diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 402b3dc..d490a60 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -42,6 +42,12 @@ git push --force-with-lease Commits that do not include a valid `Signed-off-by` trailer will be rejected by CI. +## Trademark + +"IntentProof" and "Verified by IntentProof" are trademarks of +IntentProof, Inc. Apache 2.0 grants a copyright license; it does not grant a +trademark license. See [`TRADEMARK.md`](TRADEMARK.md). + ## License By contributing as a maintainer, you agree your commits are licensed diff --git a/README.md b/README.md index 2245f81..814c8c1 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,70 @@ # intentproof-sdk-python +[![CI](https://github.com/IntentProof/intentproof-sdk-python/actions/workflows/ci.yml/badge.svg)](https://github.com/IntentProof/intentproof-sdk-python/actions/workflows/ci.yml) + Python SDK for emitting signed IntentProof execution events. +## Who uses this + +Python application authors who need the same wrap/exporter/outbox contract as +the Node and Go SDKs for signed execution events. + ## Status Early scaffolding repo for IntentProof's Python SDK. Tracks the Node SDK's wrap()/exporter/outbox contract so a Python application can emit and verify the same signed execution events. -## Development +## Install + +```bash +pip install intentproof +``` + +For development in this repository: ```bash pip install -e ".[dev]" +``` + +## Verify + +Cross-language signing fixtures in CI match +[`intentproof-spec`](https://github.com/IntentProof/intentproof-spec) golden +vectors. Run `pytest` locally before publishing. + +## Test + +```bash pytest +bash ./scripts/check-coverage.sh 95 ``` CI enforces at least 95% line coverage on `src/intentproof/` (see `pyproject.toml` and `scripts/check-coverage.sh`). +## Release + +PyPI packages are published from maintainer release workflows in +[`intentproof-tools`](https://github.com/IntentProof/intentproof-tools) using +Sigstore-attested artifacts. See +[`docs/release-signing.md`](https://github.com/IntentProof/intentproof-tools/blob/main/docs/release-signing.md). + +## Documentation hub + +Per-repo README files plus +[`intentproof-infra`](https://github.com/IntentProof/intentproof-infra) for +self-host install and image verification. Docs site deferred — see +[`docs-hub-decision.md`](https://github.com/IntentProof/intentproof-infra/blob/main/docs/docs-hub-decision.md). + +## Support + +Report bugs, API gaps, and conformance findings via +[GitHub Issues](https://github.com/IntentProof/intentproof-sdk-python/issues). +See [`CONTRIBUTING.md`](CONTRIBUTING.md). Security reports: +[`SECURITY.md`](SECURITY.md). + ## License -Apache License 2.0 (`LICENSE`). +Apache License 2.0 — see [`LICENSE`](LICENSE), [`NOTICE`](NOTICE), and +[`TRADEMARK.md`](TRADEMARK.md). diff --git a/TRADEMARK.md b/TRADEMARK.md new file mode 100644 index 0000000..0833611 --- /dev/null +++ b/TRADEMARK.md @@ -0,0 +1,31 @@ +# IntentProof Trademark Policy + +**IntentProof** and **Verified by IntentProof** are trademarks of +IntentProof, Inc. + +The Apache License 2.0 grants a copyright license for the code in this +repository. It does **not** grant a trademark license. + +## Permitted use + +You may use the name **IntentProof** in plain text to describe +compatibility with or use of this open-source software, provided you do +not imply endorsement, sponsorship, or certification by IntentProof, Inc. + +## Not permitted without written permission + +- Using IntentProof trademarks in your product, company, or project name. +- Displaying the **Verified by IntentProof** certification mark or any + IntentProof logo except as authorized in a written agreement. +- Suggesting that IntentProof, Inc. certifies or warrantees your deployment + solely because you use this software. + +## Certification mark + +Operational use of the **Verified by IntentProof** certification mark is +governed by a separate certification policy before certificate issuance +ships. Contact `security@intentproof.io` for questions. + +## Questions + +Trademark or certification-mark questions: `security@intentproof.io`.