{
  "spec": "agent-signing/0.1-stub",
  "domain": "agent-provenance.org",
  "layer": "L4.5",
  "status": "open",
  "description": "Stub declaration for the agent action signing mechanism. This file names the architectural gap honestly: three schemas in this stack (provenance.json, audit.json, revocation.json) reference signing fields without defining the signing protocol. This stub marks the gap, describes what the mechanism must do, and will be replaced by a full specification when the protocol is defined.",
  "open_gap": "No standard signing mechanism for agent declarations and action records is defined as of 2026-05-15. Cryptographic binding of agent_id to issuer public key, and action records to signing keys, is left to PKI/DID method implementations. This file declares the intention to specify it — not the specification itself.",
  "fields_that_reference_this": [
    {
      "file": "provenance.json",
      "field": "agent_origin.signing_key_ref",
      "use": "Public key reference for verifying signed action records."
    },
    {
      "file": "provenance.json",
      "field": "action_record.signed_by",
      "use": "Signing key identifier if this record is cryptographically signed."
    },
    {
      "file": "audit.json",
      "field": "audit_manifest.signing_mechanism",
      "use": "How individual records are signed for tamper-evidence."
    },
    {
      "file": "revocation.json",
      "field": "revocation_status_schema.max_age_seconds",
      "use": "TTL enforcement depends on signed status responses to be meaningful."
    }
  ],
  "what_the_mechanism_must_do": [
    "Bind agent_id to an issuer public key at declaration time.",
    "Sign individual action records so their integrity can be verified after the fact.",
    "Allow signing_key_ref to be dereferenced to retrieve the public key.",
    "Support revocation of signing keys independently of agent authority revocation.",
    "Be compatible with DID document key formats (did:web, did:key) for interoperability."
  ],
  "candidate_approaches": [
    {
      "name": "DID Document keys",
      "description": "Issuer publishes a DID document containing verification methods. signing_key_ref points to a DID fragment. Standard, widely supported.",
      "status": "candidate"
    },
    {
      "name": "JWK endpoint",
      "description": "Issuer publishes a JSON Web Key Set at a well-known URL. signing_key_ref points to the JWKS endpoint and key ID.",
      "status": "candidate"
    },
    {
      "name": "Ed25519 + timestamped manifest",
      "description": "Ed25519 keys published in a signed manifest with key rotation timestamps. Simpler than full DID, sufficient for closed ecosystems.",
      "status": "candidate"
    }
  ],
  "settlement_dependency": "agentsettlement.org settlement records require a defined signing mechanism to make finality claims cryptographically verifiable. A settlement that cannot be signed is an assertion, not a proof. This stub exists partly because the settlement layer named the dependency explicitly.",
  "companion": {
    "provenance_schema": "https://agent-provenance.org/.well-known/provenance.json",
    "audit_schema": "https://agent-provenance.org/.well-known/audit.json",
    "authority_layer": "https://agent-authority.org/.well-known/authority.json",
    "settlement_layer": "https://agentsettlement.org/.well-known/settlement.json"
  }
}