ietf-draft-analyzer/workspace/SESSION-2026-04-12.md

Session Handoff — 2026-04-12 (ACT / ECT IETF Strategy)

Purpose: Cold-start snapshot for the next session. Read this plus workspace/STRATEGY.md to pick up without re-discovery.

---

1. Session Date & Context

• Date: 2026-04-12
• Trigger: Between 2026-04-07 and 2026-04-11, 14+ competing IETF individual drafts and 7+ high-relevance arXiv papers appeared in the agent-authorization / execution-accountability space. The window to plant ACT + ECT as the standards-track home for this family is now narrow. IETF 123 (July 2026) is the landing target.
• Work mode: Strategic consolidation — renames, restructure, diff documents, outreach drafts, interop plan. No new normative content added beyond what the existing drafts already carried.

---

2. Key Decisions Made This Session

1. par → pred claim rename (ACT). Aligns the ACT predecessor claim with ECT's identical pred claim so both specs use the same wire token for DAG parent references. Applied across draft text, refimpl, tests.

2. "Agent Compact Token" → "Agent Context Token" rename (ACT). Preserves the "ACT" acronym. "Context" better describes what the token carries (invocation context — DAG refs, task metadata, capabilities, delegation chain, oversight) and creates a clean semantic pair with ECT (Execution Context Token).

3. Package split into sibling packages ietf-act + ietf-ect (no shared core). Moved from monorepo with shared module to workspace/packages/act/ and workspace/packages/ect/ as independent packages. Decision: do not build a shared-core library — the two specs have intentionally different scope, and forcing shared abstractions obscures that. Cross-spec guarantees are documented and tested via a separate packages/interop/ plan.

4. Position Option B chosen: ECT is a WIMSE profile that normatively references ACT. ACT is the general-purpose primitive, ECT is the WIMSE-identity-bound execution profile. This lets ECT be submitted for WIMSE WG adoption while ACT stays on the independent-submission path (no WG dependency), and they cite each other cleanly.

5. inp_hash / out_hash format divergence acknowledged, not unified this session. ACT emits plain base64url; ECT validator requires sha-256:<b64url> prefix. Documented as expected-xfail in the interop test plan rather than forced into alignment — spec-level decision deferred.

---

3. Artifacts Produced / Updated This Session

Path (relative to workspace/)	Purpose
STRATEGY.md	Master strategy doc — landscape, positioning, phased action plan, risk register, success criteria
packages/act/draft-nennemann-act-01.md	ACT -01 draft; new §1.4.1 Related Work (concurrent proposals), new §1.5 Applicability (MCP/OpenAI/LangGraph/A2A/CrewAI/ECT), new §7.3 DAG vs Linear Delegation Chains
packages/act/ (ietf-act refimpl)	103 tests passing after pred and Context rename
packages/ect/ (ietf-ect refimpl)	56 tests passing; inp_hash bug fixed (removed stale sha-256: transformation in emitter path)
packages/INTEROP-TEST-PLAN.md	Planned packages/interop/tests/test_interop.py structure — shared-claim consistency, algorithm matrix, DAG cross-reference, claim divergence, anti-goals; user-facing compatibility matrix
drafts/ietf-wimse-ect/draft-nennemann-wimse-ect.md	ECT -02 (docname draft-nennemann-wimse-ect-02); normative ref to I-D.nennemann-act added
drafts/ietf-wimse-ect/DIFF-vs-txn-tokens-for-agents.md	~1235-word factual diff doc vs draft-oauth-transaction-tokens-for-agents-06 — claim-level matrix, lifecycle comparison, composition scenarios
drafts/ietf-wimse-ect/wimse-intro-email.md	~390-word introduction email for wimse@ietf.org
drafts/ietf-wimse-ect/ietf123-slides-outline.md	10-minute WIMSE slot outline: 10 slides, pacing plan, Mermaid diagrams for WIT/WPT/ECT layering and DAG-vs-linear, speaker notes, timing-discipline cuts
drafts/outreach/emirdag-liaison-email.md	Liaison email to Dr. Emirdag on SCITT-AI-agent-execution overlap; proposes cross-citation, claim alignment, possible joint IETF 123 slot
drafts/outreach/oauth-ml-response.md	Short oauth@ietf.org response to Txn-Tokens-for-Agents-06; frames ACT pred DAG as generalization of Raut et al.'s linear actchain

---

4. Open Action Items (what the user does next)

Phase A items from STRATEGY.md still require execution:

• A1: Update ECT HTTP header section — replace Wimse-Audience header with wimse-aud signature metadata parameter per draft-ietf-wimse-http-signature-03 (breaking change upstream, published 2026-04-07).
• A2: Update SCITT refs in ACT to draft-ietf-scitt-architecture-22 (AUTH48); note "to be RFC-XXXX upon publication".
• A3: Lock Txn-Tokens refs in ACT/ECT to draft-ietf-oauth-transaction-tokens-08.
• A7: Commit workspace + research.ietf subrepo changes.

Phase B outreach items (drafted but not sent):

• B1: Send Emirdag liaison email (drafts/outreach/emirdag-liaison-email.md).
• B2: Submit ACT -01 to datatracker.
• B3: Submit ECT -02 to datatracker.
• B4: Post ECT intro email to wimse@ietf.org, link DIFF doc.
• B5: Post OAuth ML response to oauth@ietf.org.
• B6: Request 10-min WIMSE slot at IETF 123.
• B7: Watch DAWN WG charter formation.

---

5. Pending Decisions (need user input)

• Emirdag engagement depth: liaison citation only, co-authorship offer on a joint anchoring section, or just passive cross-citation? The drafted email leaves all three doors open — pick one before sending.
• Refimpl publication to PyPI: package names ietf-act and ietf-ect are reserved but not published. User approval required before any twine upload.
• Repo strategy: single monorepo for both drafts, or split into separate Git repos so each draft has its own "home" for kramdown-rfc / datatracker watchers? Current state is monorepo.
• IETF 123 travel: in person (Madrid) or remote? Affects slide-prep cadence and whether to plan side meetings with Emirdag / Bertocci.
• Hash encoding alignment (ACT plain b64url vs ECT sha-256: prefix): decide which spec moves, or keep divergence documented. Interop plan currently pins it as xfail.

---

6. Known Landscape Threats (top 3)

1. draft-oauth-transaction-tokens-for-agents-06 (Raut / Amazon, 2026-04-11). Linear actchain at OAuth AS layer — directly in the same conceptual neighborhood as ACT. If this gets OAuth WG adoption before ACT is visible, ACT has to position as "DAG generalization / no-AS variant" instead of the default.
2. draft-emirdag-scitt-ai-agent-execution-00 (VERIDIC, 2026-04-07). AIR (AgentInteractionRecord) as SCITT payload. Not a direct competitor but overlapping on input/output hashing, reasoning capture, causality. Risk: if adopted first, ACT looks redundant unless positioned as the lifecycle that AIR anchors.
3. arXiv 2603.24775 (AIP / IBCTs). Closest technical competitor — JWT + Biscuit/Datalog, exposes auth gap on ~2000 MCP servers, same peer-to-peer-without-AS story. Not an IETF draft so no WG adoption risk, but could become the citation of record in academic / industry press if ACT is not visible fast.

(Full landscape table: STRATEGY.md §3.)

---

7. Next Session Starting Points (first 3 things)

1. Read docs/control-center.md (workspace root) and workspace/STRATEGY.md; confirm Phase A is still the active phase.
2. Execute A1 — patch ECT's HTTP header section to the wimse-aud signature parameter form. This is the most urgent technical fix; it's a breaking upstream change from draft-ietf-wimse-http-signature-03 and blocks ECT -02 submission.
3. Execute A2 + A3 — refresh SCITT and Txn-Tokens reference versions in both drafts so the submission snapshot is current. After A1–A3, move to Phase B (submissions + outreach sends).

---

8. Reference State Snapshot

• ACT refimpl: packages/act/ — 103 tests pass, pred + Context rename done, EdDSA + ES256 both supported.
• ECT refimpl: packages/ect/ — 56 tests pass, inp_hash fix applied, ES256 only, exec+jwt typ (legacy wimse-exec+jwt still accepted).
• Interop package: not yet created; plan is in packages/INTEROP-TEST-PLAN.md.
• Draft versions: ACT at -01, ECT at -02 (docname: draft-nennemann-wimse-ect-02).
• No submissions on datatracker yet this session (pending Phase A completion).