feat(industrial-embodied-ai): bind controller execution receipts (#29)#32
Merged
Conversation
…rep for #301 example)
Add the example-side half of the #301 follow-up: the independent controller can
now sign an execution receipt for its decision in the cMCP
external_execution_evidence format (issuer, issuer_key_id, signature,
evidence_hash, evidence_type, linked_call_id), using a deterministic
development-only Ed25519 key so committed evidence stays reproducible.
- controller.py: receipt-signing key plus sign_execution_receipt(),
receipt_key_id, receipt_public_key_b64.
- tests: verify the receipt against cMCP's checks (linked_call_id binding and
Ed25519 over the canonical receipt), tampered-fails, deterministic key.
This is the standalone part that does not depend on the merged runtime. Held on
this branch until cmcp#301 and cmcp#302 merge.
Post-merge TODO (do not run until the cmcp PRs are merged):
1. Re-pin requirements.txt to the merged cmcp #301/#302 commits (and trace-spec).
2. #301: wire the controller receipt into the safety-reject path per the agreed
proxy transport, then run the live stack and regenerate trace-output/example-*
so the safety-reject audit entry carries external_execution_evidence; verify
with cmcp_verify external_evidence_keys = {receipt_key_id: controller pubkey}.
3. #302: add the agent_manifest section (path, trust_anchor_path,
authenticated_subject) to cmcp-config.yaml, regenerate evidence so the TRACE
record carries gateway.agent_identity; verify with cmcp verify --agent-manifest.
4. Update the README evidence-boundaries table for both bindings.
Squash merge of carloshvp/feat/embodied-evidence-followup. Attaches mock controller external_execution_evidence receipts to motion decisions; verifies receipts with cMCP external_evidence_keys in the live agent and offline validator; adds CI coverage and the development controller public key artifact. Conflict resolution: requirements.txt updated to upstream agentrust-io/cmcp@e7b45e38 (external_execution_evidence feature landed in main via squash merge of #314) instead of the personal fork pin. Co-Authored-By: Carlos Hernandez <carloshvp@users.noreply.github.com> Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge of #29 (carloshvp/feat/embodied-evidence-followup) with conflict resolution.
What changed vs. the original PR:
requirements.txtconflict resolved: usesagentrust-io/cmcp@e7b45e38(upstream main) instead of the personal fork pin. Theexternal_execution_evidencefeature landed in cmcp main via squash merge of #314. Also retains theagent-manifestpin that main added since the PR branched.Everything else is identical to #29 — see that PR for the full description.
Closes #29