KB-6539
TKT Base Packet Template
5 min read Revision 1
<!-- DOC_STATUS: ACTIVE_NON_AUTHORITY -->
5.
TKT Base — Packet Template (shape specification)
Authority: NON_AUTHORITY / NOT_PROMOTED · Date: 2026-06-11
This document specifies the shape a conforming TKT Base packet takes. The
runnable skeleton lives in packet_template/. The shape generalizes the canonical
v0.2 review-packet layout.
1. Required files (every packet)
| File | Role | Level it serves |
|---|---|---|
README_FOR_REVIEWER.md |
human entry: going-in status, NON_AUTHORITY declaration, scope, what-it-PROVES table (each claim → a gate), what-it-does-NOT-prove, provenance table, reproduce steps, blockers | all |
commands.sh |
the gate runner: runs G0..Gn, writes exit_codes.json, prints OVERALL_RESULT: PASS|FAIL |
L1 |
RERUN.sh |
reconstruct-and-reverify harness (fresh dir, re-hash, re-gate) | L1 |
exit_codes.json |
machine-readable gate verdicts; byte-stable anchor | L1 |
HASH_MANIFEST.txt |
one sha256␠␠relpath per packet file — per-file integrity |
L0 |
packet_tree.sha256 |
sha256(HASH_MANIFEST.txt) — single tree pin |
L0 |
manifest.json |
structured manifest: {packet, authority, files:[{path,sha256,role,by_reference}], levels_targeted} |
L0/L3 |
2. Optional / conditional files
| File / dir | When required |
|---|---|
<checker>.py + <checker>_selftest |
whenever the packet makes a content-binding or value claim (L2) |
<probes>.py |
whenever L2 is targeted — the adversarial suite |
real-sut/<frozen>.py (by-reference, byte-identical, sha-pinned) |
when a System-Under-Test is exercised |
<oracle>.json (provenance = DEV_FIXTURE_STATIC or stronger) |
when a committed expected-value oracle is used |
RAW_EVIDENCE_ESCROW.sha256 + pointers |
when raw run-evidence exists (no-vector policy applies) |
reports/ checkpoints/ |
governance docs (may live outside the packet root) |
3. Invariants every packet must hold
- Self-contained + byte-pinned. Any byte change to any governed file breaks
packet_tree.sha256. - Manifest is three-way honest. Forward (each listed file present + hash),
backward (no unlisted governed file), tree (
sha256(manifest)==pin). - By-reference, not forked. A copied module is byte-identical to its governed
source and declared
by_reference=trueinmanifest.json; it is not a divergent fork. - Exit codes only. A packet emits exit codes and logs. It emits no seal token, writes no registry/Directus/PG row, gates nothing in production.
- NON_AUTHORITY self-description. README and
manifest.jsondeclareauthority: NON_AUTHORITY / NOT_PROMOTED,may_gate=false,decision_effect=NONE. - Raw evidence is not embedded in the vector KB. Raw logs stay out of
knowledge/…; the packet carries{hash, pointer, regeneration_command}only.
4. The exit-code family (recommended convention)
Generalized from the v0.2 verifier taxonomy. A packet checker SHOULD use:
| Exit | Meaning |
|---|---|
| 0 | PASS — clean input, all bindings hold |
| 2 | absent / nonexistent input (corpus dir, file) |
| 3 | malformed input OR authority-claim rejection (something tried to claim a seal / promotion / gate authority) |
| 5 | content-binding failure (tamper, stale hash, missing evidence, byte≠hash) |
| 6 | strict-autonomous-seal requested with no content oracle → REFUSED |
| 7 | byte-exact determinism mismatch (a class declared byte-exact drifted) |
| 8 | secret-looking token in evidence → quarantine |
| 9 | invented no-vector root (designation attempted by a non owner/operator) |
A packet MAY extend this with higher codes for its own classes, but MUST keep
0 == PASS and MUST keep every authority-claim and tamper path nonzero.
5. manifest.json schema (example)
{
"packet": "<packet-name>",
"authority": "NON_AUTHORITY / NOT_PROMOTED",
"may_gate": false,
"decision_effect": "NONE",
"levels_targeted": ["L0", "L1", "L2", "L3"],
"files": [
{"path": "README_FOR_REVIEWER.md", "sha256": "<64hex>", "role": "readme", "by_reference": false},
{"path": "commands.sh", "sha256": "<64hex>", "role": "gate-runner", "by_reference": false},
{"path": "real-sut/frozen.py", "sha256": "<64hex>", "role": "sut", "by_reference": true}
],
"raw_evidence": [
{"class": "run-stdout", "pointer": {"target": "<root>/runs/<id>/stdout.log",
"hash": "sha256:<64hex>", "size": 0, "produced_by": "bash commands.sh"},
"storage_location": "local_workbench", "determinism": "functional",
"nvsz_root": {"designated": false, "designated_by": null}}
]
}
See packet_template/manifest.json.example for a filled-in skeleton.