RFC-0002: CLI Resource Model and Command Architecture

Version: 0.8.0 | Status: normative | Phase: test

1. Summary

[RFC-0002:C-SUMMARY] Summary (Informative)

This RFC defines the resource-first command architecture for the govctl CLI. It establishes normative requirements for command structure, resource types, verb semantics, and project-level verification commands to ensure consistency and discoverability.

The design follows established patterns from Docker, kubectl, and other modern CLIs where commands are grouped by resource type (noun-first) rather than operation type (verb-first).

Scope: This RFC specifies the structural contract (which commands exist, how they’re organized, what resources they operate on). Implementation details (flag syntax, help text formatting, terminal colors) are left to ADRs.

Rationale: A stable command structure enables:

1. Predictable UX across all resource types
2. Agent/script automation via consistent patterns
3. Scoped help and command discovery
4. Future extensibility without namespace pollution

Tags: cli

Since: v0.1.0

2. Specification

[RFC-0002:C-RESOURCE-MODEL] Resource-First Command Structure (Normative)

The govctl CLI MUST use a resource-first command structure of the form:

govctl <resource> <verb> [arguments] [flags]

Where:

• <resource> is a governance artifact type (rfc, adr, work, clause, release, guard)
• <verb> is an operation on that resource (new, list, get, edit, delete, or resource-specific lifecycle operations)
• [arguments] are positional parameters (typically IDs, titles, or values)
• [flags] are optional modifiers (–filter, –output, –stdin, etc.)

Rationale:

The resource-first structure (noun-first) provides several advantages over verb-first (operation-first):

1. Scoped Discovery: govctl rfc --help shows only RFC operations, not all 30+ global commands
2. Namespace Clarity: govctl rfc finalize is unambiguous; govctl finalize requires knowing it only applies to RFCs
3. Mental Model Alignment: Users think “I want to work with RFCs” then “What can I do?”, not “I want to finalize something, what can be finalized?”
4. Extensibility: Adding govctl rfc validate doesn’t pollute the global namespace
5. Industry Convention: Docker, kubectl, git, cargo all use resource-scoping or similar patterns

Exceptions:

Commands that operate across all resource types (init, check, status, render) remain at the global level as they don’t belong to a specific resource namespace.

Implementation Note:

For backwards compatibility during migration, verb-first aliases MAY be supported but MUST emit deprecation warnings. Full verb-first syntax MUST be removed in a major version release.

Tags: cli

Since: v0.1.0

[RFC-0002:C-RESOURCES] Resource Types (Normative)

The following resource types MUST be supported as top-level command namespaces:

1. rfc - Request for Comments

Manages RFC specifications (normative documents defining system behavior).

• ID Format: RFC-NNNN (e.g., RFC-0001)
• Lifecycle: draft → normative → deprecated (per RFC-0001:C-RFC-STATUS)
• Phase: spec → impl → test → stable (per RFC-0001:C-RFC-PHASE)

2. adr - Architecture Decision Record

Manages ADRs (records of architectural decisions).

• ID Format: ADR-NNNN (e.g., ADR-0001)
• Lifecycle: proposed → accepted → superseded, or proposed → rejected (per RFC-0001:C-ADR-STATUS)

3. work - Work Item

Manages work items (tasks, features, bugs).

• ID Format: WI-YYYY-MM-DD-NNN (e.g., WI-2026-01-19-001)
• Lifecycle: queue → active → done, with cancellation at any stage (per RFC-0001:C-WORK-STATUS)

4. clause - RFC Clause

Manages individual clauses within RFCs.

• ID Format: RFC-NNNN:C-NAME (e.g., RFC-0001:C-SUMMARY)
• Lifecycle: active → deprecated → superseded (per RFC-0001:C-CLAUSE-STATUS)

Clause Namespace vs Storage:

Clauses remain at the CLI top-level namespace despite being child resources of RFCs because their ID format (RFC-NNNN:C-NAME) is self-scoping and unambiguous.

The CLI namespace is independent of filesystem layout. Implementations MAY store clause files nested under RFC directories (e.g., gov/rfc/RFC-0001/clauses/C-NAME.toml) while maintaining the flat CLI command structure (govctl clause get RFC-0001:C-NAME).

5. guard - Verification Guard

Manages reusable executable completion checks defined by RFC-0000:C-GUARD-DEF.

• ID Format: GUARD-NAME (e.g., GUARD-CARGO-TEST)
• Storage: gov/guard/ as individual TOML files
• No lifecycle (guards are either present or removed)

6. release - Release Version

Manages published versions and their included work item references.

• ID Format: Semantic version (e.g., 1.0.0)
• Storage: gov/releases.toml as defined by RFC-0000:C-RELEASE-DEF
• No lifecycle (immutable once created)

Resource Identification:

Each resource type MUST have a unique, predictable ID format that:

1. Is stable across filesystem operations
2. Can be referenced in other artifacts
3. Clearly identifies the resource type without context
4. Supports lexicographic sorting where meaningful
5. Is case-sensitive (RFC-0001 ≠ rfc-0001)

Date Format:

All date-valued resource metadata fields (such as created, updated, started, completed, and date) MUST use ISO 8601 calendar date format YYYY-MM-DD.

Tags:

RFCs, clauses, ADRs, work items, and guards MAY include an optional tags array in the [govctl] section. Each tag MUST be a string from the project’s controlled vocabulary defined in gov/config.toml under [tags] allowed. Tags MUST match the pattern [a-z][a-z0-9-]* (lowercase kebab-case). Releases do not carry tags. govctl check MUST reject any artifact that references a tag not present in the allowed set.

Future Extensions:

Additional resource types MAY be added via RFC amendment. New resource types MUST follow the same structural patterns defined in RFC-0002:C-CRUD-VERBS.

Tags: cli, schema

Since: v0.1.0

[RFC-0002:C-CRUD-VERBS] Universal CRUD Verbs (Normative)

All resource types MUST support the following CRUD (Create, Read, Update, Delete) verbs where applicable:

1. new - Create Resource

Syntax: govctl <resource> new <arguments>

Creates a new instance of the resource. Required arguments vary by resource type but typically include a title or primary identifier.

MUST support for: rfc, adr, work, clause, release, guard Behavior:

• Generates unique ID if not provided
• Initializes resource with default values
• Creates necessary filesystem structure
• Validates inputs per resource schema

Guard-specific: govctl guard new "<title>" scaffolds a new guard TOML file under gov/guard/. The generated ID is derived from the slugified title with a GUARD- prefix. The command SHOULD print a hint about adding the guard to verification.default_guards in gov/config.toml.

2. list - List Resources

Syntax: govctl <resource> list [filter] [--tag <tag>[,<tag>...]]

Lists all instances of the resource type. Optional filter narrows results.

MUST support for: rfc, adr, work, clause, release, guard Behavior:

• Returns tabular output by default
• Supports filtering (exact match or substring)
• Sorted by ID (lexicographic order)
• MUST respect RFC-0002:C-OUTPUT-FORMAT flags
• With --tag: filters results to artifacts that carry ALL specified tags. MUST support comma-separated tag values. Applies to rfc, clause, adr, work, and guard (releases do not carry tags).

3. get - Read Resource

Syntax: govctl <resource> get <id> [field]

Retrieves a resource by ID. If field is specified, returns only that field value.

MUST support for: rfc, adr, work, clause, guard Behavior:

• Returns full resource if no field specified
• Returns field value if field specified
• MUST respect RFC-0002:C-OUTPUT-FORMAT flags
• MUST error if resource or field does not exist

Field Name Stability:

Field names exposed via get <id> <field> MUST be stable identifiers defined by the resource schema. Field names MAY NOT be renamed without a major version bump of govctl.

4. edit - Update Resource

Syntax: govctl <resource> edit <id> <field> [value]

Updates a single field on a resource. Value can be provided as argument or via stdin.

MUST support for: rfc, adr, work, clause, guard Behavior:

• Simple fields: replace value
• Array fields: special syntax (see ADR-0017 for implementation details)
• MUST validate field names per resource schema
• MUST validate values per field type
• MUST support --stdin flag for multiline content

5. delete - Delete Resource

Syntax: govctl <resource> delete <id>

Removes a resource permanently.

MUST support for: work, clause, guard MUST NOT support for: rfc, adr (use lifecycle verbs instead)

Deletion Safety Constraints:

For guards:

• MUST verify no work items reference the guard ID in verification.required_guards or verification.waivers[*].guard before deletion
• MUST verify the guard is not listed in verification.default_guards in gov/config.toml before deletion
• MUST error with list of referencing artifacts/config if any references exist

For clauses:

• MUST only allow deletion if containing RFC is in draft status
• MUST verify no other artifacts reference the clause ID before deletion
• MUST error with list of referencing artifacts if references exist

For work items:

• MUST only allow deletion if status is queue
• MUST verify no other artifacts reference the work item ID before deletion
• MUST error with list of referencing artifacts if references exist

General Deletion Behavior:

• SHOULD require confirmation unless --force flag provided
• MUST be atomic (either fully succeeds or fully fails)

Rationale: Permanent deletion breaks referential integrity. These constraints ensure deletions are safe and don’t leave dangling references in the governance graph.

Consistency Requirements:

1. All CRUD verbs MUST use the same flag names across resource types
2. Error messages MUST follow the same format across all verbs
3. Exit codes MUST be consistent (0 = success, non-zero = error)
4. Stdin handling MUST work identically across all verbs that accept it

Forbidden Variations:

• MUST NOT use different verb names for the same operation (e.g., “show” vs “get”)
• MUST NOT reorder arguments between resource types (ID always comes before field)
• MUST NOT have resource-specific flags for universal operations. Flags that filter by a cross-resource metadata field (e.g., --tag) are permitted on resources that carry that field and silently ignored or unavailable on resources that do not.

Tags: cli, editing

Since: v0.1.0

[RFC-0002:C-LIFECYCLE-VERBS] Resource-Specific Lifecycle Verbs (Normative)

Resource-specific lifecycle verbs implement state transitions defined in RFC-0001. These verbs MUST be scoped to their resource namespace.

RFC Lifecycle Verbs:

1. govctl rfc finalize <id> <normative|deprecated>

   • Implements RFC-0001:C-RFC-STATUS transitions
   • draft → normative or draft → deprecated

2. govctl rfc advance <id> <spec|impl|test|stable>

   • Implements RFC-0001:C-RFC-PHASE transitions
   • Forward-only phase progression

3. govctl rfc bump <id> <patch|minor|major> -m <message>

   • Version bumping per semantic versioning
   • Updates changelog automatically
   • Optional: --change <description> for additional changelog entries

4. govctl rfc supersede <id> --by <replacement-id>

   • Marks RFC as superseded by another RFC
   • Both RFCs must exist

ADR Lifecycle Verbs:

1. govctl adr accept <id>

   • Implements RFC-0001:C-ADR-STATUS proposed → accepted

2. govctl adr reject <id>

   • Implements RFC-0001:C-ADR-STATUS proposed → rejected

3. govctl adr supersede <id> --by <replacement-id>

   • Implements RFC-0001:C-ADR-STATUS accepted → superseded
   • Both ADRs must exist

Work Lifecycle Verbs:

1. govctl work move <id> <queue|active|done|cancelled>
   • Implements RFC-0001:C-WORK-STATUS transitions
   • Validates gate conditions (e.g., acceptance criteria for done)
   • Updates timestamp fields automatically

Clause Lifecycle Verbs:

1. govctl clause deprecate <id>

   • Implements RFC-0001:C-CLAUSE-STATUS active → deprecated

2. govctl clause supersede <id> --by <replacement-id>

   • Implements RFC-0001:C-CLAUSE-STATUS active/deprecated → superseded
   • Both clauses must exist

Consistency Requirements:

1. All lifecycle verbs MUST validate transitions per RFC-0001
2. All lifecycle verbs MUST update timestamp fields where applicable
3. All lifecycle verbs MUST be atomic (no partial state changes)
4. All lifecycle verbs MUST support global --dry-run flag
5. Invalid transitions MUST error with clear explanation of valid transitions

Rationale:

Lifecycle verbs are resource-specific because:

• RFCs have status AND phase (two dimensions of state)
• ADRs can be rejected (not applicable to RFCs)
• Work items have gate conditions (acceptance criteria)
• Each resource has different valid transitions

Scoping these verbs to resources makes their applicability explicit and prevents confusion.

Tags: cli, lifecycle

Since: v0.1.0

[RFC-0002:C-OUTPUT-FORMAT] Output Format Control (Normative)

All commands that output resource data MUST support the --output (or -o) flag with the following format options:

Required Output Formats:

1. table (default for human use)

   • Formatted tables with headers and aligned columns
   • MAY use colors when terminal supports them
   • MUST be readable in plain text (no control codes in non-TTY)

2. json

   • Valid JSON output
   • Pretty-printed with 2-space indentation
   • MUST be parseable by standard JSON tools

3. yaml

   • Valid YAML output
   • Formatted for readability
   • MUST be parseable by standard YAML tools

4. toml

   • Valid TOML output (native format for governance artifacts)
   • MUST be parseable by standard TOML tools

5. plain

   • Plain text values with no formatting
   • One value per line for lists
   • Single value (no newline) for scalar fields
   • Suitable for shell scripting and piping

Applicability:

Commands MUST support output formats as follows:

• get with no field: table, json, yaml, toml
• get with field: plain (default), json, yaml
• list: table (default), json, yaml

Commands MAY add format-specific flags (e.g., --format-json-compact) but MUST NOT remove or change behavior of standard formats.

Format Selection:

1. Explicit --output <format> takes precedence
2. If not specified:
   • For TTY: default is table
   • For non-TTY: default MUST be json
3. Invalid format names MUST error with list of valid formats

Exceptions:

govctl status is exempt from output format requirements and always produces human-readable tabular output intended for interactive use only.

Consistency Requirements:

1. JSON/YAML/TOML output MUST match the internal schema exactly
2. Table format MAY omit fields for readability but MUST show all critical fields
3. Plain format MUST output stable, parseable text (no decorations)
4. Output format MUST NOT affect command semantics (same data, different representation)

Rationale:

Universal output format control enables:

• Human readability (table)
• Script automation (json/yaml)
• Integration with standard tools (jq, yq)
• Native format inspection (toml for governance artifacts)

This pattern follows kubectl and Docker conventions where -o json works on all read operations.

Tags: cli

Since: v0.1.0

[RFC-0002:C-GLOBAL-COMMANDS] Global Commands (Normative)

The following commands operate across all resources and MUST remain at the global namespace level:

1. govctl init

Initializes a new govctl project in the current directory.

Syntax: govctl init [--force]

Behavior:

• Creates gov/ directory structure
• Generates gov/config.toml
• Creates subdirectories for rfcs, adrs, work items, and verification guards
• Installs bundled JSON Schema files under gov/schema/
• MUST error if already initialized (unless --force)
• MUST NOT install agent skills or agents (see init-skills)
• SHOULD print a hint about govctl init-skills and plugin installation

2. govctl check

Validates all governance artifacts across the project.

Syntax: govctl check [--deny-warnings]

Behavior:

• Validates RFCs, ADRs, clauses, work items, releases, and verification guards
• Implementations MUST define a corresponding machine-readable JSON Schema for each governance artifact type: RFC, clause, ADR, work item, release, and verification guard
• These schemas MUST be JSON files stored under gov/schema/
• For TOML artifacts, MUST validate structure against the corresponding JSON Schema after parsing and normalization
• Checks state machine invariants
• Verifies cross-references
• Validates the semantic correctness of the optional [verification] section in gov/config.toml, including that configured default guard IDs resolve
• Scans source code for references (if enabled in config)
• In repositories that have completed RFC/clause migration, if legacy JSON RFC or clause files are detected, MUST fail with a migration-required diagnostic that points to govctl migrate
• Returns exit code 0 if valid, non-zero if errors
• With --deny-warnings: treats warnings as errors

3. govctl status

Shows summary counts of all artifacts grouped by status.

Syntax: govctl status

Behavior:

• Displays counts by status/phase for each resource type
• Highlights active work items
• Shows pending decisions (proposed ADRs, draft RFCs)
• Uses colors in TTY mode for visual scanning
• No output format flag (always human-readable table)

4. govctl render

Generates markdown documentation from source-of-truth governance artifacts.

Syntax: govctl render [targets...] [--output-dir PATH] [--dry-run]

Behavior:

• In repositories that have completed RFC/clause migration, renders RFCs from TOML to markdown (published)
• Renders ADRs from TOML to markdown (local only)
• Renders work items from TOML to markdown (local only)
• Generates CHANGELOG.md from releases
• Default: renders RFCs only
• With targets: rfc, adr, work, changelog, all
• MUST validate before rendering

5. govctl describe

Outputs machine-readable CLI metadata for agent/tool integration.

Syntax: govctl describe [--context]

Behavior:

• Outputs JSON with command catalog
• Includes workflow information
• With --context: adds current project state and suggested actions
• Enables machine agents and automation to discover capabilities safely

Stability Contract:

The JSON schema of govctl describe output MUST be versioned. The schema version MUST be included in the output. Backward-incompatible changes to the schema require a major version bump of govctl.

This ensures agents and automation tools can rely on stable introspection.

6. govctl completions

Generates shell completion scripts.

Syntax: govctl completions <bash|zsh|fish|powershell>

Behavior:

• Outputs completion script for specified shell
• Can be sourced or installed per shell conventions

7. govctl migrate

Performs versioned repository-local format migration for governance artifacts.

Syntax: govctl migrate [--dry-run]

Behavior:

• Reads the current schema version from gov/config.toml [schema] version
• Runs all pending migration steps from the current version to the latest
• Each step produces a set of file operations (writes and deletes) executed transactionally
• Bumps [schema] version in gov/config.toml after successful migration
• MUST leave the repository unchanged if any step fails
• MUST be safe to run on an already-migrated repository and report a no-op result
• MUST NOT perform heuristic project discovery or broad adoption tasks
• MUST ensure all bundled JSON Schema files exist in gov/schema/, overwriting with the latest version regardless of schema version (per ADR-0035)

8. govctl verify

Executes reusable verification guards.

Syntax:

• govctl verify [GUARD-ID ...]
• govctl verify --work WI-ID

Behavior:

• Loads Verification Guard artifacts from gov/guard/
• Explicit GUARD-ID arguments and --work WI-ID MUST NOT be combined in the same invocation
• With explicit GUARD-ID arguments: runs those guards
• With --work WI-ID: runs the effective required guards for that work item after applying project defaults and work-item waivers
• With no explicit guards and no --work: runs the project-level default guards from gov/config.toml
• Reads project-level verification policy from RFC-0002:C-VERIFY-CONFIG
• Executes each guard command non-interactively from the project root
• Reports pass/fail per selected guard
• Returns non-zero if any selected guard fails, if no guards are selected, or if a requested guard ID is unknown

9. govctl init-skills

Installs agent skills and agents into the project’s agent directory (per ADR-0035).

Syntax: govctl init-skills [--force] [--format <claude|codex>] [--dir PATH]

Behavior:

• --dir overrides the output directory for this invocation. Resolution order: --dir flag > agent_dir from config > format-implied default (.claude for claude, .codex for codex)
• --format selects the output format for agent definitions (default claude):
  • claude: skills as skills/*/SKILL.md, agents as agents/*.md with YAML frontmatter (compatible with Claude Code, Cursor, Windsurf, and similar editors)
  • codex: skills as skills/*/SKILL.md (same format), agents as agents/*.toml with developer_instructions field (compatible with Codex CLI)
• Skips files that already exist unless --force is used
• Reports created/updated/skipped counts
• This command is separate from init because plugin users receive skills globally and do not need local copies

10. govctl tag

Manages the project’s controlled tag vocabulary.

Syntax:

• govctl tag new <tag>
• govctl tag delete <tag>
• govctl tag list

Behavior:

• new: registers a new tag in gov/config.toml under [tags] allowed. Tags MUST match [a-z][a-z0-9-]* (lowercase kebab-case). MUST error if the tag already exists.
• delete: removes a tag from the allowed list. MUST error if any artifact still references the tag.
• list: displays all registered tags with usage counts (how many artifacts reference each tag).

Artifact-level tagging uses existing resource verbs on taggable types (rfc, clause, adr, work, guard):

• govctl {rfc|clause|adr|work|guard} add <ID> tags <tag> — assign a tag to an artifact
• govctl {rfc|clause|adr|work|guard} remove <ID> tags <tag> — remove a tag from an artifact

11. govctl self-update

Updates the govctl binary to the latest release.

Syntax: govctl self-update [--check]

Behavior:

• Downloads and replaces the running binary from GitHub Releases
• With --check: prints version comparison without downloading
• Full specification in RFC-0002:C-SELF-UPDATE

Rationale:

These commands are global because they:

1. Operate on multiple resource types simultaneously
2. Don’t fit the <resource> <verb> pattern semantically
3. Are project-level operations, not resource-level
4. Match user mental model of “project commands” vs “resource commands”

govctl migrate qualifies because it operates across the governance repository as a whole and changes multiple resource types in one coordinated step.

govctl verify qualifies because it executes project-level completion checks that may be required by multiple work items and by the project configuration.

govctl init-skills qualifies because it performs project-level initialization of agent assets (criterion 2).

govctl tag qualifies because it manages project-level configuration that applies across all resource types (criterion 1).

govctl self-update qualifies because it provides meta-information about the CLI itself and performs binary lifecycle management (criterion 3).

Future Additions:

New global commands MAY be added via RFC amendment. They MUST meet at least one criterion:

1. Operate on multiple resource types
2. Perform project-level initialization or cleanup
3. Provide meta-information about the CLI itself

Tags: cli

Since: v0.1.0

[RFC-0002:C-VERIFY-CONFIG] Verification Configuration (Normative)

The project config file gov/config.toml MAY include an optional [verification] section.

When present, the section MUST support the following fields:

• enabled — boolean, default false
• default_guards — array of Verification Guard IDs, default []

If the section is absent, the implementation MUST behave as if enabled = false and default_guards = [].

Every guard ID listed in default_guards MUST resolve to an existing Verification Guard defined by RFC-0000:C-GUARD-DEF. Unknown IDs MUST cause validation failure.

When enabled = false, project-level default guards MUST NOT be applied automatically by govctl verify or by Work Item completion checks.

Work Item verification.required_guards remain effective regardless of the project-level enabled value.

Rationale: The project config controls whether shared default guard policy is active. Explicit Work Item requirements remain local and auditable instead of becoming inert metadata.

Tags: cli, validation

Since: v0.3.0

[RFC-0002:C-SELF-UPDATE] Self-Update Command (Normative)

11. govctl self-update

Updates the govctl binary to the latest release.

Syntax: govctl self-update [--check]

Behavior:

• Queries the GitHub Releases API for the govctl-org/govctl repository to determine the latest published version
• Compares the latest version against the running binary’s compiled version
• Without --check: downloads the platform-appropriate binary asset, verifies integrity, and replaces the running executable. MUST print the old and new version on success. MUST exit with code 0 if already up to date, printing a message indicating no update is needed.
• With --check: prints current version and latest available version without downloading. MUST exit with code 0 if up to date, exit with code 1 if a newer version is available.
• MUST detect the current platform target at compile time and select the matching release asset
• MUST display download progress when connected to a TTY
• MUST error with a clear message if the binary lacks write permission to its install location
• MUST error with a clear message if the GitHub API is unreachable or rate-limited
• SHOULD support GITHUB_TOKEN environment variable for authenticated API requests to avoid rate limits

Rationale:

A self-update command provides a single canonical update path that works regardless of how govctl was originally installed (cargo install, cargo binstall, or direct binary download). This meets criterion 3 of RFC-0002:C-GLOBAL-COMMANDS (meta-information about the CLI itself).

Tags: cli, release

Since: v0.8.0

Changelog

v0.8.0 (2026-04-13)

Add self-update global command (ADR-0041)

Added

• C-SELF-UPDATE clause for govctl self-update command

Changed

• C-GLOBAL-COMMANDS updated with entry 11 and rationale for self-update

v0.7.0 (2026-04-09)

Add controlled-vocabulary tags: tags field on RFC/clause/ADR/work/guard, –tag filter on list, govctl tag new/delete/list for registry management (ADR-0040)

v0.6.1 (2026-04-08)

Add –dir flag to init-skills for one-step directory override without config editing

v0.6.0 (2026-04-08)

Add –format flag to init-skills for cross-platform agent format support (claude/codex)

v0.5.0 (2026-03-27)

Add guard as a resource type with CRUD verbs

Added

• Added guard to C-RESOURCES as resource type 5 (renumbered release to 6)
• Updated C-CRUD-VERBS with guard-specific verb applicability
• Updated C-RESOURCE-MODEL to include guard in resource list

v0.4.0 (2026-03-17)

Add init-skills command, update init and migrate per ADR-0035

Added

• init-skills global command for explicit agent asset installation

Changed

• init no longer installs skills/agents
• migrate now ensures schema JSON files are up to date

v0.3.0 (2026-03-17)

Add project-level verification command and config semantics

Added

• Added global verify command and verification config contract

v0.2.0 (2026-01-19)

Incorporate review feedback: add deletion safety constraints, field name stability, output format defaults, describe schema versioning, and editorial clarifications

Added

• Added deletion safety constraints requiring draft RFCs and reference checks
• Added field name stability guarantee for get command
• Specified json as default output format for non-TTY
• Added status command exception to output format requirements
• Added describe command schema versioning contract
• Clarified clause namespace vs filesystem storage independence
• Added case-sensitivity and timestamp format requirements

v0.1.0 (2026-01-19)

Initial draft