{"spec":"CTEF (Composable Trust Evidence Format)","spec_version":"0.3.1","spec_anchor":"https://agentgraph.co/.well-known/cte-test-vectors.json","wg_proposal":"https://github.com/a2aproject/A2A/issues/1786","as_of":"2026-05-04","evidence_taxonomy":{"substrate":"JCS canonicalizer byte-match across independent implementations on signed fixtures. Multi-source-proven as of 2026-05-01 via 8 independent canonicalizers + 2 publicly-runnable verification scripts (Nobulex verify-aps-byte-match.mjs + verify-ctef-byte-match.mjs).","verifier_conformance":"claim_type discrimination, composition contracts, negative-path semantics. Per-implementation work that lands per role-taxonomy slot. Citation-graph framing from msaleme (A2A #1786, 2026-04-30) — substrate and verifier conformance are separable evidence categories.","reproducibility":"Anyone-can-clone reproducibility added 2026-04-30 via Nobulex scripts that pull APS + CTEF fixtures from their canonical sources, run through @nobulex/crypto, compare SHA-256 against expected hashes, and emit verification receipts. Lifts the substrate-evidence claim from 'stated and validated' to 'reader-runnable.' On 2026-05-01, APS independently re-ran both scripts and posted PASS receipts (10/10 + 4/4 incl negative-path) mirrored at aeoess/aps-conformance-suite/cross-impl-receipts/ — substrate evidence now lives in two independent repos with no maintainer re-run dependency."},"role_taxonomy":{"evidence_provider":"Issues claim_type-tagged attestations against the CTEF envelope; produces JCS-canonicalized signed evidence; appears as the upstream signer in a verifier's trust chain.","enforcement_gateway":"Evaluation-only: receives evidence bundles, evaluates against policy, returns JWS-signed verdicts (certified true/false + attestation). No evidence emission, no canonicalization dependency. Verifies existing proofs and issues policy decisions only — does not re-sign or re-canonicalize. Sits downstream of evidence providers. Per arkforge framing, A2A #1734 comment 2026-04-30.","substrate_verifier":"Independent canonicalizer + fixture-validation runner with no implementation overlap with the providers it verifies. Reproduces SHA-256s without issuing or evaluating evidence. Closes the 'everyone running the same canonicalizer library' objection for sponsorship review weighting."},"implementations":[{"name":"AgentGraph","maintainer":"@kenneives","language":"Python","role":"evidence_provider","bilateral_delegation_byte_match":"10/10","rotation_attestation_byte_match":"5/5 (live-fetch)","claim_type_live":true,"claim_type_endpoint":"https://agentgraph.co/.well-known/cte-test-vectors.json","test_files":["tests/test_jcs_canonicalize_aps_interop.py","tests/test_aps_rotation_attestation_interop.py","tests/test_cte_test_vectors.py"]},{"name":"Agent Passport System (APS)","maintainer":"@aeoess","language":"Python","role":"evidence_provider","bilateral_delegation_byte_match":"publishes the fixture set","rotation_attestation_byte_match":"publishes the fixture set","claim_type_live":true,"fixture_repo":"https://github.com/aeoess/agent-passport-system"},{"name":"AgentID","maintainer":"@haroldmalikfrimpong-ops","language":"Python","role":"evidence_provider","bilateral_delegation_byte_match":"10/10 (32/32 tests)","rotation_attestation_byte_match":null,"claim_type_live":true,"claim_type_endpoint":"https://getagentid.dev/api/v1/agents/verify"},{"name":"@nobulex/crypto","maintainer":"@arian-gogani","language":"TypeScript","role":"evidence_provider","bilateral_delegation_byte_match":"10/10","ctef_inline_byte_match":"4/4 SHA-256-exact including both negative-path vectors (INVALID_CLAIM_SCOPE, INVALID_COMPOSITION) — A2A #1786 comment 2026-04-30","rotation_attestation_byte_match":"verifier testing in flight","claim_type_live":false,"package":"@nobulex/crypto (npm)","merged_into":"Microsoft Agent Governance Toolkit (microsoft/agent-governance-toolkit#1333, OpenSSF passing badge, 2026-04 week)","reproducibility_scripts":{"aps_bilateral_delegation":"https://github.com/arian-gogani/nobulex/blob/main/scripts/verify-aps-byte-match.mjs","ctef_v031_inline":"https://github.com/arian-gogani/nobulex/blob/main/scripts/verify-ctef-byte-match.mjs","receipt_artifacts":"aps-byte-match-receipt.json + ctef-byte-match-receipt.json in repo root","instructions":"Anyone can clone arian-gogani/nobulex and run `node scripts/verify-aps-byte-match.mjs` and `node scripts/verify-ctef-byte-match.mjs` to reproduce 10/10 APS + 4/4 CTEF byte-match without any AgentGraph or APS code path"},"aaif_filing":"aaif/project-proposals#20 (Nobulex, filed 2026-04-30) — Growth-stage proposal positioning Nobulex bilateral-receipt primitive as accountability infrastructure layered on the CTEF substrate; cites AgentGraph as harness maintainer + 8 byte-match implementations as cross-organization adoption proof"},{"name":"HiveTrust","maintainer":"@srotzin","language":"Python","role":"evidence_provider","inline_vector_byte_match":"4/4 byte-exact + SHA-256-exact (envelope, verdict, scope_violation, composition_failure) — A2A #1786 comment 2026-04-28","bilateral_delegation_byte_match":"alignment confirmed; APS bilateral-delegation + rotation-attestation runs queued","rotation_attestation_byte_match":"queued","claim_type_live":true,"verifier_url":"https://hive-gamification.onrender.com/v1/compliance/verify/{attestation_id}","ed25519_pubkey":"12de746d51fca019c5c64685f2688a0e4a57ab532f6f6c67d44494de43f4c408","schema_url":"https://hivemorph.onrender.com/openapi.json"},{"name":"ArkForge Trust Layer","maintainer":"@desiorac","language":"Python","role":"enforcement_gateway","inline_vector_byte_match":"4/4 byte-exact (canonical + SHA-256) — qntm#7 PR #14, 2026-04-30","constraint_evaluation_vectors":"3 scenarios delivered (within-limit delta=250, near-miss delta=5, exceeded delta=-150) — facet/limit/actual/delta shape from corpollc/qntm#6","claim_type_live":true,"did":"did:web:trust.arkforge.tech","verifier_url":"https://trust.arkforge.tech/v1/proxy","self_verification_script":"specs/test-vectors/verify_execution_attestation_arkforge.py"},{"name":"msaleme clean-room canonicalizer","maintainer":"@msaleme","language":"Python","role":"substrate_verifier","canonicalizer":"trailofbits/rfc8785.py v0.1.4","byte_match_aggregate":"19/19 byte-exact + SHA-256-exact across three fixture sources: AgentGraph CTEF v0.3.1 inline (4/4), APS bilateral-delegation (10/10), APS rotation-attestation (5/5) — A2A #1786 comment 2026-04-30","implementation_independence":"Zero implementation overlap with AgentGraph / APS / AgentID / Nobulex / HiveTrust — closes the 'everyone running the same canonicalizer library' objection","verifier_reference_artifact":"~150 lines of Python over rfc8785.py; offered as standalone WG-citation artifact","claim_type_live":false},{"name":"Foxbook","maintainer":"@cloakmaster","language":"TypeScript","role":"evidence_provider","claim_type_layer":"identity","canonicalizer":"canonicalize@2.1.0 (erdtman RFC 8785 reference impl)","inline_vector_byte_match":"4/4 SHA-256-exact against agentgraph-co/agentgraph@69ad94d — A2A #1672 comment 2026-04-30","claim_type_live":true,"did_method":"did:foxbook:{ULID}","transparency_log":"https://transparency.foxbook.dev","byte_match_report":"https://github.com/cloakmaster/foxbook/blob/9e392c5/ops/evidence/2026-04-30-ctef-v0.3.1-byte-match.md","wg_proposal":"A2A #1803"}],"in_flight":[{"name":"Vorim AI","maintainer":"@kwame","language":"TypeScript","ietf_draft":"draft-vorim-vaip-00","status":"byte-match validation in flight as 6th implementation"},{"name":"Concordia","maintainer":"@erik-newton","language":"Python","status":"PR #10 to haroldmalikfrimpong-ops/agentid-aps-interop approved with 131/131 checks; Concordia v1.0.0 fixtures + verify.py repair"},{"name":"lawcontinue distributed-inference reference","maintainer":"@lawcontinue","status":"245-step sequence_bound case in coordination with APS for v0.3.2 §6.3.1 worked example"},{"name":"msaleme x402 conformance harness (claim_type module)","maintainer":"@msaleme","status":"substrate-layer byte-match completed and promoted to the implementations list (7th impl, substrate_verifier role, 19/19 across three fixture sources via trailofbits/rfc8785.py). Verifier-conformance work for claim_type-tagged compliance scoped against the experimental-ext repo once it opens for test-vector contributions; delivery window not yet scoped. A2A #1786 comment 2026-04-30"},{"name":"AEP (Agentic Exchange Protocol)","maintainer":"@Pineapples100","language":"spec draft","status":"T0–T3 trust tier model + /.well-known/aep-manifest.json for org-level trust boundaries on SMTP/iCal/messaging surfaces; tier-transition proofs would compose as authority-layer claims in CTEF envelope; https://github.com/pmyers-abundance/aep — A2A #1734 comment 2026-04-30"},{"name":"Dominion Observatory","maintainer":"@vdineshk","role_target":"evidence_provider","claim_type_layer":"behavioral","did_target":"did:web:dominion-observatory.sgdata.workers.dev","verifier_endpoint":"https://dominion-observatory.sgdata.workers.dev/benchmark/{mcp-server-id}","production_scale":"Behaviorally monitoring 4,586 MCP servers since April 2026; tier distribution 8 Platinum / 3 Silver / 4 Bronze / 27 Unrated (rest insufficient_data)","ttl_cap":"7 days (per A2A #1734 normative MUST proposal)","schema_proposed":"claim_type: behavioral; tier: Platinum|Silver|Bronze|Unrated; payload.{trust_grade, success_rate, avg_latency_ms, basis}; data_sufficiency.{sample_count, observation_window_days}","status":"Proposed at A2A #1734 2026-05-04. Format accepted as v0.3.2 §4.5 behavioral claim_type canonical reference; byte-match fixture publication via reader-runnable verifier-script pattern (Path A) targeted for v0.3.2 inline-vector window mid-May"},{"name":"openclaw-skill-quality-analyzer (Miaoqu AI)","maintainer":"@jingchang0623-crypto / AIwalker","role_target":"evidence_provider","claim_type_layer":"behavioral","claim_subtype_target":"maintenance_health","repo":"https://github.com/jingchang0623-crypto/openclaw-skill-quality-analyzer","complementary_to":"AgentGraph security scanner — five-dimension scoring (security/docs/tests/maintenance/compatibility) complements security-only static analysis","operator_evidence":"90-day production deployment running 25 OpenClaw skills; concrete failure observations cited at agentgraph-co/agentgraph#17 (telemetry-leaking RSS skill, hardcoded API keys with shell=True SEO skill, fork/upstream permission confusion in GitHub automation skill)","maintenance_health_metric_proposal":"commit_recency + commit_frequency + change_magnitude + maintainer_continuity — proposed for adoption as v0.4 §6.x.y maintenance_health claim_subtype under behavioral layer","status":"Welcomed at agentgraph-co/agentgraph#17 2026-05-04 as Chinese-market operator-side voice + complementary evidence_provider; byte-match validation against CTEF v0.3.1 inline vectors invited"}],"negative_path_vectors":{"scope_violation":{"expected_error_code":"INVALID_CLAIM_SCOPE","purpose":"structural-before-semantic ordering — claim carrying fields outside its declared claim_type MUST be rejected before semantic evaluation"},"composition_failure":{"expected_error_code":"INVALID_COMPOSITION","purpose":"scope-narrowing-only invariant — child scope MUST NOT expand parent scope; composition failure is fail-closed"}},"summary":{"implementations_byte_match_validated":8,"implementations_inline_vector_byte_match_validated":5,"evidence_providers":6,"enforcement_gateways":1,"substrate_verifiers":1,"languages":2,"independent_canonicalizers":8,"wg_proposal_phase":"Proposal Phase, awaiting maintainer sponsorship","fail_closed_negative_paths":2,"reader_runnable_verifiers":2,"cross_repository_receipt_mirrors":2,"automated_mirror_sync":true},"cross_validation_receipts":{"receipt_sources":{"primary":{"repo":"https://github.com/arian-gogani/nobulex","role":"originating verifier","maintainer":"@arian-gogani","files":["aps-byte-match-receipt.json","ctef-byte-match-receipt.json"]},"mirror":{"repo":"https://github.com/aeoess/aps-conformance-suite/tree/main/cross-impl-receipts","role":"third-party mirror with byte-exact SHA-256 verification","maintainer":"@aeoess","sync":"Daily-poll GitHub Action at .github/workflows/sync-cross-impl-receipts.yml — schedule 00:00 UTC, workflow_dispatch wired for ad-hoc triggers","files_pinned_2026_05_02":{"aps-byte-match-receipt.json":"a4d63359574a7408cac8dd3c132586cff611535c4c8f074ed3556a61cf165443","ctef-byte-match-receipt.json":"2e8afc85080ed64fe539c913410f2343d10cba8c5b17f61cc8a7d19e4fa11216","ctef-vectors.json":"b655d1b3e7aeccb8b75517c1efc46d2dbf6759dea07581a1b39d4ab59baa7046","source_commit":"arian-gogani/nobulex@d68fcee","fetched_at":"2026-05-02T00:18:49Z"}}},"agentgraph_to_aps_via_nobulex":{"verifier_repo":"https://github.com/arian-gogani/nobulex","verifier_script":"scripts/verify-aps-byte-match.mjs","fixture_source":"https://github.com/aeoess/agent-passport-system/blob/main/fixtures/bilateral-delegation/canonicalize-fixture-v1.json","result":"10/10 PASS","third_party_rerun":"APS-side rerun 2026-05-01T16:59:33Z; receipt mirrored at aeoess/aps-conformance-suite/cross-impl-receipts/aps-byte-match-receipt.json","seed_sha256":"4f3d8defea1e82c1705c35d97ee4db046c6313ba83855a7d0de04a44f04c834a"},"ctef_v031_via_nobulex":{"verifier_repo":"https://github.com/arian-gogani/nobulex","verifier_script":"scripts/verify-ctef-byte-match.mjs","fixture_source":"https://agentgraph.co/.well-known/cte-test-vectors.json","fixture_version":"0.3.1","fixture_commit":"agentgraph-co/agentgraph@69ad94d","result":"4/4 PASS including both negative-path vectors (INVALID_CLAIM_SCOPE, INVALID_COMPOSITION)","third_party_rerun":"APS-side rerun 2026-05-01T17:03:08Z; receipt mirrored at aeoess/aps-conformance-suite/cross-impl-receipts/ctef-byte-match-receipt.json"},"reciprocal_property":"@nobulex/crypto canonicalizeJson against APS-emitted fixture produces byte-identical SHA-256 to APS SDK canonicalizeJCS at every vector — substrate-layer interop is proven symmetric, not just one-directional.","verifiability_property":"Reviewers can pull receipt artifacts from EITHER arian-gogani/nobulex (originating) OR aeoess/aps-conformance-suite (third-party mirror) and reproduce the byte-match independently. SHA-256 of each mirrored file is documented at the mirror surface with the source-commit pin. Closes the maintainer-rerun-dependency gap entirely."}}