From fe716ceb170fedb249244cfd6c4c45d87d6413b2 Mon Sep 17 00:00:00 2001
From: Jonathan Green <dev.jonathan.green@gmail.com>
Date: Fri, 8 May 2026 19:49:56 -0400
Subject: [PATCH] docs(sdk): mirror CONNECTOR_RELEASE_CONTRACT.md polish
 patches from connector#68
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sibling town mirror of connector#68. Six small content fixes deferred from
Story 44.4's round-2 review cycle, kept body-identical with the connector
source via the established 3-line comment-header / `tail -n +4` discipline.

Patches mirrored:
- P3: ## Artifacts line PR #62 → #63
- P4: ## Supply-chain signing opener pinned to v3.6.0
- P5: ## Verification "Two/Three mechanisms" + contiguous list
- P6: ## References RFC-0027 cross-link
- P7: ## Staying current ```bash language hint
- Q1: ## Verification item 3 cwd-anchored diff example

Body-equivalence verified pre-merge:

  diff connector/CONNECTOR_RELEASE_CONTRACT.md \
       <(tail -n +4 packages/sdk/CONNECTOR_RELEASE_CONTRACT.md)

returns empty. Re-run post-merge of both PRs to confirm.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 packages/sdk/CONNECTOR_RELEASE_CONTRACT.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/packages/sdk/CONNECTOR_RELEASE_CONTRACT.md b/packages/sdk/CONNECTOR_RELEASE_CONTRACT.md
index d4898436..5d8bd355 100644
--- a/packages/sdk/CONNECTOR_RELEASE_CONTRACT.md
+++ b/packages/sdk/CONNECTOR_RELEASE_CONTRACT.md
@@ -14,7 +14,7 @@ Each release publishes two artifacts:
 | Artifact        | Location                                                       | Architectures                                                      |
 | --------------- | -------------------------------------------------------------- | ------------------------------------------------------------------ |
 | npm package     | `@toon-protocol/connector` on npmjs.com                        | n/a (pure JS)                                                      |
-| Container image | `ghcr.io/toon-protocol/connector` on GitHub Container Registry | `linux/amd64`, `linux/arm64` (from the first release after PR #62) |
+| Container image | `ghcr.io/toon-protocol/connector` on GitHub Container Registry | `linux/amd64`, `linux/arm64` (from the first release after PR #63) |
 
 Releases are cut by [semantic-release](https://github.com/semantic-release/semantic-release)
 on every push to `main`, when the conventional-commit history warrants a version
@@ -69,7 +69,7 @@ townhouse migration cycle and a CONNECTOR_MIGRATION.md row.
 
 ## Supply-chain signing
 
-Starting from the first release after PR [#66](https://github.com/toon-protocol/connector/pull/66), every connector and ATOR sidecar image is cosign-signed via **keyless OIDC** — no static keys, no secrets beyond the default `GITHUB_TOKEN`.
+Starting from `v3.6.0` (cut after PR [#66](https://github.com/toon-protocol/connector/pull/66) merged), every connector and ATOR sidecar image is cosign-signed via **keyless OIDC** — no static keys, no secrets beyond the default `GITHUB_TOKEN`.
 
 ### Verifying a release image
 
@@ -128,7 +128,7 @@ learn about new connector releases via:
    not expose.
 2. **`gh` CLI subscription** — fallback: subscribes to all repository events
    (not releases-only):
-   ```
+   ```bash
    gh api -X PUT /repos/toon-protocol/connector/subscription \
      -f subscribed=true -f ignored=false
    ```
@@ -181,7 +181,7 @@ guarantees in [Stability guarantees](#stability-guarantees) apply.
 
 ## Verification
 
-Two mechanisms guard against future tag-vs-content drift:
+Three mechanisms guard against future tag-vs-content drift:
 
 1. **Pre-publish (issue [#61](https://github.com/toon-protocol/connector/issues/61) /
    PR [#60](https://github.com/toon-protocol/connector/pull/60)):** the
@@ -193,14 +193,15 @@ Two mechanisms guard against future tag-vs-content drift:
    manifest with `docker buildx imagetools inspect` and asserts that
    `org.opencontainers.image.version` equals the tag. Any mismatch fails the
    workflow run.
-
 3. **Town mirror drift detection:** The doc body is mirrored at
    `packages/sdk/CONNECTOR_RELEASE_CONTRACT.md` in `toon-protocol/town`.
-   The town copy prepends a 3-line comment header; verify body equivalence with:
+   The town copy prepends a 3-line comment header; verify body equivalence
+   from the `toon-protocol/connector` repo root (with `toon-protocol/town`
+   cloned alongside as a sibling directory, e.g. `../town`):
 
    ```bash
    diff CONNECTOR_RELEASE_CONTRACT.md \
-        <(tail -n +4 /path/to/town/packages/sdk/CONNECTOR_RELEASE_CONTRACT.md)
+        <(tail -n +4 ../town/packages/sdk/CONNECTOR_RELEASE_CONTRACT.md)
    ```
 
    Expected output: empty. Any diff is a drift defect — open a follow-up PR in
@@ -216,3 +217,4 @@ Two mechanisms guard against future tag-vs-content drift:
   `npm-release` fix for the same class of bug
 - [PR #66 — cosign keyless OIDC signing](https://github.com/toon-protocol/connector/pull/66) (Story 44.3)
 - Townhouse Story 44.4 — downstream consumer-facing release contract
+- [Interledger Protocol V4 (RFC 0027)](https://github.com/interledger/rfcs/blob/master/0027-interledger-protocol-4/0027-interledger-protocol-4.md) — defines the ILP packet wire format referenced by the MAJOR-bump rule in [API stability](#api-stability)