Skip to content

Verifiable Agent Trust Envelope v0.1.0 — Discussion Draft

Pre-release
Pre-release

Choose a tag to compare

View all tags
@Poke-nushi Poke-nushi released this 28 Apr 03:53
· 94 commits to main since this release
v0.1.0
6c3c8ce

This release publishes the first public discussion draft of Verifiable Agent Trust Envelope.

It is a narrow draft for one specific boundary:

when an external agent wants to perform a risky write against a remote system, what portable artifacts should the relying party verify before allowing the action?

The current v0.1 wedge is verifier-centered and focuses on AL2 external digital write decisions.
The repository makes that boundary concrete through an HTTP verifier demo that evaluates:

status -> identity -> runtime -> permit -> policy

and returns:

allow / attenuate / deny

with a machine-readable receipt.

What This Draft Adds

  • a composite artifact model across identity, runtime proof, task-scoped permit, status, and receipt
  • explicit verifier-side ordering for risky external actions
  • payload schemas and examples
  • an educational reference demo
  • a machine-readable AL2 HTTP conformance corpus

What This Draft Does Not Replace

This draft is not trying to replace:

  • A2A
  • MCP
  • OAuth / OpenID
  • VC / JWT
  • workload identity systems
  • agent platforms or control planes

It is intended to compose with those layers rather than supersede them.

Close Adjacent Work

This repo should not be read as if adjacent public work does not exist.
The closest comparisons currently include:

  • Agent Permission Protocol (Crittora APP)
  • Open Agent Passport / APort
  • Agent Passport System (APS / AEOESS)
  • AgentROA
  • Agent Auth / AIP

Direct comparison note:

  • docs/close-adjacent-work-2026-04.md

Feedback Requested

The most useful critique for this draft is currently:

  • is the verifier-side boundary clear enough
  • is the status -> identity -> runtime -> permit -> policy ordering sound
  • are permit, status, attenuation, and receipt semantics coherent together
  • is the difference from close adjacent work stated honestly and precisely enough
  • what should remain core versus move into profiles or extensions

Fast Reading Path

If you are new to the repo, start with:

  1. README.md
  2. docs/close-adjacent-work-2026-04.md
  3. docs/use-cases.md
  4. section 0 and section 1 of docs/verifiable-agent-trust-envelope-spec-v0.1.md
  5. reference/http-verifier-demo/README.md

Current Status

  • repository type: protocol discussion draft
  • maturity: early draft
  • language: English-first
  • current battlefield: AL2 external digital write
  • production readiness: no

This release is published to invite technical critique, not to claim a finished standard.

Assets 2
Loading