Skip to content

Expand signed ledger event coverage beyond route_audit #72

Description

@coreytshaffer

Summary

Follow-up from #4.

The persistent identity foundation is MVP-complete for local agent identities, Ed25519 signing, capability checks, revocation, signed route_audit events, and verification. This issue tracks any deliberate expansion of signed ledger event coverage beyond route_audit.

Candidate event types

  • taskpacket_created
  • route_decision
  • validation_result
  • project_steward_decision

Constraints

  • Do not sign or persist raw sensitive prompt/data content.
  • Do not treat a valid signature as approval, safety, or correctness.
  • Keep event-specific capability checks, such as validation_result:sign.
  • Preserve existing human review and admission gates.

Acceptance criteria

  • Document which event types are intentionally signed and which remain unsigned.
  • Any new signed event path has explicit capability checks.
  • Tests cover success, tampering, unknown agent, revoked agent, and unauthorized capability.
  • Verification output remains operator-facing and does not expose private keys or raw sensitive content.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions