Skip to main content

Agency Receipt Protocol — receipt envelope spec + language-agnostic conformance harness. Points at sm-conformance for the signed badge.

Project description

sm-arp — Agency Receipt Protocol

The portable, cryptographically signed receipt format AI agents emit when they act on behalf of humans. Runtime-agnostic, vendor-neutral, MIT-licensed.

ARP sits above MCP (tool integration) and A2A (agent-to-agent transport) — the human ↔ agent accountability layer those standards deliberately do not address.

Status

Use it as a library

ARP ships one canonical Python implementation, sm_arp, so every runtime imports the same build/sign/verify/store code instead of vendoring its own — the receipt envelope cannot drift between them. The library needs nothing but cryptography, base58, and jcs.

from sm_arp import Identity, build_action, issue_receipt, verify_receipt, IssuerLog

me = Identity.generate()
r = issue_receipt(me, principal_did=me.did,
                  action=build_action(category="data_shared", human_summary="shared my calendar"))
assert verify_receipt(r).ok                 # structure → signature → authority → hash chain
IssuerLog("log.sqlite").append(r)           # SQLite Issuer/Agency Log, hash-chained per issuer

sm_arp's verifier is tested against the canonical 22-vector corpus and asserted byte-for-byte equal to the conformance harness's verdict on every vector — so the library and the spec cannot disagree.

Layout

  • sm_arp/ — the consumable library: identity (Ed25519 + did:key), receipts (build/sign/verify/canonical/chain), store (SQLite Issuer/Agency Log).
  • arp_cli/ — the arp command-line tool (pip install 'sm-arp[cli]').
  • WHITEPAPER.md — design rationale and portfolio positioning.
  • spec/arp/0.1/spec.md — the canonical normative receipt spec (RFC-style).
  • spec/arp/0.1/conformance.md — ARP conformance criteria; points at sm-conformance for the badge.
  • spec/arp/0.1/governance.md — stewardship and the path to public publication.
  • spec/arp/0.1/dat-companion.md — the Delegated Authority Token sketch the authority chain references.
  • schema/arp/0.1/ — JSON Schemas (Draft 2020-12) for the receipt envelope.
  • vectors/arp/0.1/ — 22 language-agnostic receipt vectors.
  • conformance/arp/ — framework-agnostic Python conformance harness for receipts.

The conformance badge lives in sm-conformance

ARP owns what a conformant runtime must do (this repo) and the receipt vectors it is tested against. It does not own the signed-badge mechanism — that is a generic, protocol-neutral substrate that lives in its own primitive, sm-conformance. ARP is its first consumer.

How to claim ARP compliance

  1. Implement the spec in your runtime.
  2. Run pytest conformance/ against the bundled vectors. Every positive vector MUST pass; every negative vector MUST be rejected at the documented stage.
  3. Produce a signed conformance badge with sm-conformance and ship it at your runtime's .nanda/conformance.json — and, if you serve it over HTTP, at the canonical /.well-known/conformance.json (see sm-conformance SPEC §3.2).

The badge is self-signed and independently re-verifiable: anyone can recompute pytest conformance/ against the bundled vectors and check the signature offline.

Implementing ARP

ARP is runtime-agnostic — any agent stack can emit conformant receipts. Implement the spec, pass conformance/, and ship a signed sm-conformance badge. The receipt format depends on nothing but Ed25519, JCS, and the W3C did:key method.

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sm_arp-0.2.1.tar.gz (26.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sm_arp-0.2.1-py3-none-any.whl (28.4 kB view details)

Uploaded Python 3

File details

Details for the file sm_arp-0.2.1.tar.gz.

File metadata

  • Download URL: sm_arp-0.2.1.tar.gz
  • Upload date:
  • Size: 26.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sm_arp-0.2.1.tar.gz
Algorithm Hash digest
SHA256 1d3b0f59c5fed899697434e8f87985d65dbcb06ef2fec4fcffd0fb2765fb4044
MD5 810a22570dab8d72f919086664417acd
BLAKE2b-256 787bec320e196dd4a82c2a4a0cc83474cf2302e29eaebb1b33bbb7579e02acd1

See more details on using hashes here.

Provenance

The following attestation bundles were made for sm_arp-0.2.1.tar.gz:

Publisher: release.yml on Sharathvc23/sm-arp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sm_arp-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: sm_arp-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 28.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sm_arp-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 7c16d475af5430351d9a6332075233b19390f85d228109896981643a71190233
MD5 d2c0b00f3cca7b673a9a1cddc7602209
BLAKE2b-256 0bc793a26f264e86dee7062c6b53fc67e3c909d01b62970aad8261e470c24cb5

See more details on using hashes here.

Provenance

The following attestation bundles were made for sm_arp-0.2.1-py3-none-any.whl:

Publisher: release.yml on Sharathvc23/sm-arp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page