KPAR archive validation#

This page summarizes requirements for uploaded .kpar archives accepted by Sysand Index.

Project metadata#

  • publisher is set in .project.json and conforms to Sysand Index publisher rules.

  • publisher in .project.json matches a username or organization in Sysand Index.

  • name is set in .project.json and conforms to Sysand Index project name rules.

  • license is set in .project.json and is a valid SPDX license expression.

  • All other fields are valid for their respective types. Most of these fields are IRIs.

Archive layout#

  • .project.json and .meta.json are present in the root of the ZIP file.

  • .meta.json contains a metamodel field matching https://www.omg.org/spec/KerML/YYYYMMXX or https://www.omg.org/spec/SysML/YYYYMMXX. The YYYYMM portion must be a valid year/month; the final two digits are not calendar-day validated.

Note

The accepted metamodel values will grow over time. Sysand Index currently recognizes the OMG-published KerML and SysML metamodels listed above, but it is designed so additional metamodels — including community-built ones beyond the OMG specifications — can be added as the ecosystem evolves. Check this page for the current list before publishing a package that targets a non-OMG metamodel.

To request support for a community-defined metamodel, reach out at sysand@sensmetry.com.

  • LICENSES/ is present and contains a .txt file for each mentioned license.

  • LICENSES/ contains no additional .txt files other than those for the mentioned licenses.

  • The KPAR contains no additional unknown files other than:

    • LICENSES/*.txt files,

    • README.md,

    • CHANGELOG.md,

    • .sysml and .kerml files mentioned in .meta.json.

Paths and ZIP structure#

  • The ZIP uses the DEFLATE compression method.

  • The ZIP contains no nested ZIP archives.

  • The ZIP is not a ZIP bomb.

  • The ZIP contains no symlinks.

  • ZIP entry paths do not contain relative path components such as . or ...

File integrity#

  • Hashes of all source files are included in .meta.json.

  • Hashes use SHA256.

  • Hashes match the referenced file contents.

  • The index field in .meta.json does not mention files that are absent from the checksum field in .meta.json.

  • All files referenced in checksum and index in .meta.json are present in the archive.

  • Files referenced in index use the extension that matches the metamodel kind: .sysml for SysML and .kerml for KerML.

File safety#

  • Files in the KPAR do not have extra permissions, such as executable bits.

  • The archive contains no executable files, such as Windows, macOS, or Linux binaries.

  • Files do not masquerade as another type. For example, a .sysml, .kerml, or .md file must actually contain that kind of content rather than a script or binary in disguise.

Model validity#

  • All symbols included in the .meta.json index field are present in their respective files.

  • Packaged .sysml and .kerml files are legal models and produce no model errors.