Manifest format, canonicalization, and ed25519 signing for CAR contributed-agent bundles (Parslee-ai/car#182).
Scope
This crate owns the on-disk shape and crypto primitives shared
between the supervisor (loads + verifies installed agents),
the CLI (publishes + signs new agents), and the registry
(serves signed manifests). It is no-runtime — pure data,
pure functions, no async, no I/O outside read_to_string for
tests. The supervisor and CLI hold the I/O.
Phase status
- Phase 1 (
car-registry): the manifest format landed inline atcar_registry::manifest. The supervisor dual-reads legacyagents.jsonand the new~/.car/agents/<id>/manifest.tomllayout. Signature verification was stubbed out. - Phase 2 (this crate): types extracted here; ed25519 sign/verify added; manifest-level canonicalization landed. The supervisor wires verification with warn-but-not-reject semantics so existing setups keep working while operators sign their agents.
- Phase 3+: full-bundle canonicalization (multi-file:
identity.md,skills.jsonl,policies.json, …) perdocs/agent-bundle-spec.md §canonicalization. Today'scanonical_manifest_bytescovers only the singlemanifest.tomlfile — sufficient forexternal_processbundles which carry no auxiliary data files.