Compliance Checklist
Use this as a self-audit before claiming INK v0.1 compliance. Items are grouped by domain. Each item is marked MUST (required for interop), SHOULD (strongly recommended), or MAY (optional extension).
Identity and keys
- MUST Publish an Agent Card with
keys.signing(Ed25519) andkeys.encryption(X25519) key sets. Each entry carrieskeyId,algorithm,publicKey,status(active/retired/revoked), and validity timestamps. - MUST Publish a discoverable agent endpoint (e.g. a service entry in the DID document) so counterparties can fetch the Agent Card.
- MUST Ensure Agent Card
endpoint,inboxEndpoint, and eachcapabilities.thirdPartyAudit.services[].endpointpass theisInkEndpointUrlgrammar (lowercasehttps://only, host required, no userinfo, no fragment, at most 2048 UTF-8 bytes, no control characters or whitespace or backslash, well-formed percent escapes, optional port in 1..65535); rejectinboxEndpointthat differs fromendpointwhen both are present. - MUST Apply the key-rotation authority rule:
activeandretiredkeys verify within their validity windows;revokedkeys never verify, including for historical artifacts. - MUST Document the PDS trust level the implementation operates at.
Transport authentication
- MUST Verify Ed25519 signatures on every inbound INK message using the sender’s
keys.signingset. The signature base binds protocol version, HTTP method, request path, recipient DID, JCS-canonical body, and timestamp. - MUST Enforce replay protection on every inbound message: reject
timestampmore than 5 minutes old or 30 seconds in the future, and reject duplicatenoncevalues within that window. Reference implementations get this fromverifyInkAuthwhen aNonceStoreis supplied, or by callingcheckReplay(or equivalent) in the request pipeline. - MUST Return structured error responses for all failure cases. See Error Codes.
- MUST Include a valid
protocolin all outbound messages:ink/0.1by default, orink/0.2only when sending to a receiver that advertises it (see Discovery).
Intents and resolutions
- MUST Accept
POST /ink/v1/intentwith a valid INK message envelope. - MUST Implement HITL escalation for any intent where
autonomyPolicy.maxAutonomyLevelis notfull. - MUST Store resolutions as local application data with export support.
Encryption
- MUST Encrypt
schedule_meeting,context_share, andmulti_party_syncintent payloads using theInkEncryptedPayloadwire format. Reject plaintext for these types. - MUST Decrypt inbound
InkEncryptedPayloadenvelopes: verify signature and replay protection before decryption, verify inner / outerfrommatch after decryption.
Visibility and connections
- MUST Support
network.tulpa.connectionmutual record verification forconnections-level visibility.
Receipts (optional)
- MAY Accept
POST /ink/v1/receiptfor delivery receipts and advertise receipt capabilities in the Agent Card.
Audit (optional)
- MAY Accept
POST /ink/v1/auditfor audit exchange and maintain a hash-chained audit log. - MUST (if audit is supported) Consumers of audit responses run both the response-signature gate AND a chain-continuity gate (strictly +1 sequence within a slice,
previousEventHashlinkage, duplicate-sequence fork detection). The library exposes these asverifyAuditResponseSignatureandverifyAuditEventChain.
Authorization chains (optional)
- MAY Support multi-hop authorization chains with delegation proof verification.
Self-audit summary
| Domain | Items |
|---|---|
| Identity and keys | 4 MUST |
| Transport authentication | 4 MUST |
| Intents and resolutions | 3 MUST |
| Encryption | 2 MUST |
| Visibility and connections | 1 MUST |
| Receipts | 1 MAY |
| Audit | 1 MAY + 1 conditional MUST |
| Authorization chains | 1 MAY |
Implementations that meet every MUST in the required domains are conformant with INK v0.1. MAY items are optional extensions; if a MAY domain is implemented, the conditional MUST items inside that domain become required.
Rejecting an unknown protocol value is a baseline schema requirement that applies to every implementation regardless of ink/0.2 support: the envelope schema accepts only ink/0.1 or ink/0.2.
The conformance target is the packaged conformance/v1 corpus, indexed by conformance/v1/manifest.json. It covers the categories principal-normalization, signature-base, jcs-number, jcs-string-safety, key-rotation, replay-freshness, timestamp-validity, merkle-inclusion, merkle-consistency, merkle-checkpoint, merkle-leaf, inclusion-receipt, audit-query-response, handshake-message, connection-payload, and agent-card. An implementation MUST make the same accept or reject decision as the reference on every vector in each category it claims. See Test Vectors.
Supporting ink/0.2 is an optional capability on top of v0.1 conformance, not a separate compliance tier. An implementation that opts in MUST select the body-signature domain from the signed protocol field (ink/sign\n for ink/0.2, tulpa/sign\n for ink/0.1) and SHOULD advertise the versions it verifies in its Agent Card supportedProtocolVersions array. A receiver that does neither remains a conformant ink/0.1-only implementation. See Discovery & Transport.