// Trust model
Shipped vs generated artifacts
The release ships tools, docs, templates, and static baselines. Runtime artifacts are generated inside the consumer repository.
// boundary
What ships
The release package ships reusable tooling, agent integration templates, docs, schemas, validator scripts, Inspector source, and static baseline files.
It should not ship local runtime artifacts from another repository, private reports, cache folders, or generated state from release QA.
- Tools and validators
- Quick-Start.md and documentation
- Agent integration templates
- Inspector source and static baseline assets
- Provider manifests for free/core memory adapters
Release packager
Defines what enters the release archive.
// runtime
What is generated after import
Routing bundles, trust reports, freshness records, repair queues, PR summaries, search indexes, metrics, and local Inspector snapshots are generated from the target repository after install.
That distinction keeps the public package clean while still letting each repository build its own evidence-backed state.
// technical notes