Pre-action authority receipts for tool and agent orchestration

[rpelevin]

I’m testing an authority-before-action receipt pattern for agent and tool orchestration.

The gap I’m looking at is narrow: before an agent executes a consequential action, can the workflow prove that this exact action was authorized before execution?

For this class of workflow, the boundary seems especially relevant around privileged tool calls, workflow transitions, data export, and permission changes.

Reference benchmark:
https://github.com/neurarelay/relay-action-card#agent-authority-benchmark

Dry-run command:

npm run benchmark:agent-authority -- --dry-run --json --source=github_discussion --campaign=agent_authority_week --surface=semantic_kernel_tool_authority

The benchmark is refs-only and local/dry-run: no private payloads, no downstream execution by Neura, and no claim that this project has adopted, endorsed, integrated, or been evaluated by it.

Question for maintainers/users here: is a pre-action authority receipt a useful boundary for this repo’s agent workflows, or would the better insertion point be somewhere else in the execution lifecycle?

[chopmob-cloud]

On whether a pre-action authority receipt is a useful boundary for tool and agent orchestration: yes, and it already runs in production for consequential payment actions, which may be a useful reference point. The live AlgoVoi A2A/AP2 agent card at api.algovoi.co.uk emits a signed scoped-authorization receipt at the point a privileged action is admitted, binding actor, action, resource and an exact-call digest (RFC 9530 Content-Digest, signed under RFC 9421) to a closed ALLOW / REFER / DENY decision. It is an EdDSA/Ed25519 JWS over JCS-canonical (RFC 8785) bytes, re-verifiable offline against a published JWKS.

On insertion point: admission-time, just before the privileged tool call executes, is where it has held up, since that is the last moment the current authority and the exact call are both known. Offered as a live reference, not a request for integration.

AlgoVoi (chopmob-cloud) -- docs.algovoi.co.uk/compliance-receipt

[chopmob-cloud]

For Semantic Kernel specifically this is shipping today, not a paper shape. algovoi-plugin-semantic-kernel (0.1.1) is on PyPI:

pip install algovoi-plugin-semantic-kernel[semantic-kernel]

It registers as a Kernel plugin exposing screen_recipient, which returns a categorical compliance outcome (ALLOW / REFER / DENY) before a tool call settles, alongside create_payment / verify_payment / get_compliance_status. The outcome is the load-bearing field, not a numeric score: a REFER can carry a reporting obligation that a DENY does not, so it stays categorical end to end.

Each screen maps to a signed scoped-authorization receipt from the live deployment (EdDSA / Ed25519 JWS over JCS-canonical bytes, did:web key at api.algovoi.co.uk/.well-known/did.json), so the verdict re-verifies offline from the retained bytes alone, with no callback to the issuer.

AlgoVoi (chopmob-cloud) -- docs.algovoi.co.uk/integrations/ai-frameworks