docs: VEIL/PACT specs, doc restructure, landing migration, and auth alignment#124
Merged
gustavovalverde merged 4 commits intomainfrom Mar 22, 2026
Merged
docs: VEIL/PACT specs, doc restructure, landing migration, and auth alignment#124gustavovalverde merged 4 commits intomainfrom
gustavovalverde merged 4 commits intomainfrom
Conversation
Introduce two new normative specifications: - VEIL (Verifiable Encrypted Identity Layer) defines the privacy-preserving identity model with four assurance tiers, FHE-encrypted attributes, ZK proof taxonomy, and credential-wrapped key custody. - PACT (Privacy-Aware Compliance Token) defines the OAuth 2.1 security profile for agent-mediated identity flows, including CIBA authorization, DPoP binding, ephemeral PII delivery, capability-gated auto-approval, and pairwise subject identifiers.
…ral framing Reorganize documentation from flat directory into four audience-based folder groups: (concepts), (architecture), (protocols), and (specs). Apply structural framing writing style across all public documents. - Move and rewrite architecture docs (attestation privacy, tamper model, agent architecture, SSI, web3, recovery trust) - Move and rewrite protocol docs (FHE key lifecycle, OAuth integrations, ZK architecture, password security, nationality proofs) - Move conceptual docs (architecture overview, cryptographic pillars) - Remove obsolete flat-directory originals and stale documents (blockchain-setup, social-login-integration-guide, verification) - Add bold scanning anchors and fix em dashes across all documents - Update CLAUDE.md doc references to match new paths
…upport Migrate the landing page from Vite SPA to React Router v7 framework mode with server-side rendering. Integrate Fumadocs for documentation rendering with full-text search (Orama) and Mermaid diagram support. - Migrate src/ to app/ directory structure (React Router v7 convention) - Wire Fumadocs MDX pipeline with source.config.ts and sync-docs script - Add Mermaid diagram rendering with responsive mobile support - Add Vite 8 manifest compatibility shim for Vercel deployment - Remove vercel.json (React Router framework detection handles config) - Update .gitignore for generated dirs (.react-router, .source, content/docs)
…controls Align implementation with PACT and VEIL specification requirements: - Add CIMD validation for client-initiated metadata documents - Enforce PACT token binding: CIBA access tokens carry act.sub, agent_session_id, and authorization_details claims - Add pairwise agent identifiers with per-RP privacy isolation - Tighten ephemeral identity staging to single-consume semantics - Add agent introspection privacy controls (host-scoped visibility) - Wire grant-evaluation auto-approve for capability-gated CIBA requests - Update MCP transports to propagate agent-assertion headers - Add comprehensive test coverage for agent binding, pairwise privacy, token exchange, and grant evaluation flows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docs/into 4 audience-based folder groups —(concepts),(architecture),(protocols),(specs)— with structural framing applied across all public documentsact.sub), pairwise agent identifiers, ephemeral identity single-consume semantics, agent introspection privacy, and capability-gated grant evaluationTest plan
cd apps/landing && pnpm build)cd apps/web && pnpm build)cd apps/web && pnpm test)cd apps/mcp && pnpm test)