SAR v0.1 Specification

SAR (Settlement Attestation Receipt) defines a deterministic, cryptographically verifiable proof that an agent-delivered task satisfied its settlement specification. Execution, payment, and identity layers do not prove delivery. SAR fills that gap with replay-stable receipts that downstream systems can independently verify without trusting the verifier’s infrastructure.

Request Schema

(TODO)

Public key discovery

Verifier public keys are published at /.well-known/sar-keys.json.

• Resolve verifier_kid to an Ed25519 public key.
• Use that key to verify the receipt signature.

Fixtures (test vectors)

• /spec/sar-v0.1/fixtures/README
• sar-v0.1-pass.json
• sar-v0.1-fail.json
• sar-v0.1-indeterminate.json

• Cross-language verified.
• Canonicalization included.
• Signatures independently verifiable.

Verification algorithm

• Canonicalize the core object using RFC 8785 (JCS).
• SHA-256 hash the canonical bytes to produce receipt_id.
• Fetch verifier public key from /.well-known/sar-keys.json using verifier_kid.
• Verify Ed25519 signature over the SHA-256 hash.

Reason code registry

• PASS
• SPEC_MATCH
• FAIL
• SPEC_MISMATCH
• OUTPUT_ABSENT
• OUTPUT_MALFORMED
• TIMEOUT
• INDETERMINATE
• SPEC_AMBIGUOUS
• EVALUATOR_TIMEOUT
• INTERNAL_ERROR

Unknown codes must be treated as non-fatal.

Changelog

v0.1 — Initial canonical receipt release

• Deterministic receipt_id
• Ed25519 signatures
• RFC 8785 canonicalization
• Public key discovery
• Fixture vectors published