Verify the RFC 9421 Ed25519 Web Bot Auth signature base, zero network (art-129) → validate the /.well-known/http-message-signatures-directory JWKS and keyid resolution (art-130) → validate the Signature Agent Card and emit an identity-trust verdict (art-131). Agent verifies agent, zero network, no human.
verify_webbotauth_signature{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "verify_webbotauth_signature",
"arguments": {
"covered_components": [
{ "name": "method", "value": "POST" },
{ "name": "@authority", "value": "api.example.com" },
{ "name": "@path", "value": "/agent/v1/execute" }
],
"signature_params": "(\"method\" \"@authority\" \"@path\");created=1750000000;keyid=\"key-2026-06\";tag=\"web-bot-auth\";alg=\"ed25519\"",
"signature_b64": "ruUab1uVdHazfuOcU0E4qLcTnOM2Z7zYHiluP5qxDZkKbw8EjPNarFHL7G2fS2DhnFH1xlpbihrIkOm8jwxIDA==",
"public_key_jwk": { "kty": "OKP", "crv": "Ed25519", "x": "WrHvnND7oaWfvrGxUU3FNeJaQDwYj4K3e5fl0fH5p2g" },
"alg": "ed25519",
"expected_tag": "web-bot-auth",
"created": 1750000000,
"now_unix": 1750003600,
"max_age_s": 3600
}
},
"id": 1
}
validate_signature_directory{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "validate_signature_directory",
"arguments": {
"well_known_path": "/.well-known/http-message-signatures-directory",
"keyid": "key-2026-06",
"directory_jwks": {
"keys": [
{
"kty": "OKP",
"crv": "Ed25519",
"kid": "key-2026-06",
"x": "WrHvnND7oaWfvrGxUU3FNeJaQDwYj4K3e5fl0fH5p2g"
}
]
}
}
},
"id": 2
}
validate_signature_agent_card{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "validate_signature_agent_card",
"arguments": {
"card": {
"name": "TradeAgent-v1",
"operator": "Acme Corp",
"expected_request_rate": 100,
"keys": [{ "kid": "key-2026-06" }]
},
"directory_keyids": ["key-2026-06", "key-2026-07-next"]
}
},
"id": 3
}