Skip to content

docs: add agent shell supervisor receipt example#2

Open
tomjwxf wants to merge 3 commits into
mainfrom
codex/agent-shell-supervisor-receipts
Open

docs: add agent shell supervisor receipt example#2
tomjwxf wants to merge 3 commits into
mainfrom
codex/agent-shell-supervisor-receipts

Conversation

@tomjwxf
Copy link
Copy Markdown
Contributor

@tomjwxf tomjwxf commented Apr 30, 2026
edited
Loading

Summary

Adds a focused supervisor-side execution receipt example for the google/agent-shell-tools#29 trust-boundary discussion.

The PR now deliberately keeps the scope narrow:

  • grpc_execd is not treated as the trusted observer.
  • The environment commitment is reported by the environment owner, such as wsb, a wrapper that launches wsb, or a separate trust domain.
  • A separate supervisor receipt binds command digest, working-directory digest, environment commitment, response digest, exit code, observer identity, and an Ed25519 signature.

Why

This keeps grpc_exec minimal while showing how an external owner/observer can produce audit evidence beside the execution response without expanding the ExecuteResponse shape.

Validation

  • go run make_sample.go from examples/agent-shell-supervisor/
  • npm run verify:examples

Out of scope

Broader .well-known/agent-governance, Security Insights, and DefenseClaw examples are intentionally not included in this PR. Those can live in separate, purpose-specific PRs if useful later.

@tomjwxf tomjwxf mentioned this pull request Apr 30, 2026
Open
@tomjwxf tomjwxf mentioned this pull request Apr 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomjwxf @ZeroXLauren