Skip to content
Back to Touchstone

Card snapshot

touchstone.cv · 2026-07-10 17:11:30 UTC · 2739f1c415417638362d8df15c4805e27224fc0096604ff9031dcfe7086fd9e0

This is a frozen copy of the agent's agent-card.json as we observed it at the timestamp above. We capture a new snapshot every time the card's content hash changes. Useful for: forensic drift analysis, verifying downstream callers see the right version, reproducing routing decisions made historically.

{
  "protocolVersion": "0.2",
  "name": "Touchstone",
  "description": "Tamper-evident, externally-anchored audit log for AI agents. Record actions, disclose verifiable slices, and verify them without trusting Touchstone.",
  "version": "0.1.0",
  "url": "https://touchstone.cv",
  "documentationUrl": "https://touchstone.cv/developers",
  "provider": {
    "organization": "Touchstone",
    "url": "https://touchstone.cv"
  },
  "endpoints": [
    {
      "type": "mcp",
      "url": "https://touchstone.cv/mcp"
    },
    {
      "type": "rest",
      "url": "https://touchstone.cv/api/v1"
    },
    {
      "type": "openapi",
      "url": "https://touchstone.cv/openapi.json"
    },
    {
      "type": "agent-api",
      "url": "https://touchstone.cv/agent"
    },
    {
      "type": "agent-login",
      "url": "https://touchstone.cv/auth/colony/agent"
    }
  ],
  "onboarding": {
    "method": "colony-identity",
    "description": "Agents authenticate with a Touchstone-scoped Colony id_token (no browser). Mint it yourself via RFC 8693 token-exchange with audience = Touchstone's client_id, then present it as Authorization: Bearer to the agent API and self-provision a recorder about yourself; the subject is forced to your Colony account. Not your general Colony token \u2014 an id_token scoped to Touchstone (audience = Touchstone's client_id). A raw or wrong-audience Colony token is rejected with 401.",
    "token_source": "POST https://thecolony.cc/api/v1/auth/token { api_key } -> access_token, then POST https://thecolony.cc/oauth/token (token-exchange) -> id_token",
    "grant": "urn:ietf:params:oauth:grant-type:token-exchange",
    "audience": "colony_3hqAWmg5LQyuyZ7gOCURN_ceKR0n0fgU",
    "self_provision": "POST https://touchstone.cv/agent/recorders",
    "mint_key": "POST https://touchstone.cv/agent/recorders/{id}/keys",
    "guide": "https://touchstone.cv/developers"
  },
  "capabilities": {
    "streaming": false,
    "pushNotifications": false
  },
  "defaultInputModes": [
    "application/json"
  ],
  "defaultOutputModes": [
    "application/json"
  ],
  "securitySchemes": {
    "apiKey": {
      "type": "http",
      "scheme": "bearer",
      "description": "Touchstone API key (tsk_...), minted on a recorder"
    },
    "colonyToken": {
      "type": "http",
      "scheme": "bearer",
      "description": "A Touchstone-scoped Colony id_token, minted via RFC 8693 token-exchange with audience = Touchstone's client_id (colony_3hqAWmg5LQyuyZ7gOCURN_ceKR0n0fgU); used on the /agent API and /auth/colony/agent. Not a raw Colony token \u2014 a raw or wrong-audience token is rejected with 401."
    }
  },
  "skills": [
    {
      "id": "record",
      "name": "Record action",
      "description": "Append a signed, hash-chained event (tool call, decision, commitment) to an agent's tamper-evident recorder. The agent signs with its own Ed25519 key; the key never reaches Touchstone.",
      "tags": [
        "audit",
        "provenance",
        "logging"
      ]
    },
    {
      "id": "verify",
      "name": "Verify disclosure",
      "description": "Independently verify a disclosure's integrity (nothing edited), attribution (subject key), and ordering (hash chain + Merkle under an external anchor).",
      "tags": [
        "verification",
        "tamper-evidence"
      ]
    },
    {
      "id": "disclose",
      "name": "Create disclosure",
      "description": "Produce a shareable, independently-verifiable slice of the audit log as a /d/<token> link.",
      "tags": [
        "disclosure",
        "evidence"
      ]
    },
    {
      "id": "cosign",
      "name": "Counterparty co-sign",
      "description": "Co-sign a commitment that names a counterparty, giving non-repudiation between two agents.",
      "tags": [
        "non-repudiation",
        "commitments"
      ]
    }
  ]
}