest
++-- _schemas/                   # type-validation schemas (used by CI)
++-- schemas/
+|   +-- index.json              # per-kind index with aliases and channels
+|   +-- sha256-<hex>.json       # payload files (content-addressed)
++-- policies/
++-- profiles/
++-- programs/
+```
+
+## Digest rules
+
+- **Algorithm**: SHA-256
+- **Input**: JCS (RFC 8785) canonicalization of the parsed JSON payload
+- **Qualified form**: `sha256:<hex>` (in indexes, contracts, allowlists)
+- **Filenames**: `sha256-<hex>.json` (hyphen for filesystem safety)
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md).
+
+## Validation
+
+```bash
+npm ci
+npm run validate
+```
+
+CI runs three checks per artefact: digest verification, type validation against `_schemas/`, and index consistency (aliases, channels, orphan detection).

_schemas/policy.schema.json

@@ -0,0 +1,90 @@
+{
+  "title": "RelayEnforcementPolicy",
+  "description": "Type-validation schema for enforcement policies, derived from the Rust RelayEnforcementPolicy struct",
+  "type": "object",
+  "required": ["policy_version", "policy_id", "policy_scope", "rules"],
+  "additionalProperties": false,
+  "properties": {
+    "policy_version": { "type": "string" },
+    "policy_id": { "type": "string" },
+    "policy_scope": {
+      "type": "string",
+      "enum": ["RELAY_GLOBAL"]
+    },
+    "model_profile_allowlist": {
+      "type": "array",
+      "items": { "type": "string" },
+      "default": []
+    },
+    "provider_allowlist": {
+      "type": "array",
+      "items": { "type": "string" },
+      "default": []
+    },
+    "max_output_tokens": {
+      "type": ["integer", "null"],
+      "minimum": 1
+    },
+    "rules": {
+      "type": "array",
+      "items": { "$ref": "#/definitions/EnforcementRule" }
+    },
+    "entropy_constraints": {
+      "oneOf": [
+        { "$ref": "#/definitions/EntropyConstraints" },
+        { "type": "null" }
+      ]
+    }
+  },
+  "definitions": {
+    "EnforcementRule": {
+      "type": "object",
+      "required": ["rule_id", "type", "value", "scope", "classification"],
+      "additionalProperties": false,
+      "properties": {
+        "rule_id": { "type": "string" },
+        "type": {
+          "type": "string",
+          "enum": ["unicode_category_reject"]
+        },
+        "value": { "type": "string" },
+        "scope": { "$ref": "#/definitions/RuleScope" },
+        "classification": { "$ref": "#/definitions/EnforcementClass" }
+      }
+    },
+    "RuleScope": {
+      "type": "object",
+      "required": ["kind"],
+      "additionalProperties": false,
+      "properties": {
+        "kind": {
+          "type": "string",
+          "enum": ["all_string_values"]
+        },
+        "skip_keys": {
+          "type": "array",
+          "items": { "type": "string" },
+          "default": []
+        }
+      }
+    },
+    "EntropyConstraints": {
+      "type": "object",
+      "required": ["budget_bits", "classification"],
+      "additionalProperties": false,
+      "properties": {
+        "budget_bits": { "type": "integer", "minimum": 0 },
+        "classification": { "$ref": "#/definitions/EnforcementClass" },
+        "review_trigger_pct": {
+          "type": ["integer", "null"],
+          "minimum": 0,
+          "maximum": 100
+        }
+      }
+    },
+    "EnforcementClass": {
+      "type": "string",
+      "enum": ["GATE", "ADVISORY"]
+    }
+  }
+}

_schemas/profile.schema.json

@@ -0,0 +1,15 @@
+{
+  "title": "ModelProfile",
+  "description": "Type-validation schema for model profiles, derived from the Rust ModelProfile struct",
+  "type": "object",
+  "required": ["profile_version", "profile_id", "provider", "model_family", "reasoning_mode", "structured_output"],
+  "additionalProperties": false,
+  "properties": {
+    "profile_version": { "type": "string" },
+    "profile_id": { "type": "string" },
+    "provider": { "type": "string" },
+    "model_family": { "type": "string" },
+    "reasoning_mode": { "type": "string" },
+    "structured_output": { "type": "boolean" }
+  }
+}

_schemas/program.schema.json

@@ -0,0 +1,15 @@
+{
+  "title": "PromptProgram",
+  "description": "Type-validation schema for prompt programs, derived from the Rust PromptProgram struct",
+  "type": "object",
+  "required": ["version", "system_instruction", "input_format"],
+  "additionalProperties": false,
+  "properties": {
+    "version": { "type": "string" },
+    "system_instruction": { "type": "string" },
+    "input_format": {
+      "type": "string",
+      "enum": ["structured", "narrative"]
+    }
+  }
+}

_schemas/schema.schema.json

@@ -0,0 +1,15 @@
+{
+  "title": "AgentVault Output Schema",
+  "description": "Meta-schema for output schemas — must be a valid JSON Schema with object type and additionalProperties: false",
+  "type": "object",
+  "required": ["type", "required", "properties", "additionalProperties"],
+  "properties": {
+    "type": {
+      "type": "string",
+      "const": "object"
+    },
+    "additionalProperties": {
+      "const": false
+    }
+  }
+}

package-lock.json

@@ -0,0 +1,12 @@
+{
+  "name": "agentvault-registry",
+  "version": "1.0.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "validate": "node scripts/validate.mjs"
+  },
+  "devDependencies": {
+    "ajv": "^8.17.1"
+  }
+}