From 250d6d12a165f6ea980d526dfca80ea99974e140 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 07:35:49 -0400 Subject: [PATCH 01/16] feat(identity): add AttestationEvidence schema --- schemas/AttestationEvidence.json | 104 +++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 schemas/AttestationEvidence.json diff --git a/schemas/AttestationEvidence.json b/schemas/AttestationEvidence.json new file mode 100644 index 0000000..297df94 --- /dev/null +++ b/schemas/AttestationEvidence.json @@ -0,0 +1,104 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/AttestationEvidence.json", + "title": "AttestationEvidence", + "description": "Measured-boot and host-attestation evidence for a SourceOS workstation or edge node.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "capturedAt", + "deviceRef", + "nonce", + "evidenceKind", + "status" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:attestation:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "AttestationEvidence" + }, + "specVersion": { + "type": "string" + }, + "capturedAt": { + "type": "string", + "format": "date-time" + }, + "deviceRef": { + "type": "string" + }, + "nonce": { + "type": "string" + }, + "evidenceKind": { + "type": "string", + "enum": [ + "tpm_quote", + "ima_runtime", + "secure_boot", + "firmware", + "bundle" + ] + }, + "status": { + "type": "string", + "enum": [ + "captured", + "validated", + "failed", + "stale" + ] + }, + "pcrs": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tpmQuote": { + "type": [ + "string", + "null" + ] + }, + "imaAggregate": { + "type": [ + "string", + "null" + ] + }, + "secureBootState": { + "type": [ + "string", + "null" + ] + }, + "firmwareHash": { + "type": [ + "string", + "null" + ] + }, + "collector": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + } + }, + "diagnostics": { + "type": "object" + } + } +} From cdf055cd52bc90da03c9ec353a6c90e33f89e552 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 07:37:00 -0400 Subject: [PATCH 02/16] feat(identity): add GenesisAttestationDocument schema --- schemas/GenesisAttestationDocument.json | 75 +++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 schemas/GenesisAttestationDocument.json diff --git a/schemas/GenesisAttestationDocument.json b/schemas/GenesisAttestationDocument.json new file mode 100644 index 0000000..f19057c --- /dev/null +++ b/schemas/GenesisAttestationDocument.json @@ -0,0 +1,75 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/GenesisAttestationDocument.json", + "title": "GenesisAttestationDocument", + "description": "Canonical genesis ceremony record for initial Proof-of-Self issuance.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "subjectRef", + "issuedAt", + "aad", + "nonce", + "bundleHash", + "status" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:genesis-attestation:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "GenesisAttestationDocument" + }, + "specVersion": { + "type": "string" + }, + "subjectRef": { + "type": "string" + }, + "issuedAt": { + "type": "string", + "format": "date-time" + }, + "aad": { + "type": "string" + }, + "nonce": { + "type": "string" + }, + "bundleHash": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "draft", + "collecting", + "complete", + "superseded", + "failed" + ] + }, + "attestationEvidenceRefs": { + "type": "array", + "items": {"type": "string"} + }, + "livenessProfileRef": { + "type": ["string", "null"] + }, + "validatorPacketRefs": { + "type": "array", + "items": {"type": "string"} + }, + "validatorReceiptRefs": { + "type": "array", + "items": {"type": "string"} + }, + "quorumPolicyRef": { + "type": ["string", "null"] + } + } +} From f61da67dd8b8ecf4aeafd9f3e176f599f1c13d7e Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 07:37:56 -0400 Subject: [PATCH 03/16] feat(identity): add IdentityQuorumPolicy schema --- schemas/IdentityQuorumPolicy.json | 72 +++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 schemas/IdentityQuorumPolicy.json diff --git a/schemas/IdentityQuorumPolicy.json b/schemas/IdentityQuorumPolicy.json new file mode 100644 index 0000000..4462799 --- /dev/null +++ b/schemas/IdentityQuorumPolicy.json @@ -0,0 +1,72 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/IdentityQuorumPolicy.json", + "title": "IdentityQuorumPolicy", + "description": "Threshold and validator-weight policy for genesis, renewal, recovery, and suspension.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "minHumanValidators", + "genesisThreshold", + "renewalThreshold", + "recoveryThreshold" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:identity-quorum-policy:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "IdentityQuorumPolicy" + }, + "specVersion": { + "type": "string" + }, + "minHumanValidators": { + "type": "integer", + "minimum": 1 + }, + "genesisThreshold": { + "type": "number", + "minimum": 0 + }, + "renewalThreshold": { + "type": "number", + "minimum": 0 + }, + "recoveryThreshold": { + "type": "number", + "minimum": 0 + }, + "sharedNonceRequired": { + "type": "boolean", + "default": true + }, + "inPersonRequired": { + "type": "boolean", + "default": true + }, + "timeoutSeconds": { + "type": "integer", + "minimum": 0 + }, + "validatorWeights": { + "type": "object", + "additionalProperties": { + "type": "number", + "minimum": 0 + } + }, + "overrideMode": { + "type": "string", + "enum": [ + "none", + "manual", + "emergency" + ] + } + } +} From 6915937d44fa0ba7d2b145a4bc278fad4f08391b Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 07:42:15 -0400 Subject: [PATCH 04/16] feat(identity): add LivenessProfile schema --- schemas/LivenessProfile.json | 73 ++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 schemas/LivenessProfile.json diff --git a/schemas/LivenessProfile.json b/schemas/LivenessProfile.json new file mode 100644 index 0000000..90a66d7 --- /dev/null +++ b/schemas/LivenessProfile.json @@ -0,0 +1,73 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/LivenessProfile.json", + "title": "LivenessProfile", + "description": "Liveness challenge policy and calibration output for Proof-of-Self verification.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "mode", + "threshold", + "saltPolicy", + "antiReplayWindowSec" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:liveness-profile:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "LivenessProfile" + }, + "specVersion": { + "type": "string" + }, + "mode": { + "type": "string", + "enum": [ + "face", + "voice", + "gesture", + "face_voice", + "voice_gesture", + "face_voice_gesture" + ] + }, + "threshold": { + "type": "integer", + "minimum": 0 + }, + "saltPolicy": { + "type": "string", + "enum": [ + "fixed", + "rotating", + "per-issuance" + ] + }, + "antiReplayWindowSec": { + "type": "integer", + "minimum": 0 + }, + "challengeCount": { + "type": "integer", + "minimum": 1 + }, + "eer": { + "type": ["number", "null"] + }, + "far": { + "type": ["number", "null"] + }, + "frr": { + "type": ["number", "null"] + }, + "calibratedAt": { + "type": ["string", "null"], + "format": "date-time" + } + } +} From 664b7c6b30cffca720625faeee9968c69bbe359f Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 09:40:58 -0400 Subject: [PATCH 05/16] feat(identity): add ProofOfSelfToken schema --- schemas/ProofOfSelfToken.json | 70 +++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 schemas/ProofOfSelfToken.json diff --git a/schemas/ProofOfSelfToken.json b/schemas/ProofOfSelfToken.json new file mode 100644 index 0000000..e38c5f1 --- /dev/null +++ b/schemas/ProofOfSelfToken.json @@ -0,0 +1,70 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/ProofOfSelfToken.json", + "title": "ProofOfSelfToken", + "description": "Canonical Proof-of-Self token issued after successful genesis or renewal.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "subjectRef", + "issuedAt", + "expiresAt", + "state", + "gadRef" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:proof-of-self:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "ProofOfSelfToken" + }, + "specVersion": { + "type": "string" + }, + "subjectRef": { + "type": "string" + }, + "issuedAt": { + "type": "string", + "format": "date-time" + }, + "expiresAt": { + "type": "string", + "format": "date-time" + }, + "state": { + "type": "string", + "enum": [ + "active", + "suspended", + "revoked", + "expired" + ] + }, + "gadRef": { + "type": "string" + }, + "validatorReceiptRefs": { + "type": "array", + "items": {"type": "string"} + }, + "trustRootRefs": { + "type": "array", + "items": {"type": "string"} + }, + "binding": { + "type": "object" + }, + "revocationStatus": { + "type": "object" + }, + "transportHints": { + "type": "object" + } + } +} From 354c5fbd65a672c36bc80c0b9ea9258f036f536c Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:15:50 -0400 Subject: [PATCH 06/16] feat(identity): add RecoveryCeremony schema --- schemas/RecoveryCeremony.json | 74 +++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 schemas/RecoveryCeremony.json diff --git a/schemas/RecoveryCeremony.json b/schemas/RecoveryCeremony.json new file mode 100644 index 0000000..b45d334 --- /dev/null +++ b/schemas/RecoveryCeremony.json @@ -0,0 +1,74 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/RecoveryCeremony.json", + "title": "RecoveryCeremony", + "description": "Structured record of a Proof-of-Self recovery flow.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "subjectRef", + "method", + "startedAt", + "status" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:recovery:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "RecoveryCeremony" + }, + "specVersion": { + "type": "string" + }, + "subjectRef": { + "type": "string" + }, + "method": { + "type": "string", + "enum": [ + "human_hsm", + "shamir_2of3" + ] + }, + "startedAt": { + "type": "string", + "format": "date-time" + }, + "completedAt": { + "type": ["string", "null"], + "format": "date-time" + }, + "status": { + "type": "string", + "enum": [ + "started", + "validated", + "completed", + "failed", + "revoked_old_token" + ] + }, + "oldTokenRef": { + "type": ["string", "null"] + }, + "newTokenRef": { + "type": ["string", "null"] + }, + "validatorReceiptRefs": { + "type": "array", + "items": {"type": "string"} + }, + "hsmEvidence": { + "type": "object" + }, + "attestationEvidenceRefs": { + "type": "array", + "items": {"type": "string"} + } + } +} From f3138a89f9aef53cff911e6f8ffb852d643002db Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:27:27 -0400 Subject: [PATCH 07/16] feat(identity): add RevocationEntry schema --- schemas/RevocationEntry.json | 66 ++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 schemas/RevocationEntry.json diff --git a/schemas/RevocationEntry.json b/schemas/RevocationEntry.json new file mode 100644 index 0000000..a9cb1e3 --- /dev/null +++ b/schemas/RevocationEntry.json @@ -0,0 +1,66 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/RevocationEntry.json", + "title": "RevocationEntry", + "description": "CRL-style revocation or suspension entry for an identity token or trust root.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "targetRef", + "reasonCode", + "effectiveAt", + "issuerRef" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:revocation:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "RevocationEntry" + }, + "specVersion": { + "type": "string" + }, + "targetRef": { + "type": "string" + }, + "reasonCode": { + "type": "string", + "enum": [ + "key_compromise", + "validator_withdrawal", + "device_compromise", + "policy_violation", + "recovery_rotation", + "expired" + ] + }, + "effectiveAt": { + "type": "string", + "format": "date-time" + }, + "issuerRef": { + "type": "string" + }, + "scope": { + "type": "string", + "enum": [ + "token", + "trust_root", + "validator", + "subject" + ] + }, + "evidenceRefs": { + "type": "array", + "items": {"type": "string"} + }, + "notes": { + "type": ["string", "null"] + } + } +} From badcb4a46bf8789115e1e4490122d0728921b952 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:28:27 -0400 Subject: [PATCH 08/16] feat(identity): add ValidatorPacket schema --- schemas/ValidatorPacket.json | 68 ++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 schemas/ValidatorPacket.json diff --git a/schemas/ValidatorPacket.json b/schemas/ValidatorPacket.json new file mode 100644 index 0000000..77d6216 --- /dev/null +++ b/schemas/ValidatorPacket.json @@ -0,0 +1,68 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/ValidatorPacket.json", + "title": "ValidatorPacket", + "description": "Validator signing request for genesis or renewal.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "subjectRef", + "requestedAt", + "expiresAt", + "aad", + "payloadHash" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:validator-packet:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "ValidatorPacket" + }, + "specVersion": { + "type": "string" + }, + "subjectRef": { + "type": "string" + }, + "requestedAt": { + "type": "string", + "format": "date-time" + }, + "expiresAt": { + "type": "string", + "format": "date-time" + }, + "aad": { + "type": "string" + }, + "payloadHash": { + "type": "string" + }, + "sigStructureHash": { + "type": ["string", "null"] + }, + "alg": { + "type": "string", + "enum": [ + "EdDSA", + "ES256", + "RS256", + "PS256" + ] + }, + "quorumPolicyRef": { + "type": ["string", "null"] + }, + "attestationSummary": { + "type": "object" + }, + "livenessSummary": { + "type": "object" + } + } +} From a56d6faf2ff4d188a40e14d0d88df3433720493f Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:30:34 -0400 Subject: [PATCH 09/16] feat(identity): add ValidatorReceipt schema --- schemas/ValidatorReceipt.json | 63 +++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 schemas/ValidatorReceipt.json diff --git a/schemas/ValidatorReceipt.json b/schemas/ValidatorReceipt.json new file mode 100644 index 0000000..4ecd221 --- /dev/null +++ b/schemas/ValidatorReceipt.json @@ -0,0 +1,63 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/ValidatorReceipt.json", + "title": "ValidatorReceipt", + "description": "Signed validator response to a ValidatorPacket.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "packetRef", + "validatorRef", + "receivedAt", + "status" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:validator-receipt:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "ValidatorReceipt" + }, + "specVersion": { + "type": "string" + }, + "packetRef": { + "type": "string" + }, + "validatorRef": { + "type": "string" + }, + "receivedAt": { + "type": "string", + "format": "date-time" + }, + "status": { + "type": "string", + "enum": [ + "approved", + "denied", + "expired", + "invalid" + ] + }, + "coseEnvelopeRef": { + "type": ["string", "null"] + }, + "receiptHash": { + "type": ["string", "null"] + }, + "trustRootRef": { + "type": ["string", "null"] + }, + "decision": { + "type": "string" + }, + "notes": { + "type": ["string", "null"] + } + } +} From 647e0b7210dd3d4a456a5c9dd161397f6b02cb46 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:33:38 -0400 Subject: [PATCH 10/16] feat(identity): add ValidatorTrustRoot schema --- schemas/ValidatorTrustRoot.json | 72 +++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 schemas/ValidatorTrustRoot.json diff --git a/schemas/ValidatorTrustRoot.json b/schemas/ValidatorTrustRoot.json new file mode 100644 index 0000000..aeb9ac2 --- /dev/null +++ b/schemas/ValidatorTrustRoot.json @@ -0,0 +1,72 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/ValidatorTrustRoot.json", + "title": "ValidatorTrustRoot", + "description": "Trust-root entry for validator identity resolution and verification.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "kind", + "status", + "kid" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:validator-trust-root:[A-Za-z0-9._~-]+$" + }, + "type": { + "const": "ValidatorTrustRoot" + }, + "specVersion": { + "type": "string" + }, + "kind": { + "type": "string", + "enum": [ + "spki", + "x509", + "ssh", + "cose" + ] + }, + "status": { + "type": "string", + "enum": [ + "active", + "suspended", + "retired" + ] + }, + "kid": { + "type": "string" + }, + "spkiSha256": { + "type": ["string", "null"] + }, + "x5tS256": { + "type": ["string", "null"] + }, + "pem": { + "type": ["string", "null"] + }, + "x5chain": { + "type": "array", + "items": {"type": "string"} + }, + "validFrom": { + "type": ["string", "null"], + "format": "date-time" + }, + "validTo": { + "type": ["string", "null"], + "format": "date-time" + }, + "issuer": { + "type": ["string", "null"] + } + } +} From 7b5d1e4f46046f34a12096f8296bade4cdf65b25 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:36:02 -0400 Subject: [PATCH 11/16] feat(identity): add identity plane OpenAPI patch fragment --- openapi.agent-plane.patch.identity.yaml | 98 +++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 openapi.agent-plane.patch.identity.yaml diff --git a/openapi.agent-plane.patch.identity.yaml b/openapi.agent-plane.patch.identity.yaml new file mode 100644 index 0000000..ca90a42 --- /dev/null +++ b/openapi.agent-plane.patch.identity.yaml @@ -0,0 +1,98 @@ +paths: + /v2/identity/genesis-packets: + post: + summary: Create a validator packet for genesis or renewal + operationId: createIdentityGenesisPacket + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ValidatorPacket' + responses: + '201': + description: ValidatorPacket created + + /v2/identity/validator-receipts: + post: + summary: Submit a validator receipt + operationId: submitIdentityValidatorReceipt + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ValidatorReceipt' + responses: + '201': + description: ValidatorReceipt accepted + + /v2/identity/posts: + post: + summary: Issue a Proof-of-Self token + operationId: issueProofOfSelfToken + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ProofOfSelfToken' + responses: + '201': + description: ProofOfSelfToken issued + + /v2/identity/recoveries: + post: + summary: Record a recovery ceremony + operationId: recordRecoveryCeremony + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/RecoveryCeremony' + responses: + '201': + description: RecoveryCeremony recorded + + /v2/identity/revocations: + post: + summary: Append a revocation entry + operationId: appendRevocationEntry + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/RevocationEntry' + responses: + '201': + description: RevocationEntry appended + + /v2/identity/attestations: + post: + summary: Record attestation evidence + operationId: recordAttestationEvidence + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/AttestationEvidence' + responses: + '201': + description: AttestationEvidence recorded + + /v2/identity/quorum-policies: + post: + summary: Create or update an identity quorum policy + operationId: upsertIdentityQuorumPolicy + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityQuorumPolicy' + responses: + '201': + description: IdentityQuorumPolicy stored From c04db7f804e4da0f0fb1c631cfdefe59b9fa9b87 Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:47:50 -0400 Subject: [PATCH 12/16] feat(identity): add identity plane AsyncAPI patch fragment --- asyncapi.agent-plane.patch.identity.yaml | 35 ++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 asyncapi.agent-plane.patch.identity.yaml diff --git a/asyncapi.agent-plane.patch.identity.yaml b/asyncapi.agent-plane.patch.identity.yaml new file mode 100644 index 0000000..b312761 --- /dev/null +++ b/asyncapi.agent-plane.patch.identity.yaml @@ -0,0 +1,35 @@ +channels: + srcos.v2.identity.packet.requested: + publish: + message: + $ref: '#/components/messages/ValidatorPacketMessage' + + srcos.v2.identity.packet.signed: + publish: + message: + $ref: '#/components/messages/ValidatorReceiptMessage' + + srcos.v2.identity.post.issued: + publish: + message: + $ref: '#/components/messages/ProofOfSelfTokenMessage' + + srcos.v2.identity.post.renewed: + publish: + message: + $ref: '#/components/messages/ProofOfSelfTokenMessage' + + srcos.v2.identity.post.revoked: + publish: + message: + $ref: '#/components/messages/RevocationEntryMessage' + + srcos.v2.identity.attestation.drift: + publish: + message: + $ref: '#/components/messages/AttestationEvidenceMessage' + + srcos.v2.identity.recovery.completed: + publish: + message: + $ref: '#/components/messages/RecoveryCeremonyMessage' From a2821ac2bd7202983c0225d1b1d8e459e6b01e9b Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:49:04 -0400 Subject: [PATCH 13/16] docs(identity): add proof-of-self identity plane ADR --- docs/adr/ADR-proof-of-self-identity-plane.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docs/adr/ADR-proof-of-self-identity-plane.md diff --git a/docs/adr/ADR-proof-of-self-identity-plane.md b/docs/adr/ADR-proof-of-self-identity-plane.md new file mode 100644 index 0000000..3821e38 --- /dev/null +++ b/docs/adr/ADR-proof-of-self-identity-plane.md @@ -0,0 +1,17 @@ +# ADR — Proof-of-Self Identity Plane + +## Status +Accepted + +## Context +SourceOS requires a first-class identity plane for local issuance, validator-backed trust, recovery, revocation, and attestation-bound proof artifacts. + +## Decision +We add a Proof-of-Self identity family to `sourceos-spec` as typed contracts and additive agent-plane patches. +The runtime lives in a separate implementation repo and is not embedded into the substrate, integration spine, or optional commons. + +## Consequences +- Identity objects become machine-verifiable and transport-neutral. +- Issuance, revocation, and recovery become receipt-bearing and event-emitting. +- Local operation remains possible without `socios`. +- `agentos-spine` integrates but does not absorb the runtime. From b325cdffa0264d7f6f2986aa9032fe2f4f87599b Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:05:16 -0400 Subject: [PATCH 14/16] feat(identity): add AttestationEvidence example --- examples/attestationevidence.json | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 examples/attestationevidence.json diff --git a/examples/attestationevidence.json b/examples/attestationevidence.json new file mode 100644 index 0000000..67870df --- /dev/null +++ b/examples/attestationevidence.json @@ -0,0 +1,11 @@ +{ + "id": "urn:srcos:attestation:demo-001", + "type": "AttestationEvidence", + "specVersion": "2.1.0", + "capturedAt": "2026-04-14T12:00:00Z", + "deviceRef": "urn:srcos:device:demo", + "nonce": "nonce-demo", + "evidenceKind": "bundle", + "status": "captured", + "pcrs": {} +} From 4a6bf6680adf368a44e9a6328ee539fddc40636a Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:18:14 -0400 Subject: [PATCH 15/16] feat(identity): add GenesisAttestationDocument example --- examples/genesisattestationdocument.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 examples/genesisattestationdocument.json diff --git a/examples/genesisattestationdocument.json b/examples/genesisattestationdocument.json new file mode 100644 index 0000000..c768ce7 --- /dev/null +++ b/examples/genesisattestationdocument.json @@ -0,0 +1,16 @@ +{ + "id": "urn:srcos:genesis-attestation:demo-001", + "type": "GenesisAttestationDocument", + "specVersion": "2.1.0", + "subjectRef": "urn:srcos:subject:demo", + "issuedAt": "2026-04-14T12:00:00Z", + "aad": "pos-validator", + "nonce": "nonce-demo", + "bundleHash": "abc123", + "status": "complete", + "attestationEvidenceRefs": [], + "livenessProfileRef": null, + "validatorPacketRefs": [], + "validatorReceiptRefs": [], + "quorumPolicyRef": null +} From b819e35eae34ba91289a1cabaacfe34d5e4b423f Mon Sep 17 00:00:00 2001 From: mdheller <21163552+mdheller@users.noreply.github.com> Date: Wed, 15 Apr 2026 22:10:42 -0400 Subject: [PATCH 16/16] feat(identity): add ProofOfSelfToken example --- examples/proofofselftoken.json | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 examples/proofofselftoken.json diff --git a/examples/proofofselftoken.json b/examples/proofofselftoken.json new file mode 100644 index 0000000..30248c7 --- /dev/null +++ b/examples/proofofselftoken.json @@ -0,0 +1,21 @@ +{ + "id": "urn:srcos:proof-of-self:demo-post-001", + "type": "ProofOfSelfToken", + "specVersion": "2.1.0", + "subjectRef": "urn:srcos:subject:demo", + "issuedAt": "2026-04-14T12:00:00Z", + "expiresAt": "2027-04-14T12:00:00Z", + "state": "active", + "gadRef": "urn:srcos:genesis-attestation:demo-001", + "validatorReceiptRefs": [ + "urn:srcos:validator-receipt:v1", + "urn:srcos:validator-receipt:v2", + "urn:srcos:validator-receipt:v3" + ], + "trustRootRefs": [ + "urn:srcos:validator-trust-root:root-001" + ], + "binding": {}, + "revocationStatus": {}, + "transportHints": {} +}