Governance metadata in A2A Agent Cards, shipping the superset
Source: Dev.to
Reference Implementation
We shipped a reference implementation under extensions.asqav.governance inside the standard AgentCard envelope. Three fields carry the posture:
trust_scoreretention_ttl_secondsderivation_rights
The extension is signed with the agent’s own ML-DSA-65 keypair. Documentation: .
Example Agent Card
{
"name": "research-agent",
"url": "https://agents.example.com/research",
"extensions": {
"asqav.governance": {
"version": 2,
"agent_id": "agt_x7y8z9",
"trust_score": 0.82,
"retention_ttl_seconds": 2592000,
"derivation_rights": {
"retention_permitted": true,
"derivative_works": false,
"third_party_sharing": false,
"license_reference": "https://example.com/licenses/research-v1"
},
"issued_at": "2026-04-19T12:00:00+00:00",
"expires_at": "2026-04-26T12:00:00+00:00",
"signature": "...",
"public_key": "..."
}
}
}Scoring Model
A discrete L0‑L3 grade hides real signal. An agent that ran clean 90 days ago then went silent is epistemically different from one that has handled a thousand signed actions. A decaying score separates them:
- Positive evidence: 45‑day half‑life. Each successful signed action contributes weight
0.5 ^ ((now - t) / 45 days). - Negative events (suspensions, revocations): full‑weight penalties that do not decay.
Derivation reads signed records only, so independent verifiers get the same number.
Derivation Rights
derivative_works: false alone is a coarse intent signal; its meaning can vary across organizations (e.g., “do not train on my outputs,” “do not fine‑tune downstream,” “do not incorporate into product”). The license_reference pins down the actual contract—whether a CC license, a bespoke DUA, or a proprietary TOS—providing both machine‑readable gating and human‑readable legal terms in the same envelope.
Signature and Key Rotation
Each agent signs its own extension with its own ML‑DSA‑65 keypair. The public key is embedded in the signed envelope at issuance time, not fetched by reference. When a key rotates, old attestations remain verifiable forever because the bytes needed to check the signature are already inside the envelope. A third party that captured an attestation in February does not need to call back to ASQAV in October to confirm it.
curl https://api.asqav.com/api/v1/public/attestation/agt_x7y8z9Discovery Endpoints
- Platform discovery (standard A2A):
GET /.well-known/agent.json - Per‑agent cards:
GET /api/v1/agents/{id}/card
Parse the response like any A2A card and inspect the extensions field if you care about governance posture.