Context
PR #12 hardened AgentRegistryGrant and documented that external identity, reputation, certificate-tier, and registry lookup systems are useful verifier inputs, but they are not the SourceOS Agent Registry and must not become the canonical trust authority.
We need a provider-neutral adapter contract so systems such as PCH/ERC-8004-style identity and reputation registries can be consumed safely without binding Agent Machine to any external managed gateway, payment rail, dashboard, proprietary authority, or non-local root of trust.
Required outcome
Define an ExternalTrustSignalProvider adapter contract/stub for optional non-authoritative verifier inputs used by Agent Registry grant resolution.
Acceptance criteria
- Add a documented adapter request/response shape.
- Adapter request includes provider reference, AgentPod ID, requested agent identity, session identity, workroom/topic refs, requested signal types, requested verification freshness, and requested expiration window.
- Adapter response includes signal reference, signal digest when available, signal type, provider reference, verified-at timestamp, freshness result, authority fixed to
non-authoritative-verifier-input, and failure reason when unavailable.
- Supported signal types include agent identity, certificate tier, reputation score, counterparty check, registry lookup, and other.
- External trust signals are never sufficient to activate an AgentPod by themselves.
- Agent Registry grant resolution must fail closed or ignore the external signal when the adapter is unavailable, stale, malformed, unsigned when signatures are required, or broader than the local requested scope.
- No secret values, raw prompts, raw KV-cache contents, private memory contents, API keys, wallet private keys, raw credentials, or raw user data are included in adapter payloads.
- Add at least one active example and one unavailable/stale example.
- Add semantic validation proving that external trust signal authority cannot be elevated above
non-authoritative-verifier-input.
- Update architecture docs to state that PCH/ERC-8004-style signals are adapter-compatible prior art, not SourceOS authority.
Related docs/code
docs/architecture/agent-registry-grants.mdcontracts/agent-registry-grant.schema.jsonsrc/agent_machine/governance.pydocs/architecture/receipt-chain.mddocs/architecture/world-class-release-gate.md
Non-goals
- Do not add a hard dependency on PCH, Base, USDC, x402, ERC-8004, or any external hosted identity service.
- Do not perform live network calls in the base validator.
- Do not treat external trust scores, certificate tiers, or registry lookups as authorization.
- Do not expose sensitive runtime content to an external provider.
Context
PR #12 hardened
AgentRegistryGrantand documented that external identity, reputation, certificate-tier, and registry lookup systems are useful verifier inputs, but they are not the SourceOS Agent Registry and must not become the canonical trust authority.We need a provider-neutral adapter contract so systems such as PCH/ERC-8004-style identity and reputation registries can be consumed safely without binding Agent Machine to any external managed gateway, payment rail, dashboard, proprietary authority, or non-local root of trust.
Required outcome
Define an
ExternalTrustSignalProvideradapter contract/stub for optional non-authoritative verifier inputs used by Agent Registry grant resolution.Acceptance criteria
non-authoritative-verifier-input, and failure reason when unavailable.non-authoritative-verifier-input.Related docs/code
docs/architecture/agent-registry-grants.mdcontracts/agent-registry-grant.schema.jsonsrc/agent_machine/governance.pydocs/architecture/receipt-chain.mddocs/architecture/world-class-release-gate.mdNon-goals