Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 24 additions & 7 deletions .well-known/agents-shipgate.json
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,8 @@
"verification_worker": "agents-shipgate verification worker --plan agents-shipgate-reports/verification-plan.json --workspace . --out agents-shipgate-reports/verification-unit-result.json",
"verification_assemble": "agents-shipgate verification assemble --plan agents-shipgate-reports/verification-plan.json --unit-result agents-shipgate-reports/verification-unit-result.json --verifier agents-shipgate-reports/verifier.json --artifacts-root agents-shipgate-reports --out agents-shipgate-reports/verification-receipt.json",
"verification_reproduce": "agents-shipgate verification reproduce --receipt agents-shipgate-reports/verification-receipt.json --artifacts-root agents-shipgate-reports",
"authorization_request": "agents-shipgate authorization request --receipt agents-shipgate-reports/verification-receipt.json --artifacts-root agents-shipgate-reports --remote origin --destination-ref refs/heads/<branch> --expected-lease-oid <oid> --out agents-shipgate-reports/human-authorization-request.json",
"authorization_execute": "agents-shipgate authorization execute --workspace . --receipt agents-shipgate-reports/verification-receipt.json --artifacts-root agents-shipgate-reports",
"agent_handoff": "agents-shipgate agent handoff --from agents-shipgate-reports/verifier.json --json",
"trigger": "agents-shipgate trigger --base origin/main --head HEAD --json",
"capability_export": "agents-shipgate capability export -c shipgate.yaml",
Expand Down Expand Up @@ -178,18 +180,24 @@
"agent_boundary_result_schema_path": "docs/agent-boundary-result-schema.v1.json",
"report_schema_version": "0.34",
"packet_schema_version": "0.12",
"verifier_schema_version": "0.5",
"verifier_schema_version": "0.6",
"verify_run_schema_version": "shipgate.verify_run/v3",
"verification_plan_schema_version": "shipgate.verification_plan/v1",
"verification_unit_result_schema_version": "shipgate.verification_unit_result/v1",
"verification_artifact_manifest_schema_version": "shipgate.verification_artifact_manifest/v1",
"verification_receipt_schema_version": "shipgate.verification_receipt/v1",
"agent_handoff_schema_version": "shipgate.agent_handoff/v5",
"agent_handoff_schema_path": "docs/agent-handoff-schema.v5.json",
"human_authorization_request_schema_version": "shipgate.human_authorization_request/v1",
"human_authorization_schema_version": "shipgate.human_authorization/v1",
"human_authorization_evaluation_schema_version": "shipgate.human_authorization_evaluation/v1",
"human_authorization_trust_policy_schema_version": "shipgate.human_authorization_trust_policy/v1",
"human_authorization_trust_policy_default_path": "~/.config/agents-shipgate/human-authorization-trust-policy.json",
"human_authorization_schema_path": "docs/human-authorization-schema.v1.json",
"agent_handoff_schema_version": "shipgate.agent_handoff/v6",
"agent_handoff_schema_path": "docs/agent-handoff-schema.v6.json",
"agent_handoff_artifact": "agents-shipgate-reports/agent-handoff.json",
"contract_version": "17",
"contract_version": "18",
"minimum_control_contract_version": "14",
"local_agent_contract_schema_version": "6",
"local_agent_contract_schema_version": "7",
"inputs": [
"mcp",
"openapi",
Expand Down Expand Up @@ -218,6 +226,8 @@
"verification_unit_result_json",
"verification_artifact_manifest_json",
"verification_receipt_json",
"human_authorization_request_json",
"human_authorization_json",
"pr_comment_md",
"check_annotations_json",
"capability_lock_json",
Expand All @@ -240,6 +250,8 @@
"verification_unit_result": "agents-shipgate-reports/verification-unit-result.json",
"verification_artifact_manifest": "agents-shipgate-reports/verification-artifacts.json",
"verification_receipt": "agents-shipgate-reports/verification-receipt.json",
"human_authorization_request": "agents-shipgate-reports/human-authorization-request.json",
"human_authorization": "agents-shipgate-reports/human-authorization.json",
"report": "agents-shipgate-reports/report.json",
"pr_comment": "agents-shipgate-reports/pr-comment.md",
"check_annotations": "agents-shipgate-reports/check-annotations.json",
Expand Down Expand Up @@ -296,6 +308,7 @@
"verification_unit_result",
"verification_artifact_manifest",
"verification_receipt",
"human_authorization",
"host_grants_inventory",
"host_grants_baseline",
"host_grants_drift",
Expand Down Expand Up @@ -378,6 +391,7 @@
},
"verifier_read_order": [
"control.state",
"authorization",
"execution",
"merge_verdict",
"applicability",
Expand All @@ -395,6 +409,7 @@
"verification-receipt.json.receipt_id",
"agent-handoff.json",
"agent-handoff.json.control.state",
"agent-handoff.json.authorization",
"verifier.json.control.state",
"verify-run.json",
"report.json.release_decision.decision"
Expand All @@ -410,6 +425,7 @@
"prohibited-action",
"runtime-trace",
"human-ack",
"human-authorization",
"suppression",
"waiver",
"baseline",
Expand All @@ -425,13 +441,14 @@
"agent_result": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/agent-result-schema.v2.json",
"agent_boundary_result": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/agent-boundary-result-schema.v1.json",
"codex_boundary_result": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/codex-boundary-result-schema.v2.json",
"verifier": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verifier-schema.v0.5.json",
"verifier": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verifier-schema.v0.6.json",
"verify_run": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verify-run-schema.v3.json",
"verification_plan": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verification-plan-schema.v1.json",
"verification_unit_result": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verification-unit-result-schema.v1.json",
"verification_artifact_manifest": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verification-artifact-manifest-schema.v1.json",
"verification_receipt": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/verification-receipt-schema.v1.json",
"agent_handoff": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/agent-handoff-schema.v5.json",
"human_authorization": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/human-authorization-schema.v1.json",
"agent_handoff": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/agent-handoff-schema.v6.json",
"packet": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/packet-schema.v0.12.json",
"preflight": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/preflight-schema.v0.3.json",
"capability_lock": "https://raw.githubusercontent.com/ThreeMoonsLab/agents-shipgate/main/docs/capability-lock-schema.v0.6.json",
Expand Down
37 changes: 29 additions & 8 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,37 @@
prepare|worker|assemble|reproduce` exposes the portable v1 protocol without
claiming distributed policy evaluation, arbitrary sharding, or parallel
speedup.
- **Identity contract versions.** Runtime contract advances to v17; report to
v0.34; packet to v0.12; verifier to v0.5; verify-run to v3; handoff to v5;
attestation to v0.5; registry to v0.4; organization evidence bundle to v2;
downstream local contract to v6; and safety qualification formats to v4.
- **Externally rooted exact-operation authorization (contract v18).** A trusted
host can derive an unsigned authorization request from a host-attested
`review_required` receipt, authenticate a human, and return a short-lived
Ed25519 grant for one exact force-with-lease Git push. Agents Shipgate ships
no signing or approval command. A second verification recomputes the complete
request, decision, review set, repository, and tree identities before an
accepted grant exposes only the guarded `authorization execute` consumer;
the release decision, merge verdict, and completion authority remain
unchanged. The executor revalidates current evidence and expiry immediately
before using an isolated Git object store. Authorization requires an exact
plugins-disabled engine, rejects third-party plugin loading in the broker,
and parent-streams the Git pack with bounded stdout, stderr, and time.
Authorization remains disabled
without a host-protected trust policy, launcher, interpreter, entire virtual
environment and `site-packages` tree, dependencies, credentials, and
separately installed distribution; same-UID modes and editable workspace
installs are not a trust boundary.
- **Identity and authorization contract versions.** Runtime contract advances
to v18; report to v0.34; packet to v0.12; verifier to v0.6; verify-run to v3;
handoff to v6; attestation to v0.5; registry to v0.4; organization evidence
bundle to v2;
downstream local contract to v7; and safety qualification formats to v4.
Verification plan, unit-result, artifact-manifest, and receipt schemas begin
at v1. Prior schemas remain frozen readers.
at v1. The authorization request, signed grant, verifier evaluation, and
external trust-policy schemas also begin at v1. Prior schemas remain frozen
readers.
- **Immutable CI subject.** The GitHub Action evaluates `github.sha` by default
and records a pull request's source head separately. It exports receipt,
request, decision, and artifact-set identities only after validating every
terminal artifact hash.
and treats the default pull-request synthetic merge as authorization-
ineligible. Push authorization requires a separate verification of the exact
PR head commit. The Action exports receipt, request, decision, and
artifact-set identities only after validating every terminal artifact hash.
- **Non-forgeable trust decay.** The content-bound commit evaluation date
remains reproducibility provenance, but cannot extend reviewer-owned trust.
Baseline, acknowledgement, and severity-override expiry use the later of that
Expand Down
Loading
Loading