Finalize user-engine contracts and operability

2026-05-22 21:45:30 +02:00
parent b81a9e05da
commit ce2d620f4e
12 changed files with 392 additions and 15 deletions
--- a/docs/release.md
+++ b/docs/release.md
@@ -0,0 +1,37 @@
+# Release And Compatibility
+
+## Version
+
+The current implementation is `0.1.0`: a headless MVP with standard-library
+runtime behavior, local adapters, and conformance-style tests. Until `1.0.0`,
+schema and service contracts may evolve, but changes should include migration
+notes and scenario test updates.
+
+## Packaging
+
+The package uses a `src/` layout with setuptools metadata in `pyproject.toml`.
+Build artifacts should be created from clean commits after `make test`,
+`make test-scenarios`, `make test-integration`, and `make test-conformance`
+pass.
+
+## Security And SBOM
+
+The current runtime has no third-party dependencies. Release automation should
+still generate an SBOM for the Python package and run static/security scans
+before publishing or deploying a platform adapter.
+
+## Migration Policy
+
+Persistence adapters must expose a schema version, readiness check, and
+forward migration hook. Catalog updates must not move versions backwards or
+downgrade sensitivity.
+
+## Compatibility Guarantees
+
+- Identity, authorization, secret, deployment, and UI ownership remain outside
+  user-engine.
+- Application runtime projections require explicit application ids.
+- Tenant-scoped operations require explicit tenant context once exposed over a
+  transport adapter.
+- Outbox and audit correlation ids are part of the public integration
+  contract.