{"service":"Keelbase Signal","api_version":"1.0.0","preview_version":"1.0.0","data_status":"publication","publication":{"title":"Canonical Action Identity Emerges as an Agent Governance Primitive","description":"CAVA proposes a portable way to bind agent approvals, policy decisions, and audit receipts to action meaning across heterogeneous runtimes.","slug":"canonical-action-identity-agent-governance","report_date":"2026-07-17","published_at":"2026-07-17T03:36:00Z","updated_at":"2026-07-17T03:36:00Z","status":"published","is_fixture":false,"topics":["agent_governance_authorization","agent_infrastructure_security"],"correction_of":null},"preview":{"bounded":true,"record_limit":2,"available_record_count":1,"returned_record_count":1,"truncated":false},"warnings":["Factual reporting and Keelbase analysis are provided in separate fields.","Third-party source rights are not transferred with this preview.","This bounded preview does not contain the complete paid daily product."],"records":[{"record_id":"KB-SIGNAL-20260717-001","schema_version":"1.0.0","report_date":"2026-07-17","event_date":"2026-07-15","published_at":"2026-07-15T11:34:34Z","verified_at":"2026-07-17T03:34:00Z","headline":"CAVA proposes canonical action identities for governing agents across heterogeneous runtimes","source":{"name":"CAVA: Canonical Action Verification and Attestation for Runtime Governance of Agentic AI Systems","url":"https://arxiv.org/abs/2607.13716","type":"primary_data","status":"proposal"},"classification":{"topics":["agent_governance_authorization","agent_infrastructure_security"],"entities":["Zexun Wang","Ond Holdings Inc.","CAVA","OSuite"],"jurisdictions":["Global"]},"factual_reporting":{"summary":"CAVA proposes converting agent activity from shell, MCP, browser, API, workflow, and managed-agent runtimes into versioned canonical action objects. Policy decisions, approvals, execution evidence, and optional attestations bind to deterministic fingerprints over action semantics rather than raw text or runtime-native identifiers. The paper reports results from 96 seed scenarios expanded into 384 controlled runtime variants."},"keelbase_analysis":{"domain_impact":"Canonical action identity could give agent authorization and audit systems a portable object for comparing actions across runtimes, limiting approval drift, verifying receipt integrity, and disclosing whether a deployment can observe, warn, gate, or block before side effects occur.","editorial_analysis":"The durable signal is the distinction between recording an event and identifying the operational action that authority governed. CAVA supplies a useful schema, threat model, and buyer-evaluation vocabulary, but its perfect controlled-corpus scores should not be treated as universal validation. External traces, independent reproduction, broader parser coverage, and adversarial testing remain necessary.","affected_systems":["agent runtime adapters","authorization policy engines","human approval workflows","audit and receipt verifiers","MCP tool gateways","browser automation controls","workflow orchestration systems","attestation infrastructure"]},"assessment":{"impact_level":"medium","confidence":"medium","limitations":["The source is an arXiv v1 preprint and its peer-review status is not established.","The benchmark corpus and comparison baselines were designed by the paper's author.","Keelbase Signal did not independently execute or reproduce the benchmark.","The public corpus is small relative to the diversity of enterprise agent runtimes.","Production parser packs, enterprise thresholds, customer connector rules, and managed evidence components are withheld.","Azure cases are semantic deployment drills rather than live mutating cloud tests.","Canonical fingerprints and intact receipts do not prove that an action was safe, appropriate, or correctly approved.","Observe-only runtime coverage is not equivalent to inline enforcement."]},"correction":{"supersedes":null,"superseded_by":null,"correction_reason":null}}],"links":{"human_brief":"https://signal.keelbase.io/briefs/canonical-action-identity-agent-governance","api_documentation":"https://signal.keelbase.io/api","catalog":"https://signal.keelbase.io/api/v1/catalog","openapi":"https://signal.keelbase.io/openapi.json","methodology":"https://signal.keelbase.io/methodology","corrections":"https://signal.keelbase.io/corrections"}}