Open specification for cryptographic governance receipts. When an AI agent acts, the Sanna Protocol evaluates the action against a constitution, enforces boundaries, and produces a signed receipt proving governance was applied. The receipt binds the policy document, the evaluation result, and the enforcement outcome into a single tamper-evident artifact using Ed25519 signatures and RFC 8785 JSON canonicalization.
| Path | Description |
|---|---|
spec/ |
Protocol specification v1.4 — receipt format, 20-field fingerprint (cv=9), tool identity, agent-model audit fields, multi-surface governance, canonicalization, signing, verification |
schemas/ |
JSON Schema (2020-12) for constitutions and receipts |
fixtures/ |
Golden test fixtures — test keypair, signed constitutions, 4 receipt variants, expected hashes, 1,296 canonicalization test vectors, 24 multi-surface (CLI/API) test vectors |
templates/ |
Starter constitutions: privacy-focused, developer, locked-down |
http/ |
HTTP header conventions (X-Sanna-Receipt, X-Sanna-Receipt-URL, X-Sanna-Verify, X-Sanna-Constitution) |
docs/ |
Implementers guide, protocol comparison (Sanna vs ORS v0.1) |
| Language | Package | Install |
|---|---|---|
| Python | sanna |
pip install sanna |
| TypeScript | @sanna-ai/core |
npm install @sanna-ai/core |
A conformant implementation must produce identical hashes and fingerprints for identical inputs. The fixtures/ directory contains everything needed to verify:
- Load the test keypair from
fixtures/keypairs/ - For each receipt in
fixtures/receipts/, recomputecontext_hash,output_hash, and the cv-appropriate fingerprint (20-field at cv=9, 16-field at cv=8, 14-field at cv=6/7, 12-field at cv=5) - Compare all computed values against
fixtures/golden-hashes.json - Verify Ed25519 signatures using the test public key
All hashes match → conformant. See docs/implementers-guide.md for the full algorithm and common pitfalls.
Protocol versions are independent of SDK versions. Patch versions (1.0.x) are clarifications and new test vectors. Minor versions (1.x.0) add backward-compatible fields. Major versions (x.0.0) are breaking changes to the receipt format, fingerprint algorithm, or signing protocol.