sekuire-protocol 0.1.2

Shared protocol types for the Sekuire Agent Identity Protocol
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

# OAG Conformance Harness

Language-agnostic conformance test runner for the Open Agent Governance
Specification (OAGS). Tests any implementation against shared test vectors
using a stdin/stdout JSON-line protocol.

## Quick Start

```bash
# Test the TypeScript SDK
python3 runner.py --adapter ./adapters/typescript.sh --verbose

# Test the Rust SDK (builds on first run)
python3 runner.py --adapter ./adapters/rust.sh --verbose

# Test the Python SDK
python3 runner.py --adapter ./adapters/python.sh --verbose

# Test a single profile
python3 runner.py --adapter ./adapters/typescript.sh --profile identity

# JSON output for CI
python3 runner.py --adapter ./adapters/typescript.sh --json
```

## Conformance Levels

| Level | Profiles Required | Label |
|-------|------------------|-------|
| L1 | Identity + Policy Enforcement | Core |
| L2 | L1 + Ed25519 Signing/Verification | Authenticated |

## Protocol

The runner communicates with adapters via stdin/stdout. Each line is a JSON
object. The runner sends a command, the adapter responds with a result.

### Commands

**calculate_sekuire_id** - Compute a content-addressable agent identity hash.

```json
{"operation": "calculate_sekuire_id", "params": {"model": "gpt-4o", "systemPrompt": "You are a helpful assistant.", "tools": "[]"}}
```

Response: `{"result": "28da5805..."}`

**sign** - Sign a message with an Ed25519 secret key.

```json
{"operation": "sign", "params": {"message": "Hello", "secretKey": "<128-char hex>"}}
```

Response: `{"result": "<128-char hex signature>"}`

**verify** - Verify an Ed25519 signature.

```json
{"operation": "verify", "params": {"message": "Hello", "signature": "<128-char hex>", "publicKey": "<64-char hex>"}}
```

Response: `{"result": true}`

**enforce_policy** - Evaluate an action against a policy.

```json
{"operation": "enforce_policy", "params": {"policy": {...}, "action": {"type": "network_access", "domain": "example.com", "protocol": "https"}}}
```

Response: `{"result": "allow"}` or `{"result": "deny"}`

**hash** - Compute a BLAKE3 hash of a UTF-8 string.

```json
{"operation": "hash", "params": {"input": "hello"}}
```

Response: `{"result": "<64-char hex hash>"}`

**exit** - Shut down the adapter.

```json
{"operation": "exit", "params": {}}
```

### Error Handling

On error, the adapter returns:

```json
{"error": "description of what went wrong"}
```

## Writing a Third-Party Adapter

To test your own OAGS implementation:

1. Create a script or binary that reads JSON commands from stdin and writes
   JSON responses to stdout (one per line, newline-delimited).

2. Implement the operations above using your SDK's crypto and policy modules.

3. Run the harness:

   ```bash
   python3 runner.py --adapter ./my-adapter.sh --verbose
   ```

The adapter can be written in any language. See the existing adapters in
`adapters/` for reference implementations.

## Test Vectors

Shared test vectors live in `../test-vectors/`:

- `identity.json` - 10 vectors for content-addressable identity computation
- `signing.json` - 3 vectors for Ed25519 sign/verify with a deterministic keypair
- `policy-enforcement.json` - 19 vectors covering all 6 policy enforcement categories

## Directory Structure

```
conformance/
  runner.py                 # Python orchestrator
  README.md                 # This file
  adapters/
    typescript.sh           # Node.js adapter using TS SDK
    rust.sh                 # Rust adapter (builds on first run)
    python.sh               # Python adapter using Python SDK
  rust-adapter/             # Standalone Rust binary for the adapter
    Cargo.toml
    src/main.rs
```