Skip to main content

Agency Receipt Protocol — receipt envelope spec + language-agnostic conformance harness. Points at sm-conformance for the signed badge.

Project description

sm-arp — Agency Receipt Protocol

The portable, cryptographically signed receipt format AI agents emit when they act on behalf of humans. Runtime-agnostic, vendor-neutral, MIT-licensed.

ARP sits above MCP (tool integration) and A2A (agent-to-agent transport) — the human ↔ agent accountability layer those standards deliberately do not address.

Status

  • WHITEPAPER.md — motivation, design choices, and how ARP fits the portfolio.
  • spec/arp/0.1/spec.md — the canonical normative document (RFC-style).
  • THREATMODEL.md — what a receipt does and does not prove, threats A1–A10, the delegation/transparency trust-rung roadmap, and a verifier checklist.

Use it as a library

ARP ships one canonical Python implementation, sm_arp, so every runtime imports the same build/sign/verify/store code instead of vendoring its own — the receipt envelope cannot drift between them. The library needs nothing but cryptography, base58, and jcs.

from sm_arp import Identity, build_action, issue_receipt, verify_receipt, IssuerLog

me = Identity.generate()
r = issue_receipt(me, principal_did=me.did,
                  action=build_action(category="data_shared", human_summary="shared my calendar"))
assert verify_receipt(r).ok                 # structure → signature → authority → hash chain
IssuerLog("log.sqlite").append(r)           # SQLite Issuer/Agency Log, hash-chained per issuer

sm_arp's verifier is tested against the canonical 22-vector corpus and asserted byte-for-byte equal to the conformance harness's verdict on every vector — so the library and the spec cannot disagree.

Layout

  • sm_arp/ — the consumable library: identity (Ed25519 + did:key), receipts (build/sign/verify/canonical/chain), store (SQLite Issuer/Agency Log).
  • arp_cli/ — the arp command-line tool (pip install 'sm-arp[cli]').
  • WHITEPAPER.md — design rationale and portfolio positioning.
  • spec/arp/0.1/spec.md — the canonical normative receipt spec (RFC-style).
  • spec/arp/0.1/conformance.md — ARP conformance criteria; points at sm-conformance for the badge.
  • spec/arp/0.1/governance.md — stewardship and the path to public publication.
  • spec/arp/0.1/dat-companion.md — the Delegated Authority Token sketch the authority chain references.
  • schema/arp/0.1/ — JSON Schemas (Draft 2020-12) for the receipt envelope.
  • vectors/arp/0.1/ — 22 language-agnostic receipt vectors.
  • conformance/arp/ — framework-agnostic Python conformance harness for receipts.

The conformance badge lives in sm-conformance

ARP owns what a conformant runtime must do (this repo) and the receipt vectors it is tested against. It does not own the signed-badge mechanism — that is a generic, protocol-neutral substrate that lives in its own primitive, sm-conformance. ARP is its first consumer.

How to claim ARP compliance

  1. Implement the spec in your runtime.
  2. Run pytest conformance/ against the bundled vectors. Every positive vector MUST pass; every negative vector MUST be rejected at the documented stage.
  3. Produce a signed conformance badge with sm-conformance and ship it at your runtime's .nanda/conformance.json — and, if you serve it over HTTP, at the canonical /.well-known/conformance.json (see sm-conformance SPEC §3.2).

The badge is self-signed and independently re-verifiable: anyone can recompute pytest conformance/ against the bundled vectors and check the signature offline.

Implementing ARP

ARP is runtime-agnostic — any agent stack can emit conformant receipts. Implement the spec, pass conformance/, and ship a signed sm-conformance badge. The receipt format depends on nothing but Ed25519, JCS, and the W3C did:key method.

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sm_arp-0.2.3.tar.gz (21.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sm_arp-0.2.3-py3-none-any.whl (19.8 kB view details)

Uploaded Python 3

File details

Details for the file sm_arp-0.2.3.tar.gz.

File metadata

  • Download URL: sm_arp-0.2.3.tar.gz
  • Upload date:
  • Size: 21.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sm_arp-0.2.3.tar.gz
Algorithm Hash digest
SHA256 ec73995344b2caa052f439f2d509cb15ea6242ec1450072623ceaee1249540b4
MD5 2855accd6dae2531b52a1d52ab4e7987
BLAKE2b-256 92b07cbcada9ef684d82925e4740e48f919b06b32f44817f896f614ec390a87e

See more details on using hashes here.

Provenance

The following attestation bundles were made for sm_arp-0.2.3.tar.gz:

Publisher: release.yml on Sharathvc23/sm-arp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sm_arp-0.2.3-py3-none-any.whl.

File metadata

  • Download URL: sm_arp-0.2.3-py3-none-any.whl
  • Upload date:
  • Size: 19.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sm_arp-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 7b0aef33e17d9809f4af931be90baae3696dbf63f27da7b8c2de93ae8b325a38
MD5 16d2c4d8deb5630499b2e0b47632da97
BLAKE2b-256 9ecf0b327997b464d929cf9964c9ae327eb2aa9839cea1da00cfef0617550bd5

See more details on using hashes here.

Provenance

The following attestation bundles were made for sm_arp-0.2.3-py3-none-any.whl:

Publisher: release.yml on Sharathvc23/sm-arp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page