Contributing
OSAP v0.1 is an experimental draft. Critical review, implementation feedback, test cases, and documentation improvements are welcome.
For non-trivial work, open or find an issue before preparing a focused pull request. Normative specification changes always begin with an issue and use the repository's [spec] process. Report exploitable vulnerabilities through the security process rather than a public issue.
The repository policy defines the issue taxonomy, pull-request workflow, normative-language conventions, schema requirements, code style, commit format, wording policy, and code of conduct:
Run the checks relevant to the change:
npm run validate:examples
npm test
npm run build
npm run lintFor website documentation:
npm run docs:buildKeep protocol language precise: a verifier checks evidence, a trust bundle interprets an issuer for a scope and time, and the user chooses which trust bundle to apply.