Add project-level contract policy support and related documentation

Introduce a new contract policy feature allowing project-level contract pinning and deprecation controls. Update README.md to include usage examples and details on the contract policy schema. Enhance CI workflows to verify contract policy examples and add new configuration files for contract policies. Update analysis and report schemas to incorporate contract policy decisions, ensuring better handling of deprecated contracts. Adjust documentation to reflect these changes and improve clarity on contract management processes.

Author: a-a-k

.github/workflows/schema-contract.yml

@@ -36,3 +36,6 @@ jobs:
 
       - name: Verify compatibility manifest
         run: sh scripts/ci/check-compatibility-manifest.sh
+
+      - name: Verify contract policy fixtures
+        run: sh scripts/ci/check-contract-policy-example.sh

README.md

@@ -32,6 +32,12 @@ sheaft run --model <artifact.json> --analysis configs/analysis.example.yaml --ou
 sheaft serve --config configs/sheaft.example.yaml
 ```
 
+Project-level contract pinning can be added on top:
+
+```bash
+sheaft run --model <artifact.json> --analysis configs/analysis.example.yaml --contract-policy configs/contract-policy.example.yaml --out-dir out
+```
+
 ## Supported Upstream Contracts
 
 Sheaft validates artifacts against an explicit whitelist.
@@ -43,6 +49,7 @@ Pinned URIs, digests, and release-line support are tracked in [docs/compatibilit
 The machine-readable compatibility contract is [compatibility-manifest.json](compatibility-manifest.json).
 
 Unknown contracts are rejected with an error that lists the supported contracts. There is no silent fallback for unsupported upstream schemas.
+Project-level narrowing and deprecation behavior can be layered on top with `--contract-policy` or inline `contract_policy` config.
 
 ## Quickstart
 
@@ -150,6 +157,7 @@ docs                       architecture, methodology, migration, and config docs
 - [Architecture](docs/architecture.md)
 - [Methodology](docs/methodology.md)
 - [Configuration and Schemas](docs/configuration.md)
+- [Contract Policy Schema](api/schema/contract-policy.schema.json)
 - [Consumer Semantics v1](docs/consumer-semantics-v1.md)
 - [CI Gate](docs/ci-gate.md)
 - [Compatibility Matrix](docs/compatibility-matrix.md)
@@ -169,6 +177,8 @@ docs                       architecture, methodology, migration, and config docs
 - Rich report sample: [examples/outputs/posture-generated/report.json](examples/outputs/posture-generated/report.json)
 - Rich summary sample: [examples/outputs/posture-generated/summary.md](examples/outputs/posture-generated/summary.md)
 - Predicate overlay: [configs/predicate-contract.example.yaml](configs/predicate-contract.example.yaml)
+- Contract policy: [configs/contract-policy.example.yaml](configs/contract-policy.example.yaml)
+- Deprecated contract policy example: [configs/contract-policy.deprecated.example.yaml](configs/contract-policy.deprecated.example.yaml)
 - GitHub Actions CI template: [examples/ci/github-actions.sheaft.yml](examples/ci/github-actions.sheaft.yml)
 - GitLab CI template: [examples/ci/gitlab-ci.sheaft.yml](examples/ci/gitlab-ci.sheaft.yml)
 - Jenkins CI template: [examples/ci/Jenkinsfile](examples/ci/Jenkinsfile)

api/schema/analysis.schema.json

@@ -61,6 +61,9 @@
         }
       }
     },
+    "contract_policy": {
+      "$ref": "contract-policy.schema.json"
+    },
     "profiles": {
       "type": "array",
       "minItems": 1,

api/schema/contract-policy.schema.json

@@ -0,0 +1,83 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://github.com/MB3R-Lab/Sheaft/api/schema/contract-policy.schema.json",
+  "title": "SheaftContractPolicy",
+  "type": "object",
+  "properties": {
+    "allowed_kinds": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "uniqueItems": true
+    },
+    "allowed_contracts": {
+      "type": "array",
+      "items": {
+        "$ref": "#/$defs/selector"
+      }
+    },
+    "deprecated_action": {
+      "type": "string",
+      "enum": ["warn", "fail"]
+    },
+    "deprecated_contracts": {
+      "type": "array",
+      "items": {
+        "$ref": "#/$defs/deprecatedSelector"
+      }
+    }
+  },
+  "$defs": {
+    "selector": {
+      "type": "object",
+      "required": ["name"],
+      "properties": {
+        "kind": {
+          "type": "string"
+        },
+        "name": {
+          "type": "string"
+        },
+        "versions": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "minItems": 1,
+          "uniqueItems": true
+        }
+      },
+      "additionalProperties": false
+    },
+    "deprecatedSelector": {
+      "type": "object",
+      "required": ["name"],
+      "properties": {
+        "kind": {
+          "type": "string"
+        },
+        "name": {
+          "type": "string"
+        },
+        "versions": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "minItems": 1,
+          "uniqueItems": true
+        },
+        "action": {
+          "type": "string",
+          "enum": ["warn", "fail"]
+        },
+        "message": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false
+    }
+  },
+  "additionalProperties": false
+}

api/schema/report.schema.json

@@ -150,6 +150,33 @@
     "input_artifact": {
       "type": "object"
     },
+    "contract_policy": {
+      "type": "object",
+      "required": [
+        "status",
+        "action"
+      ],
+      "properties": {
+        "status": {
+          "type": "string",
+          "enum": [
+            "current",
+            "deprecated"
+          ]
+        },
+        "action": {
+          "type": "string",
+          "enum": [
+            "allow",
+            "warn",
+            "fail"
+          ]
+        },
+        "message": {
+          "type": "string"
+        }
+      }
+    },
     "provenance": {
       "type": "object"
     },

configs/contract-policy.deprecated.example.yaml

@@ -0,0 +1,21 @@
+allowed_kinds:
+  - model
+  - snapshot
+
+allowed_contracts:
+  - kind: model
+    name: io.mb3r.bering.model
+    versions:
+      - "1.0.0"
+  - kind: snapshot
+    name: io.mb3r.bering.snapshot
+    versions:
+      - "1.0.0"
+
+deprecated_action: warn
+deprecated_contracts:
+  - kind: snapshot
+    name: io.mb3r.bering.snapshot
+    versions:
+      - "1.0.0"
+    message: snapshot 1.0.0 remains supported, but this example project policy warns until the next approved release line is adopted

configs/contract-policy.example.yaml

@@ -0,0 +1,13 @@
+allowed_kinds:
+  - model
+  - snapshot
+
+allowed_contracts:
+  - kind: model
+    name: io.mb3r.bering.model
+    versions:
+      - "1.0.0"
+  - kind: snapshot
+    name: io.mb3r.bering.snapshot
+    versions:
+      - "1.0.0"

docs/ci-gate.md

@@ -82,7 +82,7 @@ This repository validates the CI handoff contract in three layers:
 
 - `sh scripts/ci/check-ci-handoff-templates.sh` verifies that the example templates and docs keep the agreed handoff paths, retention windows, artifact publishing steps, and smoke workflow references.
 - `sh scripts/ci/smoke-ci-handoff.sh native` runs the same handoff layout locally via `go run ./cmd/sheaft`.
-- `sh scripts/ci/smoke-ci-handoff.sh docker` exercises the Docker execution path used by the example templates.
+- `sh scripts/ci/smoke-ci-handoff.sh docker` exercises the Docker execution path used by the example templates, including local runs from Windows Git Bash.
 
 The GitHub Actions workflow at `.github/workflows/ci-template-smoke.yml` runs both smoke modes on every pull request and on pushes to `main`.
 

docs/compatibility.md

@@ -38,6 +38,44 @@ Recommended checks:
 3. reject mismatches before promotion, or let Sheaft reject them at execution time;
 4. treat the manifest as compatibility data, not as schema ownership.
 
+## Project-Level Contract Policy
+
+Global runtime support and project-level acceptance are separate.
+
+- Global support is the explicit registry in `internal/modelcontract/contract.go`.
+- Project-level acceptance is narrower and can be configured with `contract_policy`.
+
+The project policy supports:
+
+- `allowed_kinds`
+- `allowed_contracts`
+- `deprecated_action`
+- `deprecated_contracts`
+
+Usage examples:
+
+```bash
+sheaft run \
+  --model examples/outputs/snapshot.sample.json \
+  --analysis configs/analysis.example.yaml \
+  --contract-policy configs/contract-policy.example.yaml \
+  --out-dir out
+```
+
+```yaml
+contract_policy:
+  allowed_kinds: [model, snapshot]
+  allowed_contracts:
+    - kind: snapshot
+      name: io.mb3r.bering.snapshot
+      versions: ["1.0.0"]
+```
+
+When a contract is still supported globally but deprecated for a given project, Sheaft can either:
+
+- continue and mark the report with `contract_policy.status=deprecated` plus `action=warn`
+- fail before simulation with a contract policy error when `deprecated_action=fail`
+
 ## Current Scope
 
 - Bering owns upstream schema publication and evolution.

docs/configuration.md

@@ -22,6 +22,7 @@ Key sections:
 - `endpoint_weights`
 - `baselines`
 - `predicate_contract`
+- `contract_policy`
 - `gate`
 
 ## Serve Config
@@ -40,6 +41,16 @@ For legacy models that only expose `success_predicate_ref`, supply:
 
 The overlay can also carry endpoint weights.
 
+## Contract Policy
+
+Use project-level contract pinning and deprecation controls when a deployment wants to accept only a subset of the globally supported Bering contracts:
+
+- [configs/contract-policy.example.yaml](../configs/contract-policy.example.yaml)
+- [configs/contract-policy.deprecated.example.yaml](../configs/contract-policy.deprecated.example.yaml)
+- [api/schema/contract-policy.schema.json](../api/schema/contract-policy.schema.json)
+
+The same structure can be embedded inline under `analysis.contract_policy`, or passed separately at runtime with `--contract-policy`.
+
 ## Artifact Schemas
 
 - Plain model schema: [api/schema/model.schema.json](../api/schema/model.schema.json)
@@ -50,9 +61,10 @@ Report output now carries both:
 
 - `provenance`: artifact/overlay origin for predicates and weights
 - `parameters`: resolved simulation inputs plus source attribution (`default`, `policy`, `override`, `external`) and calibration fallback markers
+- `contract_policy`: whether the accepted contract is current or deprecated for this project, plus the effective action (`allow`, `warn`, `fail`)
 
 ## Migration Rule of Thumb
 
 - keep `--policy` when one profile and simple thresholds are enough
-- move to `--analysis` when you need profiles, weights, baselines, or overlays
+- move to `--analysis` when you need profiles, weights, baselines, overlays, or contract pinning
 - use `serve` when posture must stay current as new artifacts arrive