Waveframe Labs
Dependency specification for governed execution.
Waveframe components interoperate through explicit authority, contract, proposal, decision, registry, audit, and receipt boundaries. This page defines the current public compatibility surface for the website and README architecture.
Current Compatibility Set
Compatibility profile: waveframe-execution-governance-2026-05
| Layer | Component | Current public surface | Consumes | Produces |
|---|---|---|---|---|
| Governance | Governance-Ledger | Compatiblepip install governance-ledger |
Source governance, reviews, policy inputs | Publication evidence, lineage, registry-ready contracts |
| Compilation | CRI-CORE Contract Compiler | Compatible>=0.3.0 |
Governance policy JSON with contract identity | Compiled authority contract with hash |
| Proposal | Proposal Normalizer | Compatible>=0.1.0 |
Actor, mutation, artifacts, contract reference | Canonical proposal envelope |
| Kernel | CRI-CORE | Compatible0.13.x |
Canonical proposal and compiled contract | commit_allowed, reason, decision trace |
| Runtime | Waveframe Guard | Compatible0.5.x |
Function call, actor, contract artifact or authority ref | Governed execution result and audit event |
| Authority / Audit | Waveframe Cloud | Private surfacev1 API semantics |
Registry requests, contract requests, audit events | Registry, immutable contracts, audit receipts |
Required Interface Contracts
Authority References
- Runtime authority refs must be explicit and versioned.
- Use forms such as
finance-policy@1.0.0. - Unversioned contract ids are not compatibility-safe for replay, audit, or cache integrity.
Contract Identity
- Contracts require
contract_id,contract_version, andcontract_hash. contract_versionmust use semantic versioning.- Downstream components must not recompute or overwrite contract hashes.
Proposal Shape
- CRI-CORE evaluates canonical proposal envelopes only.
- Actor, mutation, artifacts, and contract reference are required.
- Missing required proposal fields are hard errors, not warnings.
Cloud API Semantics
- Registry and contract retrieval use
v1API semantics. - Cloud distributes authority and stores durable evidence.
- Cloud does not decide admissibility or normalize governance.
Recommended Install Set
For local development and runtime enforcement:
pip install waveframe-guard cricore cricore-contract-compiler cricore-proposal-normalizer
For governance publication workflows:
pip install governance-ledger
Compatibility Rules
- Compiler output is the source of compiled contract identity.
- Proposal Normalizer preserves caller-supplied contract truth.
- CRI-CORE blocks contract identity mismatches.
- Waveframe Guard enforces the decision before production execution.
- Waveframe Cloud stores authority and audit evidence; it is not the admissibility engine.
