Agency Receipt Protocol — receipt envelope spec + language-agnostic conformance harness. Points at sm-conformance for the signed badge.
Project description
sm-arp — Agency Receipt Protocol
The portable, cryptographically signed receipt format AI agents emit when they act on behalf of humans. Runtime-agnostic, vendor-neutral, MIT-licensed.
ARP sits above MCP (tool integration) and A2A (agent-to-agent transport) — the human ↔ agent accountability layer those standards deliberately do not address.
Status
- WHITEPAPER.md — motivation, design choices, and how ARP fits the portfolio.
- spec/arp/0.1/spec.md — the canonical normative document (RFC-style).
Use it as a library
ARP ships one canonical Python implementation, sm_arp, so every runtime
imports the same build/sign/verify/store code instead of vendoring its own — the
receipt envelope cannot drift between them. The library needs nothing but
cryptography, base58, and jcs.
from sm_arp import Identity, build_action, issue_receipt, verify_receipt, IssuerLog
me = Identity.generate()
r = issue_receipt(me, principal_did=me.did,
action=build_action(category="data_shared", human_summary="shared my calendar"))
assert verify_receipt(r).ok # structure → signature → authority → hash chain
IssuerLog("log.sqlite").append(r) # SQLite Issuer/Agency Log, hash-chained per issuer
sm_arp's verifier is tested against the canonical 22-vector corpus and asserted
byte-for-byte equal to the conformance harness's verdict on every vector — so the
library and the spec cannot disagree.
Layout
sm_arp/— the consumable library:identity(Ed25519 + did:key),receipts(build/sign/verify/canonical/chain),store(SQLite Issuer/Agency Log).arp_cli/— thearpcommand-line tool (pip install 'sm-arp[cli]').WHITEPAPER.md— design rationale and portfolio positioning.spec/arp/0.1/spec.md— the canonical normative receipt spec (RFC-style).spec/arp/0.1/conformance.md— ARP conformance criteria; points atsm-conformancefor the badge.spec/arp/0.1/governance.md— stewardship and the path to public publication.spec/arp/0.1/dat-companion.md— the Delegated Authority Token sketch the authority chain references.schema/arp/0.1/— JSON Schemas (Draft 2020-12) for the receipt envelope.vectors/arp/0.1/— 22 language-agnostic receipt vectors.conformance/arp/— framework-agnostic Python conformance harness for receipts.
The conformance badge lives in sm-conformance
ARP owns what a conformant runtime must do (this repo) and the receipt vectors
it is tested against. It does not own the signed-badge mechanism — that is a
generic, protocol-neutral substrate that lives in its own primitive,
sm-conformance. ARP is its
first consumer.
How to claim ARP compliance
- Implement the spec in your runtime.
- Run
pytest conformance/against the bundled vectors. Every positive vector MUST pass; every negative vector MUST be rejected at the documented stage. - Produce a signed conformance badge with
sm-conformanceand ship it at your runtime's.nanda/conformance.json— and, if you serve it over HTTP, at the canonical/.well-known/conformance.json(see sm-conformance SPEC §3.2).
The badge is self-signed and independently re-verifiable: anyone can recompute
pytest conformance/ against the bundled vectors and check the signature offline.
Implementing ARP
ARP is runtime-agnostic — any agent stack can emit conformant receipts. Implement
the spec, pass conformance/, and ship a signed
sm-conformance badge. The
receipt format depends on nothing but Ed25519, JCS, and the W3C did:key method.
License
MIT — see LICENSE.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sm_arp-0.2.1.tar.gz.
File metadata
- Download URL: sm_arp-0.2.1.tar.gz
- Upload date:
- Size: 26.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1d3b0f59c5fed899697434e8f87985d65dbcb06ef2fec4fcffd0fb2765fb4044
|
|
| MD5 |
810a22570dab8d72f919086664417acd
|
|
| BLAKE2b-256 |
787bec320e196dd4a82c2a4a0cc83474cf2302e29eaebb1b33bbb7579e02acd1
|
Provenance
The following attestation bundles were made for sm_arp-0.2.1.tar.gz:
Publisher:
release.yml on Sharathvc23/sm-arp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sm_arp-0.2.1.tar.gz -
Subject digest:
1d3b0f59c5fed899697434e8f87985d65dbcb06ef2fec4fcffd0fb2765fb4044 - Sigstore transparency entry: 1806460164
- Sigstore integration time:
-
Permalink:
Sharathvc23/sm-arp@e3de5ad9b6bdc2f860af89a1710c244bbba102a4 -
Branch / Tag:
refs/tags/v0.2.1 - Owner: https://github.com/Sharathvc23
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@e3de5ad9b6bdc2f860af89a1710c244bbba102a4 -
Trigger Event:
push
-
Statement type:
File details
Details for the file sm_arp-0.2.1-py3-none-any.whl.
File metadata
- Download URL: sm_arp-0.2.1-py3-none-any.whl
- Upload date:
- Size: 28.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7c16d475af5430351d9a6332075233b19390f85d228109896981643a71190233
|
|
| MD5 |
d2c0b00f3cca7b673a9a1cddc7602209
|
|
| BLAKE2b-256 |
0bc793a26f264e86dee7062c6b53fc67e3c909d01b62970aad8261e470c24cb5
|
Provenance
The following attestation bundles were made for sm_arp-0.2.1-py3-none-any.whl:
Publisher:
release.yml on Sharathvc23/sm-arp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sm_arp-0.2.1-py3-none-any.whl -
Subject digest:
7c16d475af5430351d9a6332075233b19390f85d228109896981643a71190233 - Sigstore transparency entry: 1806460177
- Sigstore integration time:
-
Permalink:
Sharathvc23/sm-arp@e3de5ad9b6bdc2f860af89a1710c244bbba102a4 -
Branch / Tag:
refs/tags/v0.2.1 - Owner: https://github.com/Sharathvc23
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@e3de5ad9b6bdc2f860af89a1710c244bbba102a4 -
Trigger Event:
push
-
Statement type: