Skip to content

docs: external evidence anchoring and agent spend attribution#907

Merged
jithinraj merged 1 commit into
mainfrom
docs/anchoring-and-agent-spend-attribution-v2
Jul 10, 2026
Merged

docs: external evidence anchoring and agent spend attribution#907
jithinraj merged 1 commit into
mainfrom
docs/anchoring-and-agent-spend-attribution-v2

Conversation

@jithinraj

@jithinraj jithinraj commented Jul 10, 2026

Copy link
Copy Markdown
Member

Summary

Two docs-only additions plus tightly related documentation-truth fixes: how operators register, timestamp, or checkpoint PEAC evidence digests using external services, and how to attribute observed spend across correlated workflow records, with delegation context. No protocol, wire, schema, registry, receipt-type, extension-group, public API, package, dependency, conformance, or build-target change.

Scope

Six files (2 new, 4 edits):

  • NEW docs/guides/anchoring-evidence-digests.md
  • NEW docs/SOLUTIONS/agent-spend-attribution.md
  • docs/SOLUTIONS/README.md (one index row)
  • docs/START_HERE.md (one audit-section link)
  • docs/WHEN_NOT_TO_USE_PEAC.md (records-layer wording + boundary corrections)
  • examples/workflow-correlation/README.md (aligned to its own executable demo)

build_targets unchanged (110); no example code or build target added.

Changes

  • Anchoring guide: three anchorable digests (receipt_ref, dispute-bundle content_hash, receipt_merkle_root); a per-mechanism assurance table (SCITT / RFC 9943 + RFC 9942, RFC 3161 TSA, signed git tag, generic append-only log); complete Merkle commitment metadata (tree_alg, hash_alg, tree_size, plus the inclusion proof) with a membership-only boundary; RFC 3161 evidence stated as "no later than genTime" (interpreted with accuracy), with an explicit non-goal that it does not establish the exact interaction time; a tightened RFC 3161 checklist (exact imprint, nonce-if-supplied else trusted-time policy, CMS signature, signer-certificate binding via SigningCertificate/ESSCertID or SigningCertificateV2/ESSCertIDv2 per RFC 5816/RFC 5035, id-kp-timeStamping as sole critical EKU, long-term archival material); RFC 9921's two constructions named correctly (COSE, Then Timestamp; Timestamp, Then COSE); explicit signed-Git digest binding (digest in the signed tag message or a committed manifest reachable from the signed tag); SCITT full-record vs digest-only over the Statement payload authenticated as an RFC 9943 Signed Statement; ERC-8126/ERC-8004 as related external composition only. PEAC anchors nothing itself.
  • Agent spend attribution: attribution is a read over verified records. workflow_id (under ext["org.peacprotocol/correlation"]) is correlation metadata, not proof of workflow membership or authorization: establish a bounded review set and an accepted-issuer/participant policy first, group only accepted records, and resolve every parent_jti/depends_on to exactly one accepted record (zero = dangling, multiple = ambiguous and rejected; never by array order). Source identity preserved as receipt_ref and the (iss, jti) tuple; BigInt minor-unit summing via isValidAmountMinor, grouped by exact currency. The com.example/finance extension and the linked acknowledgment binding are example-local / integrator-defined and name no PEAC receipt type or extension group; digest references are not confidentiality controls. PEAC verification is shown separately from integrator-defined correlation and linkage checks.
  • WHEN_NOT_TO_USE: agent-to-agent communication -> A2A (or another dedicated agent-communication protocol); model/tool integration -> MCP; ACP removed from the messaging recommendation (it is an agentic-commerce protocol, not agent messaging). Identity section limited to what PEAC actually does (verifies records using externally established identifiers/keys; no identity proofing or credential issuance). Reputation section: PEAC records may be signed inputs; PEAC does not calculate/aggregate/endorse/enforce scores. Generic "receipts" -> "records". PEAC defines no field-level selective-disclosure or ZK format.
  • workflow-correlation example README: corrected to describe the executable demo.ts exactly (org.peacprotocol/correlation with workflow_id/parent_jti/depends_on), a repo-root run command, a production-ID warning (do not use Math.random()), and a correlation-metadata-is-not-authorization note. No example code or build target changed.

Validation

Prettier, git diff --check, forbid-strings, repo-links gate, reference verifiers (doc-truth / hygiene / stale-labels), codegen-drift, registries-schema, no-widening, verify:release, api-contract check (no drift), typecheck:core, and pnpm gate:fast all pass. Planning-leak and public-artifact scanners clean on all six files; full-diff Unicode scan reports zero format/bidi/zero-width/BOM code points. All structural sentinels unchanged (build_targets 110, api_contract 27, kernel errors 189, receipt types 61, extension groups 19, conformance 290, wire 0.2, published 36).

@jithinraj jithinraj force-pushed the docs/anchoring-and-agent-spend-attribution-v2 branch 2 times, most recently from 3f4036d to 326638a Compare July 10, 2026 14:20
@jithinraj jithinraj force-pushed the docs/anchoring-and-agent-spend-attribution-v2 branch from 326638a to 1212be0 Compare July 10, 2026 14:56
@jithinraj jithinraj merged commit f27b04a into main Jul 10, 2026
25 checks passed
@jithinraj jithinraj deleted the docs/anchoring-and-agent-spend-attribution-v2 branch July 10, 2026 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant