chore(rsr): compliance sweep — STATE, contractiles, CHANGELOG, Justfile

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

.machine_readable/6a2/STATE.a2ml

@@ -12,28 +12,29 @@
     (name "a2mliser")
     (description "Cryptographic attestation engine for markup and configuration files via A2ML envelopes")
     (status "scaffold-documented")
-    (priority "mid-tier -iser — foundational for supply chain security")
-    (ecosystem "-iser family (https://github.com/hyperpolymath/iseriser)"))
+    (priority "—")
+    (ecosystem "-iser family (https://github.com/hyperpolymath/iseriser)")
+    (domain "Cryptographic attestation for markup files"))
 
   (current-position
-    (phase "phase-0-complete")
+    (phase "scaffold-documented")
     (completion-percentage 10)
-    (milestone "Architecture documented, CLI scaffolded, ABI/FFI definitions written with attestation-specific types"))
+    (milestone "Architecture defined, CLI scaffolded, RSR template complete — implementation pending"))
 
   (route-to-mvp
-    (step 1 "Implement BLAKE3 and SHA-256 hashing in Zig FFI (crypto primitives)")
-    (step 2 "Implement Ed25519 signing/verification in Zig FFI")
-    (step 3 "Wire Rust codegen to call Zig FFI via generated C headers")
-    (step 4 "Produce .a2ml sidecar attestation envelopes for TOML files")
-    (step 5 "Implement envelope verification (recompute digest, verify signature)")
-    (step 6 "Add provenance chain support (parent references, chain walking)")
-    (step 7 "YAML and JSON format handlers")
-    (step 8 "Idris2 formal proofs for signature correctness and chain validity"))
+    (step 1 "Phase 0 — scaffold and documentation [COMPLETE]")
+    (step 2 "Phase 1 — CLI skeleton and manifest parser")
+    (step 3 "Phase 2 — A2ML envelope parsing and generation")
+    (step 4 "Phase 3 — cryptographic attestation (Ed25519)")
+    (step 5 "Phase 4 — Idris2 ABI proofs for envelope integrity")
+    (step 6 "Phase 5 — Zig FFI bridge for crypto operations")
+    (step 7 "Phase 6 — integration tests and examples")
+    (step 8 "Phase 7 — first release (v0.1.0)"))
 
   (blockers-and-issues
-    (none "Project is in scaffold phase with documentation complete — no blockers"))
+    (none "Scaffold only — implementation not yet started"))
 
   (critical-next-actions
-    (action "Implement BLAKE3 hashing in Zig FFI src/interface/ffi/src/main.zig")
-    (action "Implement Ed25519 signing in Zig FFI")
-    (action "Wire a2mliser generate command to produce real .a2ml envelopes")))
+    (action "Begin Phase 1 — implement CLI skeleton and manifest parser")
+    (action "Define A2ML envelope format for attestation")
+    (action "Evaluate Ed25519 crate options for Rust implementation")))

.machine_readable/contractiles/intend/Intendfile.a2ml

@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Intendfile — Design intent declarations for a2mliser
+# Author: Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
+
+@abstract:
+What a2mliser INTENDS to become. These are bespoke design goals
+specific to the Cryptographic attestation for markup files domain.
+@end
+
+## Domain-Specific Intent
+
+### supply-chain-attestation\n- description: Enable SLSA-style supply chain attestation for config files\n- target: In-toto compatible attestation bundles\n- status: aspiration\n\n### a2ml-spec-conformance\n- description: Full A2ML specification compliance (IANA submission)\n- target: Reference implementation status\n- status: aspiration
+
+## Cross-Cutting Intent
+
+### iser-ecosystem-compatibility
+- description: Must interoperate with other -iser projects via shared ABI
+- target: Idris2 ABI + Zig FFI standard interface
+- status: in-progress
+
+### proven-integration
+- description: All formal proofs should be verifiable by the proven framework
+- target: Integration with hyperpolymath/proven
+- status: aspiration

.machine_readable/contractiles/must/Mustfile.a2ml

@@ -67,3 +67,7 @@ These are hard requirements — CI fails if any check fails.
 - description: No Admitted in Coq code
 - run: "! grep -r 'Admitted' --include='*.v' . 2>/dev/null | grep -v node_modules | head -1 | grep -q ."
 - severity: critical
+
+## Domain-Specific Constraints (a2mliser)
+
+### attestation-integrity\n- description: Cryptographic attestations must be verifiable end-to-end\n- target: Ed25519 or similar, no custom crypto\n- severity: critical\n\n### envelope-roundtrip\n- description: A2ML envelopes must preserve original content exactly\n- target: Byte-identical roundtrip (wrap then unwrap)\n- severity: critical\n\n### no-key-material-in-output\n- description: Private keys must never appear in generated attestations\n- target: Only public key references in output\n- severity: critical

CHANGELOG.adoc

@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: PMPL-1.0-or-later
+// Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath)
+= Changelog: a2mliser
+:toc:
+
+All notable changes to a2mliser will be documented in this file.
+
+This format is based on https://keepachangelog.com/en/1.1.0/[Keep a Changelog],
+and this project adheres to https://semver.org/spec/v2.0.0.html[Semantic Versioning].
+
+== [0.1.0] - 2026-03-21
+
+=== Phase 1 — RSR Compliance Sweep
+
+=== Added
+* RSR compliance sweep — STATE.a2ml, contractiles, Justfile updated
+* Documentation complete, implementation pending
+* Bespoke contractile constraints for A2ML attestation domain
+
+== [0.0.1] - 2026-03-20
+
+=== Added
+* Initial project scaffold from rsr-template-repo
+* CLI with subcommands (init, validate, generate, build, run, info)
+* Manifest parser (`a2mliser.toml`)
+* Codegen engine (stubs — target-language-specific implementation pending)
+* ABI module (Idris2 proof type definitions)
+* Library API for programmatic use
+* Full RSR template (17 CI workflows, governance docs, bot directives)
+* README.adoc with architecture overview and value proposition