sello 0.1.0

package/docs/sdk-security-audit.md

@@ -0,0 +1,53 @@
+# SDK Security Audit Notes
+
+These notes cover the first Stripe-style SDK implementation pass. They are written for reviewers who need the full plan context: production Rekor proof verification, hosted dashboard key delegation, managed remote signing, and durable on-disk queues remain deferred.
+
+## Phase 0: Contract And Docs
+
+- Service emission and owner viewing are documented as separate environments.
+- The service process is not required to hold `SELLO_OWNER_KEY`.
+- Hosted `sello.build` is described as optional convenience, not as a protocol dependency.
+- Deferred production features are named in `docs/sdk-build-plan.md`.
+
+## Phase 1: Env-First Facade
+
+- `sello.service()` accepts env config, service-id override, or explicit config.
+- Missing-config errors are actionable and do not print key material.
+- `sello inspect-env` redacts key and secret values.
+- Hosted `SELLO_SECRET_KEY` mode fetches config, but local receipt signing remains the default trust model.
+
+## Phase 2: Build/Submit Split
+
+- Receipt cryptography remains unchanged: the same protected headers, HPKE payload, and COSE_Sign1 envelope are produced before append.
+- Existing `createReceipt()` behavior is preserved by composing build plus append.
+- Background submission is bounded and exposes `flush()`, `onSubmitError`, and `onDrop`.
+- Background mode is low-latency, not a strict durability guarantee; `submit.mode: "await"` remains available.
+
+## Phase 3: Tool Wrapper
+
+- Token verification happens before handler execution.
+- Invalid tokens prevent the handler from running and emit no receipt.
+- Success, error, and denied paths emit receipts without including plaintext request or response bodies.
+- The wrapper uses the configured service identity and key for every receipt.
+
+## Phase 4: Logs And Action Viewing
+
+- Local `/actions` and `sello actions` use owner-side verification and HPKE decryption.
+- Public log entries remain encrypted.
+- Viewing details requires `SELLO_OWNER_KEY` or local dev state created by `sello dev`.
+- Production registry URLs require a registry signature and trust root before `sello actions` will use them.
+
+## Phase 5: Docs And First-Run Flow
+
+- The quickstart tool reads ignored local dev state from `.sello/dev.json`; it does not print the service key, owner key, or agent token.
+- The example uses `submit: { mode: "await" }` so the command succeeds only after the receipt append completes.
+- The example canonicalizes only tool input fields and excludes the authorization token wrapper from the action input hash.
+- The MCP-style example reads the bearer token from the transport header, but hashes only the `tools/call` method and params.
+- README and quickstart docs keep self-hosting first-class and describe `sello.build` as optional convenience.
+
+## Residual Risks
+
+- Background submission can drop receipts under sustained pressure if the bounded queue fills. This is surfaced through `onDrop`; durable queues are deferred.
+- The HTTP log adapter defines a minimal Sello-compatible JSON transport. Production transparency-log proof formats need dedicated adapters.
+- JWKS support currently selects the first Ed25519 OKP key. Key selection by token `kid` should be added before relying on multi-key issuers.
+- Hosted dashboard decryption is not implemented; any hosted viewer must use client-side decryption or explicit delegated viewer keys.

package/docs/security-review.md

@@ -0,0 +1,54 @@
+# Security Review Notes
+
+Date: 2026-05-28
+
+Scope: implementation-level review of the TypeScript reference implementation's crypto API usage. This is not an external cryptographic audit.
+
+## Summary
+
+The reference implementation keeps the cryptographic surface deliberately small:
+
+- SHA-256 uses Node's `createHash`.
+- Ed25519 signing and verification use Node's built-in Ed25519 support.
+- X25519 key agreement uses Node's built-in X25519 support through `diffieHellman`.
+- HPKE v0.1 support is limited to the single specified suite: DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20-Poly1305.
+- COSE_Sign1 support is limited to the Sello profile: protected header bytes, empty unprotected map, embedded payload, and Ed25519 signature.
+- JWS support is limited to compact JWS with `alg: "EdDSA"` and no `crit` header.
+
+The implementation passes the current end-to-end test suite and pins HPKE behavior against RFC 9180 Appendix A.2.1.
+
+## Findings
+
+No release-blocking issues were found in this pass.
+
+One small hardening change was made during review: base64url decoding now rejects impossible unpadded lengths (`length % 4 === 1`) before handing data to Node's decoder. Tests cover this for JWS token claims and registry signatures.
+
+## Positive Checks
+
+- JWS payload claims are parsed only after signature verification.
+- COSE signature verification uses the exact protected-header bytes from the envelope, not a reserialized header map.
+- HPKE `aad` is the exact protected-header byte string.
+- HPKE `info` binds the Sello suite label, registry-resolved service identifier, and `sello_token_ref`.
+- X25519 all-zero shared secrets are rejected.
+- Revocation checks use log integrated time, not service-asserted receipt timestamps.
+- Log identity is checked by canonical URL equality between the signed header and returning log.
+- Decrypted receipt contents are not surfaced for entries that fail before HPKE succeeds.
+
+## Residual Risks
+
+- The HPKE and COSE implementations are intentionally narrow local implementations. They should be replaced with well-maintained libraries or externally audited before production use.
+- Rekor support is currently discovery-only. Live Rekor inclusion-proof verification and witnessed-root validation remain future work.
+- The mock transparency log proof is not a Merkle proof. It exists to exercise owner-side data flow in tests.
+- Key lifecycle operations are not specified beyond registry lookup and revocation checks.
+- Token authorization semantics such as expiry, audience, and scope remain service policy outside Sello.
+- No constant-time comparison is used for non-secret public values such as token references and log URLs. This is acceptable for the current data model, but should be revisited if secret-bearing comparisons are added.
+
+## Recommended Production Gates
+
+Before production use:
+
+1. Replace or audit the local HPKE implementation.
+2. Replace or audit the local COSE_Sign1 implementation.
+3. Add live Rekor proof verification against witnessed log roots.
+4. Add fuzz/property tests for CBOR decoding, COSE envelope parsing, and JWS parsing.
+5. Review key storage, rotation, and revocation operations for the deployment environment.

package/examples/mcp-tool-server.ts

@@ -0,0 +1,250 @@
+#!/usr/bin/env -S node --experimental-strip-types
+
+import { pathToFileURL } from "node:url";
+
+import {
+  canonicalJsonBytes,
+  sello,
+  type SdkSubmissionLog,
+  type SelloReceipts,
+} from "../src/index.ts";
+import {
+  loadQuickstartDevState,
+  type QuickstartDevState,
+} from "./quickstart-tool.ts";
+
+export type JsonRpcId = string | number | null;
+
+export type McpToolCallBody = {
+  jsonrpc: "2.0";
+  id: JsonRpcId;
+  method: "tools/call";
+  params: {
+    name: string;
+    arguments: Record<string, unknown>;
+  };
+};
+
+export type McpHttpToolCall = {
+  headers: {
+    authorization: string;
+  };
+  body: McpToolCallBody;
+};
+
+export type McpToolResult = {
+  content: readonly {
+    type: "text";
+    text: string;
+  }[];
+};
+
+export type McpHttpToolResponse = {
+  status: number;
+  body:
+    | {
+        jsonrpc: "2.0";
+        id: JsonRpcId;
+        result: McpToolResult;
+      }
+    | {
+        jsonrpc: "2.0";
+        id: JsonRpcId;
+        error: {
+          code: number;
+          message: string;
+        };
+      };
+};
+
+export type SelloMcpToolServer = {
+  tool(
+    name: string,
+    handler: (args: Record<string, unknown>) => McpToolResult | Promise<McpToolResult>,
+  ): void;
+  handle(request: McpHttpToolCall): Promise<McpHttpToolResponse>;
+};
+
+export type McpToolServerExampleOptions = {
+  state?: QuickstartDevState;
+  statePath?: string;
+  log?: SdkSubmissionLog;
+  now?: () => string;
+  toolArguments?: Record<string, unknown>;
+};
+
+export function createSelloMcpToolServer(receipts: SelloReceipts): SelloMcpToolServer {
+  const tools = new Map<
+    string,
+    (request: McpHttpToolCall) => Promise<McpHttpToolResponse>
+  >();
+
+  return {
+    tool(name, handler) {
+      if (typeof name !== "string" || name.length === 0) {
+        throw new TypeError("MCP tool name must be a non-empty string");
+      }
+      if (tools.has(name)) {
+        throw new TypeError(`MCP tool ${name} is already registered`);
+      }
+
+      const wrapped = receipts.tool<McpHttpToolCall, McpHttpToolResponse>(
+        `mcp.tools/call.${name}`,
+        async (request) => ({
+          status: 200,
+          body: {
+            jsonrpc: "2.0",
+            id: request.body.id,
+            result: await handler(request.body.params.arguments),
+          },
+        }),
+        {
+          canonicalizeInput: (request) => canonicalJsonBytes({
+            method: request.body.method,
+            params: request.body.params,
+          }),
+          canonicalizeOutput: (response) => canonicalJsonBytes(response.body),
+        },
+      );
+
+      tools.set(name, wrapped);
+    },
+
+    async handle(request) {
+      if (request.body.method !== "tools/call") {
+        return jsonRpcError(request.body.id, -32601, "method not found");
+      }
+
+      const tool = tools.get(request.body.params.name);
+      if (!tool) {
+        return jsonRpcError(request.body.id, -32601, "tool not found");
+      }
+
+      return await tool(request);
+    },
+  };
+}
+
+export async function runMcpToolServerExample(
+  options: McpToolServerExampleOptions = {},
+): Promise<{
+  request: McpHttpToolCall;
+  response: McpHttpToolResponse;
+  actionsUrl: string;
+}> {
+  const state = options.state ?? loadMcpDevState(options.statePath);
+  const receipts = sello.service({
+    service: state.serviceId,
+    serviceKey: state.serviceKey,
+    tokenIssuer: state.tokenIssuerPublicKey,
+    log: options.log ?? sello.logs.http(state.logUrl, {
+      endpoint: state.logEndpoint,
+    }),
+    submit: { mode: "await" },
+    now: options.now,
+  });
+  const server = createSelloMcpToolServer(receipts);
+
+  server.tool("calendar.create_event", async (args) => {
+    const title = readString(args.title, "title");
+    return {
+      content: [
+        {
+          type: "text",
+          text: `created ${title}`,
+        },
+      ],
+    };
+  });
+
+  const request = {
+    headers: {
+      authorization: `Bearer ${state.agentToken}`,
+    },
+    body: {
+      jsonrpc: "2.0",
+      id: "demo-call-1",
+      method: "tools/call",
+      params: {
+        name: "calendar.create_event",
+        arguments: {
+          calendarId: "demo-calendar",
+          title: "Review launch plan",
+          start: "2026-06-05T17:00:00Z",
+          ...(options.toolArguments ?? {}),
+        },
+      },
+    },
+  } satisfies McpHttpToolCall;
+
+  const response = await server.handle(request);
+  await receipts.flush();
+
+  return { request, response, actionsUrl: actionViewerUrl(state) };
+}
+
+if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
+  try {
+    const { response, actionsUrl } = await runMcpToolServerExample();
+    console.log("Handled MCP tools/call and emitted a Sello receipt.");
+    console.log(JSON.stringify(response.body, null, 2));
+    console.log("");
+    console.log("View verified actions with:");
+    console.log("  node --run actions");
+    console.log("");
+    console.log("Or open:");
+    console.log(`  ${actionsUrl}`);
+  } catch (error) {
+    console.error(`sello mcp example: ${error instanceof Error ? error.message : String(error)}`);
+    if (
+      error instanceof Error &&
+      (error.message.includes("fetch failed") ||
+        error.message.includes("Sello log append failed"))
+    ) {
+      console.error("Is the local dev log running? Start it with `node --run dev`.");
+    }
+    process.exitCode = 1;
+  }
+}
+
+function jsonRpcError(
+  id: JsonRpcId,
+  code: number,
+  message: string,
+): McpHttpToolResponse {
+  return {
+    status: 200,
+    body: {
+      jsonrpc: "2.0",
+      id,
+      error: { code, message },
+    },
+  };
+}
+
+function actionViewerUrl(state: QuickstartDevState): string {
+  const endpoint = new URL(state.logEndpoint);
+  return `${endpoint.origin}/actions`;
+}
+
+function loadMcpDevState(statePath?: string): QuickstartDevState {
+  try {
+    return loadQuickstartDevState(statePath);
+  } catch (error) {
+    if (error instanceof Error) {
+      throw new TypeError(
+        error.message.replace("node --run example:tool", "node --run example:mcp"),
+      );
+    }
+
+    throw error;
+  }
+}
+
+function readString(value: unknown, name: string): string {
+  if (typeof value !== "string" || value.length === 0) {
+    throw new TypeError(`${name} must be a non-empty string`);
+  }
+
+  return value;
+}

package/examples/quickstart-tool.ts

@@ -0,0 +1,178 @@
+#!/usr/bin/env -S node --experimental-strip-types
+
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { pathToFileURL } from "node:url";
+
+import {
+  canonicalJsonBytes,
+  sello,
+  type SdkSubmissionLog,
+} from "../src/index.ts";
+
+export type QuickstartDevState = {
+  serviceId: string;
+  serviceKey: string;
+  tokenIssuerPublicKey: string;
+  agentToken: string;
+  logUrl: string;
+  logEndpoint: string;
+};
+
+export type QuickstartEventRequest = {
+  authorizationToken: string;
+  calendarId: string;
+  title: string;
+  start: string;
+  attendees: string[];
+};
+
+export type QuickstartEventResponse = {
+  id: string;
+  calendarId: string;
+  title: string;
+  status: "created";
+  createdAt: string;
+};
+
+export type QuickstartToolOptions = {
+  state?: QuickstartDevState;
+  statePath?: string;
+  log?: SdkSubmissionLog;
+  now?: () => string;
+  request?: Partial<Omit<QuickstartEventRequest, "authorizationToken">>;
+};
+
+const defaultRequest = {
+  calendarId: "demo-calendar",
+  title: "Review launch plan",
+  start: "2026-06-05T17:00:00Z",
+  attendees: ["ada@example.com", "grace@example.com"],
+};
+
+export async function runQuickstartTool(
+  options: QuickstartToolOptions = {},
+): Promise<{
+  request: QuickstartEventRequest;
+  response: QuickstartEventResponse;
+  actionsUrl: string;
+}> {
+  const state = options.state ?? loadQuickstartDevState(options.statePath);
+  const receipts = sello.service({
+    service: state.serviceId,
+    serviceKey: state.serviceKey,
+    tokenIssuer: state.tokenIssuerPublicKey,
+    log: options.log ?? sello.logs.http(state.logUrl, {
+      endpoint: state.logEndpoint,
+    }),
+    submit: { mode: "await" },
+    now: options.now,
+  });
+
+  const createEvent = receipts.tool<QuickstartEventRequest, QuickstartEventResponse>(
+    "calendar.create_event",
+    async (request) => ({
+      id: `evt_${slug(request.title)}`,
+      calendarId: request.calendarId,
+      title: request.title,
+      status: "created",
+      createdAt: new Date().toISOString(),
+    }),
+    {
+      canonicalizeInput: (request) => canonicalJsonBytes({
+        calendarId: request.calendarId,
+        title: request.title,
+        start: request.start,
+        attendees: request.attendees,
+      }),
+    },
+  );
+
+  const request = {
+    ...defaultRequest,
+    ...options.request,
+    authorizationToken: state.agentToken,
+  };
+  const response = await createEvent(request);
+  await receipts.flush();
+
+  return { request, response, actionsUrl: actionViewerUrl(state) };
+}
+
+export function loadQuickstartDevState(
+  statePath = join(process.cwd(), ".sello", "dev.json"),
+): QuickstartDevState {
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(readFileSync(statePath, "utf8"));
+  } catch {
+    throw new TypeError(
+      "missing local Sello dev state. Start the local log with `node --run dev` from this repo, or `npx sello dev` after install, then run `node --run example:tool` in another terminal.",
+    );
+  }
+
+  if (!isRecord(parsed)) {
+    throw new TypeError("local Sello dev state must be a JSON object");
+  }
+
+  return {
+    serviceId: readString(parsed.serviceId, "dev state serviceId"),
+    serviceKey: readString(parsed.serviceKey, "dev state serviceKey"),
+    tokenIssuerPublicKey: readString(
+      parsed.tokenIssuerPublicKey,
+      "dev state tokenIssuerPublicKey",
+    ),
+    agentToken: readString(parsed.agentToken, "dev state agentToken"),
+    logUrl: readString(parsed.logUrl, "dev state logUrl"),
+    logEndpoint: readString(parsed.logEndpoint, "dev state logEndpoint"),
+  };
+}
+
+if (process.argv[1] && import.meta.url === pathToFileURL(process.argv[1]).href) {
+  try {
+    const { response, actionsUrl } = await runQuickstartTool();
+    console.log("Created example event and emitted a Sello receipt.");
+    console.log(JSON.stringify(response, null, 2));
+    console.log("");
+    console.log("View verified actions with:");
+    console.log("  node --run actions");
+    console.log("");
+    console.log("Or open:");
+    console.log(`  ${actionsUrl}`);
+  } catch (error) {
+    console.error(`sello quickstart: ${error instanceof Error ? error.message : String(error)}`);
+    if (
+      error instanceof Error &&
+      (error.message.includes("fetch failed") ||
+        error.message.includes("Sello log append failed"))
+    ) {
+      console.error("Is the local dev log running? Start it with `node --run dev`.");
+    }
+    process.exitCode = 1;
+  }
+}
+
+function slug(value: string): string {
+  return value
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "_")
+    .replace(/^_+|_+$/g, "")
+    .slice(0, 40);
+}
+
+function actionViewerUrl(state: QuickstartDevState): string {
+  const endpoint = new URL(state.logEndpoint);
+  return `${endpoint.origin}/actions`;
+}
+
+function readString(value: unknown, name: string): string {
+  if (typeof value !== "string" || value.length === 0) {
+    throw new TypeError(`${name} must be a non-empty string`);
+  }
+
+  return value;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/fixtures/vectors/.gitkeep

@@ -0,0 +1 @@
+

package/fixtures/vectors/sello-v0.1.json

@@ -0,0 +1,101 @@
+{
+  "version": "0.1.0",
+  "description": "Implementation-backed Sello v0.1 vectors for success, error, and denied receipts.",
+  "common": {
+    "service_identifier": "github.com/mcp/v1",
+    "log_url": "https://rekor.example.com/api",
+    "kid_hex": "6769746875622d6d63702d76312d323032362d7132",
+    "keys": {
+      "issuer_public_key_ed25519": "03a107bff3ce10be1d70dd18e74bc09967e4d6309ba50d5f1ddc8664125531b8",
+      "issuer_private_key_ed25519": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+      "service_public_key_ed25519": "29acbae141bccaf0b22e1a94d34d0bc7361e526d0bfe12c89794bc9322966dd7",
+      "service_private_key_ed25519": "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+      "trust_root_public_key_ed25519": "2543b92ff1095511476adc8369db6ddc933665a11978dda1404ee1066ca9559d",
+      "trust_root_private_key_ed25519": "404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f",
+      "owner_public_key_x25519": "4310ee97d88cc1f088a5576c77ab0cf5c3ac797f3d95139c6c84b5429c59662a",
+      "owner_private_key_x25519": "8057991eef8f1f1af18f4a9491d16a1ce333f695d4db8e38da75975c4478e0fb"
+    },
+    "registry_json": "{\"6769746875622d6d63702d76312d323032362d7132\":{\"service_identifier\":\"github.com/mcp/v1\",\"public_key_ed25519\":\"Kay64UG8yvCyLhqU000LxzYeUm0L_hLIl5S8kyKWbdc\"}}",
+    "registry_signature_base64url": "Zj8TNsKLAyfg2vM6Q15f675DZNAwS_qv-24S2t0EmdMJZq-hYeJDzrwJPJcSGXE-NUZMbCaY1lS0rM5IHebDBw"
+  },
+  "vectors": [
+    {
+      "name": "success",
+      "integrated_time": "2026-05-28T10:00:00Z",
+      "authorization_token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2lzc3Vlci5leGFtcGxlLmNvbSIsInN1YiI6ImRlbW8tYWdlbnQiLCJqdGkiOiJ2ZWN0b3Itc3VjY2VzcyIsIm93bmVyX2hwa2VfcGsiOiJReER1bDlpTXdmQ0lwVmRzZDZzTTljT3NlWDg5bFJPY2JJUzFRcHhaWmlvIiwic2VsbG9fbG9ncyI6WyJodHRwczovL3Jla29yLmV4YW1wbGUuY29tL2FwaSJdfQ.tY4WWhhNmEUCBGypL8mAgMs2rqntuSHwSpyS7x03SUardAq1x-fVDsclbmEwQ_nLeNLdbF9Y7eehcci6g3VmAQ",
+      "sello_token_ref": "6cdfd05fb7402d9c6930af5e742ccbb6d366f76e3a6823ef2880271b88fc35c3",
+      "agent_identifier": "6cdfd05fb7402d9c6930af5e742ccbb6",
+      "receipt_body": {
+        "agent-identifier": "6cdfd05fb7402d9c6930af5e742ccbb6",
+        "action-type": "tools/call",
+        "action-input-hash": "5a28bf8eabc7811c3c267c211a34eca8e7e29a464271d5cf5072f4e046407525",
+        "action-output-hash": "8b544119e3a09a4ad8d06d976b0f8c8f35f7abfe52d21a60bf26c9ae4abad2ff",
+        "result-status": "success",
+        "timestamp": "2026-05-28T10:00:00Z"
+      },
+      "receipt_body_cbor_hex": "a66974696d657374616d70c074323032362d30352d32385431303a30303a30305a6b616374696f6e2d747970656a746f6f6c732f63616c6c6d726573756c742d7374617475736773756363657373706167656e742d6964656e7469666965727820366364666430356662373430326439633639333061663565373432636362623671616374696f6e2d696e7075742d6861736858205a28bf8eabc7811c3c267c211a34eca8e7e29a464271d5cf5072f4e04640752572616374696f6e2d6f75747075742d6861736858208b544119e3a09a4ad8d06d976b0f8c8f35f7abfe52d21a60bf26c9ae4abad2ff",
+      "protected_header_hex": "a5012704556769746875622d6d63702d76312d323032362d71323a0001000065302e312e303a0001000158206cdfd05fb7402d9c6930af5e742ccbb6d366f76e3a6823ef2880271b88fc35c33a00010002781d68747470733a2f2f72656b6f722e6578616d706c652e636f6d2f617069",
+      "hpke_payload_hex": "1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a27de8f652a49af996c4c0e9605194b9b157f623103624de38d781d11ed4f30e51e1bfe14a5def8f41aab80cb7d24fd8f69e3d56507435af0e133bba6cdcd6bea608c2660e253c5834047a0ec54ecf16f5739dab5963e8c9a5d4b254329caed98fd95fab4c0928310673649938a8db4e85d7ce91861daadc9d7ed651e74fa648d7f2da0b397832c65715c601270af794608d71c659bf9acb64e41ab398cefef0677fd01f746bd8b9d1ab5c14f4b1527f68958905cc4eb1c9bb0f55f217f1c383a6af20588b0de98d24c01213606ee3ad7d1b6101d00fbcdeeabbf756b393bd1e9a37b1254eeac13153acd9fc93aa7448abeabee1ad68d03dc3e32",
+      "cose_sign1_envelope_hex": "845870a5012704556769746875622d6d63702d76312d323032362d71323a0001000065302e312e303a0001000158206cdfd05fb7402d9c6930af5e742ccbb6d366f76e3a6823ef2880271b88fc35c33a00010002781d68747470733a2f2f72656b6f722e6578616d706c652e636f6d2f617069a059011a1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a27de8f652a49af996c4c0e9605194b9b157f623103624de38d781d11ed4f30e51e1bfe14a5def8f41aab80cb7d24fd8f69e3d56507435af0e133bba6cdcd6bea608c2660e253c5834047a0ec54ecf16f5739dab5963e8c9a5d4b254329caed98fd95fab4c0928310673649938a8db4e85d7ce91861daadc9d7ed651e74fa648d7f2da0b397832c65715c601270af794608d71c659bf9acb64e41ab398cefef0677fd01f746bd8b9d1ab5c14f4b1527f68958905cc4eb1c9bb0f55f217f1c383a6af20588b0de98d24c01213606ee3ad7d1b6101d00fbcdeeabbf756b393bd1e9a37b1254eeac13153acd9fc93aa7448abeabee1ad68d03dc3e325840376a642595ad0c25aaf34228ef1e82eaa1e0fb753220cd7b11c9f80ebab5c789084264fe04292cce45670455f679decdc22ac86a95eed6fed66f0141f3c4760b",
+      "mock_log_proof": {
+        "logUrl": "https://rekor.example.com/api",
+        "index": 0,
+        "integratedTime": "2026-05-28T10:00:00Z",
+        "envelopeHash": "05b2b0b12cb35a5c29541e2064a29612654b3b55441cae93dc25e9525a962685",
+        "proofHash": "ffada841f19b1c7e952dae12184ce025e013907edb2220d2b7c2d8e4026a9214"
+      }
+    },
+    {
+      "name": "error",
+      "integrated_time": "2026-05-28T10:00:01Z",
+      "authorization_token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2lzc3Vlci5leGFtcGxlLmNvbSIsInN1YiI6ImRlbW8tYWdlbnQiLCJqdGkiOiJ2ZWN0b3ItZXJyb3IiLCJvd25lcl9ocGtlX3BrIjoiUXhEdWw5aU13ZkNJcFZkc2Q2c005Y09zZVg4OWxST2NiSVMxUXB4WlppbyIsInNlbGxvX2xvZ3MiOlsiaHR0cHM6Ly9yZWtvci5leGFtcGxlLmNvbS9hcGkiXX0.KSeW4aFRCz9XsbvaTf3jvvilN95H852pNW98Yimfal9hqSG9IBgN6pByM4Qlrjm4Cts7dk1VfIHtoN6SkM2fCw",
+      "sello_token_ref": "2e70f600fd8f3367e235a6eb404247d211bdb6497743099da2397740829ae34f",
+      "agent_identifier": "2e70f600fd8f3367e235a6eb404247d2",
+      "receipt_body": {
+        "agent-identifier": "2e70f600fd8f3367e235a6eb404247d2",
+        "action-type": "issues.create",
+        "action-input-hash": "877f6aadc489ab930b9036c85b8d4f34d69f8fc020b8c9a73e321867ae04938e",
+        "action-output-hash": "23814260e61d0767a9eac1214bd3c68c229969782a113ee8df2c6e5595d87220",
+        "result-status": "error",
+        "timestamp": "2026-05-28T10:00:01Z"
+      },
+      "receipt_body_cbor_hex": "a66974696d657374616d70c074323032362d30352d32385431303a30303a30315a6b616374696f6e2d747970656d6973737565732e6372656174656d726573756c742d737461747573656572726f72706167656e742d6964656e7469666965727820326537306636303066643866333336376532333561366562343034323437643271616374696f6e2d696e7075742d686173685820877f6aadc489ab930b9036c85b8d4f34d69f8fc020b8c9a73e321867ae04938e72616374696f6e2d6f75747075742d68617368582023814260e61d0767a9eac1214bd3c68c229969782a113ee8df2c6e5595d87220",
+      "protected_header_hex": "a5012704556769746875622d6d63702d76312d323032362d71323a0001000065302e312e303a0001000158202e70f600fd8f3367e235a6eb404247d211bdb6497743099da2397740829ae34f3a00010002781d68747470733a2f2f72656b6f722e6578616d706c652e636f6d2f617069",
+      "hpke_payload_hex": "675dd574ed7789310b3d2e7681f3790b466c773b1521fecf36577958371ea52f92f28933bef9a7d0c9037164e536db97ea90b177ce0b4b5afb92baafa3c21df37ca1afaed212b6f140c9ecea2c12bb1f99c520251d0c3b0ca6840168bee5d7e5efb142e044328db1e8c74094bfd4146999b8c3c38ba41e82fd9d173fda05142f87110be3fb5ac1b4398033b295577c29862b7a82d068064a6bb5df799c0c021b42d8c245898dc0775b1832d06734d72aca293cbbceefa8efadb0f11716f0e0abf7bf05601e28ee82a0fbb7c36c273e197c6e57725339a2bc26a41e9174a063e9be56032fd27f470729a70ea7bf593c81b764249730f14280ec29df6a039c92b36c271331d5a64d916e39e5f55ec047ef3fe517ae2c3465018d73e4",
+      "cose_sign1_envelope_hex": "845870a5012704556769746875622d6d63702d76312d323032362d71323a0001000065302e312e303a0001000158202e70f600fd8f3367e235a6eb404247d211bdb6497743099da2397740829ae34f3a00010002781d68747470733a2f2f72656b6f722e6578616d706c652e636f6d2f617069a059011b675dd574ed7789310b3d2e7681f3790b466c773b1521fecf36577958371ea52f92f28933bef9a7d0c9037164e536db97ea90b177ce0b4b5afb92baafa3c21df37ca1afaed212b6f140c9ecea2c12bb1f99c520251d0c3b0ca6840168bee5d7e5efb142e044328db1e8c74094bfd4146999b8c3c38ba41e82fd9d173fda05142f87110be3fb5ac1b4398033b295577c29862b7a82d068064a6bb5df799c0c021b42d8c245898dc0775b1832d06734d72aca293cbbceefa8efadb0f11716f0e0abf7bf05601e28ee82a0fbb7c36c273e197c6e57725339a2bc26a41e9174a063e9be56032fd27f470729a70ea7bf593c81b764249730f14280ec29df6a039c92b36c271331d5a64d916e39e5f55ec047ef3fe517ae2c3465018d73e45840b48f077fb8069f721aaee2beff19a035e0d02d42e33f9e47ac3fe657ed7f9b66a22fdb4023eeb49feaeb95ce1d31ebbfdc9d19146537e0d5c47a15efb7f6010e",
+      "mock_log_proof": {
+        "logUrl": "https://rekor.example.com/api",
+        "index": 0,
+        "integratedTime": "2026-05-28T10:00:01Z",
+        "envelopeHash": "daaa599016f737b6e49fcff71711c81c8edf495e3cdaf8bef22dbc9979836a54",
+        "proofHash": "4afd17bac82a3931177b948f5b3a4ba9f87ba295b138937b3ce21a86eb4e948b"
+      }
+    },
+    {
+      "name": "denied",
+      "integrated_time": "2026-05-28T10:00:02Z",
+      "authorization_token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2lzc3Vlci5leGFtcGxlLmNvbSIsInN1YiI6ImRlbW8tYWdlbnQiLCJqdGkiOiJ2ZWN0b3ItZGVuaWVkIiwib3duZXJfaHBrZV9wayI6IlF4RHVsOWlNd2ZDSXBWZHNkNnNNOWNPc2VYODlsUk9jYklTMVFweFpaaW8iLCJzZWxsb19sb2dzIjpbImh0dHBzOi8vcmVrb3IuZXhhbXBsZS5jb20vYXBpIl19.CpckhcTBCsVUkPhmQrDvT6PjmRtqWmkVtQiTBm-JORfVkVfBePeBBYHHLtCIgh2R_d30CJhg1XDyqWFKgrKWAA",
+      "sello_token_ref": "3b07ee0c80e9d380374221168c937e2ce688776062d88a3c3cbcaf318dcaec42",
+      "agent_identifier": "3b07ee0c80e9d380374221168c937e2c",
+      "receipt_body": {
+        "agent-identifier": "3b07ee0c80e9d380374221168c937e2c",
+        "action-type": "repo.delete",
+        "action-input-hash": "8068b4fb35823247cd82036105b4bffd8d093307ae80089d399f63854a8313cf",
+        "action-output-hash": "0000000000000000000000000000000000000000000000000000000000000000",
+        "result-status": "denied",
+        "timestamp": "2026-05-28T10:00:02Z"
+      },
+      "receipt_body_cbor_hex": "a66974696d657374616d70c074323032362d30352d32385431303a30303a30325a6b616374696f6e2d747970656b7265706f2e64656c6574656d726573756c742d7374617475736664656e696564706167656e742d6964656e7469666965727820336230376565306338306539643338303337343232313136386339333765326371616374696f6e2d696e7075742d6861736858208068b4fb35823247cd82036105b4bffd8d093307ae80089d399f63854a8313cf72616374696f6e2d6f75747075742d6861736858200000000000000000000000000000000000000000000000000000000000000000",
+      "protected_header_hex": "a5012704556769746875622d6d63702d76312d323032362d71323a0001000065302e312e303a0001000158203b07ee0c80e9d380374221168c937e2ce688776062d88a3c3cbcaf318dcaec423a00010002781d68747470733a2f2f72656b6f722e6578616d706c652e636f6d2f617069",
+      "hpke_payload_hex": "493e82fc74464a59268817623d2053c5eb8e2cc4a988b4fee179ec6b010d531d0df430d57303f6df11d46cb252e457455b763c3e1273e797996eaf6ef4cc579e04812393dfcb4ece94363ab809bf3396f81dfce38a3adc179e5a199e76c8d62b106bfcec44017505c639e05099b54071115abd1464a7d09bd6861d82be03733dc3c3654be36676e80a01affae950523d8b0bcd330d8ff31929e05d952d841e880db8475a177c405d4ce07c4a9a12e78549cd163f180b567d9a89257026dd03671bf688f1607b54a25cc46ed9f6159bfbe11f147ea77a8a0ea9f38e85910537786e6c0faa2ead75f2cb4913020ccc6f7ecc1fccb633f2ce43e17615df72ce4e66fa1c92145402118c08f03539e76a22f4cb935200055676d84be1",
+      "cose_sign1_envelope_hex": "845870a5012704556769746875622d6d63702d76312d323032362d71323a0001000065302e312e303a0001000158203b07ee0c80e9d380374221168c937e2ce688776062d88a3c3cbcaf318dcaec423a00010002781d68747470733a2f2f72656b6f722e6578616d706c652e636f6d2f617069a059011a493e82fc74464a59268817623d2053c5eb8e2cc4a988b4fee179ec6b010d531d0df430d57303f6df11d46cb252e457455b763c3e1273e797996eaf6ef4cc579e04812393dfcb4ece94363ab809bf3396f81dfce38a3adc179e5a199e76c8d62b106bfcec44017505c639e05099b54071115abd1464a7d09bd6861d82be03733dc3c3654be36676e80a01affae950523d8b0bcd330d8ff31929e05d952d841e880db8475a177c405d4ce07c4a9a12e78549cd163f180b567d9a89257026dd03671bf688f1607b54a25cc46ed9f6159bfbe11f147ea77a8a0ea9f38e85910537786e6c0faa2ead75f2cb4913020ccc6f7ecc1fccb633f2ce43e17615df72ce4e66fa1c92145402118c08f03539e76a22f4cb935200055676d84be158409aaed5eb90fdc5c94349fb5c417f52c66e097f07aa304e8a0afa39256a5de59f9ba8781bbee10dc7be81e142963eaaa482822080e5879d956262b5dc5a76d905",
+      "mock_log_proof": {
+        "logUrl": "https://rekor.example.com/api",
+        "index": 0,
+        "integratedTime": "2026-05-28T10:00:02Z",
+        "envelopeHash": "9d2d05b01183a2582541d121159db7f071e81fece04e3cb63c2acfb105c94138",
+        "proofHash": "14ee32619ccd1ac9a9db6df38a8ea1eab43b5136f8e76635069df715d4a516d8"
+      }
+    }
+  ]
+}