diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 825c9e0..2d2074d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -42,6 +42,12 @@ git push --force-with-lease Commits that do not include a valid `Signed-off-by` trailer will be rejected by CI. +## Trademark + +"IntentProof" and "Verified by IntentProof" are trademarks of +IntentProof, Inc. Apache 2.0 grants a copyright license; it does not grant a +trademark license. See [`TRADEMARK.md`](TRADEMARK.md). + ## License By contributing as a maintainer, you agree your commits are licensed diff --git a/README.md b/README.md index 6821b57..6220345 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,15 @@ # intentproof-sdk-node +[![CI](https://github.com/IntentProof/intentproof-sdk-node/actions/workflows/ci.yml/badge.svg)](https://github.com/IntentProof/intentproof-sdk-node/actions/workflows/ci.yml) + Node.js SDK for emitting signed `ExecutionEvent` records to IntentProof. +## Who uses this + +Node.js application authors who instrument business logic with +`wrap(intent, action, fn)` and export signed execution events to local or +hosted ingest. + ## Scope - `wrap(intent, action, fn)` instrumentation helper @@ -10,6 +18,55 @@ Node.js SDK for emitting signed `ExecutionEvent` records to IntentProof. - Local outbox support - HTTP export to ingest when `INTENTPROOF_INGEST_URL` is set +## Install + +```bash +npm install @intentproof/sdk +``` + +For development in this repository: + +```bash +npm install +npm run build +``` + +## Verify + +Cross-language signing fixtures in CI match +[`intentproof-spec`](https://github.com/IntentProof/intentproof-spec) golden +vectors. Run `npm test` locally before publishing. + +## Test + +```bash +npm test +npm run build +``` + +CI enforces lint, typecheck, and conformance coverage. + +## Release + +npm packages are published from maintainer release workflows in +[`intentproof-tools`](https://github.com/IntentProof/intentproof-tools) using +Sigstore-attested artifacts. See +[`docs/release-signing.md`](https://github.com/IntentProof/intentproof-tools/blob/main/docs/release-signing.md). + +## Documentation hub + +Per-repo README files plus +[`intentproof-infra`](https://github.com/IntentProof/intentproof-infra) for +self-host install and image verification. Docs site deferred — see +[`docs-hub-decision.md`](https://github.com/IntentProof/intentproof-infra/blob/main/docs/docs-hub-decision.md). + +## Support + +Report bugs, API gaps, and conformance findings via +[GitHub Issues](https://github.com/IntentProof/intentproof-sdk-node/issues). +See [`CONTRIBUTING.md`](CONTRIBUTING.md). Security reports: +[`SECURITY.md`](SECURITY.md). + ## Quick start 1. Install deps: `npm install` @@ -49,4 +106,5 @@ verify without extra key-registration steps. ## License -Apache License 2.0 (`LICENSE`). +Apache License 2.0 — see [`LICENSE`](LICENSE), [`NOTICE`](NOTICE), and +[`TRADEMARK.md`](TRADEMARK.md). diff --git a/TRADEMARK.md b/TRADEMARK.md new file mode 100644 index 0000000..0833611 --- /dev/null +++ b/TRADEMARK.md @@ -0,0 +1,31 @@ +# IntentProof Trademark Policy + +**IntentProof** and **Verified by IntentProof** are trademarks of +IntentProof, Inc. + +The Apache License 2.0 grants a copyright license for the code in this +repository. It does **not** grant a trademark license. + +## Permitted use + +You may use the name **IntentProof** in plain text to describe +compatibility with or use of this open-source software, provided you do +not imply endorsement, sponsorship, or certification by IntentProof, Inc. + +## Not permitted without written permission + +- Using IntentProof trademarks in your product, company, or project name. +- Displaying the **Verified by IntentProof** certification mark or any + IntentProof logo except as authorized in a written agreement. +- Suggesting that IntentProof, Inc. certifies or warrantees your deployment + solely because you use this software. + +## Certification mark + +Operational use of the **Verified by IntentProof** certification mark is +governed by a separate certification policy before certificate issuance +ships. Contact `security@intentproof.io` for questions. + +## Questions + +Trademark or certification-mark questions: `security@intentproof.io`.