execution-proof: adopt 3 desiorac refinements + onboard as Genesis Reviewer

Per ark-forge/proof-spec#1 (2026-05-23). All three points were concrete
spec-level corrections worth pinning before implementations diverge:

- §Canonicalization — explicit rule that absent optional fields are
  excluded from the JCS input, never serialized as `null`. Implementations
  that disagree on null-vs-omit produce divergent hashes from identical
  step data.
- §Step record (prev_hash chained mode) — explicit that `plan_hash` is
  the pre-committed value from the intent record (set before execution),
  not a hash the agent computes at proof time. Closes the post-hoc
  plan-swap attack on a compromised agent.
- §Related work — Compliance Receipts v0.1 (ark-forge/proof-spec) added
  as composable: `previous_receipt_hash` ≡ `prev_hash`, chained proof
  mode composes without additional fields.

desiorac added to CONTRIBUTORS.md → Genesis Reviewers → Execution Proof
and to execution-proof.md §Contributors.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: flyoung588

CONTRIBUTORS.md

@@ -118,6 +118,20 @@ Genesis Reviewer for the **execution-proof v0.2 freeze** (target 2026-08-01); pr
 
 ---
 
+**[@desiorac](https://github.com/desiorac)** (maintainer of [ark-forge/proof-spec](https://github.com/ark-forge/proof-spec) — Compliance Receipts v0.1) — Joined 2026-05-23
+
+Multi-comment design feedback ([reference thread](https://github.com/ark-forge/proof-spec/issues/1)) shaping three elements of the [Execution Proof](docs/execution-proof.md) spec:
+
+- **§Canonicalization — absent-optional-fields rule** — explicit rule that missing optional fields (e.g. `context_hash`, `attestation`) are excluded from the JCS input rather than serialized as `null`, preventing divergent hashes from identical step data when implementations disagree on null-vs-omit
+- **§Step record — `plan_hash` pre-commitment clarification** — explicit that the mandate's `plan_hash` is the pre-committed value from the intent record (set before execution begins), not a hash computed by the agent at proof time; binds the chain to what was authorized rather than what the agent claims it did
+- **§Related work — Compliance Receipts v0.1 composability** — `previous_receipt_hash` in CR v0.1 is structurally equivalent to `prev_hash` in OM World's Step record; chained proof mode composes with the CR v0.1 pipeline format without additional fields
+
+Reference: [ark-forge/proof-spec](https://github.com/ark-forge/proof-spec) — Compliance Receipts v0.1 open spec for verifiable agent-to-agent execution proofs.
+
+Genesis Reviewer for the **execution-proof v0.2 freeze** (target 2026-08-01); pre-publication review window ~2026-07-25. desiorac has offered to review a draft PR on `ark-forge/proof-spec` for the canonical step hash definition; OM World will open that PR shortly.
+
+---
+
 ## Primitive Stewards
 
 _Stewards take long-term maintenance ownership of a primitive's spec section, typically after v1.0 freeze._

docs/execution-proof.md

@@ -78,7 +78,7 @@ A verifier holding the snapshot can independently reproduce the retrieval and ve
 By default, steps form a flat sequence: all steps must be replayed to dispute any one. When per-step dispute localization is needed, steps may be linked via `prev_hash`:
 
 - Each step's canonical record includes the prior step's full step hash as `prev_hash`.
-- The first step sets `prev_hash` to the mandate's `plan_hash`, anchoring the chain to the pre-committed plan.
+- The first step sets `prev_hash` to the mandate's `plan_hash` — the value **pre-committed in the intent record before execution begins**, not a hash computed by the agent at proof time. This binds the chain to what was authorized; a compromised agent that swapped the plan post-hoc cannot produce a valid-looking chain anchored to the original `plan_hash`.
 - Any verifier holding step N and step N-1 can verify the link independently, without replaying the full trace.
 - A challenger may dispute step N specifically by submitting only steps N-1 and N as evidence.
 
@@ -104,6 +104,8 @@ step_hash = SHA-256(JCS(step_record_without_prev_hash))
 
 The `prev_hash` field is excluded from its own step's hash input so the field can *contain* the previous step's hash without circular dependency. Step records are otherwise hashed including all present fields.
 
+**Absent optional fields are excluded from the JCS input** — a missing `context_hash` or `attestation` field MUST NOT be serialized as `null` in the canonical record. Implementations that disagree on `null` vs. omit will produce divergent hashes from identical step data, breaking interoperability before any signature is even checked.
+
 The proof envelope's `signature` is computed over `SHA-256(JCS(envelope_without_signature))` using the agent's signing key (the key materially bound to `intent.executor.agent_id`).
 
 ## Long-term verifiability
@@ -211,6 +213,7 @@ A small but real cluster of agentic-commerce and agent-execution specs is conver
 - [Tyche Institute / EATF](https://github.com/tyche-institute/eatf) — key-rooted attestation with hybrid PQC (RSA-4096 / ECDSA-P256 / ML-DSA-65), JCS canonicalization, RFC 3161 timestamps, and an externally-mirrored key history (reference mirror at `tyche-institute/eatf-trust-anchors`). Multi-decade-verifier-viability framing; runtime-honesty explicitly out-of-scope of the envelope, composable underneath via TEE if needed.
 - [Occasio Labs / occasio](https://github.com/occasiolabs/occasio) — audit-only end of the cluster. In-toto Statement over a JSONL hash-chain, RFC 8785-subset canonicalization (with documented deviations and integer-only numbers), mirrored JS and Python verifiers, DSSE-wrapped, Sigstore keyless via GitHub Actions OIDC, Rekor inclusion proof in CI. The economic/settlement axis is intentionally absent — a clean reference for the audit/economic decoupling pattern.
 - [winsznx/pact](https://github.com/winsznx/pact) — deployed on-chain execution-attestation verifier (0G mainnet). Pre-registered signing-address commitment + EIP-191-signed 5-field canonical text (`contentHash:usageHash:providerType:providerIdentity:tlsCertFingerprint`) + `AttestationVerifier.sol` running `ECDSA.recover` at submission time. Three-mechanism dispute decomposition (hard enforcement / reputation accumulator / bond slashing) shaped [§Disputes](#disputes) in this spec. PACT's `AttestationVerifier` can verify an OM World Execution Proof as-is when the proof's canonical-text shape matches and is EIP-191-signed against a key registered in PACT's `PactRegistry` — a useful interop surface for deployments that want to settle on 0G.
+- [ark-forge/proof-spec](https://github.com/ark-forge/proof-spec) — Compliance Receipts v0.1, an open spec for verifiable agent-to-agent execution proofs. `previous_receipt_hash` in CR v0.1 is structurally equivalent to `prev_hash` in this spec's Step record — same role, same anchoring pattern; `step.timestamp` (ISO 8601 UTC) maps directly. OM World's chained proof mode composes with the CR v0.1 pipeline format **without additional fields**. Composability confirmed by the maintainer ([@desiorac](https://github.com/desiorac)), who also shaped the §Canonicalization absent-optional-fields rule and the §Step record `plan_hash` pre-commitment clarification.
 - [attestplane/attestplane](https://github.com/attestplane/attestplane) — compliance-and-audit-substrate end of the cluster. **alpha-stage** verifiable audit substrate framed explicitly as an **AIA-12 aligned profile** (Article 12 of the EU AI Act), not a compliance certification: role-bound event fields (provider/deployer/operator/human reviewer), system+model+policy version refs, event categories mapping to high-risk operations (decision / human intervention / exception / drift / audit-export), continuity checkpoints, optional external timestamp anchoring, offline-readable auditor export. Verifier-independence rule (deterministic OSS verifier + versioned schemas + exported bytes as the trust root; hosted APIs as convenience only) and the **commit-then-redact** retention/deletion profile (raw PII in controller-owned sidecar; deletion appended as a signed, chained evidence event) were independently arrived at and align with [§Verifier independence](#on-chain-verification) and [§Deletion evidence](#deletion-evidence-commit-then-redact) in this spec. Attestplane provides evidence-substrate primitives, not a legal compliance conclusion for any deployed high-risk system.
 - AP2 v0.2 Verifiable Intent (in development)
 - Several wallet-side credential profiles in the broader agent ecosystem
@@ -226,3 +229,4 @@ This spec was shaped by — see [CONTRIBUTORS.md](../CONTRIBUTORS.md#execution-p
 - **[@Trusteedxyz](https://github.com/Trusteedxyz)** — Genesis Reviewer of Execution Proof. Shaped §Canonicalization (JCS RFC 8785), §Long-term verifiability (RFC 3161 sidecar), §Key revocation states (rotated vs compromised), the envelope-is-the-unit non-goal in §Envelope, the relayer-bytes-commitment rule in §On-chain verification, and the §Related work convergence note across multiple rounds of design dialogue.
 - **Tyche Institute** (maintainer of the [EATF](https://github.com/tyche-institute/eatf) research project) — Genesis Reviewer of Execution Proof (institutional attribution). Shaped §Threat model (runtime-honesty as an explicit out-of-scope property of the envelope) and the cross-spec convergence framing in §Related work (key-rooted + key-history-mirror as a complementary axis to the JCS/JWS stack). Posture: technical review only; not an endorsement of OM World governance, business model, or any future commercial state.
 - **attestplane project** (maintained by [@merchloubna70-dot](https://github.com/merchloubna70-dot)) — Genesis Reviewer of Execution Proof (institutional attribution). Shaped the verifier-independence rule in §On-chain verification, the §Deletion evidence (commit-then-redact) section, and the compliance-and-audit-substrate corner of the §Related work cluster. Posture: spec-level convergence only; not an endorsement of OM World governance, business model, or any future commercial state.
+- **[@desiorac](https://github.com/desiorac)** (maintainer of [ark-forge/proof-spec](https://github.com/ark-forge/proof-spec) — Compliance Receipts v0.1) — Genesis Reviewer of Execution Proof. Shaped the §Canonicalization absent-optional-fields rule (null vs. omit), the §Step record `plan_hash` pre-commitment clarification (intent-record value, not agent-computed at proof time), and the §Related work composability note for Compliance Receipts v0.1.