Skip to content

Define verifiable provenance and receipt chaining#7

Merged
SoundBlaster merged 1 commit into
mainfrom
codex/verifiable-provenance-profile
Jul 12, 2026
Merged

Define verifiable provenance and receipt chaining#7
SoundBlaster merged 1 commit into
mainfrom
codex/verifiable-provenance-profile

Conversation

@SoundBlaster

Copy link
Copy Markdown
Member

Motivation

The RFC identified grants and surfaces primarily by mutable identifiers and versions, while receipts lacked one interoperable canonicalization, hash-chain, signature, policy-decision, and trace-correlation contract. That prevented independent implementations from proving which exact authority and manifest governed an action or from validating portable receipt provenance.

Goals

  • Define deterministic content commitments for manifests, grants, action inputs, policy decisions, and receipts.
  • Bind OAuth issuance, introspection, sessions, actions, revocation, and receipts to exact surface and grant hashes.
  • Define typed policy decisions, verifiable parent receipt chains, W3C-compatible trace correlation, and an optional detached JWS receipt-signing profile.
  • Mark dashboard proposals Migrate RFC review cards to planning metadata #10, #14, #32, #33, #35, and #55 present with accurate anchors and rationale.

Changes

  • Add the domain-separated asp-jcs-sha-256 profile using RFC 8785 JCS, SHA-256, base64url encoding, self-field exclusions, negative-input requirements, and two executable hash vectors.
  • Add surface_hash and grant_hash contracts, OAuth projection equality, pinned manifest snapshots, action verification, and fail-closed revocation divergence handling.
  • Add the typed policy.decision object with outcome/reason constraints, safe-to-show explanations, RFC 3339 timestamps, and canonical decision hashes.
  • Add exact action-input commitments, idempotent retry provenance, receipt_hash/parent_receipt_hash chaining, cross-receipt invariants, and trusted-parent delivery semantics.
  • Add W3C Trace Context-compatible trace_id, span_id, restart/link behavior, adapter propagation, and app/runtime log correlation.
  • Add optional detached General JWS receipt signing with ES256, protected-header restrictions, grant-pinned signer roles/JWK thumbprints, key lifecycle rules, and no downgrade from invalid signatures to unsigned evidence.
  • Update review data and regenerate the standalone RFC dashboard.

Validation

  • make review-build PYTHON=/opt/homebrew/opt/python@3.10/libexec/bin/python3
  • make review-check PYTHON=/opt/homebrew/opt/python@3.10/libexec/bin/python3
  • /opt/homebrew/opt/python@3.10/libexec/bin/python3 -m json.tool review/review-data.json >/dev/null
  • Bundled Python semantic validator: parsed all 28 RFC JSON examples with duplicate-key rejection; recomputed both canonical hash vectors; checked manifest, OAuth, grant, action-input, policy, receipt-chain, trace, revocation, and dashboard invariants.
  • Bundled cryptography validation: generated and verified a detached ES256 JWS signing input using the profile's canonical payload and 64-byte JWA R || S encoding.
  • git diff --check
  • Independent read-only completion, security/interoperability, and crypto-vector audits found no remaining blocking findings.

Boundaries and Non-Goals

  • Unsigned receipts remain valid MVP hash-linked evidence unless a hashed grant requires signatures.
  • This PR does not add Approval Receipt proposal #31 or redesign human elicitation/consent lifecycle.
  • This PR defines correlation fields but not a telemetry export protocol or vendor backend.
  • surface_hash commits to the manifest and schema URLs, not transitive external schema bytes; schema bundles/content hashes remain future work.
  • This PR does not define signed Agent Grants, mandatory PKI, trusted timestamping, CBOR/COSE, or event-delivery ordering/replay semantics.

Notes

  • Primary standards: RFC 8785, RFC 7515/7518, RFC 7638, RFC 6979, RFC 8725, RFC 9864, and W3C Trace Context.
  • The PR is intentionally left unmerged for review.

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@SoundBlaster SoundBlaster merged commit f745b65 into main Jul 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant