Fidacy

A2A Extension · v1

Fidacy Trust-Verdict Extension

A formal A2A extension. An agent declares in its Agent Card that it carries a Fidacy trust verdict, a signed approve / review / deny decision that anyone can verify independently, without trusting Fidacy. Clients opt in.

This extension names behavior the Fidacy engine already ships. It does not invent a new verdict format: the verdict travels in the existing risk_data (AP2) or Task.metadata (A2A) containers, and the signed EdDSA JWS is the source of truth. Canonical spec and schema live in fidacy-open/spec.

Extension URI

https://fidacy.com/a2a/extensions/trust-verdict/v1

Agent Card declaration

Place this AgentExtension object in your Agent Card under capabilities.extensions[]:

{
  "uri": "https://fidacy.com/a2a/extensions/trust-verdict/v1",
  "description": "Carries a Fidacy trust verdict (approve/review/deny) as a signed, independently verifiable credential.",
  "required": false,
  "params": {
    "issuer": "did:web:fidacy.com",
    "jwks_uri": "https://api.fidacy.com/.well-known/jwks.json",
    "trust_list_uri": "https://api.fidacy.com/.well-known/fidacy-trust-list.json",
    "verify_package": "@fidacy/verify"
  }
}

Where the verdict rides

Verify it yourself

The convenience fields are untrusted hints until the JWS is verified. A recipient reads the compact vc_jws, fetches the public JWKS (or confirms the active key in the signed trust list), and checks the EdDSA signature with @fidacy/verify. No trust in Fidacy required.

Resources