- Eliminate the "tid" claim; "jti" now serves as both token ID (for
replay detection) and task ID (for DAG parent references in "par")
- Make "pol" and "pol_decision" OPTIONAL (must be paired when present)
- Regulated deployments SHOULD still include policy claims
- Reduces required ECT-specific claims to just "exec_act" and "par"
- Remove "tid" from IANA JWT Claims registration
- Update all examples, pseudocode, and DAG validation rules
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ect library: create, verify, DAG validation, ledger interface
- In-memory ledger and ECTStore for full ledger mode
- Test vectors and unit tests; two-agent demo (cmd/demo)
- README: document refimpl scope and usage
Co-authored-by: Cursor <cursoragent@cursor.com>
ECTs can now be deployed without a centralized ledger. Three modes
are defined: point-to-point (agents pass parent ECTs inline via HTTP
headers), deferred ledger (collect ECTs in-flight, submit later), and
full ledger (immediate append, RECOMMENDED for regulated environments).
DAG validation is generalized to work against an "ECT store" which
can be either a ledger or the set of inline parent ECTs received in
the request.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add paragraph in Policy Claims section explicitly stating that
policy definition, distribution, and evaluation are out of scope.
The pol claim is an opaque identifier; any policy engine may be
used provided outcomes are faithfully recorded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add build.sh that auto-discovers kramdown-rfc2629 and xml2rfc
regardless of PATH configuration, generates XML, TXT, and HTML
in one step.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove RFC 2119 and RFC 8174 from normative YAML block since the
BCP 14 boilerplate directive adds them automatically, causing
duplicate reference warnings. Rebuild draft with zero warnings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove RFC 3339 from normative references (not cited in text;
timestamps use NumericDate per RFC 7519). Change bank.com to
bank.example in compensation use case per RFC 2606.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ECT workflow identifier (wid) can serve as a correlation point
in SCITT Signed Statements, bridging per-step execution accountability
with end-to-end supply chain transparency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the clinical treatment recommendation workflow with a
software development lifecycle (SDLC) workflow covering spec
review, code generation, autonomous testing, build validation,
and HITL release approval. Add FDA audit subsection showing DAG
reconstruction for regulatory evidence review. Update Example 2
in appendix with matching detailed JSON examples for all 5 SDLC
phases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Initial submission of draft-nennemann-wimse-execution-context-00,
defining Execution Context Tokens (ECTs) as a WIMSE extension for
distributed agentic workflows in regulated environments.
ECTs provide cryptographic proof of task execution order, policy
enforcement decisions, and compliance state using JWT/JWS format
with DAG-structured task dependencies.
Key features:
- 17 new JWT claims for execution context tracing
- Execution-Context HTTP header for token transport
- DAG validation with cycle detection and temporal ordering
- Audit ledger interface specification
- Integration with WIMSE WIT/WPT signing model
- Use cases: medtech, finance, logistics, compensation/rollback
Includes master-prompt.md with design rationale and iteration plan.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
