This document summarizes the current FIDES v2 Agent Trust Fabric state for local evaluation and OSS review. It is not a production-readiness claim for the entire protocol roadmap.
FIDES v2 is a TS-first, Rust-adapter-ready trust fabric for autonomous agent systems. The current implementation provides local-first identity, signed AgentCards, candidate-only discovery, capability-specific trust and reputation, policy-before-execution, delegation, scoped sessions, signed invocation, runtime attestation primitives, evidence, revocation, incidents, kill switches, CLI, local daemon HTTP API, SDK, examples, demo, and adversarial simulation.
The implementation keeps the core protocol constraints explicit:
- discovery does not grant authority
- identity does not equal trust
- trust score does not equal permission
- policy is evaluated before execution
- signed protocol objects use one canonical signing model
- evidence defaults toward privacy-aware hash-only or redacted records
- Rust is optional and adapter-ready rather than required
- Canonical JSON signing and Ed25519 verification primitives.
- Typed
ErrorEnvelopevocabulary on root v2 API/SDK/CLI failure paths. - Policy-before-execution hooks for revocation, incidents, runtime attestation, approval, kill switch, dry-run, and scope limits.
- Issuer-bound canonical
DelegationTokenV2signatures and payload-hash validation. - Scoped
SessionGrantV2records with protocol version negotiation. - Canonical signed
InvocationRequestand signed invocation result support. - Hash-chained evidence verification and export.
- Publishable package hygiene and dry-run pack gates for public packages.
- OpenAPI and CLI surface audits.
- Local
agentdroot v2 API and local state store. - Promise-based
FidesClientSDK. agentdCLI for identity, AgentCards, discovery, trust, reputation, policy, sessions, invocation, evidence, revocation, incidents, kill switch, registry, relay, DHT, demo, and adversarial simulation.- Full local demo and adversarial simulation endpoints.
- Example agents for calendar, invoice, payment dry-run, requester, and malicious simulation flows.
- Registry discovery.
- Relay presence and rendezvous hints.
- DHT pointer records.
- Federation discovery.
- MockTEE runtime attestation provider.
- Generic payment flow is dry-run only; payment execution remains Sardis-owned.
- AGIT/Rust primitive bridge for hashing, canonicalization, hash chain, Merkle, and DAG-style evidence primitives.
- libp2p/Kademlia DHT provider boundary.
- Relay transport boundary.
- Real TEE/build/container attestation provider boundaries.
- MCP, A2A, OAPS, OSP, AP2, x402, and Sardis interop adapter contracts.
- Federation peering and propagation contracts.
Local verification has passed with:
pnpm verify
pnpm smoke:agentd
pnpm package:hygiene
pnpm package:packcheck
pnpm api:audit
pnpm cli:audit
pnpm examples:audit
pnpm rust-adapter:auditpnpm smoke:agentd starts an isolated local daemon and exercises root
pnpm agentd CLI flows for demo, signed invocation, canonical signed
delegation-token session creation, all-provider discovery, and adversarial
simulation.
The CI workflow runs both pnpm verify and pnpm smoke:agentd, so the same
local gates are enforced on pull requests before the Docker smoke job runs.
pnpm package:hygiene also enforces non-placeholder README coverage for every
publishable package boundary.
- The full FIDES v2 pivot is not complete.
- Several target package boundaries are facades over
packages/corerather than independent implementations. - Registry, relay, DHT, and federation are local mock/simulator surfaces, not production networks.
- Real TEE providers are adapter-ready but not implemented.
- Local key material is prototype-grade and should be hardened before production use.
- Remote CI has not been checked in the current local session unless a PR or CI run explicitly says otherwise; the workflow is configured to run the full verify gate and the agentd DX smoke.
- The branch may need to be pushed before external review.
Before cutting an external release:
- Run
pnpm verify. - Run
pnpm smoke:agentd. - Confirm
.github/workflows/ci.ymlpasses remotely. - Confirm
scripts/print-public-package-dirs.mjsmatches intended packages. - Review
docs/status/fides-v2-implementation-status.md. - Update this file with the final tag, date, commit range, and known limits.
- Do not describe local mock or adapter-ready surfaces as production-ready.
## vX.Y.Z - YYYY-MM-DD
### Added
- ...
### Changed
- ...
### Verification
- `pnpm verify`
- `pnpm smoke:agentd`
- Remote CI: <link>
### Known Limits
- ...