AEOESS
ContactGet Started
aeoess/Protocol architecture

The protocol, in one page.

Six layers, eight primitives, one enforcement boundary. Every other page on this site is built from what is on this one.

Principalhuman / orgPassportidentityDelegationscope · spend · sunsetAgentacts on your behalfGatewaypolicy enforcementReceiptsigned auditIDENTITY PATHDELEGATION PATH

Hover the nodes to see the two signing paths. The full interactive viz lives at /protocol-architecture.html.

Layers

From identity to governance.

L0
Identity
did:key, did:web, SPIFFE SVID, OAuth bridge. Every actor is a passport with verifiable keys.
rfc 8032 · w3c did
L1
Delegation
Capability tokens with monotonic narrowing. Scope cannot expand. TTL cannot extend.
paper 4 · paper 5
L2
Enforcement
The gateway runs four-gate evaluation on every intent. Sub-2ms p99. Fail-fast denial.
paper 7 · spec §4
L3
Receipts
Action, custody, and contestability receipts. RFC 8785 canonicalization. Ed25519 signatures.
paper 6 · spec §6
L4
Aggregation
APSBundle aggregates receipts under a Merkle root. Dispute window. Cascade revocation.
paper 9 · spec §8
L5
Governance
aps.txt, HTML embeds, HTTP headers. Signed terms blocks travel with the artifact.
paper 11 · spec §10
Primitives

Eight things. That is the surface.

Passport
Long-lived identity. Holds the root delegation. Issues all child delegations.
Delegation
A scoped, time-bounded capability. Can only narrow downstream.
Action receipt
A signed record of one operation under one delegation.
Custody receipt
Binds the inputs the agent saw at decision time. Merkle-rooted.
Contestability
A structured dispute against any prior receipt. Triggers a defined response window.
APSBundle
Merkle aggregation of receipts. The unit of audit.
Governance block
Signed terms a publisher attaches to an artifact, served at well-known paths.
TrustBundle
The set of issuer keys, vocabularies, and crosswalks the gateway considers valid.
End-to-end

One transaction, fully traced.

1.
agentgateway
submit intent (commerce.checkout, $248)
signed by agt:7c1f
2.
gatewaygateway
four-gate evaluation
1.21ms p50
3.
gatewayagent
allow
returns countersigned action receipt
4.
agentmerchant
execute
side effect occurs
5.
agentgateway
submit custody receipt
inputs Merkle root
6.
gatewayaggregator
aggregate
APSBundle root → audit feed
Architecture

Identity, delegation, action, receipt.

The protocol pairs identity with delegation. Each action signs against both. The receipt is verifiable by any auditor without going through aeoess.