From ade213393ac4b4af2198e1252d217c455bd80247 Mon Sep 17 00:00:00 2001
From: Dasith Wijes <git@dasith.me>
Date: Wed, 27 May 2026 19:14:40 +0000
Subject: [PATCH] docs: fix Mermaid rendering in Two-Key Refresh diagram

Remove semicolon and quotes from Signature-Key message text in the
jkt-jwt sequence diagram. Mermaid interprets ';' as a statement
separator and '"' conflicts with its string delimiters, breaking
the diagram render.
---
 docs/workflows/bootstrap-enrollment.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/workflows/bootstrap-enrollment.md b/docs/workflows/bootstrap-enrollment.md
index 07e00a6..bfe8c06 100644
--- a/docs/workflows/bootstrap-enrollment.md
+++ b/docs/workflows/bootstrap-enrollment.md
@@ -178,7 +178,7 @@ sequenceDiagram
     Note over Agent: Token nearing expiry
     Agent->>Agent: Generate ephemeral Ed25519 key
     Agent->>Agent: Build naming JWT (signed by durable key,<br/>embeds ephemeral key as cnf.jwk)
-    Agent->>AP: POST /refresh (signed with ephemeral key,<br/>Signature-Key: sig=jkt-jwt;jwt="naming-jwt")
+    Agent->>AP: POST /refresh (signed with ephemeral key,<br/>Signature-Key: sig=jkt-jwt jwt=naming-jwt)
     AP->>AP: Extract durable key thumbprint from naming JWT kid
     AP->>AP: Verify naming JWT signature against enrolled durable key
     AP->>AP: Verify HTTP signature against ephemeral key