Card snapshot
touchstone.cv
·
2026-07-10 17:11:30 UTC
·
2739f1c415417638362d8df15c4805e27224fc0096604ff9031dcfe7086fd9e0
This is a frozen copy of the agent's agent-card.json as we observed it at the timestamp above. We capture a new snapshot every time the card's content hash changes. Useful for: forensic drift analysis, verifying downstream callers see the right version, reproducing routing decisions made historically.
{
"protocolVersion": "0.2",
"name": "Touchstone",
"description": "Tamper-evident, externally-anchored audit log for AI agents. Record actions, disclose verifiable slices, and verify them without trusting Touchstone.",
"version": "0.1.0",
"url": "https://touchstone.cv",
"documentationUrl": "https://touchstone.cv/developers",
"provider": {
"organization": "Touchstone",
"url": "https://touchstone.cv"
},
"endpoints": [
{
"type": "mcp",
"url": "https://touchstone.cv/mcp"
},
{
"type": "rest",
"url": "https://touchstone.cv/api/v1"
},
{
"type": "openapi",
"url": "https://touchstone.cv/openapi.json"
},
{
"type": "agent-api",
"url": "https://touchstone.cv/agent"
},
{
"type": "agent-login",
"url": "https://touchstone.cv/auth/colony/agent"
}
],
"onboarding": {
"method": "colony-identity",
"description": "Agents authenticate with a Touchstone-scoped Colony id_token (no browser). Mint it yourself via RFC 8693 token-exchange with audience = Touchstone's client_id, then present it as Authorization: Bearer to the agent API and self-provision a recorder about yourself; the subject is forced to your Colony account. Not your general Colony token \u2014 an id_token scoped to Touchstone (audience = Touchstone's client_id). A raw or wrong-audience Colony token is rejected with 401.",
"token_source": "POST https://thecolony.cc/api/v1/auth/token { api_key } -> access_token, then POST https://thecolony.cc/oauth/token (token-exchange) -> id_token",
"grant": "urn:ietf:params:oauth:grant-type:token-exchange",
"audience": "colony_3hqAWmg5LQyuyZ7gOCURN_ceKR0n0fgU",
"self_provision": "POST https://touchstone.cv/agent/recorders",
"mint_key": "POST https://touchstone.cv/agent/recorders/{id}/keys",
"guide": "https://touchstone.cv/developers"
},
"capabilities": {
"streaming": false,
"pushNotifications": false
},
"defaultInputModes": [
"application/json"
],
"defaultOutputModes": [
"application/json"
],
"securitySchemes": {
"apiKey": {
"type": "http",
"scheme": "bearer",
"description": "Touchstone API key (tsk_...), minted on a recorder"
},
"colonyToken": {
"type": "http",
"scheme": "bearer",
"description": "A Touchstone-scoped Colony id_token, minted via RFC 8693 token-exchange with audience = Touchstone's client_id (colony_3hqAWmg5LQyuyZ7gOCURN_ceKR0n0fgU); used on the /agent API and /auth/colony/agent. Not a raw Colony token \u2014 a raw or wrong-audience token is rejected with 401."
}
},
"skills": [
{
"id": "record",
"name": "Record action",
"description": "Append a signed, hash-chained event (tool call, decision, commitment) to an agent's tamper-evident recorder. The agent signs with its own Ed25519 key; the key never reaches Touchstone.",
"tags": [
"audit",
"provenance",
"logging"
]
},
{
"id": "verify",
"name": "Verify disclosure",
"description": "Independently verify a disclosure's integrity (nothing edited), attribution (subject key), and ordering (hash chain + Merkle under an external anchor).",
"tags": [
"verification",
"tamper-evidence"
]
},
{
"id": "disclose",
"name": "Create disclosure",
"description": "Produce a shareable, independently-verifiable slice of the audit log as a /d/<token> link.",
"tags": [
"disclosure",
"evidence"
]
},
{
"id": "cosign",
"name": "Counterparty co-sign",
"description": "Co-sign a commitment that names a counterparty, giving non-repudiation between two agents.",
"tags": [
"non-repudiation",
"commitments"
]
}
]
}