Jul 17, 2026
Canonical Action Identity Emerges as an Agent Governance Primitive
CAVA proposes a portable way to bind agent approvals, policy decisions, and audit receipts to action meaning across heterogeneous runtimes.
Topic intelligence
Editorial reporting and normalized Signal records connected to this coverage area.
3 briefs
Daily editorial synthesis whose front matter identifies this topic as a primary coverage area.
Jul 17, 2026
CAVA proposes a portable way to bind agent approvals, policy decisions, and audit receipts to action meaning across heterogeneous runtimes.
Jul 14, 2026
Fictional fixtureFictional test coverage of approval checkpoints, autonomous-agent policy, and runtime attestation.
Jul 13, 2026
Fictional fixtureFictional test coverage of layered agent security, scoped authorization, and bounded payment controls.
6 records
Structured event records explicitly categorized under this topic, preserving source status, confidence, limitations, and analysis.
KB-SIGNAL-20260717-001ProposalSource
CAVA: Canonical Action Verification and Attestation for Runtime Governance of Agentic AI Systems
Verified
Jul 17, 2026
Jurisdiction
Global
Factual summary
CAVA proposes converting agent activity from shell, MCP, browser, API, workflow, and managed-agent runtimes into versioned canonical action objects. Policy decisions, approvals, execution evidence, and optional attestations bind to deterministic fingerprints over action semantics rather than raw text or runtime-native identifiers. The paper reports results from 96 seed scenarios expanded into 384 controlled runtime variants.
Domain impact
Canonical action identity could give agent authorization and audit systems a portable object for comparing actions across runtimes, limiting approval drift, verifying receipt integrity, and disclosing whether a deployment can observe, warn, gate, or block before side effects occur.
Keelbase analysis
The durable signal is the distinction between recording an event and identifying the operational action that authority governed. CAVA supplies a useful schema, threat model, and buyer-evaluation vocabulary, but its perfect controlled-corpus scores should not be treated as universal validation. External traces, independent reproduction, broader parser coverage, and adversarial testing remain necessary.
KB-SIGNAL-20260714-001AnnouncedSource
Keelbase Signal fictional fixture
Verified
Jul 14, 2026
Jurisdiction
Global
Factual summary
A fictional framework release announces durable workflow checkpoints that pause consequential agent actions until a named reviewer approves or rejects them.
Domain impact
Agent platforms could make long-running work more inspectable while preserving human authority over consequential state changes.
Keelbase analysis
The fixture tests coverage of shipped governance capabilities and the distinction between announced functionality and verified deployment behavior.
KB-SIGNAL-20260714-002ProposalSource
Keelbase Signal fictional fixture
Verified
Jul 14, 2026
Jurisdiction
Global
Factual summary
A fictional public consultation proposes identity, audit, incident-reporting, and human-override requirements for agents that transact on behalf of organizations.
Domain impact
Providers serving regulated markets could face clearer expectations for attribution, traceability, intervention, and evidence retention.
Keelbase analysis
The fixture demonstrates policy coverage without presenting legal conclusions or implying that a proposal has become binding law.
KB-SIGNAL-20260714-003ConfirmedSource
Keelbase Signal fictional fixture
Verified
Jul 14, 2026
Jurisdiction
Global
Factual summary
A fictional infrastructure consortium publishes a profile for verifying runtime identity, software measurements, and signed execution evidence before granting tool access.
Domain impact
Attestation could help authorization systems distinguish an approved runtime from an unverified environment, while leaving behavioral safety unproven.
Keelbase analysis
The fixture preserves the boundary between verifiable runtime properties and unsupported claims that secure infrastructure guarantees safe agent behavior.
KB-SIGNAL-20260713-001ConfirmedSource
Keelbase Signal fictional fixture
Verified
Jul 13, 2026
Jurisdiction
Global
Factual summary
A fictional framework separates infrastructure, tool, agent-behavior, and model risks so each layer can use evidence suited to its attack surface.
Domain impact
Security teams would need distinct controls for deterministic infrastructure findings, semantic tool risks, behavioral failures, and model-level attacks.
Keelbase analysis
The fixture illustrates why governed agent systems need layered safeguards instead of treating every failure as a prompt problem.
KB-SIGNAL-20260713-002AnnouncedSource
Keelbase Signal fictional fixture
Verified
Jul 13, 2026
Jurisdiction
Global
Factual summary
A fictional agent platform announces identities that bind tool access to a named service account, explicit scope, and auditable authorization policy.
Domain impact
Scoped identities could reduce ambient authority and make delegated agent actions easier to review, revoke, and attribute.
Keelbase analysis
The fixture tests Signal coverage of authorization changes without making claims about Keelbase architecture or private implementation.