Skip to content

feat: add embodied action receipt fixtures#36

Open
carloshvp wants to merge 1 commit into
agentrust-io:mainfrom
carloshvp:embodied-action-receipts
Open

feat: add embodied action receipt fixtures#36
carloshvp wants to merge 1 commit into
agentrust-io:mainfrom
carloshvp:embodied-action-receipts

Conversation

@carloshvp

Copy link
Copy Markdown
Member

Summary

Adds a small fixture-style embodied-action receipt example for offline verification of externally consequential action evidence.

This complements:

  • cmcp#339 Embodied Action Evidence Profile
  • trace-spec#66 verification.action_receipts axis

What changed

  • Added embodied-action-receipts/ with deterministic JSON fixtures for:
    • accepted signed receipt chain
    • missing required receipt
    • invalid signature
    • valid signed controller rejection
  • Added verify_receipts.py, an offline verifier that checks:
    • recomputed action_ref
    • cMCP call_id / TRACE session binding
    • pinned controller public key
    • Ed25519 receipt signatures
    • hash-chain ordering
    • distinction between invalid receipts and valid rejected outcomes
  • Added generate_fixtures.py for reproducible fixture generation from a deterministic public test seed.
  • Added unit tests and wired them into CI.
  • Listed the example in the root README.

Why

For embodied AI, verification.action_receipts: required should mean action-level receipt evidence is offline-verifiable and bound to the session/call. It should not imply physical completion, controller safety, or functional-safety certification.

The controller-rejected fixture makes that boundary concrete: a signed rejection is valid evidence, but it is not proof that the physical action completed.

Validation

  • python3 -m unittest discover -s embodied-action-receipts/tests -v
  • python3 embodied-action-receipts/verify_receipts.py embodied-action-receipts/fixtures/valid-chain.json
  • python3 embodied-action-receipts/verify_receipts.py embodied-action-receipts/fixtures/controller-rejected.json
  • repo JSON validation: python3 -m json.tool over all JSON files
  • repo YAML validation via pyyaml
  • git diff --check

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile LOW
Credential MEDIUM
Overall MEDIUM

Automated check by AgenTrust Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label Jul 1, 2026
@carloshvp carloshvp marked this pull request as ready for review July 1, 2026 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant