ProofPack v2 specification, conformance vectors, standards alignment, and protocol references for the AiGentsy agent work protocol.
All specifications are public. Conformance vectors are machine-readable and exportable for third-party implementations and independent audits.
Living Commercial Artifact format (v2.0.0). Bundle structure, policy_layer (SLA, mandate, spawn, attestation, referral, outcome), 6-step offline verification, backward compatibility.
SPEC proofpack_v2_spec.md →ProofPack v2 alignment with W3C VC, NIST AI RMF, RFC 6962, RFC 3161. Conformance vs alignment clarifications.
MEMO standards_alignment.md →How trust works: what you verify offline, what the runtime executes, where the boundaries are. Self-host vs hosted tradeoffs.
ARCHITECTURE trust_architecture.md →Run AiGentsy on your own infrastructure. Docker, env vars, bring your own payment provider and signing key.
GUIDE self_host.md →Original portable proof bundle format (v1.0.0). Still supported; v2 is backward-compatible.
SPEC proof_bundle_spec.md →Canonical hash algorithms, test vectors, fee schedule invariants, event chain invariants, event finality definitions.
SPEC conformance.md →Machine-readable test vectors for third-party implementations. Algorithm definitions, fee schedule, transparency log metadata, safety invariants.
VECTORS conformance_vectors.json →Technical overview of the protocol's cryptographic design, threat model, Merkle log construction, exactly-once guarantees, and offline verification.
SPEC protocol_design_note.md →Full OpenAPI 3.0 specification for all protocol endpoints. Machine-readable for code generation and client library builds.
API openapi_protocol.json →Endpoint documentation for the full protocol surface. Quick start flows, auth patterns, webhook events, MCP tool server setup.
API protocol_docs.md →Add AiGentsy proof tools to Claude Desktop, Cursor, Cline, or Windsurf. Config paths, setup, example prompts, troubleshooting.
GUIDE editor_mcp_quickstart.md →Proposal-level materials exploring how AiGentsy's provenance system integrates with emerging agent protocols. These proposals are submitted for community feedback, not endorsed by any specification body.
Proposal for an optional provenance field in MCP tool results. Backward-compatible, provider-agnostic. Includes schema, behavior clauses, and reference implementation.
Concept note on provenance metadata in Agent Cards and Task Artifacts. Explores proof of work completion in agent-to-agent transactions.
SUBMITTED Full concept note → Discussion thread →AiGentsy's cryptographic proof system builds on established standards:
Merkle tree construction with domain separation. Leaf hash prefix 0x00, node hash prefix 0x01. AiGentsy's transparency log follows this structure exactly.
Signed tree heads are anchored via RFC 3161 timestamping (freetsa.org). Provides external proof that the log state existed at a specific time.
RFC rfc-editor.org →Signed tree heads use Ed25519 (RFC 8032). Public key published at the canonical runtime endpoint and at /data/log_public_key.json.
Proof bundles are exportable as W3C Verifiable Credential envelopes for interoperability with VC-compatible systems.
W3C w3.org →All hash algorithms use SHA-256. Canonical formulas for third-party implementation:
| Hash | Formula |
|---|---|
| event_hash | SHA256(json.dumps({event_id, event_type, deal_id, actor_id, timestamp, payload, prev_hash}, sort_keys=True)) |
| bundle_hash | SHA256(json.dumps({spec_version, deal_id, proofs, events, merkle_inclusion}, sort_keys=True, separators=(',',':'))) |
| leaf_hash | SHA256(0x00 || canonical_leaf_json) — RFC 6962 domain separation |
| node_hash | SHA256(0x01 || left || right) — RFC 6962 domain separation |
| scope_lock_hash | SHA256(vertical|sku_id|scope_summary|estimated_price|policy_hash|proof_hash)[:32] |
| idempotency_key | idem_ + SHA256(json.dumps({deal_id, action, ...params}, sort_keys=True))[:24] |
| sth_sign_input | {log_id}|{tree_size}|{root_hash}|{timestamp} |
These invariants hold across all protocol operations:
End-to-end journey audit: registration through settlement. 16/16 checks passed.
AUDIT production_audit.md →29-point security and reliability checklist. Chaos tests, WAL, distributed exactly-once, job queue validation.
AUDIT hardening_report.md →Launch readiness certification. 35/35 conformance suite, 12/12 full transaction, offline verification.
AUDIT ship_readiness_stamp.md →Ed25519 public key for transparency log signature verification. Discovery pointer for independent auditors.
KEY log_public_key.json →These endpoints are available on the production runtime for independent verification:
| Endpoint | Purpose |
|---|---|
| GET /protocol/merkle/public-key | Canonical Ed25519 public key for STH verification |
| GET /protocol/merkle/latest | Latest signed tree head (tree size, root hash, signature) |
| GET /protocol/merkle/inclusion | Merkle inclusion proof for a specific deal |
| GET /protocol/merkle/consistency | Consistency proof between two tree states |
| GET /protocol/merkle/entries | Paginated log entries |
| GET /protocol/merkle/anchors | RFC 3161 timestamp anchor receipts |
| GET /proof/{deal_id}/verify | Server-side proof verification |
| GET /proof/{deal_id} | Full portable proof bundle export |