Spec 0.3.0-draft: version tiers (0.1/0.2/0.3), 0.2 hardening, spec-leads-code gate

[koishore]

What & why

Document the protocol in versioned tiers (0.1 / 0.2 / 0.3) so the specification leads the reference implementation rather than trailing it, and lock that ordering in with a conformance gate.

• §2.1 Protocol versions matrix + the rule reference __protocol_version__ ≤ spec version.
• 0.2 (now reference-backed): §7 approvals bound to intent_hash and single-use (full resolution algorithm + status lifecycle); §5/§8 approved-action receipts carry their parking rule so rate_limit counts them, and an unevaluable rate_limit denies; §8.1 a malformed/partial receipt is a verification failure, not a crash.
• 0.3 (draft — not yet in reference): §4.2 query-string-bound fingerprint (closes the confused-deputy gap where the query is excluded); §9 token retagged.
• ctk/vectors/resolve.json — authoritative §7 vectors (fingerprint guard, intent guard, single-use replay).
• conformance.py + CI job — replays every CTK vector against the installed reference and asserts the spec leads it.
• CHANGELOG.md; CONTRIBUTING (spec-leads, fork-and-PR, AI policy); PR template.

Pairs with delego PR (exposes __protocol_version__ = 0.2.0 and implements the 0.2 behaviour).

CI note: the conformance job installs the reference from delego@main; it goes green once the paired delego PR merges (until then main is the 0.1 reference and the resolve vectors fail — that is the drift detection working as intended).

AI assistance disclosure (required)

• AI-generated, human-reviewed. Authored with Claude Code (Opus 4.8); the human author has reviewed every line and is accountable for it.

Kind of change

• Normative change (approval binding, audit-chain verification, fingerprint roadmap).

Checklist

• Branch PR (off main).
• python validate.py is green.
• python conformance.py is green against the paired reference.

For a normative change (additionally)

• Added CTK vectors (resolve.json) regenerated from the reference.
• Updated the §2.1 version matrix and tagged new clauses (since 0.2) / (0.3, draft).
• Spec leads the reference; __protocol_version__ (0.2.0) ≤ spec (0.3.0-draft).
• No receipt-field/canonicalization change in 0.2 (the §4.2 query-string change is 0.3, draft); CHANGELOG.md updated.

[koishore]

Review — specification #1

Reviewed the full diff; ran validate.py (green) and conformance.py against the paired reference (green locally).

0.2 normative additions

• §7 resolution algorithm (fingerprint → intent → status) and the pending → approved → consumed / denied lifecycle match the reference exactly; resolve.json vectors cover all seven branches including single-use replay.
• §5 rule-attribution + fail-closed rate_limit, §8.1 malformed-receipt-is-a-failure: all reproduced by the reference.
• §2.1 version matrix + the __protocol_version__ ≤ spec rule are clear and enforceable.

0.3 frontier (draft, not in reference) — §4.2 query-string-bound fingerprint and §9 token are correctly fenced as draft; they don't claim reference backing.

Conformance gate — conformance.py replays hashing/decisions/resolve/chain and asserts reference ≤ spec. The CI conformance job currently fails as designed because it installs delego@main (still 0.1); it will go green once the paired delego PR merges and the job re-runs.

Genericization — example + all CTK vectors regenerated from the reference (fresh chain signing key); validate.py green; example policy byte-identical to the reference's.

Verdict: looks good — merge after delego#1 lands, then re-run the conformance job so it's green before merging.