A2A Extension · v1
Fidacy Trust-Verdict Extension
A formal A2A extension. An agent declares in its Agent Card that it carries a Fidacy trust verdict, a signed approve / review / deny decision that anyone can verify independently, without trusting Fidacy. Clients opt in.
This extension names behavior the Fidacy engine already ships. It does not invent a new verdict format: the verdict travels in the existing
risk_data (AP2) or Task.metadata (A2A) containers, and the signed EdDSA JWS is the source of truth. Canonical spec and schema live in fidacy-open/spec.Extension URI
https://fidacy.com/a2a/extensions/trust-verdict/v1
Agent Card declaration
Place this AgentExtension object in your Agent Card under capabilities.extensions[]:
{
"uri": "https://fidacy.com/a2a/extensions/trust-verdict/v1",
"description": "Carries a Fidacy trust verdict (approve/review/deny) as a signed, independently verifiable credential.",
"required": false,
"params": {
"issuer": "did:web:fidacy.com",
"jwks_uri": "https://api.fidacy.com/.well-known/jwks.json",
"trust_list_uri": "https://api.fidacy.com/.well-known/fidacy-trust-list.json",
"verify_package": "@fidacy/verify"
}
}Where the verdict rides
- ·AP2 flows (preferred):inside the Cart/Payment Mandate's
risk_datafield, as{ "fidacy": { … } }, the “implementation-defined” risk slot the AP2-over-A2A extension reserves. - ·Plain A2A flows: in
Task.metadataas{ "fidacy_assessment": { … } }. The decision also maps to an official A2A Task state ( approve → WORKING, review → AUTH_REQUIRED, deny → REJECTED ).
Verify it yourself
The convenience fields are untrusted hints until the JWS is verified. A recipient reads the compact vc_jws, fetches the public JWKS (or confirms the active key in the signed trust list), and checks the EdDSA signature with @fidacy/verify. No trust in Fidacy required.
Resources
- ·Full specification (fidacy-open/spec)
- ·Declaration JSON Schema
- ·@fidacy/verify, open-source verifier