Skip to content

[OPEN] CTS administration model — central vs. client-side #7

Description

@Faux16

Context

From concept-and-spec.md:

[OPEN] — Whether the CTS itself is centrally administered (ZAK-run) or runs entirely on the vendor side (with reports verifiable by anyone). Default: client-side runner, anyone can verify reports — no central authority.

The current agp-cts binary is fully client-side: anyone clones the repo, builds the binary, runs the embedded test vectors, and produces a self-contained conformance report. The report is signed with the implementer's own key. No central server.

This is the right default for a vendor-neutral protocol, but it leaves open questions:

  • How do third parties trust a self-signed conformance report?
  • Is there an "official" CTS version, and if so, who tags it?
  • Can vendors selectively run a subset of tests and still claim conformance?

Goal

Author an RFC (decisions/00NN-cts-administration.md) that:

  1. Affirms the client-side default (or flips it — make the case either way).
  2. Defines what a "conformant" report looks like: which test vectors are mandatory vs. optional, how the report's coverage is asserted.
  3. Specifies how reports are referenced from actor.conformance_report (depends on actor schema issue).
  4. Decides whether the openagp/cts repo cuts versioned releases (e.g., agp-cts 0.1) and whether reports must reference the version they were generated against.

Comment period

Substantive — 2-week public comment period per GOVERNANCE.md.

Pointers

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:needs-triageNewly opened, not yet assessed by a maintainertype:rfcSpec change requiring an RFC and comment period (per GOVERNANCE.md)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions