feat(industrial-embodied-ai): bind controller execution receipts#29
Closed
carloshvp wants to merge 4 commits into
Closed
feat(industrial-embodied-ai): bind controller execution receipts#29carloshvp wants to merge 4 commits into
carloshvp wants to merge 4 commits into
Conversation
…rep for #301 example)
Add the example-side half of the #301 follow-up: the independent controller can
now sign an execution receipt for its decision in the cMCP
external_execution_evidence format (issuer, issuer_key_id, signature,
evidence_hash, evidence_type, linked_call_id), using a deterministic
development-only Ed25519 key so committed evidence stays reproducible.
- controller.py: receipt-signing key plus sign_execution_receipt(),
receipt_key_id, receipt_public_key_b64.
- tests: verify the receipt against cMCP's checks (linked_call_id binding and
Ed25519 over the canonical receipt), tampered-fails, deterministic key.
This is the standalone part that does not depend on the merged runtime. Held on
this branch until cmcp#301 and cmcp#302 merge.
Post-merge TODO (do not run until the cmcp PRs are merged):
1. Re-pin requirements.txt to the merged cmcp #301/#302 commits (and trace-spec).
2. #301: wire the controller receipt into the safety-reject path per the agreed
proxy transport, then run the live stack and regenerate trace-output/example-*
so the safety-reject audit entry carries external_execution_evidence; verify
with cmcp_verify external_evidence_keys = {receipt_key_id: controller pubkey}.
3. #302: add the agent_manifest section (path, trust_anchor_path,
authenticated_subject) to cmcp-config.yaml, regenerate evidence so the TRACE
record carries gateway.agent_identity; verify with cmcp verify --agent-manifest.
4. Update the README evidence-boundaries table for both bindings.
imran-siddique
approved these changes
Jun 22, 2026
imran-siddique
left a comment
imran-siddique
left a comment
Contributor
There was a problem hiding this comment.
Receipt binding is solid: deterministic dev key clearly marked dev-only, canonical signing matches the cMCP verifier protocol, tests cover tamper/linked_call_id/key-determinism cases. Updating requirements.txt to upstream agentrust-io/cmcp (the feature landed at e7b45e38) before merging.
imran-siddique
added a commit
that referenced
this pull request
Jun 22, 2026
#32) * feat(industrial-embodied-ai): controller-signed execution receipts (prep for #301 example) Add the example-side half of the #301 follow-up: the independent controller can now sign an execution receipt for its decision in the cMCP external_execution_evidence format (issuer, issuer_key_id, signature, evidence_hash, evidence_type, linked_call_id), using a deterministic development-only Ed25519 key so committed evidence stays reproducible. - controller.py: receipt-signing key plus sign_execution_receipt(), receipt_key_id, receipt_public_key_b64. - tests: verify the receipt against cMCP's checks (linked_call_id binding and Ed25519 over the canonical receipt), tampered-fails, deterministic key. This is the standalone part that does not depend on the merged runtime. Held on this branch until cmcp#301 and cmcp#302 merge. Post-merge TODO (do not run until the cmcp PRs are merged): 1. Re-pin requirements.txt to the merged cmcp #301/#302 commits (and trace-spec). 2. #301: wire the controller receipt into the safety-reject path per the agreed proxy transport, then run the live stack and regenerate trace-output/example-* so the safety-reject audit entry carries external_execution_evidence; verify with cmcp_verify external_evidence_keys = {receipt_key_id: controller pubkey}. 3. #302: add the agent_manifest section (path, trust_anchor_path, authenticated_subject) to cmcp-config.yaml, regenerate evidence so the TRACE record carries gateway.agent_identity; verify with cmcp verify --agent-manifest. 4. Update the README evidence-boundaries table for both bindings. * feat(industrial-embodied-ai): verify controller execution receipts * ci: validate industrial embodied ai example * ci: make industrial example checks fork-safe --------- Co-authored-by: Carlos Hernandez <carloshvp@gmail.com> Co-authored-by: Carlos Hernandez <carloshvp@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
external_execution_evidencereceipts to accepted and rejected motion decisionsexternal_evidence_keysmap in the live agent and offline validatorDependency
requirements.txttemporarily pins carloshvp/cmcp@29ef0379882a4d79505ffeeaf066498c43f5c35e so the example can exercise the verifier API and runtime ingestion path.Validation
python3 -m unittest discover -s industrial-embodied-ai/tests -vPYTHONPATH=/path/to/cmcp/src industrial-embodied-ai/.venv/bin/python industrial-embodied-ai/validate_artifacts.py.github/workflows/*.ymlcontroller receipts: verified (2)