Skip to content

spec: add wallet-state trust signals extension#208

Open
ch3ronsa wants to merge 1 commit intotempoxyz:mainfrom
ch3ronsa:add-wallet-state-extension
Open

spec: add wallet-state trust signals extension#208
ch3ronsa wants to merge 1 commit intotempoxyz:mainfrom
ch3ronsa:add-wallet-state-extension

Conversation

@ch3ronsa
Copy link
Copy Markdown

@ch3ronsa ch3ronsa commented Mar 29, 2026

Summary

  • Adds the wallet-state extension spec (draft-payment-wallet-state-00.md) for optional pre-payment trust verification in the MPP flow
  • Services declare trust requirements (token balance, compliance status, wallet age) in their discovery document via x-payment-info.trust
  • Agents obtain signed JWT attestations from declared providers and include them in the payment credential
  • Servers verify attestations offline using JWKS-based signature validation (ECDSA P-256 / ES256, JCS canonicalization per RFC 8785)

Closes #194

Design Principles

  • Provider-agnostic: Any attestation service implementing JWKS + signed boolean responses works
  • OPTIONAL extension: Services opt in by declaring trust in their discovery document
  • Offline-verifiable: No runtime dependency on attestation provider after initial JWKS key fetch
  • Complementary: Works alongside Discovery (what is available) and Reasoning Verification (decision quality) to form a complete pre-payment trust stack

What is Included

  • Trust object schema for x-payment-info (required/advisory modes, accepted providers, conditions)
  • Attestation request/response format with detached JWS signatures
  • Server verification procedure (7-step offline validation)
  • Three initial condition types: token_balance, compliance_status, wallet_age
  • IANA registry for extensible condition types
  • Full flow example in appendix with JSON Schema
  • Security considerations: provider trust, replay protection, JWKS endpoint security, privacy, information disclosure, DoS

Checklist

  • make lint passes (frontmatter + external section refs)
  • Follows kramdown-rfc format consistent with merged draft-payment-discovery-00
  • RFC 2119 keywords used precisely
  • No hardcoded external section references
  • Security section is non-empty and thorough
  • Production examples from Issue Extension: Wallet-State Trust Signals for Pre-Payment Verification #194 (Base USDC attestation)

AI Disclosure

This specification was drafted with significant assistance from Claude (Anthropic). All content has been reviewed for RFC compliance and technical correctness.

🤖 Generated with Claude Code

@ch3ronsa @claude
spec: add wallet-state trust signals extension
593567a 
Add optional pre-payment trust verification to the MPP flow,
addressing Issue tempoxyz#194. Services declare trust requirements in
their discovery document, agents obtain signed attestations
from declared providers, and servers verify offline via JWKS.

Closes tempoxyz#194

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Extension: Wallet-State Trust Signals for Pre-Payment Verification

1 participant

@ch3ronsa