Six pillars. One signed envelope.

Each pillar is testable: file:line reference + green test in CI. Click through to the docs site for spec-level depth (lands once docs.sbo3l.dev is up).

APRP wire format

Payment-shaped envelope with deny-unknown-fields end-to-end.

  • intent · amount · chain · expiry · risk_class · nonce
  • JCS-canonical SHA-256 request hash
  • serde(deny_unknown_fields)
crates/sbo3l-core/src/aprp.rs

Hash-chained Ed25519 audit

Every event linked by prev_event_hash; flip one byte and strict verifier rejects.

  • Linkage-only structural verifier
  • Strict verifier: linkage + signatures + content hashes
  • Tamper-evident by construction, no oracle required
crates/sbo3l-core/src/audit.rs

Self-contained Passport capsule

Embeds policy_snapshot + audit_segment so --strict re-derives without aux inputs.

  • passport verify --strict succeeds with zero SKIPPED checks
  • Test: cargo test --test passport_v2_self_contained
  • Offline-verifiable against the agent's published Ed25519 pubkey alone
crates/sbo3l-core/src/passport.rs

Sponsor adapter trait

GuardedExecutor with local_mock() and live_from_env() as first-class peers.

  • KeeperHub · Uniswap · ENS adapters shipped
  • Mock = CI-safe default; live = production switch
  • Per-sponsor evidence schema in execution.executor_evidence
crates/sbo3l-core/src/execution.rs

ENS as agent trust DNS

sbo3l:* text records publish per-agent identity + policy + endpoint.

  • Mainnet: sbo3lagent.eth (5 records correct)
  • Phase 2: ENSIP-25 CCIP-Read for off-chain records
  • Cross-agent verification via signed attestations
crates/sbo3l-identity/src/ens.rs

No-key agent boundary

Agent crate has zero SigningKey references; signing happens only inside SBO3L.

  • grep -rn SigningKey demo-agents/ → 0 lines
  • Demo gate 12 grep-asserts this
  • Agent never holds, never sees, never broadcasts
demo-agents/research-agent/src/main.rs

Architecture (deep-dive)

The agent never holds a key. SBO3L decides, signs, audits, and routes — in that order. Deny blocks every downstream sponsor call.

Agent constellation 5 named + 60 fleet · sbo3lagent.eth subnames research-01 trader-02 auditor-03 indexer-04 router-05 SBO3L daemon schema · policy · budget audit · sign · route deny_unknown_fields JCS-canonical hash nonce-replay gate deterministic policy multi-scope budget hash-chain audit Ed25519 receipt Passport capsule v2 embedded snapshot + segment offline-verifiable "agent never holds the signing key" ENS apex sbo3lagent.eth sbo3l:pubkey sbo3l:endpoint sbo3l:audit_root + … CCIP gateway ENSIP-25 · off-chain text-record signer sbo3l-ccip.vercel.app Uniswap UR Universal Router + per-step policy gate guarded execute() deny → tx never broadcast T-5-2 · #171 APRP intent publish records off-chain records if allow → guarded signed receipt

Source-of-truth: repo README.