{"domain":"governance.taskhawktech.com","count":2,"changes":[{"captured_at":"2026-05-22T00:18:33","card_hash":"c9d25a8d42f458f1c1f4d2018f079eb08a2e4a6628b8803e35c81226f5ab7596","previous_card_hash":"d9344f99c11959c97c385cf964cac814e555921b07598ed0986ac195873ad33b","diff":{"skills_added":[],"skills_removed":[],"skills_changed":[],"fields_changed":[],"other_changed":true,"is_empty":false,"human_summary":"internal fields changed"}},{"captured_at":"2026-05-18T12:49:02","card_hash":"d9344f99c11959c97c385cf964cac814e555921b07598ed0986ac195873ad33b","previous_card_hash":null,"diff":{"skills_added":[{"id":"action-verify","name":"Action Verification","description":"Verify an action against policy bounds before execution. Returns ALLOW, CONSTRAIN, or DENY with a signed release token. Downstream services verify the token independently. Fail-closed: verification failure results in DENY.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"intent-bind","name":"Intent Binding","description":"Bind a declared intent to a command and verify the outcome matches. HMAC-signed binding proves the chain from intent to command to result is unbroken.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"media-attest","name":"Media Hash Attestation","description":"Submit a media file hash for cryptographic attestation. Returns a signed certificate proving the hash was recorded at a specific timestamp in the provenance ledger. Useful for content provenance, media integrity, and audit trails.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"media-verify","name":"Media Hash Verification","description":"Verify a media file hash against a previously issued attestation certificate. Returns the attestation status and certificate details. No charge, no authentication required.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"media-verify-lookup","name":"Media Certificate Lookup","description":"Look up a media attestation certificate by its certificate ID. Returns the full certificate including hash, timestamp, and provenance chain position. No charge, no authentication required.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"mpp-close","name":"MPP Session Close","description":"Close a streaming payment session and seal the provenance record. Reports final spend, transaction count, and close reason. Returns sealed provenance hash and compliance bundle availability. No charge. POST /governance/mpp/close","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"mpp-heartbeat","name":"MPP Session Heartbeat","description":"Mid-session drift check during a streaming payment session. Reports current spend, transaction count, active service, and spending rate. Kevros checks for budget overruns, rate limit violations, and unauthorized service usage. Returns session status (active, warning, suspended, expired) and remaining budget/time. No charge. POST /governance/mpp/heartbeat","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"mpp-session","name":"MPP Session Create","description":"Create a governed streaming payment session. Declare budget, duration, spending rate limit, and allowed service categories. Returns a signed session token for continuous streaming payments within policy bounds. Every session is recorded in the provenance ledger. $0.02/session. POST /governance/mpp/session","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"provenance-attest","name":"Provenance Attestation","description":"Record an action in a hash-chained, append-only evidence ledger. Each attestation extends the provenance chain. Block signatures issued every 100 records using ML-DSA-87 (FIPS 204). Third parties verify the chain without Kevros access.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"shield-scan","name":"Prompt Injection Detection","description":"Prompt injection detection via ONNX DeBERTa-v3 classifier. Scans text for injection attacks, jailbreaks, and role hijacking attempts. Returns confidence score, risk level, and HMAC-signed result. $0.01/scan or 10 trial scans/day.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]},{"id":"trust-certificate","name":"Compliance Bundle","description":"Generate a portable compliance evidence package containing hash-chained provenance, intent binding proofs, post-quantum block signatures, and verification instructions. Independently verifiable without Kevros access.","tags":null,"inputModes":["application/json"],"outputModes":["application/json"]}],"skills_removed":[],"skills_changed":[],"fields_changed":[{"field":"name","before":null,"after":"Kevros Governance API"},{"field":"description","before":null,"after":"Runtime enforcement for autonomous agents. Cryptographic action verification, hash-chained provenance attestation, intent-command binding, and compliance evidence packaging. Every decision is recorded in a tamper-evident ledger. Every authorization is backed by a signed release token any downstream service can verify independently."},{"field":"version","before":null,"after":"0.4.0"},{"field":"protocolVersion","before":null,"after":"0.2.6"},{"field":"url","before":null,"after":"https://governance.taskhawktech.com"}],"other_changed":true,"is_empty":false,"human_summary":"added 11 skills · name ∅ → Kevros Governance API · description ∅ → Runtime enforcement for autonomous agent · version ∅ → 0.4.0 · protocolVersion ∅ → 0.2.6 · url ∅ → https://governance.taskhawktech.com"}}]}