Record CORPIFORM package publication evidence

evidence/package-surface/corpiform-0.1.3/PACKAGE_IDENTITY.txt

@@ -0,0 +1,5 @@
+PACKAGE_NAME=@verifrax/corpiform
+VERSION=0.1.3
+DIST_TAG=latest
+REPOSITORY=github.com/Verifrax/CORPIFORM
+REPOSITORY_HEAD=289b977

evidence/package-surface/corpiform-0.1.3/access-status.txt

@@ -0,0 +1 @@
+@verifrax/corpiform: public

evidence/package-surface/corpiform-0.1.3/dist-tags.txt

@@ -0,0 +1 @@
+latest: 0.1.3

evidence/package-surface/corpiform-0.1.3/install-help.txt

@@ -0,0 +1,23 @@
+CORPIFORM — deterministic execution-control substrate
+
+Usage:
+  corpiform help
+  corpiform doctor
+  corpiform inspect
+  corpiform freeze
+  corpiform kill
+  corpiform rotate-keys
+
+Commands:
+  help         Show this help surface
+  doctor       Run non-invasive integrity checks
+  inspect      Print current system inspection data
+  freeze       Permanently freeze future execution
+  kill         Permanently terminate the system
+  rotate-keys  Record signing-key rotation event
+
+Boundary:
+  This package is a shell-based execution substrate.
+  It is not a JS library API.
+  It does not mint authority.
+  It executes or refuses under explicit authority.

evidence/package-surface/corpiform-0.1.3/npm-packument.json

@@ -0,0 +1 @@
+{"_id":"@verifrax/corpiform","name":"@verifrax/corpiform","dist-tags":{"latest":"0.1.3"},"versions":{"0.1.3":{"name":"@verifrax/corpiform","version":"0.1.3","description":"Deterministic execution-control substrate for authority-gated actions in the Verifrax stack.","license":"Apache-2.0","private":false,"repository":{"type":"git","url":"git+https://github.com/Verifrax/CORPIFORM.git"},"homepage":"https://github.com/Verifrax/CORPIFORM#readme","bugs":{"url":"https://github.com/Verifrax/CORPIFORM/issues"},"keywords":["verifrax","corpiform","authority","execution","deterministic","receipt","denial","shell"],"bin":{"corpiform":"bin/corpiform"},"scripts":{"test":"./bin/corpiform help >/dev/null","smoke":"./bin/corpiform help"},"gitHead":"289b977fef41fee30d1b8dc248be83b3452a9cd1","_id":"@verifrax/corpiform@0.1.3","_nodeVersion":"25.2.1","_npmVersion":"11.6.2","dist":{"integrity":"sha512-EqSAY1zZP6r3N4MXJvDck4lAYrI4IwFrfVm7Jot1cUrdfRMWZzhmZmps06lxAD6o+2qAXGEnDVg1fCz3JxNt+w==","shasum":"d7897bcf17df9c248ed9fc3fa5f098666ebb56d2","tarball":"https://registry.npmjs.org/@verifrax/corpiform/-/corpiform-0.1.3.tgz","fileCount":46,"unpackedSize":58091,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEUCIEJMcCJheRwzFnGL0MLY9OBlipYXuJhCge4MdEiYoKzKAiEAy6udAlVhFiCcUhh4bn+NQdF+hUd6/XyuAMxvKdHIums="}]},"_npmUser":{"name":"kiasat","email":"midia.kiasat@gmail.com"},"directories":{},"maintainers":[{"name":"kiasat","email":"midia.kiasat@gmail.com"},{"name":"verifrax-admin","email":"dev@verifrax.net"},{"name":"verifrax-systems","email":"contact@verifrax.net"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/corpiform_0.1.3_1773948744594_0.2024436580152229"},"_hasShrinkwrap":false}},"time":{"created":"2026-03-19T19:32:24.507Z","0.1.3":"2026-03-19T19:32:24.737Z","modified":"2026-03-19T19:32:24.971Z"},"maintainers":[{"name":"kiasat","email":"midia.kiasat@gmail.com"},{"name":"verifrax-admin","email":"dev@verifrax.net"},{"name":"verifrax-systems","email":"contact@verifrax.net"}],"description":"Deterministic execution-control substrate for authority-gated actions in the Verifrax stack.","homepage":"https://github.com/Verifrax/CORPIFORM#readme","keywords":["verifrax","corpiform","authority","execution","deterministic","receipt","denial","shell"],"repository":{"type":"git","url":"git+https://github.com/Verifrax/CORPIFORM.git"},"bugs":{"url":"https://github.com/Verifrax/CORPIFORM/issues"},"license":"Apache-2.0","readme":"# CORPIFORM\n\n![Version](https://img.shields.io/badge/version-v0.1.3-blue)\n![State](https://img.shields.io/badge/state-NON--FINAL-orange)\n![Release](https://img.shields.io/badge/release-PRE--SEAL-lightgrey)\n![Authority](https://img.shields.io/badge/authority-NOT--SEALED-red)\n![License](https://img.shields.io/badge/license-Apache%202.0-green)\n![Determinism](https://img.shields.io/badge/determinism-required-black)\n![Execution](https://img.shields.io/badge/execution-governed-purple)\n\n---\n\n## CORPIFORM\n\nDeterministic execution-control component for authority-gated institutional actions in the VERIFRAX stack.\n\nCORPIFORM is not an authority issuer and not a verification protocol.\nIt is the execution boundary that decides whether a permitted action may occur, must refuse, or must terminate cleanly under governed conditions.\n\n---\n\n## Current posture\n\n* **Version:** `v0.1.3`\n* **State:** `NON-FINAL`\n* **Release type:** `PRE-SEAL`\n* **Authority:** `NOT SEALED`\n* **Compatibility:** `NONE GUARANTEED`\n* **Repository release boundary:** `.verifrax/tags/v0.1.3.txt`\n\nThis state means:\n\n* the system is structurally complete enough for inspection\n* execution semantics are defined and testable\n* authority activation has not yet occurred\n* no external dependency should assume stability or compatibility\n\n---\n\n## System role\n\nCORPIFORM is the execution layer in a three-part stack:\n\n* **AUCTORISEAL** → authority issuance\n* **CORPIFORM** → execution enforcement\n* **VERIFRAX** → verification and evidence\n\nCORPIFORM exists to convert *valid authority* into *bounded consequence*.\n\n---\n\n## What CORPIFORM is\n\nCORPIFORM is a controlled execution component with explicit surfaces for:\n\n* authority intake and validation\n* execution gating\n* single-execution enforcement (replay resistance)\n* refusal emission\n* receipt emission\n* revocation handling\n* ledger-visible consequence recording\n* body-scoped operational actions\n\nIt enforces that execution occurs only under:\n\n* valid authority\n* valid scope\n* valid time window\n* valid custody\n* non-revoked state\n* non-replayed execution\n\n---\n\n## What CORPIFORM is not\n\nCORPIFORM is not:\n\n* a general-purpose agent\n* an orchestration engine\n* an authority source\n* a verification protocol\n* a policy authoring system\n\nIt does not decide *what should happen*.\nIt decides only *whether something is allowed to happen*.\n\n---\n\n## Canonical repository surfaces\n\n### Governing boundary\n\n* `STATUS.md`\n* `SCOPE.md`\n* `CONTRACT.md`\n* `AUTHORITY.md`\n* `FAILURE.md`\n* `DEATH.md`\n* `GOVERNANCE.md`\n* `SECURITY.md`\n* `VERSION.md`\n\nThese files define invariant constraints and failure semantics.\n\n---\n\n### Execution boundary\n\n* `execution/`\n* `bodies/`\n* `seals/`\n* `revocation/`\n* `receipts/`\n* `denials/`\n* `ledger/`\n\nThese surfaces implement the execution decision and output emission.\n\n---\n\n### Verification and integration boundary\n\n* `interfaces/`\n* `integrations/auctoriseal/`\n* `integrations/verifrax/`\n* `id/TRUSTED_ROOTS/auctoriseal_roots.json`\n\nThese define how CORPIFORM interacts with authority sources and verification systems.\n\n---\n\n### Runtime and adversarial boundary\n\n* `fixtures/`\n* `tests/`\n* `runtime/`\n* `tools/`\n* `observability/`\n\nThese surfaces expose execution behavior under normal and adversarial conditions.\n\n---\n\n### Evidence boundary\n\n* `evidence/README.md`\n* `.verifrax/tags/v0.1.3.txt`\n\nThese surfaces define what is publicly recorded and inspectable.\n\n---\n\n## Execution model\n\nCORPIFORM separates execution into explicit **bodies**:\n\n* `deploy`\n* `mail`\n* `payment`\n* `publish`\n\nExecution occurs only if all conditions pass:\n\n1. authority is present and valid\n2. scope matches requested action\n3. time window is valid\n4. custody is valid\n5. revocation state allows execution\n6. execution has not already occurred (execute-once)\n\nIf any condition fails:\n\n→ execution MUST NOT occur\n→ a denial artifact MUST be emitted\n\n---\n\n## Deterministic refusal semantics\n\nCORPIFORM enforces explicit refusal instead of silent failure.\n\nRefusal conditions include:\n\n* missing authority\n* invalid authority\n* expired authority\n* revoked authority\n* scope mismatch\n* replay attempt\n* ambiguity in execution request\n\nEach refusal produces:\n\n* a structured denial artifact\n* a signed record (when configured)\n* a ledger-visible outcome\n\n---\n\n## Outputs\n\nCORPIFORM produces two canonical result classes:\n\n### Receipts\n\n* emitted when execution is permitted\n* bind:\n\n  * `command_id`\n  * `authority_seal_id`\n  * execution context\n  * timestamp\n  * outcome\n\n### Denials\n\n* emitted when execution is refused\n* bind:\n\n  * refusal reason\n  * evaluated authority state\n  * execution context\n\nBoth outputs are designed to be:\n\n* deterministic\n* canonicalizable\n* hashable\n* signable\n* externally verifiable\n\n---\n\n## Authority dependency\n\nCORPIFORM depends on externally grounded authority.\n\nTrust roots are defined in:\n\n* `id/TRUSTED_ROOTS/auctoriseal_roots.json`\n\nAuthority lifecycle is controlled by AUCTORISEAL.\n\nCORPIFORM does not mint authority and cannot override it.\n\n---\n\n## Replay resistance\n\nCORPIFORM enforces execute-once semantics:\n\n* each `command_id` may be executed at most once\n* subsequent attempts MUST be refused\n* prior execution MUST be detectable via receipt\n\nThis property is critical for:\n\n* financial actions\n* publication integrity\n* irreversible operations\n\n---\n\n## Evidence and release boundary\n\nCanonical evidence root:\n\n* `evidence/README.md`\n\nRelease declaration:\n\n* `.verifrax/tags/v0.1.3.txt`\n\nThis boundary records:\n\n* repository state\n* release timestamp\n* non-final posture\n\nIt does not:\n\n* activate authority\n* guarantee execution\n* imply production readiness\n\n---\n\n## Security\n\nSecurity issues must not be disclosed publicly.\n\nFollow:\n\n* `SECURITY.md`\n\n---\n\n## License\n\nApache License 2.0\n\nSee `LICENSE`.\n\n---\n\n## Design constraint\n\nCORPIFORM must always satisfy:\n\n> No authority → no execution\n\nand\n\n> No ambiguity → no execution\n\nThis constraint dominates all implementation details.\n","readmeFilename":"README.md","_rev":"1-f7643d511f9dfd1f04715cabc54fbd43"}

evidence/package-surface/corpiform-0.1.3/npm-view.json

@@ -0,0 +1,4 @@
+{
+  "version": "0.1.3",
+  "dist-tags.latest": "0.1.3"
+}