Tracking issue for Cycles-side v0.2 follow-up work that depends on downstream conditions not yet met. Mirrors aeoess/agent-governance-vocabulary#94 (which tracks the same follow-ups from the vocabulary side) so the work is discoverable from this repo too.
Context
The Cycles ↔ APS integration arc (aeoess/agent-passport-system#25) landed three Cycles-side artifacts in May 2026:
runcycles/cycles-protocol#90 — drafts/cycles-evidence-v0.1.yaml (signed evidence envelope + 13 reference fixtures + generator/verifier)runcycles/cycles-protocol#93 — drafts/cycles-aps-denial-mapping-v0.1.md (Cycles denial signals → APS PaymentDenial Tier-1 reason mapping spec)aeoess/agent-governance-vocabulary#92 — crosswalk/cycles.yaml (Cycles signal-type crosswalk, v0.1 scope)
All three are v0.1 drafts. Each has a documented v0.2 promotion criterion that depends on conditions outside this repo.
Cycles-side v0.2 follow-ups
1. system_attributes population on crosswalk/cycles.yaml
Gating condition: A Cycles deployment ships CyclesEvidence emission.
Why: The system_attributes fields (signature_capability, canonicalization_profile, hash_family) describe the on-wire signed envelope. Cycles' current wire surface is server-issued JSON over TLS with bearer-token auth — there's no signed envelope yet. Once a deployment emits CyclesEvidence envelopes (RFC 8785 JCS + sha256 + Ed25519), the three fields become populatable byte-for-byte. Until then, leaving them empty is the honest state.
Follow-up PR target: aeoess/agent-governance-vocabulary (amends crosswalk/cycles.yaml).
2. replay_class promotion decision_replay → full_replay
Gating condition: A cross-system consumer integrates against CyclesEvidence end-to-end.
Why: replay_class is currently decision_replay because verifying a Cycles wire response requires the server's live ledger state (the on-wire JSON isn't self-contained for offline audit). The CyclesEvidence envelope closes that gap — it's content-addressed and signature-verifiable without ledger access. The promotion becomes defensible once at least one consumer (the APS adapter at aeoess/agent-passport-system#25 is the obvious first case) ships against the envelope shape and demonstrates the offline-verify round-trip.
Follow-up PR target: aeoess/agent-governance-vocabulary (amends crosswalk/cycles.yaml).
3. CyclesEvidence normative reference
Gating condition: drafts/cycles-evidence-v0.1.yaml is promoted out of drafts/ to a numbered spec file at repo root (e.g. cycles-evidence-v0.2.yaml).
Why: Adapter authors and audit consumers benefit from the crosswalk pointing at a normative URL, not a draft. The promotion itself requires (a) at least one production implementation shipping the envelope and (b) at least one cross-system consumer integrating end-to-end — same dependency set as #2 plus an emitter.
Follow-up PR target: Two coordinated PRs — one against runcycles/cycles-protocol (the spec promotion itself), one against aeoess/agent-governance-vocabulary (the crosswalk reference update).
Not blocking on agent-governance-vocabulary#94
aeoess explicitly stated in the #92 merge comment that the three registry-wide concerns tracked at #94 (validity_temporal: at_issuance for TTL-windowed authorizations, enforcement_class: binding semantics on network-call gates, verified_at + reverify_after for active-development crosswalks) do not gate the three Cycles-specific follow-ups above. The two issues are orthogonal.
State of dependencies
| Dependency |
Status |
APS SDK PR adding rail.budget_reservation.{permit,release,denial}.v1 literals |
not yet opened (aeoess committed to it in aeoess/agent-passport-system#25 comment 4433715146) |
APS adapter PR adding src/v2/payment-rails/cycles/index.ts (where mapCyclesDenialToFoundation() lands) |
blocked on SDK PR |
agentic-commerce-protocol/agentic-commerce-protocol#252 (Ectsang authorize → reserve rename) |
implemented on Ectsang's fork (Ectsang/AP2:samples/cross-merchant-budget at commit 403fc9b), not upstreamed |
Cycles deployment emitting CyclesEvidence envelopes |
not yet implemented |
The first three are external; the fourth could become local Cycles-side work but doesn't block the spec/crosswalk work.
Open until
All three follow-ups have closed PRs in this repo and on agent-governance-vocabulary. At that point the v0.1 drafts are superseded by their numbered v0.2 successors and this tracking issue can close.
Tracking issue for Cycles-side v0.2 follow-up work that depends on downstream conditions not yet met. Mirrors
aeoess/agent-governance-vocabulary#94(which tracks the same follow-ups from the vocabulary side) so the work is discoverable from this repo too.Context
The Cycles ↔ APS integration arc (
aeoess/agent-passport-system#25) landed three Cycles-side artifacts in May 2026:runcycles/cycles-protocol#90—drafts/cycles-evidence-v0.1.yaml(signed evidence envelope + 13 reference fixtures + generator/verifier)runcycles/cycles-protocol#93—drafts/cycles-aps-denial-mapping-v0.1.md(Cycles denial signals → APS PaymentDenial Tier-1 reason mapping spec)aeoess/agent-governance-vocabulary#92—crosswalk/cycles.yaml(Cycles signal-type crosswalk, v0.1 scope)All three are v0.1 drafts. Each has a documented v0.2 promotion criterion that depends on conditions outside this repo.
Cycles-side v0.2 follow-ups
1.
system_attributespopulation oncrosswalk/cycles.yamlGating condition: A Cycles deployment ships CyclesEvidence emission.
Why: The
system_attributesfields (signature_capability,canonicalization_profile,hash_family) describe the on-wire signed envelope. Cycles' current wire surface is server-issued JSON over TLS with bearer-token auth — there's no signed envelope yet. Once a deployment emitsCyclesEvidenceenvelopes (RFC 8785 JCS + sha256 + Ed25519), the three fields become populatable byte-for-byte. Until then, leaving them empty is the honest state.Follow-up PR target:
aeoess/agent-governance-vocabulary(amendscrosswalk/cycles.yaml).2.
replay_classpromotiondecision_replay→full_replayGating condition: A cross-system consumer integrates against CyclesEvidence end-to-end.
Why:
replay_classis currentlydecision_replaybecause verifying a Cycles wire response requires the server's live ledger state (the on-wire JSON isn't self-contained for offline audit). TheCyclesEvidenceenvelope closes that gap — it's content-addressed and signature-verifiable without ledger access. The promotion becomes defensible once at least one consumer (the APS adapter ataeoess/agent-passport-system#25is the obvious first case) ships against the envelope shape and demonstrates the offline-verify round-trip.Follow-up PR target:
aeoess/agent-governance-vocabulary(amendscrosswalk/cycles.yaml).3.
CyclesEvidencenormative referenceGating condition:
drafts/cycles-evidence-v0.1.yamlis promoted out ofdrafts/to a numbered spec file at repo root (e.g.cycles-evidence-v0.2.yaml).Why: Adapter authors and audit consumers benefit from the crosswalk pointing at a normative URL, not a draft. The promotion itself requires (a) at least one production implementation shipping the envelope and (b) at least one cross-system consumer integrating end-to-end — same dependency set as #2 plus an emitter.
Follow-up PR target: Two coordinated PRs — one against
runcycles/cycles-protocol(the spec promotion itself), one againstaeoess/agent-governance-vocabulary(the crosswalk reference update).Not blocking on
agent-governance-vocabulary#94aeoess explicitly stated in the
#92merge comment that the three registry-wide concerns tracked at#94(validity_temporal: at_issuancefor TTL-windowed authorizations,enforcement_class: bindingsemantics on network-call gates,verified_at+reverify_afterfor active-development crosswalks) do not gate the three Cycles-specific follow-ups above. The two issues are orthogonal.State of dependencies
rail.budget_reservation.{permit,release,denial}.v1literalsaeoesscommitted to it inaeoess/agent-passport-system#25comment 4433715146)src/v2/payment-rails/cycles/index.ts(wheremapCyclesDenialToFoundation()lands)agentic-commerce-protocol/agentic-commerce-protocol#252(Ectsangauthorize→reserverename)Ectsang/AP2:samples/cross-merchant-budgetat commit403fc9b), not upstreamedCyclesEvidenceenvelopesThe first three are external; the fourth could become local Cycles-side work but doesn't block the spec/crosswalk work.
Open until
All three follow-ups have closed PRs in this repo and on
agent-governance-vocabulary. At that point the v0.1 drafts are superseded by their numbered v0.2 successors and this tracking issue can close.