From 083bf9c1490968e7c06a30c61be24ad5e03f5697 Mon Sep 17 00:00:00 2001 From: Claude Bot Date: Thu, 2 Jul 2026 03:27:42 +0800 Subject: [PATCH] fix: Provide stable API/SDK interfaces for AgentBOM and MCP Posture specs (#42) Closes #42 --- README.md | 5 +++-- docs/agent-trust-infra-specs.md | 35 +++++++++++++++++++++++++++++++++ docs/roadmap.md | 1 + 3 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 docs/agent-trust-infra-specs.md diff --git a/README.md b/README.md index 6b8616e..484e63b 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ Source: canonical media hub in the org-wide [`.github` repository](https://githu | [bscode](https://github.com/WasmAgent/bscode) | Cloudflare Workers benchmark & demo workload | | [trace-pipeline](https://github.com/WasmAgent/trace-pipeline) | Trace ingestion, audit, claim/eval pipeline | | [open-agent-audit](https://github.com/WasmAgent/open-agent-audit) | Open evidence format and Cloudflare-native audit toolkit | -| [agent-trust-infra](https://github.com/WasmAgent/agent-trust-infra) | AgentBOM, MCP Posture & Trust Passport specifications | | [fresharena](https://github.com/WasmAgent/fresharena) | Sister project — agent evaluation arena | | [.github](https://github.com/WasmAgent/.github) | Org-wide public ledgers (media, releases, claims) | | [wasmagent](https://github.com/WasmAgent/wasmagent) | This repo — project home, roadmap | @@ -44,7 +43,9 @@ The public media, claims, and release ledgers live in the org-wide Shipped milestones are tracked in the consolidated [release ledger](RELEASE_LEDGER.md). AgentBOM, MCP Posture, and Trust Passport have graduated off the roadmap and are -recorded there as shipped/closed agent-trust-infra deliverables. +recorded there as shipped/closed agent-trust-infra deliverables. For the +code-level API/SDK interfaces, see the +[agent-trust-infra API/SDK reference](docs/agent-trust-infra-specs.md). ## Roadmap diff --git a/docs/agent-trust-infra-specs.md b/docs/agent-trust-infra-specs.md new file mode 100644 index 0000000..680dd1d --- /dev/null +++ b/docs/agent-trust-infra-specs.md @@ -0,0 +1,35 @@ +# AgentBOM & MCP Posture — API/SDK interfaces + +The canonical, code-level definitions of the **AgentBOM**, **MCP Posture**, and +**Trust Passport** specifications live in the +[WasmAgent/agent-trust-infra](https://github.com/WasmAgent/agent-trust-infra) +repository, which is the source of truth for the MCP / Trust / Attestation +domain. This page is the WasmAgent-side index that points tooling and +downstream issues (for example `wasmagent#40`) at those interfaces so they can +link to a stable canonical location rather than to prose alone. + +## What agent-trust-infra provides + +For each of the AgentBOM, MCP Posture, and Trust Passport specs, +agent-trust-infra owns: + +- the normative **specification** document, +- the **validators** — the code-level interface that consumers integrate + against, and +- the **trust artifacts** schema. + +These are the surfaces WasmAgent relies on for trust and attestation, and that +the MCP Firewall / Gateway / Policy / Attestation packages interoperate with. + +## Status + +Per the WasmAgent [release ledger](../RELEASE_LEDGER.md), the AgentBOM, MCP +Posture, and Trust Passport specifications, validators, and trust artifacts are +recorded as shipped via +[agent-trust-infra PR #48](https://github.com/WasmAgent/agent-trust-infra/pull/48) +(end-to-end chain visualization, runnable demo, README stitching), and the +corresponding npm publishes have shipped. + +agent-trust-infra remains the authoritative source for the current API surface, +schema versions, and stability classification. Consult its README and published +packages for the binding contract before integrating. diff --git a/docs/roadmap.md b/docs/roadmap.md index d0d1810..7b08daa 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -7,6 +7,7 @@ milestones are recorded in the org-wide ## Complete +- [x] AgentBOM, MCP Posture & Trust Passport specifications, validators, and trust artifacts — shipped in [agent-trust-infra](https://github.com/WasmAgent/agent-trust-infra) (PR #48); see the [API/SDK interface reference](agent-trust-infra-specs.md) and the [release ledger](../RELEASE_LEDGER.md). - [x] Public trace-pipeline launch — shipped; see the release ledger. - [x] Cloudflare Workers Agent demo (bscode) — shipped; see the release ledger.