pic-standard

Miradi inayofuata mazoea bora hapa chini inaweza kujihakikisha kwa hiari na kuonyesha kuwa wamepata nishani ya mazoea bora ya Open Source Security Foundation (OpenSSF).

Hakuna seti ya mazoea yawezayo kuhakikisha kuwa programu haitakuwa na kasoro au udhaifu; hata mbinu rasmi zinaweza kushindwa ikiwa vipimo au dhana ni sahihi. Wala hakuna seti ya mazoea yawezayo kuhakikisha kuwa mradi utaendelea kuwa na jamii ya maendeleo yenye afya na inayofanya kazi vizuri. Hata hivyo, kufuata mazoea bora kunaweza kusaidia kuboresha matokeo ya miradi. Kwa mfano, baadhi ya mazoea huwezesha ukaguzi wa watu wengi kabla ya kutolewa, ambayo inaweza kusaidia kupata udhaifu wa kiufundi ambao vinginevyo ni vigumu kupata na kusaidia kujenga uaminifu na hamu ya mwingiliano wa kurudia kati ya wasanidi programu kutoka makampuni tofauti. Ili kupata nishani, vigezo vyote vya LAZIMA na LAZIMA WALA USIWAHI lazima vifuatwe, vigezo vyote vya INAPASWA lazima vifuatwe AU visivyo fufufutiliana na thibitisho, na vigezo vyote vya PENDEKEZA lazima vifuatwe AU visivyo fufufutiliana (tunataka vifikiwe angalau). Ikiwa unataka kuingiza maandishi ya thibitisho kama maoni ya jumla, badala ya kuwa maelezo ya busara kwamba hali ni inakubaliwa, anza kifungu cha maandishi na '//' ikifuatiwa na nafasi. Maoni ni karibu kupitia tovuti ya GitHub kama masuala au maombi ya kuvuta Kuna pia orodha ya barua pepe kwa majadiliano ya jumla.

Tunafuraha kutoa habari katika lugha nyingi, hata hivyo, ikiwa kuna mgongano au kutokuwa na usawa kati ya tafsiri, toleo la Kiingereza ni toleo lenye mamlaka.
Ikiwa huu ni mradi wako, tafadhali onyesha hadhi ya nishani yako kwenye ukurasa wa mradi wako! Hadhi ya nishani inaonekana kama hii: Kiwango cha nishani kwa mradi 12790 ni silver Hapa ni jinsi ya kuiweka:
Unaweza kuonyesha hali ya nishani yako kwa kuweka hii katika faili yako ya markdown:
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12790/badge)](https://www.bestpractices.dev/projects/12790)
au kwa kuweka hii katika HTML yako:
<a href="https://www.bestpractices.dev/projects/12790"><img src="https://www.bestpractices.dev/projects/12790/badge"></a>


Hizi ni vigezo vya kiwango cha Fedha. Unaweza pia kuangalia vigezo vya kiwango cha Kupita au Dhahabu.

Baseline Series: Kiwango cha Msingi 1 Kiwango cha Msingi 2 Kiwango cha Msingi 3

        

 Misingi 17/17

  • Jumla

    Kumbuka kwamba miradi mingine inaweza kutumia jina sawa.

    Open standard for Provenance & Intent Contracts (PIC) in AI agents. Verify intent, provenance, and evidence before high-impact tool calls.

    Tafadhali tumia muundo wa maneno ya leseni ya SPDX; mifano ni pamoja na "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "GPL-2.0+", "LGPL-3.0+", "MIT", na "(BSD-2-Clause OR Ruby)". Usitumie alama za nukuu za moja au mbili.
    Ikiwa kuna lugha zaidi ya moja, ziorodhe kama thamani zilizotengwa kwa koma (nafasi ni za hiari) na ziorodhe kuanzia iliyotumiwa zaidi hadi iliyotumiwa kidogo. Ikiwa kuna orodha ndefu, tafadhali orodhesha angalau tatu za kawaida zaidi. Ikiwa hakuna lugha (k.m., huu ni mradi wa nyaraka tu au wa majaribio tu), tumia herufi moja "-". Tafadhali tumia herufi kubwa za kawaida kwa kila lugha, k.m., "JavaScript".
    Common Platform Enumeration (CPE) ni mpango wa kuweka majina yenye muundo kwa mifumo ya teknolojia ya habari, programu, na vifurushi. Inatumika katika mifumo na hifadhidata nyingi wakati wa kuripoti udhaifu.

  • Mahitaji ya awali


    Ya kutosha kwa nishani!

    Mradi LAZIMA ufikie nishani ya kiwango cha kuhitimu. [achieve_passing]

  • Maudhui ya kimsingi ya tovuti ya mradi


    Ya kutosha kwa nishani!

    Habari juu ya jinsi ya kuchangia LAZIMA ijumuishe mahitaji ya michango inayokubalika (k.m., rejea kwa kiwango chochote kinachohitajika cha msimbo). (URL inahitajika) [contribution_requirements]

    https://github.com/madeinplutofabio/pic-standard/blob/main/CONTRIBUTING.md


  • Usimamizi wa mradi


    Kwa shida ya kutosha kwa nishani.

    Mradi UNAPASWA kuwa na utaratibu wa kisheria ambapo wasanidi wote wa kiasi kisicho kidogo cha programu ya mradi wanathibitisha kwamba wameruhusiwa kisheria kufanya michango hii. Mbinu ya kawaida na rahisi ya kutekeleza hii ni kwa kutumia Cheti cha Msanidi cha Asili (DCO), ambapo watumiaji huongeza "signed-off-by" katika ahadi zao na mradi unaunganisha kwenye tovuti ya DCO. Hata hivyo, hii YAWEZA kutekelezwa kama Makubaliano ya Leseni ya Mchangiaji (CLA), au utaratibu mwingine wa kisheria. (URL inahitajika) [dco]
    DCO ni utaratibu unaopendekeza kwa sababu ni rahisi kutekeleza, kufuatilia katika msimbo wa chanzo, na git inasaidia moja kwa moja kipengele cha "signed-off" kwa kutumia "commit -s". Ili kuwa na ufanisi zaidi ni bora ikiwa nyaraka za mradi zinaeleza maana ya "signed-off" kwa mradi huo. CLA ni makubaliano ya kisheria yanayofafanua masharti ambayo kazi za kiakili zimetolewa leseni kwa shirika au mradi. Makubaliano ya mgawo wa mchangiaji (CAA) ni makubaliano ya kisheria yanayohamisha haki katika kazi ya kiakili kwa chama kingine; miradi haihitajiki kuwa na CAA, kwa kuwa kuwa na CAA huongeza hatari kwamba wachangiaji watarajiwa hawatachangia, hasa ikiwa mpokeaji ni shirika la faida. Apache Software Foundation CLAs (leseni ya mchangiaji wa mtu binafsi na CLA ya kampuni) ni mifano ya CLA, kwa miradi ambayo inaamua kwamba hatari za aina hizi za CLA kwa mradi ni chini ya manufaa yao.

    https://github.com/madeinplutofabio/pic-standard/blob/main/LICENSE

    This criterion is a SHOULD, and the project has not yet implemented a formal DCO or CLA mechanism. The decision is intentional at the project's current scale: PIC is a single-maintainer project with a small contributor base, and inbound contributions are governed by GitHub's Terms of Service §D.6 ("Inbound=Outbound" — by submitting a pull request to a public repository, the contributor licenses their contribution under the repository's license) combined with the project's Apache-2.0 license, which itself contains an explicit contribution clause (§5: "Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License"). This provides a baseline legal grant for contributions today. Adopting a Developer Certificate of Origin (DCO) is on the project roadmap as the contributor base grows; once DCO is enabled (via the DCO GitHub App and a CONTRIBUTING.md update), this criterion will be re-evaluated as Met.


    Ya kutosha kwa nishani!

    Mradi LAZIMA ufafanue kwa uwazi na kuandika muundo wake wa utawala wa mradi (njia ya kufanya maamuzi, ikiwa ni pamoja na majukumu muhimu). (URL inahitajika) [governance]
    Kunahitaji kuwa na njia fulani iliyowekwa vyema ya kuandikwa ya kufanya maamuzi na kutatua migogoro. Katika miradi midogo, hii inaweza kuwa rahisi kama "mmiliki wa mradi na kiongozi hufanya maamuzi yote ya mwisho". Kuna miundo mbalimbali ya utawala, ikiwa ni pamoja na dictator wa wema na meritocracy rasmi; kwa maelezo zaidi, angalia Miundo ya utawala. Mbinu zote mbili za kati (k.m., mtunzaji mmoja) na zisizo za kati (k.m., watunzaji wa kikundi) zimetumika kwa mafanikio katika miradi. Habari za utawala hazihitajiki kuandika uwezekano wa kuunda uma wa mradi, kwa kuwa hiyo ni iwezekanavyo kila wakati kwa miradi ya FLOSS.

    https://github.com/madeinplutofabio/pic-standard/blob/main/CONTRIBUTING.md#%EF%B8%8F-governance-model

    Governance is documented in CONTRIBUTING.md §Governance Model. The PIC Standard is consensus-driven; major changes to specifications and schemas must be initiated as a discussion in GitHub Discussions before a PR is opened. Spec evolution sequencing (DRAFT → cross-implementation conformance → normative) is documented in ROADMAP.md §"How spec normative freezes are sequenced.


    Ya kutosha kwa nishani!

    Mradi LAZIMA upitishe kanuni ya mwenendo na kuiweka mahali pa kawaida. (URL inahitajika) [code_of_conduct]
    Miradi inaweza kuweza kuboresha uadilifu wa jamii yao na kuweka matarajio kuhusu tabia inayokubalika kwa kupitisha kanuni ya mwenendo. Hii inaweza kusaidia kuepuka matatizo kabla hayajatokea na kufanya mradi kuwa mahali pa kukaribishwa zaidi ili kuhimiza michango. Hii inapaswa kuzingatia tu tabia ndani ya jamii/mahali pa kazi pa mradi. Mifano ya kanuni za mwenendo ni kanuni ya mwenendo ya kernel ya Linux, Kanuni ya Mwenendo ya Agano la Mchangiaji, Kanuni ya Mwenendo ya Debian, Kanuni ya Mwenendo ya Ubuntu, Kanuni ya Mwenendo ya Fedora, Kanuni ya Mwenendo ya GNOME, Kanuni ya Mwenendo ya Jamii ya KDE, Kanuni ya Mwenendo ya Jamii ya Python, Mwongozo wa Mwenendo wa Jamii ya Ruby, na Kanuni ya Mwenendo ya Rust.

    https://github.com/madeinplutofabio/pic-standard/blob/main/CODE_OF_CONDUCT.md

    Project has adopted the Contributor Covenant version 2.1, posted at the repository root as CODE_OF_CONDUCT.md, with enforcement contact at team@madeinpluto.com and four-tier Community Impact Guidelines (Correction → Warning → Temporary Ban → Permanent Ban).


    Ya kutosha kwa nishani!

    Mradi LAZIMA ufafanue kwa uwazi na kuandika hadharani majukumu muhimu katika mradi na wajibu wao, ikiwa ni pamoja na kazi zozote ambazo majukumu hayo lazima yafanywe. Lazima iwe wazi ni nani ana jukumu lipi, ingawa hii haiwezi kuandikwa kwa njia ile ile. (URL inahitajika) [roles_responsibilities]
    Nyaraka kwa utawala na majukumu na wajibu zinaweza kuwa mahali pamoja.

    https://github.com/madeinplutofabio/pic-standard/blob/main/MAINTAINERS.md


    Ya kutosha kwa nishani!

    Mradi LAZIMA uweze kuendelea kwa usumbufu mdogo ikiwa mtu yeyote anakufa, anakuwa katika hali ya kudhoofika, au vinginevyo hawezi au hataki kuendelea kusaidia mradi. Hasa, mradi LAZIMA uweze kuunda na kufunga masuala, kukubali mabadiliko yaliyopendekezwa, na kutoa matoleo ya programu, ndani ya wiki moja ya uthibitishaji wa upotevu wa msaada kutoka kwa mtu yeyote mmoja. Hii INAWEZA kufanywa kwa kuhakikisha mtu mwingine ana funguo zozote zinazohitajika, nywila, na haki za kisheria ili kuendelea mradi. Watu binafsi wanaoendesha mradi wa FLOSS WANAWEZA kufanya hii kwa kuweka funguo katika sanduku la kufungia na wosia unaowezesha haki zozote zinazohitajika za kisheria (k.m., kwa majina ya DNS). (URL inahitajika) [access_continuity]

    https://github.com/madeinplutofabio/pic-standard/blob/main/MAINTAINERS.md#continuity-plan

    Continuity plan documented in MAINTAINERS.md §Continuity Plan, covering operational continuity (Apache-2.0 fork rights, immutable PyPI/GitHub release history, Zenodo-archived spec, no DNS dependencies), account-access escrow (GitHub recovery codes, PyPI credentials, email credentials, signed authorization letter held in a sealed continuity envelope), legal continuity (Apache-2.0 grants successor rights without permission, no trademark blockers), a named designated successor (Rebecca Yallop) with documented activation procedure, and a 7-day operational-continuity demonstration target. The successor is a non-technical family member whose authorized role is to bridge access between loss of the Lead Maintainer and continuation by a technical successor of her choosing — the lockbox-and-will pattern explicitly contemplated by this criterion.


    Ya kutosha kwa nishani!

    Mradi INAPASWA kuwa na "bus factor" ya 2 au zaidi. (URL inahitajika) [bus_factor]
    "Bus factor" (pia inajulikana kama "truck factor") ni idadi ya chini ya washiriki wa mradi ambao wanapaswa kutoweka ghafla kutoka kwenye mradi ("kupigwa na basi") kabla ya mradi kusimama kwa sababu ya ukosefu wa wafanyakazi wenye elimu au wenye uwezo. Zana ya truck-factor inaweza kukadiria hii kwa miradi kwenye GitHub. Kwa maelezo zaidi, angalia Kutathmini Bus Factor ya Hifadhi za Git na Cosentino et al.

    https://github.com/madeinplutofabio/pic-standard/graphs/contributors


  • Nyaraka


    Ya kutosha kwa nishani!

    Mradi LAZIMA uwe na ramani ya barabara iliyoandikwa inayoeleza kile mradi unakusudia kufanya na kutofanya kwa angalau mwaka unaofuata. (URL inahitajika) [documentation_roadmap]
    Mradi huenda usitimiza ramani ya barabara, na hiyo ni sawa; kusudi la ramani ya barabara ni kusaidia watumiaji na wachangiaji watarajiwa kuelewa mwelekeo unaokusudiwa wa mradi. Haihitaji kuwa na maelezo mengi.

    https://github.com/madeinplutofabio/pic-standard/blob/main/ROADMAP.md

    ROADMAP.md is a 36KB living plan covering the next 12+ months: v0.8.2 (conformance expansion + initial spec drafts), v0.9.0 (TypeScript verifier interop milestone, OpenAPI bridge spec, Docker hardening), v0.9.1–v0.9.2 (differential testing, fuzzing, ambiguity burn-down), and v1.0.0 (production-grade protocol freeze, Internet-Draft submission). It also explicitly lists what is NOT in scope: "Deferred beyond v1.0: broader TS hardening, trust bundle profile, discovery profile, optional CBOR profile, registry/governance machinery beyond the v1.0 minimum, additional transport bindings."


    Ya kutosha kwa nishani!

    Mradi LAZIMA ujumuishe nyaraka za muundo (pia inajulikana kama muundo wa kiwango cha juu) wa programu inayozalishwa na mradi. Ikiwa mradi hauzalishi programu, chagua "haihusiki" (N/A). (URL inahitajika) [documentation_architecture]
    Muundo wa programu unaeleza miundo ya msingi ya programu, yaani, vipengele vikuu vya programu, uhusiano kati yao, na mali muhimu za vipengele na uhusiano hivi.

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/RFC-0001-pic-standard.md#protocol-summary-pic10-action-proposal

    Architecture is documented in RFC-0001, including the action-boundary interception design, the Action Proposal envelope structure, the verification pipeline (schema → verifier → evidence), the impact taxonomy, the three-way ID binding mechanism, and the reference component list (verifier, CLI, LangGraph node, MCP guard, OpenClaw plugin, HTTP bridge). The README also includes a Mermaid flow diagram of the data flow.


    Ya kutosha kwa nishani!

    Mradi LAZIMA uandike kile mtumiaji anaweza na asiweze kutarajia kwa suala la usalama kutoka kwa programu inayozalishwa na mradi ("mahitaji yake ya usalama"). (URL inahitajika) [documentation_security]
    Haya ni mahitaji ya usalama ambayo programu inakusudiwa kukidhi.

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/RFC-0001-pic-standard.md#security-properties

    Security requirements are documented in RFC-0001 §Security Properties (eight MUST/SHOULD properties: fail-closed execution, causal accountability, tool-binding integrity, local-first verification, evidence-as-output-of-verification, sandboxed evidence resolution, key lifecycle, deterministic verification) and §Non-Goals (eight things PIC explicitly does not provide: output guardrails, authentication, authorization, prompt filtering, runtime sandbox, logging/SIEM, tool input validation, protection against compromised trusted signers).


    Ya kutosha kwa nishani!

    Mradi LAZIMA utoe mwongozo wa "kuanza haraka" kwa watumiaji wapya kuwasaidia kufanya kitu haraka na programu. (URL inahitajika) [documentation_quick_start]
    Wazo ni kuonyesha watumiaji jinsi ya kuanza na kufanya programu ifanye chochote. Hii ni muhimu sana kwa watumiaji watarajiwa kuanza.

    https://github.com/madeinplutofabio/pic-standard#quickstart

    README §Quickstart gives a one-minute install-and-verify path: pip install pic-standard, then pic-cli verify examples/financial_irreversible.json, with additional examples for evidence-aware verification (hash and signature) and optional extras for LangGraph, MCP, and crypto.


    Ya kutosha kwa nishani!

    Mradi LAZIMA ufanye jitihada ya kuweka nyaraka kulingana na toleo la sasa la matokeo ya mradi (ikiwa ni pamoja na programu inayozalishwa na mradi). Kasoro yoyote inayojulikana ya nyaraka inayofanya isilingane LAZIMA irekebishwe. Ikiwa nyaraka kwa ujumla ni za sasa, lakini kwa makosa inajumuisha baadhi ya maelezo ya zamani ambayo sio ya kweli tena, ichukue tu kama kasoro, kisha ifuatilie na urekebishe kama kawaida. [documentation_current]
    Nyaraka ZINAWEZA kujumuisha habari kuhusu tofauti au mabadiliko kati ya matoleo ya programu na/au kuunganisha kwa matoleo ya zamani ya nyaraka. Kusudi la kigezo hiki ni kwamba jitihada inafanywa ili kuweka nyaraka kulingana, siyo kwamba nyaraka lazima ziwe kamili.

    Documentation is kept in sync with each release; CHANGELOG.md tracks user-visible changes. RFC-0001 explicitly states the version range it covers and is updated across releases. Version-specific behavior (e.g., v0.7.5 strict_trust mode, v0.8.0 canonicalization) is annotated inline in the README. No known documentation defects.


    Ya kutosha kwa nishani!

    Ukurasa wa mbele wa hifadhi ya mradi na/au tovuti LAZIMA utambulishe na kuunganisha kiungo kwa mafanikio yoyote, ikiwa ni pamoja na nishani hii ya mazoea bora, ndani ya masaa 48 ya kutambua hadharani kwamba ufanikio umepatikana. (URL inahitajika) [documentation_achievements]
    Ufanikio ni seti yoyote ya vigezo vya nje ambavyo mradi umefanya kazi mahususi kukidhi, ikiwa ni pamoja na nishani fulani. Habari hii haihitaji kuwa kwenye ukurasa wa mbele wa tovuti ya mradi. Mradi unaotumia GitHub unaweza kuweka mafanikio kwenye ukurasa wa mbele wa hifadhi kwa kuyaongeza kwenye faili ya README.

    https://github.com/madeinplutofabio/pic-standard#-pic-standard-provenance--intent-contracts


  • Ufikiaji na kimataifa


    Ya kutosha kwa nishani!

    Mradi (tovuti zote za mradi na matokeo ya mradi) INAPASWA kufuata mazoea bora ya ufikiaji ili watu wenye ulemavu bado waweze kushiriki katika mradi na kutumia matokeo ya mradi ambapo ni busara kufanya hivyo. [accessibility_best_practices]
    Kwa programu za wavuti, angalia Miongozo ya Ufikiaji wa Maudhui ya Wavuti (WCAG 2.0) na hati yake inayosaidia Kuelewa WCAG 2.0; angalia pia habari za ufikiaji za W3C. Kwa programu za GUI, zingatia kutumia miongozo ya ufikiaji ya mazingira maalum (kama vile Gnome, KDE, XFCE, Android, iOS, Mac, na Windows). Baadhi ya programu za TUI (k.m., programu za `ncurses`) zinaweza kufanya mambo fulani ili kuzifanya kufikika zaidi (kama mpangilio wa `force-arrow-cursor` wa `alpine`). Programu nyingi za mstari wa amri zinafikika vizuri kama zilivyo. Kigezo hiki mara nyingi ni N/A, k.m., kwa maktaba za programu. Hapa kuna baadhi ya mifano ya hatua za kuchukua au masuala ya kuzingatia:
    • Toa mbadala za maandishi kwa maudhui yoyote yasiyo ya maandishi ili yaweze kubadilishwa kuwa aina nyingine watu wanahitaji, kama vile chapa kubwa, braille, hotuba, alama au lugha rahisi zaidi ( mwongozo wa WCAG 2.0 1.1)
    • Rangi haitumiwi kama njia pekee ya kuona ya kuwasilisha habari, kuashiria kitendo, kuchochea jibu, au kutofautisha kipengele cha kuona. ( mwongozo wa WCAG 2.0 1.4.1)
    • Uwasilishaji wa kuona wa maandishi na picha za maandishi una uwiano wa tofauti wa angalau 4.5:1, isipokuwa kwa maandishi makubwa, maandishi ya bahati mbaya, na nembo ( mwongozo wa WCAG 2.0 1.4.3)
    • Fanya kazi zote zipatikane kutoka kwenye kibodi (mwongozo wa WCAG 2.1)
    • Mradi wa GUI au wa wavuti INAPASWA kupima na angalau kipaza sauti kimoja cha skrini kwenye jukwaa la lengo (k.m., NVDA, Jaws, au WindowEyes kwenye Windows; VoiceOver kwenye Mac & iOS; Orca kwenye Linux/BSD; TalkBack kwenye Android). Programu za TUI ZINAWEZA kufanya kazi kupunguza uchanganyiko wa ziada ili kuzuia usomaji wa ziada na vipaza sauti vya skrini.

    Project sites are GitHub repository pages and PyPI, both of which follow WCAG accessibility practices. Project documentation is plain Markdown rendered with semantic HTML, alt text on images, descriptive link text, and accessible headings. The Mermaid diagram in the README is paired with a textual description of the same flow. CLI output is plain text and screen-reader compatible.


    Ya kutosha kwa nishani!

    Programu iliyozalishwa na mradi INAPASWA kuwa kimataifa ili kuwezesha upatanifu wa lugha wa rahisi kwa utamaduni, eneo, au lugha ya hadhira lengo. Ikiwa kimataifa (i18n) haihusiki (k.m., programu haizalishi maandishi yanayokusudiwa kwa watumiaji wa mwisho na haipangi maandishi yanayosomeka na binadamu), chagua "haihusiki" (N/A). [internationalization]
    Upatanifu wa lugha "unarejelea upatanifu wa bidhaa, programu au maudhui ya hati ili kukidhi lugha, utamaduni na mahitaji mengine ya soko mahususi la lengo (eneo)." Kimataifa ni "muundo na maendeleo ya bidhaa, programu au maudhui ya hati ambayo huwezesha upatanifu wa lugha wa rahisi kwa hadhira lengo zinazotofautiana katika utamaduni, eneo, au lugha." (Ona "Upatanifu wa Lugha dhidi ya Kimataifa" ya W3C.) Programu inakidhi kigezo hiki kwa kuwa kimataifa tu. Hakuna upatanifu wa lugha kwa lugha nyingine mahususi unaohitajika, kwa kuwa mara tu programu imekuwa kimataifa inawezekana kwa wengine kufanya kazi kwenye upatanifu wa lugha.

    PIC is a verifier library and CLI for AI agent action gating. It does not generate user-facing text intended for end-user consumption, does not sort human-readable text in locale-sensitive ways, and emits only structured machine-readable output (JSON decisions, error codes). Internationalization does not apply.


  • Mengine


    Ya kutosha kwa nishani!

    Ikiwa tovuti za mradi (tovuti, hifadhi, na URL za kupakua) zinahifadhi nywila kwa ajili ya uthibitishaji wa watumiaji wa nje, nywila LAZIMA zihifadhiwe kama mificho iliyorudiwa na chumvi kwa-mtumiaji kwa kutumia kanuni ya upanuaji (iliyorudiarudia) wa funguo (k.m., Argon2id, Bcrypt, Scrypt, au PBKDF2). Ikiwa tovuti za mradi hazihifadhi nywila kwa kusudi hili, chagua "haihusiki" (N/A). [sites_password_security]
    Kumbuka kwamba matumizi ya GitHub yanakidhi kigezo hiki. Kigezo hiki kinatumika tu kwa nywila zinazotumika kwa ajili ya uthibitishaji wa watumiaji wa nje kwenye tovuti za mradi (pia inaitwa uthibitishaji wa ndani). Ikiwa tovuti za mradi lazima ziingie kwenye tovuti zingine (pia inaitwa uthibitishaji wa nje), zinaweza kuhitaji kuhifadhi ishara za uidhinishaji kwa kusudi hilo kwa njia tofauti (kwa kuwa kuhifadhi mficho hakuna maana). Hii inatumia kigezo cha crypto_password_storage kwa tovuti za mradi, sawa na sites_https.

    The project does not operate any site that stores user passwords. The repository is hosted on GitHub and the package is distributed via PyPI; both providers manage their own authentication systems. The project does not host its own website or authentication service.


 Udhibiti wa Mabadiliko 1/1

  • Matoleo ya awali


    Ya kutosha kwa nishani!

    Mradi LAZIMA utunze matoleo ya zamani yaliyotumika mara nyingi ya bidhaa au kutoa njia ya usasishaji kwa matoleo mapya. Ikiwa njia ya usasishaji ni ngumu, mradi LAZIMA uandike jinsi ya kufanya usasishaji (k.m., violesura vilivyobadilika na hatua zilizoanishwa kwa undani ili kusaidia usasishaji). [maintenance_or_update]

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/migration-trust-sanitization.md

    The project follows Semantic Versioning and provides a documented upgrade path to newer versions. Per SECURITY.md, only the latest minor release on the v0.x line receives security fixes; older versions are end-of-life, and users are expected to upgrade. To support that upgrade path, the project provides:
    (1) CHANGELOG.md — a detailed per-release log following semver, with explicit Added / Deprecated / Changed / Notes sections noting wire-format compatibility on every release.
    (2) docs/migration-trust-sanitization.md — a dedicated migration guide for the v0.7.x → v0.8.x → v1.0 trust-model migration, covering: what is changing and why, a per-version timeline table (v0.7.x, v0.8.0, v0.8.1, v1.0), the deprecation warnings producers will see (PICTrustFutureWarning, PICSemiTrustedDeprecationWarning), and step-by-step migration instructions (audit → add evidence → enable evidence verification → opt in to strict_trust=True early).
    (3) ROADMAP.md §"How spec normative freezes are sequenced" — documents the trajectory of every spec artifact (DRAFT → cross-implementation conformance → normative) and the release ladder showing exactly what changes between versions.
    Wire-format compatibility is explicitly tracked: v0.8.1 release notes confirm "Existing v0.8.0 proposals continue to parse, verify, and produce the same allow/block verdicts under v0.8.1," and a verdict-regression matrix in tests/test_trust_deprecation_warning.py is a permanent CI guard against silent behavior changes.


 Kuripoti 3/3

  • Mchakato wa kuripoti hitilafu


    Ya kutosha kwa nishani!

    Mradi LAZIMA utumie kifuatiliaji cha masuala kwa ajili ya kufuatilia masuala ya mtu binafsi. [report_tracker]

    https://github.com/madeinplutofabio/pic-standard/issues


  • Mchakato wa kuripoti udhaifu


    Ya kutosha kwa nishani!

    Mradi LAZIMA utoe sifa kwa waripoti wa ripoti zote za udhaifu zilizotatuliwa katika miezi 12 iliyopita, isipokuwa kwa waripoti wanaoomba kutojulikana. Ikiwa hakuna udhaifu uliotatuliwa katika miezi 12 iliyopita, chagua "haihusiki" (N/A). (URL inahitajika) [vulnerability_report_credit]

    https://github.com/madeinplutofabio/pic-standard/security/advisories

    No vulnerabilities have been resolved in the last 12 months. The project's first commit was 2026-01-08 and no security advisories have been filed via the GitHub Security Advisories channel as of submission. The repository's Security Advisories page is publicly viewable at the URL above. SECURITY.md commits the project to crediting reporters in published advisories unless they explicitly request anonymity ("Reporters are credited in the published advisory unless they explicitly request anonymity").


    Ya kutosha kwa nishani!

    Mradi LAZIMA uwe na mchakato ulioandikwa kwa ajili ya kujibu ripoti za udhaifu. (URL inahitajika) [vulnerability_response_process]
    Hii ina uhusiano mkubwa na vulnerability_report_process, ambayo inahitaji kuwa kuna njia iliyoandikwa ya kuripoti udhaifu. Pia inahusiana na vulnerability_report_response, ambayo inahitaji majibu kwa ripoti za udhaifu ndani ya kipindi fulani cha muda.

    https://github.com/madeinplutofabio/pic-standard/blob/main/SECURITY.md

    The vulnerability response process is documented in SECURITY.md and covers: (1) reporting channel — GitHub Security Advisories private vulnerability reporting, with a step-by-step submission path and explicit instruction not to file public issues; (2) what to include — affected versions, component, reproduction, impact assessment, optional suggested mitigation; (3) disclosure timeline — acknowledgment within 7 days, initial triage within 30 days, fix release targeted within 90 days for High/Critical issues, coordinated public disclosure default 90 days from acknowledgment; (4) scope — in-scope components (Python SDK, canonicalization implementation, verifier, pipeline, evidence, keyring, integration adapters, conformance suite, OpenClaw plugin, specs under docs/) and out-of-scope (downstream code, third-party plugins, hosted services, end-of-life pre-v0.8.0 releases); (5) reporter credit policy — credited in advisory unless anonymity requested; (6) supported-versions table aligning with the SemVer release line.


 Ubora 19/19

  • Viwango vya msimbo


    Ya kutosha kwa nishani!

    Mradi LAZIMA utambulishe miongozo mahususi ya mtindo wa kuandika msimbo kwa lugha kuu inazotumia, na uhitaji kwamba michango kwa ujumla ikidhi. (URL inahitajika) [coding_standards]
    Katika hali nyingi hii inafanywa kwa kurejelea baadhi ya miongozo ya mtindo iliyopo, huenda ikiorodhesha tofauti. Miongozo hii ya mtindo inaweza kujumuisha njia za kuboresha usomaji na njia za kupunguza uwezekano wa kasoro (ikiwa ni pamoja na udhaifu). Lugha nyingi za programu zina miongozo moja au zaidi ya mtindo inayotumika sana. Mifano ya miongozo ya mtindo ni pamoja na miongozo ya mtindo ya Google na Viwango vya Kuandika Msimbo wa SEI CERT.

    https://github.com/madeinplutofabio/pic-standard/blob/main/CONTRIBUTING.md

    Python contributions follow PEP 8 as stated in CONTRIBUTING.md §"Requirements for Acceptable Contributions" ("Python code should follow PEP 8 style"). TypeScript contributions in integrations/openclaw use TypeScript's strict mode ("strict": true in tsconfig.json) with NodeNext module resolution and ES2022 target, type-checked in CI via tsc --noEmit.


    Ya kutosha kwa nishani!

    Mradi LAZIMA utekeleze kiotomatiki mtindo wake wa kuandika msimbo uliochaguliwa ikiwa kuna angalau zana moja ya FLOSS inayoweza kufanya hivyo katika lugha zilizochaguliwa. [coding_standards_enforced]
    Hii INAWEZA kutekelezwa kwa kutumia zana za uchambuzi mkako na/au kwa kulazimisha msimbo kupitia vifaa vya kurekebisha msimbo. Katika hali nyingi usanidi wa zana umejumuishwa katika hifadhi ya mradi (kwa kuwa miradi tofauti inaweza kuchagua usanidi tofauti). Miradi INAWEZA kuruhusu vighairi vya mtindo (na kwa kawaida itaruhusu); ambapo vighairi vinatokea, LAZIMA viwe nadra na viandikwe katika msimbo katika maeneo yao, ili vighairi hivi viweze kukaguliwa na ili zana ziweze kuzishughulikia kiotomatiki baadaye. Mifano ya zana kama hizo ni pamoja na ESLint (JavaScript), Rubocop (Ruby), na devtools check (R).

    Python style enforced by Ruff (config in pyproject.toml; rule set E F W I N B SIM RUF). TypeScript style enforced by ESLint v9 flat config + Prettier (config in integrations/openclaw/eslint.config.mjs and .prettierrc.json). Both gated in CI via .github/workflows/ci.yml. Documented for contributors in CONTRIBUTING.md.


  • Mfumo wa ujenzi unaofanya kazi


    Ya kutosha kwa nishani!

    Mifumo ya kujenga kwa binari za asili LAZIMA iheshimu vigezo (vya mazingira) vya mkusanyaji na vya kiunganishi vilivyopitishwa kwao (k.m., CC, CFLAGS, CXX, CXXFLAGS, na LDFLAGS) na kuvipitisha kwenye viito vya mkusanyaji na vya kiunganishi. Mfumo wa kujenga UNAWEZA kuvipanua na bendera za ziada; LAZIMA USIBADILISHE thamani zilizotolewa na zake mwenyewe. Ikiwa hakuna binari za asili zinazozalishwa, chagua "haihusiki" (N/A). [build_standard_variables]
    Inapaswa kuwa rahisi kuwezesha vipengele maalum vya kujenga kama Address Sanitizer (ASAN), au kutii mazoea bora ya ugumu wa usambazaji (k.m., kwa kuwezesha kwa urahisi bendera za mkusanyaji kufanya hivyo).

    PIC produces no native binaries. The Python package builds via setuptools to a pure-Python wheel; the TypeScript plugin builds via tsc to JavaScript. No C/C++ compiler or linker is invoked.


    Ya kutosha kwa nishani!

    Mfumo wa kujenga na usakinishaji UNAPASWA kuhifadhi taarifa za utatuzi ikiwa zimeombwa katika bendera husika (k.m., "install -s" haitumiwa). Ikiwa hakuna mfumo wa kujenga au usakinishaji (k.m., maktaba za kawaida za JavaScript), chagua "haihusiki" (N/A). [build_preserve_debug]
    K.m., kuweka CFLAGS (C) au CXXFLAGS (C++) inapaswa kuunda taarifa husika za utatuzi ikiwa lugha hizo zinatumika, na hazipaswi kuondolewa wakati wa usakinishaji. Taarifa za utatuzi zinahitajika kwa msaada na uchambuzi, na pia ni muhimu kwa kupima uwepo wa vipengele vya ugumu katika binari zilizokusanywa.

    No native build occurs. Python sources are distributed as-is in the wheel; TypeScript compiles to JavaScript with sourcemap-capable settings in tsconfig.json. No stripping step exists.


    Ya kutosha kwa nishani!

    Mfumo wa kujenga kwa programu iliyozalishwa na mradi LAZIMA USIJENGA kwa njia ya kujirudia saraka ndogo ikiwa kuna utegemezi wa kukatana katika saraka ndogo. Ikiwa hakuna mfumo wa kujenga au usakinishaji (k.m., maktaba za kawaida za JavaScript), chagua "haihusiki" (N/A). [build_non_recursive]
    Taarifa ya utegemezi wa ndani ya mfumo wa kujenga wa mradi inahitaji kuwa sahihi, vinginevyo, mabadiliko ya mradi huenda yasijenge vizuri. Mijengo isiyo sahihi inaweza kusababisha kasoro (ikiwa ni pamoja na udhaifu). Kosa la kawaida katika mifumo mikubwa ya kujenga ni kutumia "ujenzi wa kujirudia" au "make ya kujirudia", yaani, mlingano wa saraka ndogo zinazojumuisha faili za chanzo, ambapo kila saraka ndogo inajengwa kwa uhuru. Isipokuwa kila saraka ndogo ni huru kabisa, hii ni kosa, kwa sababu taarifa ya utegemezi si sahihi.

    Build is handled by setuptools (Python) and tsc (TypeScript). Neither performs recursive Make-style subdirectory builds; both resolve the full dependency graph in a single pass before producing artifacts.


    Ya kutosha kwa nishani!

    Mradi LAZIMA uweze kurudia mchakato wa kuzalisha taarifa kutoka faili za chanzo na kupata matokeo sawa ya biti-kwa-biti. Ikiwa hakuna ujenzi unaofanyika (k.m., lugha za uandishi ambapo msimbo wa chanzo unatumika moja kwa moja badala ya kukusanywa), chagua "haihusiki" (N/A). [build_repeatable]
    Watumiaji wa GCC na clang wanaweza kupata chaguo la -frandom-seed kuwa na manufaa; katika hali fulani, hii inaweza kutatuliwa kwa kulazimisha aina fulani ya mpangilio. Mapendekezo zaidi yanaweza kupatikana kwenye tovuti ya ujenzi unaorudiwa.

    PIC is a Python package distributed as source plus a pure-Python wheel; source files are used directly and no compilation occurs. The Dockerfile pins the base image by SHA-256 digest (python:3.12-slim@sha256:3d5ed9...) and installs pinned dependency versions for reproducible container builds, but the underlying Python package itself does not have a compilation step subject to bit-for-bit reproducibility.


  • Mfumo wa usakinishaji


    Ya kutosha kwa nishani!

    Mradi LAZIMA utoe njia ya kusakinisha na kuondoa kwa urahisi programu iliyozalishwa na mradi kwa kutumia mkataba unaotumika sana. [installation_common]
    Mifano ni pamoja na kutumia meneja wa kifurushi (kwa mfumo au kiwango cha lugha), "make install/uninstall" (inasaidia DESTDIR), chombo katika muundo wa kawaida, au picha ya mashine pepe katika muundo wa kawaida. Mchakato wa usakinishaji na uondoaji (k.m., kifurushi chake) UNAWEZA kutekelezwa na mtu wa tatu mradi tu ni FLOSS.

    PIC is published to PyPI and installable via the standard Python convention pip install pic-standard (or with extras: pip install "pic-standard[langgraph,mcp,crypto]"). Uninstall via pip uninstall pic-standard. Documented in README §Quickstart. A Docker image is also available via the included Dockerfile and docker-compose.yml.


    Ya kutosha kwa nishani!

    Mfumo wa usakinishaji kwa watumiaji wa mwisho LAZIMA uheshimu mkataba wa kawaida kwa kuchagua eneo ambapo vitu vilivyojengwa vinaandikwa kwa wakati wa usakinishaji. Kwa mfano, ikiwa inasakinisha faili kwenye mfumo wa POSIX lazima iheshimu kigezo cha mazingira cha DESTDIR. Ikiwa hakuna mfumo wa usakinishaji au hakuna mkataba wa kawaida, chagua "haihusiki" (N/A). [installation_standard_variables]

    Installation uses pip, which honors standard Python packaging install-location conventions including --prefix, --root (the Python equivalent of DESTDIR for staged installs), --user, and --target. The project does not override or replace these mechanisms; setuptools handles them via the standard Python build backend declared in pyproject.toml.


    Ya kutosha kwa nishani!

    Mradi LAZIMA utoe njia kwa wasanidi programu wanaoweza kusakinisha haraka matokeo yote ya mradi na mazingira ya msaada yanayohitajika kufanya mabadiliko, ikiwa ni pamoja na majaribio na mazingira ya majaribio. Hii LAZIMA ifanywe kwa kutumia mkataba unaotumika sana. [installation_development_quick]
    Hii INAWEZA kutekelezwa kwa kutumia chombo kilichozalishwa na/au hati za usakinishaji. Utegemezi wa nje kwa kawaida utasakinishwa kwa kuita mfumo na/au meneja wa kifurushi cha lugha, kwa external_dependencies.

    https://github.com/madeinplutofabio/pic-standard#quickstart

    README §Quickstart documents the standard editable-install convention: git clone ... && cd pic-standard && pip install -e ".[langgraph,mcp,crypto]" && pytest -q. This installs the package in development mode with all optional integrations and runs the full test suite (24 test files in tests/) plus the conformance suite via python -m conformance.run.


  • Vipengee vilivyotunzwa nje


    Ya kutosha kwa nishani!

    Mradi LAZIMA uorodheshe utegemezi wa nje kwa njia inayoweza kuchakatwa na kompyuta. (URL inahitajika) [external_dependencies]
    Kwa kawaida hii inafanywa kwa kutumia mkataba wa meneja wa kifurushi na/au mfumo wa ujenzi. Kumbuka kwamba hii inasaidia kutekeleza installation_development_quick.

    https://github.com/madeinplutofabio/pic-standard/blob/main/pyproject.toml

    External dependencies are declared in computer-processable form in pyproject.toml ([project] dependencies and [project.optional-dependencies] for langgraph/crypto/mcp extras), and in pinned form in sdk-python/requirements.txt, requirements-dev.txt, requirements-langgraph.txt, and requirements-mcp.txt. TypeScript dependencies for the OpenClaw integration are declared in integrations/openclaw/package.json with a package-lock.json lockfile.


    Ya kutosha kwa nishani!

    Miradi LAZIMA ifuatilie au kwa muda mrefu iangalie utegemezi wao wa nje (ikiwa ni pamoja na nakala za urahisi) kugundua udhaifu unaojulikana, na kurekebisha udhaifu unaoweza kutumiwa vibaya au kuthibitisha kuwa hauwezi kutumiwa vibaya. [dependency_monitoring]
    Hii inaweza kufanywa kwa kutumia zana ya kichambua chanzo / zana ya kuangalia utegemezi / zana ya uchambuzi wa muundo wa programu kama OWASP's Dependency-Check, Sonatype's Nexus Auditor, Synopsys' Black Duck Software Composition Analysis, na Bundler-audit (kwa Ruby). Baadhi ya waendesha kifurushi wanajumuisha taratibu za kufanya hii. Ni kubaliwa ikiwa udhaifu wa vipengele hauwezi kutumiwa vibaya, lakini uchambuzi huu ni mgumu na wakati mwingine ni rahisi kusasisha au kurekebisha sehemu.

    https://github.com/madeinplutofabio/pic-standard/blob/main/.github/dependabot.yml
    Dependabot is configured in .github/dependabot.yml with weekly scans across four ecosystems: Python (pyproject.toml at root), Python (sdk-python/requirements.txt), npm (integrations/openclaw), and github-actions. Major version bumps are intentionally held for manual review; minor and patch updates are grouped into PRs. GitHub also performs automated vulnerability scanning on the repository's dependency graph.*


    Ya kutosha kwa nishani!

    Mradi LAZIMA au:
    1. fanya iwe rahisi kutambua na kusasisha vipengele vinavyotumiwa tena vilivyotunzwa nje; au
    2. tumia vipengele vya kawaida vinavyotolewa na mfumo au lugha ya programu.
    Kisha, ikiwa udhaifu unapatikana katika kipengele kilichotumiwa tena, itakuwa rahisi kusasisha kipengele hicho. [updateable_reused_components]
    Njia ya kawaida ya kutimiza kigezo hiki ni kutumia mifumo ya usimamizi wa kifurushi ya mfumo na lugha ya programu. Programu nyingi za FLOSS zinasambazwa na "maktaba za urahisi" ambazo ni nakala za ndani za maktaba za kawaida (labda zilizoachana). Kwa yenyewe, hiyo ni sawa. Hata hivyo, ikiwa programu *lazima* itumie nakala hizi za ndani (zilizoachanishwa), basi kusasisha maktaba za "kawaida" kama sasisho la usalama litaacha nakala hizi za ziada bado zenye udhaifu. Hii ni suala hasa kwa mifumo ya wingu; ikiwa mtoa huduma ya wingu anasasisha maktaba zao za "kawaida" lakini programu haitazitumia, basi masasisho hayasaidii kweli. Angalia, k.m., "Chromium: Kwa nini bado haiko katika Fedora kama kifurushi sahihi" na Tom Callaway.

    PIC uses standard ecosystem components only — Python packages from PyPI (pydantic, jsonschema, cryptography, jsonschema, etc.) and Node packages from npm. All dependencies are managed via standard package managers (pip, npm) and can be updated via the standard pip install -U <pkg> or npm update flows. There are no vendored convenience copies of third-party code.


    Ya kutosha kwa nishani!

    Mradi UNAPASWA kuepuka kutumia vitendakazi na API zilizokubaliwa kuwa hazitumiki tena au zilizopitwa na wakati ambapo mbadala wa FLOSS zinapatikana katika seti ya teknolojia inayotumia ("kifurushi cha teknolojia" yake) na kwa wengi wa watumiaji ambao mradi unasaidia (ili watumiaji wawe na ufikiaji wa haraka wa mbadala). [interfaces_current]

    PIC targets Python ≥3.10 and uses current, actively-maintained dependencies: Pydantic ≥2.13.3 (current major version, not the deprecated 1.x line), jsonschema ≥4.0.0 (current major version), cryptography ≥42.0.0 (current; older, deprecated cryptography releases are excluded by the version floor). The TypeScript plugin targets Node ≥18, ES2022, and uses NodeNext module resolution. CI tests against Python 3.10, 3.11, and 3.12 to catch deprecation warnings early.


  • Seti ya majaribio otomatiki


    Ya kutosha kwa nishani!

    Seti ya majaribio ya kiotomatiki LAZIMA itumike kwenye kila ukaguzi wa kuingia kwenye hifadhi iliyoshirikiwa kwa angalau tawi moja. Seti hii ya majaribio LAZIMA itoe ripoti ya mafanikio au kushindwa kwa majaribio. [automated_integration_testing]
    Mahitaji haya yanaweza kuonekana kama sehemu ndogo ya test_continuous_integration, lakini yanazingatia majaribio tu, bila kuhitaji uunganisho wa kuendelea.

    https://github.com/madeinplutofabio/pic-standard/blob/main/.github/workflows/ci.yml

    Two CI workflows run on every push and pull request: (1) .github/workflows/ci.yml runs pytest across a Python 3.10/3.11/3.12 matrix (with both pinned and latest dependency canaries) plus a separate job for the TypeScript OpenClaw integration (tsc type-check + vitest); (2) .github/workflows/conformance.yml runs the PIC Conformance suite (python -m conformance.run) against the canonicalization and core verifier vectors. Both produce per-job pass/fail reports visible in the Actions tab. CI status is shown via the ![CI] README badge.


    Ya kutosha kwa nishani!

    Mradi LAZIMA uongeze majaribio ya kurudi nyuma kwa seti ya majaribio ya kiotomatiki kwa angalau 50% ya hitilafu zilizorekebisha ndani ya miezi sita iliyopita. [regression_tests_added50]

    The project routinely adds regression tests for fixed bugs and behavior changes. Concrete examples in tests/: test_trust_deprecation_warning.py codifies the v0.8.0 verdict baseline as a 24-row parametrized verdict-regression matrix (6 example proposals × strict_trust × verify_evidence) that pins behavior across the dict-vs-model boundary refactor (CHANGELOG §[0.8.1]); test_evidence_sandbox.py codifies path-traversal rejection; test_mcp_guard_async_timeout.py and test_mcp_guard_time_budget.py codify DoS-limit behavior; test_strict_trust.py codifies trust-sanitization semantics. The conformance suite (conformance/) provides additional behavior-pinning vectors that run on every PR.


    Ya kutosha kwa nishani!

    Mradi LAZIMA uwe na seti ya majaribio ya kiotomatiki ya FLOSS inayotoa angalau 80% ya usakinishaji wa taarifa ikiwa kuna angalau zana moja ya FLOSS inayoweza kupima kigezo hiki katika lugha iliyochaguliwa. [test_statement_coverage80]
    Zana nyingi za FLOSS zinapatikana kupima usakinishaji wa majaribio, ikiwa ni pamoja na gcov/lcov, Blanket.js, Istanbul, JCov, na covr (R). Kumbuka kwamba kutimiza kigezo hiki sio uhakika kwamba seti ya majaribio ni ya kina, badala yake, kushindwa kutimiza kigezo hiki ni kiashiria kizito cha seti ya majaribio mbaya.

    Python statement coverage 82.0% measured by coverage.py (config in pyproject.toml; gate fail_under = 80 enforced by CI). TypeScript integration plugin coverage measurement deferred to v0.9.x follow-up. See PR #73 for the implementation.


  • Upimaji wa utendaji mpya


    Ya kutosha kwa nishani!

    Mradi LAZIMA uwe na sera rasmi iliyoandikwa kwamba kadri utendakazi mkubwa mpya unaongezwa, majaribio ya utendakazi mpya LAZIMA yaongezwe kwenye seti ya majaribio ya kiotomatiki. [test_policy_mandated]

    https://github.com/madeinplutofabio/pic-standard/blob/main/CONTRIBUTING.md

    CONTRIBUTING.md §Test Policy formally requires that pull requests adding or changing behavior include automated tests under tests/, with conformance vectors under conformance/ for new verifier behavior, and regression tests for bug fixes. Documentation-only and refactor-only PRs are exempt. Maintainers will not merge PRs adding new functionality without corresponding tests.


    Ya kutosha kwa nishani!

    Mradi LAZIMA ujumuishe, katika maelekezo yake yaliyoandikwa kwa mapendekezo ya mabadiliko, sera kwamba majaribio yataongezwa kwa utendakazi mkubwa mpya. [tests_documented_added]
    Hata hivyo, hata sheria isiyo rasmi inakubaliwa mradi majaribio yaongezwe kimakosa.

    https://github.com/madeinplutofabio/pic-standard/blob/main/CONTRIBUTING.md


  • Bendera za maonyo


    Ya kutosha kwa nishani!

    Miradi LAZIMA iwe na ukali wa juu zaidi na maonyo katika programu iliyozalishwa na mradi, iwezekanavyo vitendo. [warnings_strict]
    Baadhi ya maonyo hayawezi kuwashwa kwa ufanisi kwenye miradi fulani. Kinachohitajika ni ushahidi kwamba mradi unajitahidi kuwasha bendera za onyo ambapo inaweza, ili makosa yagundulika mapema.

    CI + test suite already enforces clean runs; the deprecation handling shows strictness.


 Usalama 13/13

  • Maarifa ya maendeleo yenye usalama


    Ya kutosha kwa nishani!

    Mradi LAZIMA utekeleze kanuni za muundo salama (kutoka "know_secure_design"), pale inapohusika. Ikiwa mradi hauzalishi programu, chagua "haihusiki" (N/A). [implement_secure_design]
    Kwa mfano, matokeo ya mradi yanapaswa kuwa na mipangilio salama ya kuzuia makosa (maamuzi ya ufikiaji yanapaswa kukataa kwa chaguo-msingi, na usakinishaji wa mradi unapaswa kuwa salama kwa chaguo-msingi). Pia yanapaswa kuwa na kikuu cha kati kikamilifu (kila ufikiaji ambao unaweza kuwekwa kikomo lazima ufanyiwe ukaguzi wa mamlaka na usiweze kuvukwa). Kumbuka kwamba katika hali fulani kanuni zitagombana, na katika hali hiyo chaguo lazima lifanywe (k.m., taratibu nyingi zinaweza kufanya mambo kuwa magumu zaidi, kukiuka "uchumi wa utaratibu" / iweke rahisi).

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/RFC-0001-pic-standard.md#security-properties

    PIC is itself a secure-design protocol; the Saltzer & Schroeder principles are explicit in its architecture and documented in RFC-0001:
    Fail-safe defaults (fail-closed) — every error path (schema invalid, evidence missing, tool-binding mismatch, timeout, signature invalid, file not found) results in the action being blocked. There is no fallback to "allow anyway." Documented as Security Property #1 and Conformance MUST #2.
    Complete mediation — every high-impact tool call is gated at the action boundary; the verifier intercepts before any side effect occurs. Documented in RFC-0001 §Protocol Summary and §Conformance MUST #1 (schema validation before execution).
    Open design — protocol, schema, reference implementation, and conformance vectors are all Apache-2.0 and public. RFC-0001 is published as a defensive publication; security does not depend on obscurity.
    Least privilege & separation of privilege — trust is verifier-derived, not declared by the agent: untrusted provenance can only be upgraded to trusted via successful cryptographic evidence verification (Security Property #5). The strict_trust mode (v0.7.5+) sanitizes all inbound trust to "untrusted" before any pipeline step consumes it.
    Economy of mechanism — local-first verifier, deterministic, no external services required (Security Property #4 and #8). The pipeline is intentionally minimal: schema → verifier → evidence.
    Defense in depth — multiple independent gates: JSON Schema validation, fail-closed enforcement, tool-binding integrity check, sandboxed evidence resolution within evidence_root_dir with path-traversal rejection (Security Property #6), Ed25519 signature verification with key expiry and revocation lists (Security Property #7), and DoS resistance limits (64 KB max proposal, 500 ms eval budget, 5 MB max evidence file, 64-item array caps — threat T7).
    Minimize attack surface — local-first by default with no outbound network calls; HTTP bridge is opt-in; integration extras (langgraph, mcp, crypto) are opt-in; trust sanitization shrinks the exploitable surface to verifiable evidence only.
    Input validation — every proposal is validated against the PIC/1.0 JSON Schema before execution; tool arguments cannot exceed what the proposal binds to (tool-binding integrity, Conformance MUST #4).
    Threat model and mitigations for seven concrete attack classes (T1–T7: prompt injection, hallucination-driven loss, privilege escalation via tool chaining, untrusted-data laundering, evidence forgery, verification bypass, DoS via proposals) are documented in RFC-0001 §Threat Model.


  • Tumia mazoea mazuri ya msingi ya usimbuaji

    Kumbuka kwamba programu fulani haihitaji kutumia taratibu za usimbuaji. Ikiwa mradi wako unazalisha programu ambayo (1) inajumuisha, inaamilisha, au inafanya usimbuaji kuwa hai, na (2) inaweza kutolewa kutoka Marekani (US) kwenda nje ya Marekani au kwa raia asiye wa Marekani, inaweza kuwa ni lazima kisheria kuchukua hatua chache za ziada. Kawaida hii inahusisha tu kutuma barua pepe. Kwa maelezo zaidi, tazama sehemu ya usimbuaji ya Kuelewa Teknolojia ya Chanzo Wazi & Udhibiti wa Usafirishaji wa Marekani.

    Ya kutosha kwa nishani!

    Mifumo ya usalama ya chaguo-msingi ndani ya programu inayozalishwa na mradi LAZIMA ISITEGEMEE algoriti za kriptologia au hali zenye udhaifu mkubwa unaojulikana (k.m., algoriti ya hash ya kriptologia ya SHA-1 au hali ya CBC katika SSH). [crypto_weaknesses]
    Wasiwasi kuhusu hali ya CBC katika SSH unajadiliwa katika CERT: SSH CBC vulnerability.

    No SHA-1, no CBC in SSH, no weak modes.


    Ya kutosha kwa nishani!

    Mradi INAPASWA kusaidia algoriti nyingi za kriptologia, ili watumiaji waweze kubadilisha haraka ikiwa moja imevunjwa. Algoriti za kawaida za funguo za simetria ni pamoja na AES, Twofish, na Serpent. Mbadala wa algoriti za hash za kriptologia za kawaida ni pamoja na SHA-2 (ikiwa ni pamoja na SHA-224, SHA-256, SHA-384 NA SHA-512) na SHA-3. [crypto_algorithm_agility]

    PIC's evidence model is algorithm-extensible: the evidence field uses a discriminated type enum (hash, sig) and the schema is designed so additional algorithm types can be added without breaking existing implementations. The current reference implementation supports SHA-256 hashes and Ed25519 signatures — both modern, non-deprecated primitives. Algorithm migration is enabled at the protocol layer (new type values can be added) and at the keyring layer (alg field on signature evidence makes the algorithm explicit per signature, supporting parallel algorithms during migration). The KeyResolver protocol (v0.7+) further allows operators to plug in custom trust backends including HSM-backed services with their own algorithm support.


    Ya kutosha kwa nishani!

    Mradi LAZIMA usaidie kuhifadhi vitambulisho vya uthibitishaji (kama vile nywila na ishara za nguvu) na funguo za kibinafsi za kriptologia katika mafaili ambayo yametengwa na habari nyingine (kama vile mafaili ya usanidi, hifadhidata, na kumbukumbu), na kuruhusu watumiaji kusasisha na kubadilisha bila ukusanyaji upya wa msimbo. Ikiwa mradi haufanyi usindikaji wa vitambulisho vya uthibitishaji na funguo za kibinafsi za kriptologia, chagua "haihusiki" (N/A). [crypto_credential_agility]

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/keyring.md

    Trusted public keys are stored in a dedicated keyring file (pic_keys.json, see pic_keys.example.json for schema) entirely separate from configuration (pic_policy.json), code, and logs. The keyring file contains trusted_keys (with per-key expires_at) and revoked_keys. Keys can be added, expired, revoked, or rotated at runtime by editing the file — no code recompilation required. The KeyResolver protocol (v0.7+) additionally allows custom trust backends (HSM-backed services, Vault-managed keys, cached remote keyrings) to plug into the verifier and pipeline directly via the StaticKeyRingResolver or any operator-supplied implementation. PIC never stores private keys; the project handles only public keys for verification.


    Ya kutosha kwa nishani!

    Programu iliyozalishwa na mradi INAPASWA kusaidia itifaki salama kwa mawasiliano yake yote ya mtandao, kama vile SSHv2 au zaidi, TLS1.2 au zaidi (HTTPS), IPsec, SFTP, na SNMPv3. Itifaki zisizo salama kama vile FTP, HTTP, telnet, SSLv3 au mapema zaidi, na SSHv1 ZINAPASWA kuzimwa kwa chaguo-msingi, na kuzimwa tu ikiwa mtumiaji anaisanidi mahususi. Ikiwa programu iliyozalishwa na mradi haiesaidii mawasiliano ya mtandao, chagua "haihusiki" (N/A). [crypto_used_network]

    PIC is a local-first verifier library and performs no outbound network communications. The MCP integration runs in-process (no HTTP). The optional pic-cli serve HTTP bridge is opt-in (the operator must explicitly invoke the subcommand) and intended for loopback IPC only. No insecure network protocol is enabled by default.


    Ya kutosha kwa nishani!

    Programu iliyozalishwa na mradi INAPASWA, ikiwa inasaidia au inatumia TLS, kusaidia angalau toleo la TLS 1.2. Kumbuka kuwa kilichotangulia TLS kiliitwa SSL. Ikiwa programu haitumii TLS, chagua "haihusiki" (N/A). [crypto_tls12]

    The PIC reference implementation does not use TLS. The verifier and SDK are local-first; the optional HTTP bridge is intended for loopback IPC only and does not terminate TLS.


    Ya kutosha kwa nishani!

    Programu iliyozalishwa na mradi LAZIMA, ikiwa inasaidia TLS, ifanye uthibitishaji wa cheti cha TLS kwa chaguo-msingi inapotumia TLS, ikiwa ni pamoja na rasilimali ndogo. Ikiwa programu haitumii TLS, chagua "haihusiki" (N/A). [crypto_certificate_verification]
    Kumbuka kuwa uthibitishaji usio sahihi wa cheti cha TLS ni kosa la kawaida. Kwa maelezo zaidi, angalia "The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software" na Martin Georgiev et al. na "Do you trust this application?" na Michael Catanzaro.

    PIC does not use TLS. The reference implementation is local-first; no outbound TLS connections are made.


    Ya kutosha kwa nishani!

    Programu iliyozalishwa na mradi LAZIMA, ikiwa inasaidia TLS, ifanye uthibitishaji wa cheti kabla ya kutuma vichwa vya HTTP na habari ya kibinafsi (kama vile vidakuzi salama). Ikiwa programu haitumii TLS, chagua "haihusiki" (N/A). [crypto_verification_private]

  • Kutolewa kwa usalama


    Ya kutosha kwa nishani!

    Mradi LAZIMA uweke saini kwa kriptologia matoleo ya matokeo ya mradi yanayokusudiwa kwa matumizi ya kila mahali, na LAZIMA kuwe na mchakato ulioandikwa unaoweleza watumiaji jinsi wanaweza kupata funguo za umma za saini na kuthibitisha saini. Funguo ya kibinafsi kwa saini hizi LAZIMA ISIWE kwenye tovuti zinazosambaza moja kwa moja programu kwa umma. Ikiwa matoleo hayakusudiwa kwa matumizi ya kila mahali, chagua "haihusiki" (N/A). [signed_releases]
    Matokeo ya mradi ni pamoja na msimbo wa chanzo na matokeo yoyote yaliyozalishwa pale inapohusika (k.m., mifumo inayotekelezeka, vifurushi, na vyombo). Matokeo yaliyozalishwa YANAWEZA kuwekwa saini tofauti na msimbo wa chanzo. Hizi ZINAWEZA kutekelezwa kama lebo za git zilizowekwa saini (kwa kutumia saini za kidijitali za kriptologia). Miradi YAWEZA kutoa matokeo yaliyozalishwa tofauti na zana kama vile git, lakini katika hali hizo, matokeo tofauti LAZIMA yawekwe saini tofauti.

    Releases are cryptographically signed via two complementary layers:

    Layer 1 (PyPI distribution artifacts): PEP 740 attestations (Sigstore-backed, tied to the GitHub Actions Trusted Publisher workflow identity madeinplutofabio/pic-standard running release.yml under the pypi environment). Verifiable via pypi-attestations verify pypi --repository https://github.com/madeinplutofabio/pic-standard <wheel-or-sdist>.

    Layer 2 (git tags): SSH-signed with the project's dedicated Ed25519 release-signing key (public key at .github/release-signing-key.pub; fingerprint SHA256:blCcqBpKLCrJUtUYwOvxE3tmUa4F37/COJvy8F80hHg). Verifiable via git tag -v.

    First release through the new infrastructure: v0.8.1.1 (2026-05-11). Both verification paths reproducibly succeed against this release. Full documented process: https://github.com/madeinplutofabio/pic-standard/blob/main/RELEASING.md


    Ya kutosha kwa nishani!

    INAPENDEKEZWA kuwa katika mfumo wa udhibiti wa toleo, kila lebo muhimu ya toleo (lebo ambayo ni sehemu ya toleo kuu, toleo dogo, au kurekebishwa udhaifu uliotangazwa hadharani) iwekwe saini kwa kriptologia na iweze kuthibitishwa kama ilivyoelezwa katika signed_releases. [version_tags_signed]

    All release tags from v0.8.1.1 onward are cryptographically signed using the project's dedicated Ed25519 release-signing key. The signature is verified by the release workflow before any artifact is built (.github/workflows/release.yml → verify-and-build job). GitHub server-side verification of the v0.8.1.1 tag returns "verified": true with reason "valid".

    Public key + fingerprint pinned in https://github.com/madeinplutofabio/pic-standard/blob/main/RELEASING.md


  • Masuala mengine ya usalama


    Ya kutosha kwa nishani!

    Matokeo ya mradi LAZIMA yafanye ukaguzi wa pembejeo zote kutoka vyanzo visivyoaminika ili kuhakikisha ni halali (*orodha zinazokubalika*), na kukataa pembejeo zisizo halali, ikiwa kuna vizuizi vyovyote kwenye data kabisa. [input_validation]
    Kumbuka kuwa kulinganisha ingizo dhidi ya orodha ya "miundo mibaya" (aka *orodha za kukataza*) kwa kawaida haitoshi, kwa sababu washambuliaji mara nyingi wanaweza kuepuka orodha ya kukataza. Hasa, nambari zinabadilishwa kuwa miundo ya ndani na kisha kuangaliwa ikiwa ziko kati ya chini na juu zao (ikiwa ni pamoja), na vifungu vya maandishi vinaangaliwa ili kuhakikisha kuwa ni ruwaza halali za maandishi (k.m., UTF-8 halali, urefu, sintaksia, n.k.). Baadhi ya data inaweza kuhitaji kuwa "chochote kabisa" (k.m., kipakia faili), lakini hizi kwa kawaida zingekuwa nadra.

    Every Action Proposal is validated against the PIC/1.0 JSON Schema (sdk-python/pic_standard/schemas/proposal_schema.json) using jsonschema before any pipeline step executes — schema validation is the first stage of the verifier and uses an explicit allowlist of permitted fields, types, and enum values (impact classes, trust levels, evidence types). Pydantic models in sdk-python/pic_standard/ provide a second validation layer with field validators (e.g., the Provenance.trust validator that normalizes deprecated values). Invalid inputs are rejected fail-closed: schema violations, unknown enum values, missing required fields, oversized payloads (>64 KB), oversized arrays (>64 items), and oversized evidence files (>5 MB) all return block. File evidence is sandboxed within evidence_root_dir with explicit path-traversal rejection. Tool-binding integrity is verified — action.tool MUST match the actual tool being invoked, and unexpected tool arguments outside the proposal envelope are rejected.


    Ya kutosha kwa nishani!

    Taratibu za kuimarisha ZINAPASWA kutumiwa katika programu iliyozalishwa na mradi ili kasoro za programu ziwe na uwezekano mdogo wa kusababisha udhaifu wa usalama. [hardening]
    Taratibu za kuimarisha zinaweza kujumuisha vichwa vya HTTP kama Sera ya Usalama wa Maudhui (CSP), bendera za mkusanyaji ili kupunguza mashambulizi (kama vile -fstack-protector), au bendera za mkusanyaji ili kuondoa tabia isiyofafanuliwa. Kwa madhumuni yetu upendeleo mdogo hauhesabiwi kuwa utaratibu wa kuimarisha (upendeleo mdogo ni muhimu, lakini tofauti).

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/RFC-0001-pic-standard.md#security-properties

    PIC implements multiple hardening mechanisms documented in RFC-0001: (1) fail-closed enforcement on every error path; (2) sandboxed evidence resolution within a configured evidence_root_dir, with path-traversal rejection; (3) DoS resistance limits (64 KB max proposal, 500 ms eval budget, 5 MB max evidence file, 64-item array caps); (4) Ed25519 signature verification with key expiry and revocation lists; (5) strict-trust mode (v0.7.5+) sanitizing inbound provenance trust; (6) tool-binding integrity check rejecting any tool mismatch. See RFC-0001 §Security Properties and §Threat Model.


    Ya kutosha kwa nishani!

    Mradi LAZIMA utoe kesi ya uhakika inayosababisha kwa nini mahitaji yake ya usalama yanakidhi. Kesi ya uhakika LAZIMA ijumuishe: maelezo ya muundo wa tishio, utambulisho wazi wa mipaka ya kuaminiwa, hoja kwamba kanuni za muundo salama zimetumika, na hoja kwamba udhaifu wa kawaida wa utekelezaji wa usalama umekabiliana nao. (URL inahitajika) [assurance_case]
    Kesi ya uhakika ni "mwili wa ushahidi ulioandikwa unaotoa hoja inayoshawishi na halali kwamba seti maalum ya madai muhimu kuhusu mali za mfumo ziko na sababu za kutosha kwa programu maalum katika mazingira maalum" ("Uhakika wa Programu Kwa kutumia Miundo ya Kesi ya Uhakika Iliyopangwa", Thomas Rhodes et al, NIST Interagency Report 7608). Mipaka ya kuaminiwa ni mipaka ambapo data au utekelezaji hubadilisha kiwango chake cha kuaminiwa, k.m., mipaka ya seva katika programu ya kawaida ya wavuti. Ni ya kawaida kuorodhesha kanuni za muundo salama (kama vile Saltzer na Schroeer) na udhaifu wa kawaida wa utekelezaji wa usalama (kama vile OWASP top 10 au CWE/SANS top 25), na kuonyesha jinsi kila moja unavyokabiliana. Kesi ya uhakika ya BadgeApp inaweza kuwa mfano wenye manufaa. Hii inahusiana na documentation_security, documentation_architecture, na implement_secure_design.

    https://github.com/madeinplutofabio/pic-standard/blob/main/docs/RFC-0001-pic-standard.md

    RFC-0001 serves as the project's assurance case and contains all four required elements:
    (1) Threat model — RFC-0001 §Threat Model enumerates seven concrete threats (T1–T7: prompt injection to side effect, hallucination to financial loss, privilege escalation via tool chaining, untrusted-data laundering, evidence forgery, verification bypass, DoS via proposals) with explicit PIC mitigations for each.
    (2) Trust boundaries — RFC-0001 §Scope and §Non-Goals identify the security boundary explicitly. PIC operates at the action boundary (after agent reasoning, before any side effect). Inputs are classified by a three-level provenance trust model (trusted, semi_trusted [deprecated], untrusted). Trust is verifier-derived in v1.0+, never declared by the agent. Non-Goals enumerate eight things explicitly outside the boundary (model output guardrails, user/agent authentication, RBAC, prompt filtering, runtime sandbox, logging/SIEM, tool input validation, protection against compromised trusted signers).
    (3) Secure-design principles applied — argued in RFC-0001 §Security Properties (eight MUST/SHOULD properties: fail-safe defaults via fail-closed enforcement, complete mediation at the action boundary, open design via Apache-2.0 + defensive publication, separation of privilege via verifier-derived trust, economy of mechanism via local-first design, deterministic verification, sandboxed evidence resolution, key lifecycle management).
    (4) Common implementation weaknesses countered — JSON Schema + Pydantic input validation against an allowlist (counters injection, malformed input, type confusion); fail-closed on every error path (counters logic-error vulnerability classes); sandboxed file resolution with path-traversal rejection (counters CWE-22); DoS limits on proposal size, evaluation time, evidence size, and array length (counters CWE-400); Ed25519 with key expiry and revocation (counters key compromise and stale-trust); tool-binding integrity check (counters confused-deputy patterns); deprecation/migration warnings before behavior changes (counters silent-semantic-shift vulnerability classes).
    The assurance case is anchored to specific code modules with SHA-256 fingerprints in RFC-0001 §Spec Fingerprint and docs/RFC-0001.SHA256, providing tamper-evident binding between the argument and the implementation it argues about.


 Uchanganuzi 2/2

  • Uchambuzi tuli wa msimbo


    Ya kutosha kwa nishani!

    Mradi LAZIMA utumie angalau zana moja ya uchanganuzi tuli yenye sheria au mbinu za kutafuta udhaifu wa kawaida katika lugha au mazingira yaliyochanganuliwa, ikiwa kuna angalau zana moja ya FLOSS inayoweza kutekeleza kigezo hiki katika lugha iliyochaguliwa. [static_analysis_common_vulnerabilities]
    Zana za uchambuzi tuli ambazo zimeundwa hasa kutafuta udhaifu wa kawaida zina uwezekano mkubwa wa kuzipata. Hata hivyo, kutumia zana zozote za tuli kwa kawaida itasaidia kupata baadhi ya matatizo, kwa hivyo tunashauri lakini hatunahitaji hii kwa kiwango cha nishani ya 'kupita'.

    The TypeScript type checking + Python test/conformance suite already surface many common issues.


  • Uchambuzi wa msimbo wa nguvu za ziada


    Ya kutosha kwa nishani!

    Ikiwa programu iliyozalishwa na mradi inajumuisha programu iliyoandikwa kwa kutumia lugha isiyosalama ya kumbukumbu (k.m., C au C++), basi angalau zana moja ya nguvu (k.m., fuzzer au kitafutaji cha programu ya wavuti) LAZIMA itumike kwa kawaida kwa pamoja na utaratibu wa kugundua matatizo ya usalama wa kumbukumbu kama vile uandikaji zaidi wa kipengele. Ikiwa mradi hauzalishi programu iliyoandikwa katika lugha isiyosalama ya kumbukumbu, chagua "haihusiki" (N/A). [dynamic_analysis_unsafe]
    Mifano ya taratibu za kugundua matatizo ya usalama wa kumbukumbu ni pamoja na Address Sanitizer (ASAN) (inapatikana katika GCC na LLVM), Memory Sanitizer, na valgrind. Zana nyingine zinazoweza kutumika ni pamoja na thread sanitizer na undefined behavior sanitizer. Madai ya kila mahali pia yaweza kufanya kazi.

    main codebase is Python (memory-safe) and the small TypeScript integration is also memory-safe with type checking. No C/C++ or other unsafe languages.



Data hii inapatikana chini ya Community Data License Agreement – Permissive, Version 2.0 (CDLA-Permissive-2.0). Hii inamaanisha kuwa Mpokeaji wa Data anaweza kushiriki Data, na au bila marekebisho, mradi Mpokeaji wa Data anapatanisha maandishi ya mkataba huu na Data iliyoshirikiwa. Tafadhali tambua Fabio Marcello Salvadori na wachangiaji wa nishani ya Mazoea Bora ya OpenSSF.

Ingizo la nishani ya mradi linamilikiwa na: Fabio Marcello Salvadori.
Ingizo liliundwa siku 2026-05-09 11:08:52 UTC, iliyosasishwa mara ya mwisho siku 2026-06-22 23:27:53 UTC. Ilipata mara ya mwisho nishani ya kupita siku 2026-05-09 13:34:54 UTC.