nold-ai
diff --git a/‎openspec/CHANGE_ORDER.md‎
Lines changed: 9 additions & 0 deletions b/‎openspec/CHANGE_ORDER.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎openspec/changes/marketplace-03-publisher-identity/design.md‎
Lines changed: 193 additions & 0 deletions b/‎openspec/changes/marketplace-03-publisher-identity/design.md‎
Lines changed: 193 additions & 0 deletions
diff --git a/‎openspec/changes/marketplace-03-publisher-identity/proposal.md‎
Lines changed: 65 additions & 0 deletions b/‎openspec/changes/marketplace-03-publisher-identity/proposal.md‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎openspec/changes/marketplace-03-publisher-identity/specs/module-security/spec.md‎
Lines changed: 47 additions & 0 deletions b/‎openspec/changes/marketplace-03-publisher-identity/specs/module-security/spec.md‎
Lines changed: 47 additions & 0 deletions
@@ -74,6 +74,9 @@ These are derived extensions of the same 2026-02-15 plan and are required to ope
 |--------|-------|---------------|----------|------------|
 | marketplace | 01 | ✅ marketplace-01-central-module-registry (implemented 2026-02-22; archived) | [#214](https://github.com/nold-ai/specfact-cli/issues/214) | #208 |
 | marketplace | 02 | marketplace-02-advanced-marketplace-features | [#215](https://github.com/nold-ai/specfact-cli/issues/215) | #214 |
+| marketplace | 03 | marketplace-03-publisher-identity | [#327](https://github.com/nold-ai/specfact-cli/issues/327) | #215 (marketplace-02) |
+| marketplace | 04 | marketplace-04-revocation | [#328](https://github.com/nold-ai/specfact-cli/issues/328) | marketplace-03 |
+| marketplace | 05 | marketplace-05-registry-federation | [#329](https://github.com/nold-ai/specfact-cli/issues/329) | marketplace-03 |
 
 ### Module migration (UX grouping and extraction)
 
@@ -219,6 +222,9 @@ Set these in GitHub so issue dependencies are explicit. Optional dependencies ar
 | [#213](https://github.com/nold-ai/specfact-cli/issues/213) | arch-07 schema extensions | arch-04 ✅ (already implemented) |
 | [#214](https://github.com/nold-ai/specfact-cli/issues/214) | marketplace-01 registry | #208 |
 | [#215](https://github.com/nold-ai/specfact-cli/issues/215) | marketplace-02 advanced features | #214 |
+| [#327](https://github.com/nold-ai/specfact-cli/issues/327) | marketplace-03 publisher identity | #215 |
+| [#328](https://github.com/nold-ai/specfact-cli/issues/328) | marketplace-04 revocation | marketplace-03 (#327) |
+| [#329](https://github.com/nold-ai/specfact-cli/issues/329) | marketplace-05 registry federation | marketplace-03 (#327) |
 | [#173](https://github.com/nold-ai/specfact-cli/issues/173) | backlog-core-02 interactive create | #116 |
 | [#220](https://github.com/nold-ai/specfact-cli/issues/220) | backlog-scrum-01 standup | #116 |
 | [#170](https://github.com/nold-ai/specfact-cli/issues/170) | backlog-scrum-02 sprint planning | #116 |
@@ -319,6 +325,9 @@ Dependencies flow left-to-right; a wave may start once all its hard blockers are
   - backlog-safe-02 (needs backlog-safe-01; integrates with scrum/kanban via bridge registry)
   - module-migration-01-categorize-and-group (needs marketplace-02; adds category metadata + group commands)
   - module-migration-02-bundle-extraction (needs module-migration-01; moves module source to bundle packages, publishes to marketplace registry)
+  - marketplace-03-publisher-identity (needs marketplace-02; can run parallel with module-migration-01/02/03)
+  - marketplace-04-revocation (needs marketplace-03; must land before external publisher onboarding)
+  - marketplace-05-registry-federation (needs marketplace-03)
 
 - **Wave 4 — Ceremony layer + module slimming** (needs Wave 3):
   - ceremony-cockpit-01 ✅ (probes installed backlog-* modules at runtime; no hard deps but best after Wave 3)
 
@@ -0,0 +1,193 @@
+# Design: Publisher Identity and Module Trust Chain
+
+## Context
+
+marketplace-01 established Ed25519 publisher signing infrastructure. marketplace-02 adds multi-registry support and a trust level per registry. What is missing is a publisher identity layer: who is a publisher, what tier are they, and how does the CLI verify their identity at install time without a live accounts database.
+
+**Current State:**
+
+- `crypto_validator.py`: `validate_module()` has an `official` tier branch; publisher = `nold-ai` (string comparison)
+- No structured publisher record; no publisher key lookup from a signed index
+- No `community` or `verified` tier handling
+- `custom_registries.py`: registry trust level exists (from marketplace-02) but not linked to publisher tier
+
+**Constraints:**
+
+- NOLD AI root key must be bundled at build time (offline-first; no runtime CA lookup)
+- Trust index fetch must cache gracefully (7-day TTL fallback for CDN failures)
+- Backward compatible: existing `official` tier install path must not be touched
+- `specfact-cli-modules/` repo is separate — CLI reads from its deployed trust index URL, not from local files
+- Must not introduce a server-side accounts database in Phase 1
+
+## Goals / Non-Goals
+
+**Goals:**
+
+- Structured publisher identity with three tiers (official, verified, community)
+- CLI verifies publisher attestation + registry endorsement at install time
+- Trust tier displayed in search/info output
+- Trust override flags with audit logging (offline-safe)
+
+**Non-Goals:**
+
+- Publisher self-registration UI (specfact.io-backend-phase1 — separate change, separate repo)
+- Registry federation / external registry certificates (marketplace-05)
+- Revocation infrastructure (marketplace-04)
+- Paid module gating (marketplace-06, requires legal entity)
+
+## Architecture
+
+### Trust Layer (`src/specfact_cli/trust/`)
+
+Three modules with clear separation of concerns:
+
+```text
+trust/
+  key_store.py          — NOLD AI root public key (Ed25519), bundled at build time
+  publisher_registry.py — fetch + cache publishers/index.json; verify NOLD AI signature
+  resolver.py           — tier resolution order; install gate logic; audit logging
+```
+
+`resolver.py` calls `crypto_validator.py` for low-level Ed25519 operations — does NOT duplicate crypto.
+
+### Trust Resolution Sequence
+
+```text
+specfact module install @mycompany/specfact-jira-sync
+  │
+  ├─ trust/publisher_registry.py: fetch publishers/index.json (cache 7d)
+  ├─ key_store.py: verify NOLD AI signature over publishers/index.json
+  ├─ Resolve publisher_id from module's module-package.yaml publisher block
+  ├─ Fetch publisher record from index (publisher_id → tier + public_key)
+  ├─ crypto_validator.py: verify publisher Ed25519 signature on bundle
+  ├─ trust/resolver.py: resolve effective tier (publisher tier ∩ registry tier)
+  │
+  ├─ official  → install without prompt
+  ├─ verified  → install without prompt
+  ├─ community → prompt unless --trust-community (log to audit)
+  └─ unregistered → block unless --trust-unregistered (log to audit)
+```
+
+### crypto_validator.py Extension Strategy
+
+The existing `official` branch is preserved unchanged. New branches added alongside:
+
+```python
+# BEFORE (migration-02): single official check
+if publisher == "nold-ai":
+    validate_official(bundle, signature)
+
+# AFTER (marketplace-03): tier dispatch, official path unchanged
+match tier:
+    case "official":
+        validate_official(bundle, signature)      # unchanged
+    case "verified":
+        validate_verified(bundle, publisher_record, signature)   # new
+    case "community":
+        validate_community(bundle, publisher_record, signature)  # new
+    case _:
+        raise UnregisteredPublisherError(publisher)
+```
+
+### Publisher Record Format
+
+`module-package.yaml` structured `publisher:` block (marketplace-03 format):
+
+```yaml
+publisher:
+  publisher_id: pub_abc123
+  handle: mycompany
+  tier: verified
+  public_key_fingerprint: sha256:abcdef...
+  publisher_signature: "<Ed25519 sig over name+version+sha256>"
+```
+
+CLI accepts both the legacy `publisher: nold-ai` string (migration-02) and the structured block during the transition window. Format detected at parse time.
+
+### Registry Endorsement Countersignature
+
+`registry/index.json` entry gains a `registry_signature` field (NOLD AI countersig over `name+version+publisher_id+checksum_sha256`). This is **distinct** from the publisher's `signature_ed25519`. Both coexist:
+
+```json
+{
+  "name": "specfact-jira-sync",
+  "version": "1.0.0",
+  "publisher_id": "pub_abc123",
+  "tier": "verified",
+  "checksum_sha256": "abcdef...",
+  "signature_ed25519": "<publisher sig — from migration-02>",
+  "registry_signature": "<NOLD AI countersig — new in marketplace-03>"
+}
+```
+
+`scripts/publish-module.py` adds the countersig step after existing publisher signing.
+
+## Decisions
+
+### Decision 1: Trust Index Caching Strategy
+
+**Options:**
+
+- A: Always fetch from CDN, fail hard if unavailable
+- B: Cache with TTL, serve stale with warning
+- C: Cache only, no online refresh
+
+Choice: B (7-day TTL cache, serve stale with staleness warning)
+
+**Rationale:**
+
+- Offline-first constraint: CLI must work without internet during runs
+- 7-day staleness acceptable for publisher index (revocation handled by marketplace-04)
+- Warning informs user when cache is stale without blocking install
+
+### Decision 2: Root Key Bundling
+
+**Options:**
+
+- A: Fetch root key from well-known URL at runtime
+- B: Bundle root key in CLI package at build time
+- C: Store in user config (~/.specfact/)
+
+Choice: B (bundled at build time)
+
+**Rationale:**
+
+- Offline-first: no network required for key verification
+- Tamper-evident: key changes require a CLI release (auditable)
+- Acceptable key rotation cadence: quarterly, requires CLI update
+
+### Decision 3: Audit Log Location
+
+**Choice**: `~/.specfact/module-audit.log` — append-only, human-readable, line-per-install
+
+Captures: timestamp, module, tier, action (installed/blocked/prompted/accepted), flag used.
+
+## Sequence Diagrams
+
+### Install with Publisher Attestation
+
+```text
+User                CLI                  trust/           crypto_validator   CDN
+ │                   │                    │                    │              │
+ │ install @org/mod  │                    │                    │              │
+ │──────────────────>│                    │                    │              │
+ │                   │ fetch publishers/  │                    │              │
+ │                   │─────────────────> │                    │              │
+ │                   │                   │ GET /trust/publishers/index.json  │
+ │                   │                   │──────────────────────────────────>│
+ │                   │                   │<──────────────────────────────────│
+ │                   │                   │ verify NOLD AI sig                │
+ │                   │                   │────────────────────>              │
+ │                   │                   │<────────────────────              │
+ │                   │ resolve publisher │                    │              │
+ │                   │<────────────────- │                    │              │
+ │                   │ verify bundle sig │                    │              │
+ │                   │────────────────────────────────────────>              │
+ │                   │<────────────────────────────────────────              │
+ │                   │ resolve tier      │                    │              │
+ │                   │─────────────────> │                    │              │
+ │                   │ tier=verified     │                    │              │
+ │                   │<─────────────────│                    │              │
+ │ install proceeds  │                   │                    │              │
+ │<──────────────────│                   │                    │              │
+```
@@ -0,0 +1,65 @@
+# Change: Publisher Identity and Module Trust Chain
+
+## Why
+
+marketplace-02 provides multi-registry support and dependency resolution, but modules carry no publisher attestation beyond a simple `publisher: nold-ai` string (introduced by module-migration-02). To enable a verified third-party module ecosystem, the CLI needs a CA-style publisher identity system: NOLD AI vouches for publisher identity and module integrity, but not for module content or behaviour. Publishers host their own artifacts; NOLD AI hosts only the trust index.
+
+Without publisher attestation and registry endorsement countersignatures, the CLI cannot distinguish between official, verified-community, and unregistered modules — making safe third-party module installation impossible.
+
+## What Changes
+
+- **NEW**: `src/specfact_cli/trust/` — trust orchestration layer with three modules:
+  - `resolver.py` — trust tier resolution order (`official > verified > community > unregistered`)
+  - `publisher_registry.py` — fetch, cache, and verify `publishers/index.json` from trust index
+  - `key_store.py` — NOLD AI root public key bundle (Ed25519) embedded at CLI build time
+- **MODIFY**: `src/specfact_cli/registry/crypto_validator.py` — extend `validate_module()` to add `verified` and `community` tier branches alongside the existing `official` branch from module-migration-02; add publisher record lookup from trust layer; do NOT replace the `official` path
+- **MODIFY**: `src/specfact_cli/modules/module_registry/src/` — trust verification at install time (call trust layer before download); trust tier display in `specfact module search` and `specfact module info` output; `--trust-community` and `--trust-unregistered` flags with audit logging to `~/.specfact/module-audit.log`
+- **MODIFY**: `scripts/publish-module.py` — add NOLD AI registry endorsement countersignature step after existing publisher signing step
+- **NEW**: `scripts/sign-publishers.py` — signs `publishers/index.json` with NOLD AI root key (run by CI on merge to specfact-cli-modules)
+- **NEW**: `docs/guides/publisher-trust.md` — user-facing guide on trust tiers, verification, install flags
+- **MODIFY**: `docs/reference/module-commands.md` — document trust tier output, new flags
+- **MODIFY**: `docs/_layouts/default.html` — add publisher-trust guide to sidebar navigation
+
+**Backward compatibility**: Fully additive. The existing `official` tier path in `crypto_validator.py` is preserved unchanged. The transition from `publisher: nold-ai` (string, migration-02) to the structured `publisher:` block is handled by a format-detection branch in the parser — the CLI accepts both during a transition window.
+
+**Rollback plan**: Revert trust/ module import, restore pre-marketplace-03 `crypto_validator.py` — all existing install flows remain unchanged.
+
+## Capabilities
+
+### New Capabilities
+
+- `publisher-identity`: `publishers/index.json` schema definition, JSON Schema validation, structured publisher records (publisher_id, handle, tier, github_org, domain, public_key)
+- `module-trust-chain`: structured `publisher:` block in `module-package.yaml` (Level 2 publisher attestation); `registry_signature` NOLD AI countersig in `registry/index.json` entries (Level 3 registry endorsement); NOLD AI root key bundle in CLI build
+- `trust-resolution`: tier resolution order enforcement (`official > verified > community > unregistered`) at install time; `--trust-community` / `--trust-unregistered` flags; audit logging; tier badges in search/info output
+
+### Modified Capabilities
+
+- `module-security`: extend `validate_module()` in `crypto_validator.py` to add `verified` and `community` tier branches (spec delta only — extends existing capability from marketplace-01/migration-02)
+
+## Impact
+
+- **Affected code**:
+  - `src/specfact_cli/trust/` (new: resolver.py, publisher_registry.py, key_store.py)
+  - `src/specfact_cli/registry/crypto_validator.py` (modify: extend tier branches)
+  - `src/specfact_cli/modules/module_registry/src/` (modify: trust verification + display)
+  - `scripts/publish-module.py` (modify: add registry endorsement countersig step)
+  - `scripts/sign-publishers.py` (new: CI signing script)
+- **Affected specs**: New specs for `publisher-identity`, `module-trust-chain`, `trust-resolution`; delta spec for `module-security`
+- **Affected documentation**:
+  - `docs/guides/publisher-trust.md` (new)
+  - `docs/reference/module-commands.md` (update: flags, trust display)
+  - `docs/_layouts/default.html` (navigation update)
+- **External dependencies**: None beyond existing `cryptography` library (already in requirements via arch-06)
+- **Integration points**: Trust layer integrates with `crypto_validator.py` (signature checks), `module_installer.py` (pre-install gate), `custom_registries.py` (registry trust level)
+- **Backward compatibility**: Fully additive; official tier path unchanged; dual-format publisher string handled
+- **Hard blocker**: marketplace-02 (#215) must land first (provides `custom_registries.py` trust level infrastructure that `trust/resolver.py` extends)
+
+---
+
+## Source Tracking
+
+<!-- source_repo: nold-ai/specfact-cli -->
+- **GitHub Issue**: #327
+- **Issue URL**: <https://github.com/nold-ai/specfact-cli/issues/327>
+- **Repository**: nold-ai/specfact-cli
+- **Last Synced Status**: proposed
@@ -0,0 +1,47 @@
+# module-security Specification Delta
+
+## Purpose
+
+Delta spec extending the existing `module-security` capability (established by marketplace-01 and arch-06) to support `verified` and `community` tier branches in `validate_module()`. The `official` path defined in module-migration-02 is preserved and unchanged.
+
+## MODIFIED Requirements
+
+### Requirement: validate_module() dispatches by publisher tier
+
+`validate_module()` in `crypto_validator.py` SHALL dispatch validation logic based on publisher tier, adding `verified` and `community` branches without replacing the existing `official` branch.
+
+#### Scenario: Official module validation (existing — unchanged)
+
+- **GIVEN** a module with `publisher: nold-ai` (legacy string) or `tier: official`
+- **WHEN** `validate_module()` is called
+- **THEN** SHALL execute the existing official validation path unchanged
+- **AND** SHALL NOT call publisher registry lookup
+
+#### Scenario: Verified module validation (new)
+
+- **GIVEN** a module with `tier: verified` and a structured `publisher:` block
+- **WHEN** `validate_module()` is called
+- **THEN** SHALL call `trust/publisher_registry.resolve_publisher(publisher_id, index)` to fetch publisher record
+- **AND** SHALL verify `publisher_signature` against the resolved public key
+- **AND** SHALL verify `registry_signature` (NOLD AI countersig) against the bundled root key
+- **AND** SHALL raise `PublisherSignatureMismatchError` if either check fails
+
+#### Scenario: Community module validation (new)
+
+- **GIVEN** a module with `tier: community` and a structured `publisher:` block
+- **WHEN** `validate_module()` is called
+- **THEN** SHALL call `trust/publisher_registry.resolve_publisher(publisher_id, index)`
+- **AND** SHALL verify `publisher_signature` (publisher key from index)
+- **AND** `registry_signature` check is optional for `community` tier (countersig may not be present)
+- **AND** SHALL raise `PublisherSignatureMismatchError` if publisher signature fails
+
+#### Scenario: Unknown tier
+
+- **GIVEN** a module with an unrecognised `tier` value
+- **WHEN** `validate_module()` is called
+- **THEN** SHALL raise `UnknownTierError(tier)` with a clear message
+
+## Contract Requirements
+
+- `validate_module(module: ModuleManifest, tier: str, publisher_index: PublisherIndex | None) -> ValidationResult` — `@require` tier in `{"official", "verified", "community"}`; `@ensure` result.valid is bool; `@beartype`
+- Existing contract on `official` path MUST remain satisfied — no regressions allowed