Tighten v1.1.0 release and fixture discipline

CHANGELOG.md

@@ -2,11 +2,12 @@
 
 ## 1.1.0
 
-- Added simplified self-contained Commons schemas under `schemas/v1.1.0/commons`
-- Added 10 Commons verbs as request/receipt schema pairs
-- Removed shared `$ref` dependencies from the v1.1.0 Commons schema family
-- Standardized Commons receipts around a minimal proof-first structure
-- Added conditional receipt requirements for success/error states
-- Established Commons v1.1.0 as the active in-repo schema surface for new integrations
-- Retained v1.0.0 as the last pinned canonical release until v1.1.0 pinning is completed
-- Preserved earlier schema versions for compatibility and historical reference
+- Added simplified self-contained Commons schemas under `schemas/v1.1.0/commons`.
+- Added the current 10-verb Commons request/receipt schema set as the active documentation and validation target.
+- Flattened v1.1.0 requests and receipts into the current proof-oriented contract.
+- Preserved v1.0.0 in-repo as the historical pinned release while v1.1.0 remains the authoritative current line.
+
+## 1.0.0
+
+- Published the original Commons schema family under `schemas/v1.0.0/commons` with `_shared` references, x402-aware request envelopes, and trace-oriented receipts.
+- Established the first pinned historical release line and retained its published CID in `manifest.json`.

CONTRIBUTING.md

@@ -0,0 +1,50 @@
+# Contributing — Protocol Commons
+
+Protocol Commons is schema-first, release-sensitive infrastructure. Keep changes precise, auditable, and aligned across the repository’s authoritative surfaces.
+
+## Expectations
+
+- Prefer the authority order: `schemas` → `manifest.json` → validation scripts → examples → docs.
+- Treat `schemas/v1.1.0/` as the current canonical working line unless a change explicitly targets legacy compatibility.
+- Preserve v1.0.0 history unless a fix is clearly required to correct misleading legacy artifacts.
+- Avoid placeholder authority. If a CID, tag, URL, or signature claim is not real, say so plainly.
+
+## Validation commands
+
+```bash
+npm install
+npm run validate
+npm run checksums:gen
+npm run checksums:verify
+```
+
+Use `npm run validate:schemas` or `npm run validate:examples` only when you are intentionally narrowing the scope during development.
+
+## Fixture discipline
+
+- Valid fixtures should look credible and match the schema they target.
+- Invalid fixtures should usually demonstrate one obvious failure.
+- Keep verbs aligned with their own directories; do not copy `summarize` into sibling fixtures.
+- When updating receipt examples, keep hashes, CIDs, and signatures well-formed and documentation-friendly.
+
+## Schema and doc consistency
+
+- `$id` values, local paths, manifest references, and public artifact URLs must agree.
+- If a schema field changes, audit the related JSON examples, TypeScript examples, README snippets, and spec text in the same pass.
+- `SPEC.md` is the normative source when wording conflicts arise.
+
+## Release-surface caution
+
+- Do not claim a CID, release tag, or published artifact unless it is actually available.
+- If a release step cannot be completed in-repo, record the state honestly in `manifest.json` and the relevant documentation.
+- Regenerate `checksums.txt` whenever the authoritative artifact set changes.
+
+## TypeScript declarations
+
+This package does not currently ship generated `.d.ts` files from the JSON Schemas. That omission is intentional: the schemas are the canonical cross-runtime artifact surface, and no low-maintenance declaration-generation pipeline is wired into release today. If you propose adding one, it must be reproducible, documented, and clearly subordinate to the JSON Schemas rather than a parallel source of truth.
+
+## PR hygiene
+
+- Keep PRs focused.
+- Describe any manual release follow-up still required.
+- Call out changes that touch canonical release surfaces such as schema files, manifest data, checksums, or governance text.

GOVERNANCE.md

@@ -62,7 +62,7 @@ Commercial schemas may reference Commons semantics — they **may not alter them
 Responsible for:
 
 - Canonical schema publishing  
-- Signed manifest + checksum updates  
+- Reviewed manifest + checksum updates  
 - Security revocations + provenance logs  
 - Transparency for all normative decisions  
 
@@ -71,7 +71,7 @@ Responsible for:
 | Phase | Governance Form | Trigger |
 |-------|----------------|---------|
 | 1 — Bootstrap | Single-operator Safe | Initial production adoption |
-| 2 — Multi-Maintainer | ≥3 independent vendors in Safe | Cross-vendor reliance |
+| 2 — Multi-Maintainer | ≥3 independent vendors in Safe | At least 3 production systems operated by different organizations depend on Commons schemas for live interoperation or verification |
 | 3 — Standards Committee | Public RFC review + voting | Global ecosystem dependence |
 | 4 — Neutral Standards Body | Community-elected | Entrenched industry standard |
 
@@ -185,5 +185,5 @@ ONLY if:
 False claims REQUIRE public enforcement action.
 
 _Last updated: v1.0.0 retained as the historical pinned release; v1.1.0 documented as the current canonical in-repo line_  
-Signed: **`commandlayer.eth`**  
+Maintained by the founding steward `commandlayer.eth` until the phase triggers above require broader control.  
 *Founding Steward — CommandLayer Semantic Standards*

ONBOARDING.md

@@ -56,7 +56,7 @@ It answers:
 | `SCHEMAS.md`                      | Schema family and layout rules                                       |
 | `GOVERNANCE.md`                   | Change authority + approvals                                         |
 | `SECURITY*.md`                    | Disclosure + provenance                                              |
-| `RESOLUTION.md`                   | Change log (signed provenance)                                       |
+| `RESOLUTION.md`                   | Change log and provenance narrative                                   |
 
 Authoritative docs:
 
@@ -65,6 +65,7 @@ Authoritative docs:
 - `GOVERNANCE.md` — approval of normative changes
 - `SECURITY*.md` — provenance + integrity guarantees
 - `RESOLUTION.md` — canonical lifecycle log
+- `CONTRIBUTING.md` — contributor workflow and fixture discipline
 
 If a change is not reflected here → **not canonical.**
 
@@ -81,12 +82,11 @@ Canonical definitions → `SPEC.md`.
 ```
 npm install
 npm run validate
-npm run validate:examples
 ```
 5. Update `RESOLUTION.md`, provenance
 6. Submit PR with version class (MAJOR/MINOR/PATCH)
 
-Once approved → tagged + pinned.
+Once approved, maintainers may still need to complete external release steps such as creating the v1.1.0 tag and publishing any future CID-backed release metadata.
 
 ## 5. What “Good” Looks Like