Skip to content

feat: add embodied action receipt fixtures#36

Open
carloshvp wants to merge 1 commit into
agentrust-io:mainfrom
carloshvp:embodied-action-receipts
Open

feat: add embodied action receipt fixtures#36
carloshvp wants to merge 1 commit into
agentrust-io:mainfrom
carloshvp:embodied-action-receipts

Conversation

@carloshvp

Copy link
Copy Markdown
Member

Summary

Adds a small fixture-style embodied-action receipt example for offline verification of externally consequential action evidence.

This complements:

  • cmcp#339 Embodied Action Evidence Profile
  • trace-spec#66 verification.action_receipts axis

What changed

  • Added embodied-action-receipts/ with deterministic JSON fixtures for:
    • accepted signed receipt chain
    • missing required receipt
    • invalid signature
    • valid signed controller rejection
  • Added verify_receipts.py, an offline verifier that checks:
    • recomputed action_ref
    • cMCP call_id / TRACE session binding
    • pinned controller public key
    • Ed25519 receipt signatures
    • hash-chain ordering
    • distinction between invalid receipts and valid rejected outcomes
  • Added generate_fixtures.py for reproducible fixture generation from a deterministic public test seed.
  • Added unit tests and wired them into CI.
  • Listed the example in the root README.

Why

For embodied AI, verification.action_receipts: required should mean action-level receipt evidence is offline-verifiable and bound to the session/call. It should not imply physical completion, controller safety, or functional-safety certification.

The controller-rejected fixture makes that boundary concrete: a signed rejection is valid evidence, but it is not proof that the physical action completed.

Validation

  • python3 -m unittest discover -s embodied-action-receipts/tests -v
  • python3 embodied-action-receipts/verify_receipts.py embodied-action-receipts/fixtures/valid-chain.json
  • python3 embodied-action-receipts/verify_receipts.py embodied-action-receipts/fixtures/controller-rejected.json
  • repo JSON validation: python3 -m json.tool over all JSON files
  • repo YAML validation via pyyaml
  • git diff --check

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile LOW
Credential MEDIUM
Overall MEDIUM

Automated check by AgenTrust Contributor Check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant