[cfi-dkgv10-r1] Add agience-flare-dkg-integration

[Muffinman75]

Agience FLARE × DKG v10 Integration Registry Entry

Integration: agience-flare-dkg-integration
Bounty tag: cfi-dkgv10-r1
DKG version tested: v10.0.1
Package version: 0.4.4
Pinned commit SHA: 08a00810092dc5fd2d5b32b289ee139d72fc9d13
License: MIT

What this integration does

Governance layer above DKG v10 — commit-gated Agience artifacts, policy-controlled projection, FLARE confidentiality, and typed agience: RDF Knowledge Assets. It speaks the v10.0.1 local daemon HTTP API (/api/knowledge-assets) and MCP Streamable HTTP.

Demo

• https://youtu.be/g3OtdM0DKtE

Interfaces

• Primary: local DKG v10 daemon HTTP API v10.0.1 (/api/knowledge-assets, /wm/write, /swm/share, /vm/publish), with one-time fallback to legacy /api/assertion/* routes.
• Secondary: DKG v10 MCP Streamable HTTP (POST /mcp) — dkg-create and dkg-sparql-query tools.

Package

• PyPI: agience-flare-dkg-integration==0.4.4
• npm: agience-flare-dkg-integration@0.4.4

Checklist

• Version bumped to 0.4.4
• share command replaces promote with backward-compatible alias
• rc.17 references cleaned up and replaced with v10.0.1
• README testnet/risk warning added
• FLARE boundary clarified
• Pinned commit SHA updated to 08a0081
• Demo video linked
• CI passes
• PyPI and npm packages published

[Muffinman75]

Small update: bumped the pinned commit from 09bf331 → 9f4a095. The package on PyPI (0.3.0) is unchanged - the new commit only adds a screenshot-backed subsection to DESIGN_BRIEF.md (§3 "Typed-artifact substrate") that visualises the card-creation surface and clarifies why the integration positions as platform-level rather than as a single-tool ingestion plugin. Docs-only diff, no code touched, security posture unchanged.

[Muffinman75]

Update: switched install.kind from "manual" to "cli" and bumped to 0.3.1.

The integration is now dual-published with build provenance:

• PyPI: https://pypi.org/project/agience-flare-dkg-integration/0.3.1/ (pypa/gh-action-pypi-publish, attestations: true)
• npm: https://www.npmjs.com/package/agience-flare-dkg-integration/v/0.3.1 (npm publish --provenance, SLSA v1, sigstore log entry)

The npm package is a thin (3.8 kB, 5 files, 0 runtime deps) Node wrapper around the Python CLI on PyPI. All integration logic stays in the Python package; the wrapper exists so dkg integration install resolves the CLI shape natively. No preinstall/install/postinstall scripts in either package.

Pinned commit a278898 is the exact tagged build commit (v0.3.1). Local re-run of scripts/validate.mjs and scripts/security-checks.mjs against this PR is fully green: 0 errors, 0 warnings, "provenance attestation present on agience-flare-dkg-integration@0.3.1".

Also added a "Positioning relative to other Round-1 integrations" subsection to DESIGN_BRIEF.md (§3), framing the integration as a governance substrate above the well-scoped single-tool ingestion plugins the bounty doc invites — complementary to, not competing with, them.

[Muffinman75]

Update: bumped to 0.4.0 — daemon transport is now the default; MCP Streamable HTTP remains supported.

Since the original PR was opened, OriginTrail published the official v10 daemon (@origintrail-official/dkg). Most reviewers will reach for dkg init && dkg start first, so this release makes that the canonical path: agience-dkg wm-write … now talks straight to the local daemon's HTTP API (default http://127.0.0.1:9201), with the bearer token auto-read from ~/.dkg/auth.token. Zero further config for the standard install.

WM writes are fully local — no TRAC staking and no public testnet RPC needed for Round 1 evidence. --transport mcp (and DKG_TRANSPORT=mcp) continues to work unchanged against MCP-fronted nodes for reviewers who want to exercise that surface.

Other changes in 0.4.0:

• Unit test suite expanded from 60 → 75. Governance-flow tests are now transport-agnostic (patch both DkgHttpClient and DkgDaemonClient).
• .env.example ships with daemon-first defaults and an inline WSL2 loopback note; AgienceClient prints an actionable hint on connection-refused when running inside WSL2 against a Windows-hosted Agience backend.
• DESIGN_BRIEF.md, README.md, docs/security-notes.md, and the registry entry document both transport surfaces and their write authority. §4 (target users / credible first user) has been strengthened with the SaaS deployment and white-label partner signal.
• Total test footprint across the three repos is now 75 + 5 + 6 + 101 = 187.

PyPI + npm 0.4.0 publishing through the same provenance-attested workflows as 0.3.1.

Pinned commit 6e3a7676fa4ef76bccf9ae47e6b3974a71c036f8 is the exact tagged build commit (v0.4.0). A refreshed daemon-flow demo recording is landing in the repo before Tuesday; this comment will be edited with the YouTube link once it's up.

No security-posture changes vs 0.3.1. The daemon transport's networkEgress entry is already declared in docs/security-notes.md.