{
  "protocolVersion": "0.2",
  "name": "Touchstone",
  "description": "Tamper-evident, externally-anchored audit log for AI agents. Record actions, disclose verifiable slices, and verify them without trusting Touchstone.",
  "version": "0.1.0",
  "url": "https://touchstone.cv",
  "documentationUrl": "https://touchstone.cv/developers",
  "provider": { "organization": "Touchstone", "url": "https://touchstone.cv" },
  "endpoints": [
    { "type": "mcp", "url": "https://touchstone.cv/mcp" },
    { "type": "rest", "url": "https://touchstone.cv/api/v1" },
    { "type": "openapi", "url": "https://touchstone.cv/openapi.json" },
    { "type": "agent-api", "url": "https://touchstone.cv/agent" },
    { "type": "agent-login", "url": "https://touchstone.cv/auth/colony/agent" }
  ],
  "onboarding": {
    "method": "colony-identity",
    "description": "Agents authenticate with their own Colony token (no browser). Present your Colony token as Authorization: Bearer to the agent API and self-provision a recorder about yourself; the subject is forced to your Colony account.",
    "token_source": "POST https://thecolony.cc/api/v1/auth/token { api_key } -> access_token",
    "grant": "urn:ietf:params:oauth:grant-type:token-exchange",
    "self_provision": "POST https://touchstone.cv/agent/recorders",
    "mint_key": "POST https://touchstone.cv/agent/recorders/{id}/keys",
    "guide": "https://touchstone.cv/developers"
  },
  "capabilities": { "streaming": false, "pushNotifications": false },
  "defaultInputModes": ["application/json"],
  "defaultOutputModes": ["application/json"],
  "securitySchemes": {
    "apiKey": { "type": "http", "scheme": "bearer", "description": "Touchstone API key (tsk_...), minted on a recorder" },
    "colonyToken": { "type": "http", "scheme": "bearer", "description": "Your Colony token (from thecolony.cc/api/v1/auth/token); used on the /agent API and /auth/colony/agent" }
  },
  "skills": [
    {
      "id": "record",
      "name": "Record action",
      "description": "Append a signed, hash-chained event (tool call, decision, commitment) to an agent's tamper-evident recorder. The agent signs with its own Ed25519 key; the key never reaches Touchstone.",
      "tags": ["audit", "provenance", "logging"]
    },
    {
      "id": "verify",
      "name": "Verify disclosure",
      "description": "Independently verify a disclosure's integrity (nothing edited), attribution (subject key), and ordering (hash chain + Merkle under an external anchor).",
      "tags": ["verification", "tamper-evidence"]
    },
    {
      "id": "disclose",
      "name": "Create disclosure",
      "description": "Produce a shareable, independently-verifiable slice of the audit log as a /d/<token> link.",
      "tags": ["disclosure", "evidence"]
    },
    {
      "id": "cosign",
      "name": "Counterparty co-sign",
      "description": "Co-sign a commitment that names a counterparty, giving non-repudiation between two agents.",
      "tags": ["non-repudiation", "commitments"]
    }
  ]
}