|
| 1 | +# ACP Research Scan 27 |
| 2 | +**Date:** 2026-04-09 23:55 (Asia/Shanghai) |
| 3 | +**Scope:** A2A open issues (latest 15 updated), ANP commits, aeoess adversarial fixture gist |
| 4 | + |
| 5 | +--- |
| 6 | + |
| 7 | +## 1. A2A Issue Activity Summary (Top Updated 2026-04-09) |
| 8 | + |
| 9 | +| Issue | Title | Comments | Last Update | |
| 10 | +|-------|-------|----------|-------------| |
| 11 | +| #1571 | GOVERNANCE.md TSC membership process | — | 2026-04-09 | |
| 12 | +| **#1718** | Bilateral signed interaction records as trust primitive | **7** | 2026-04-09 | |
| 13 | +| #1655 | feat: Add QuerySkill() for runtime skill introspection | 9 | 2026-04-09 | |
| 14 | +| #1196 | Pub/Sub primitives for multi-agent collaboration | — | 2026-04-09 | |
| 15 | +| **#1672** | Agent Identity Verification (CA proposal) | **416** | 2026-04-09 | |
| 16 | +| #1713 | Cross-org accountability for first-contact transactions | — | 2026-04-09 | |
| 17 | +| **#1575** | Running implementation: identity+delegation+enforcement | **39** | 2026-04-09 | |
| 18 | +| #1716 | RFC: Authorization layer for A2A AgentSkill invocations | — | 2026-04-09 | |
| 19 | +| #1717 | Governance metadata in A2A Agent Cards | — | 2026-04-09 | |
| 20 | +| #1730 | a2a docs update (v0.3.0 → v1.0.0 breaking changes) | 0 | 2026-04-09 | |
| 21 | + |
| 22 | +--- |
| 23 | + |
| 24 | +## 2. Key Signals |
| 25 | + |
| 26 | +### 2.1 #1672 (CA vs Self-Sovereign) — `@haroldmalikfrimpong-ops` + `@vessenes` convergence |
| 27 | + |
| 28 | +**New development (2026-03-23):** `@haroldmalikfrimpong-ops` (AgentID/getagentid.dev author) publicly acknowledged the self-sovereign alternative: |
| 29 | + |
| 30 | +> "CA-issued vs self-sovereign — agreed, both have valid use cases. AgentID uses ECDSA P-256 with a centralized CA right now because it's the fastest path for developers who just want to verify an agent today. But you're right that cross-org communication hits the 'who verifies the verifier' problem. A hybrid model where the Agent Card supports both CA-issued and self-sovereign..." |
| 31 | +
|
| 32 | +`@vessenes` (corpus/qntm) responded: |
| 33 | +> "Let the agent advertise its identity model, let the verifier decide what it trusts — that's the pragmatic path." |
| 34 | +
|
| 35 | +**Signal strength: HIGH.** The CA proposal's own author is now converging toward a hybrid model. ACP RFC-004's multi-provider DID design (`identity.providers[]`) is precisely this hybrid. **We should post our RFC-004 comment now** — the community is receptive to the hybrid framing and ACP has a working implementation. |
| 36 | + |
| 37 | +**More recent (2026-04-01/02):** Conversation shifted to attestation anchoring (`@desiorac`, `@douglasborthwick-crypto`) — on-chain block-height attestations for asset-holding claims. This is a DeFi-adjacent use case (WTRMRK/on-chain balance) — **not directly relevant to ACP's core P2P use case**, can monitor without action. |
| 38 | + |
| 39 | +### 2.2 #1718 (Bilateral IR) — aeoess adversarial fixture published |
| 40 | + |
| 41 | +**aeoess published a full adversarial fixture gist** (24KB, 4 scenarios): |
| 42 | +- URL: https://gist.github.com/aeoess/bdcd1dd0512661138ff7a71bf1e946c7 |
| 43 | +- Bayesian reputation model: `mu/sigma` with `k=2` effective score formula |
| 44 | +- 4 attack scenarios: colluding pair inflation, Sybil ring, isolated burst spike, tampered hash chain |
| 45 | +- Defense: principal diversity weighting (not mu/sigma alone) |
| 46 | + |
| 47 | +**ACP alignment:** Our v2.91 adversarial fixtures (AF-001 through AF-005) cover the same 4 scenarios. Key differences: |
| 48 | +- aeoess uses Bayesian `mu/sigma` model; ACP uses weighted score model |
| 49 | +- aeoess emphasizes "principal diversity weighting" as the colluding pair defense — **this is not yet in ACP's bilateral IR spec** |
| 50 | +- `@MoltyCel` (production trust network) validated the fixture and offered to run it through their Bayesian updater |
| 51 | + |
| 52 | +**Action item (v2.94 candidate):** Add `principal_diversity` field to bilateral IR aggregate stats. The Bayesian defense that aeoess describes (penalizing high mutual-interaction ratio between the same two parties) is a gap in our current `bilateral_ir_adj` calculation. |
| 53 | + |
| 54 | +### 2.3 #1575 (Running implementation) — discovery-layer substitution attack |
| 55 | + |
| 56 | +`@chorghemaruti64-creator` identified a gap in #1575: |
| 57 | +> "The identity verification problem you're solving at the execution layer also exists at the discovery layer. Before PortalX2 ever sends an instruction to your GPT agent, PortalX2 discovered that agent somehow. If that discovery step lacks verification... a compromised discovery response substitutes a different agent." |
| 58 | +
|
| 59 | +`@aeoess` acknowledged: |
| 60 | +> "What's missing: the signed agent card you're describing — where the card itself contains a field signed by the agent's private key." |
| 61 | +
|
| 62 | +**ACP status:** Our `card_signature` (v1.8) and `POST /identity/verify-card` (v2.90) already solve this exactly. The ACP implementation leads the A2A spec discussion by ~3 months. **RFC-004 commentary in #1712 should also reference this gap in #1575** as additional evidence for the self-signed card approach. |
| 63 | + |
| 64 | +### 2.4 #1655 (QuerySkill) — 9 comments, still active |
| 65 | + |
| 66 | +The QuerySkill proposal has 9 comments (up from last scan). This is a v0.5 milestone target for ACP. No blocking signal — still in proposal stage on A2A side. |
| 67 | + |
| 68 | +### 2.5 ANP — 0.7.2 release (2026-04-09) |
| 69 | + |
| 70 | +ANP released v0.7.2 today: |
| 71 | +- Python, Rust, Go all bumped to 0.7.2 |
| 72 | +- Multilang release skill added |
| 73 | +- No spec-level changes visible from commit messages |
| 74 | + |
| 75 | +**Signal:** ANP is in active maintenance/release cadence but no new protocol features visible. Monitor next cycle. |
| 76 | + |
| 77 | +--- |
| 78 | + |
| 79 | +## 3. aeoess Adversarial Fixture Analysis |
| 80 | + |
| 81 | +Gist: `adversarial-trust-fixture.json` (24,757 bytes) |
| 82 | + |
| 83 | +Model parameters: |
| 84 | +```json |
| 85 | +{ |
| 86 | + "initial_mu": 25, "initial_sigma": 25, |
| 87 | + "min_sigma": 1, "max_sigma": 25, "k": 2, |
| 88 | + "effective_score": "max(0, min(100, mu - k * sigma))" |
| 89 | +} |
| 90 | +``` |
| 91 | + |
| 92 | +Update table (quality tiers: trivial/standard/complex/critical): |
| 93 | +- `critical.successMu`: +3.0, `successSigma`: -1.5 (high confidence) |
| 94 | +- `trivial.successMu`: +0.5, `successSigma`: -0.3 (low evidence weight) |
| 95 | + |
| 96 | +**Defense mechanism — principal diversity:** |
| 97 | +```json |
| 98 | +"principal_diversity_weight": 0.35, |
| 99 | +"same_counterparty_penalty": "apply 0.1x weight to interactions beyond 3rd with same counterparty in any 24h window" |
| 100 | +``` |
| 101 | + |
| 102 | +ACP gap: Our bilateral IR aggregate uses `bilateral_ir_adj` as a flat adjustment factor, not a Bayesian update. The principal diversity penalty (0.1x weight beyond 3rd interaction with same counterparty in 24h) is a concrete defense against the colluding pair attack that we should adopt. |
| 103 | + |
| 104 | +--- |
| 105 | + |
| 106 | +## 4. Competitive Intelligence Update |
| 107 | + |
| 108 | +| Dimension | ACP | A2A Status | |
| 109 | +|-----------|-----|-----------| |
| 110 | +| Self-signed identity (Ed25519) | ✅ v2.85 (default-on) | ⏳ #1672 (416 comments, CA author now pivoting to hybrid) | |
| 111 | +| Bilateral IR | ✅ v2.59+ | ⏳ #1718 (7 comments, aeoess fixture published) | |
| 112 | +| Adversarial fixtures | ✅ v2.91 (5 scenarios) | ⏳ aeoess gist (4 scenarios, in-thread) | |
| 113 | +| Principal diversity defense | ❌ Gap (v2.94 candidate) | ⏳ aeoess model (in-thread, not merged) | |
| 114 | +| QuerySkill() | ⏳ v0.5 milestone | ⏳ #1655 (9 comments, proposal stage) | |
| 115 | +| Governance metadata | ✅ v2.92 RFC-003 | ⏳ #1717 (proposal) | |
| 116 | + |
| 117 | +--- |
| 118 | + |
| 119 | +## 5. Action Items for Next Rounds |
| 120 | + |
| 121 | +### Immediate (next dev round — v2.94): |
| 122 | +1. **Post RFC-004 comment to A2A #1712** — community is now ready; hybrid framing aligns with haroldmalikfrimpong-ops pivot |
| 123 | +2. **`principal_diversity` field in bilateral IR aggregate** — implement aeoess Bayesian defense (same-counterparty penalty); update AF-002 adversarial fixture with expected mu/sigma deltas |
| 124 | + |
| 125 | +### v0.5 Milestone (ongoing): |
| 126 | +3. **QuerySkill() API** — #1655 still in proposal; ACP should implement before A2A merges |
| 127 | +4. **Task state machine** — 5 states: submitted/working/completed/failed/input_required |
| 128 | + |
| 129 | +### Monitor: |
| 130 | +- ANP v0.7.x — watch for spec-level changes (currently only release tooling) |
| 131 | +- #1730 — v0.3.0 → v1.0.0 migration doc request; no action needed from ACP side |
| 132 | +- #1713 — cross-org accountability; overlaps with RFC-004 territory; watch |
| 133 | + |
| 134 | +--- |
| 135 | + |
| 136 | +## 6. Summary |
| 137 | + |
| 138 | +**Strongest signal this scan:** `@haroldmalikfrimpong-ops` (CA proposal author) pivoting to hybrid model in #1672. ACP's multi-provider DID design in RFC-004 is exactly what the community is converging toward. Timing is optimal to post the A2A #1712 comment. |
| 139 | + |
| 140 | +**New gap identified:** `principal_diversity` weighting in bilateral IR — aeoess's Bayesian defense is concrete and community-validated by `@MoltyCel`. v2.94 target. |
0 commit comments