feat(v2): port evidentiary type safety primitives — 2.4.0

Ports the four primitives that shipped in TypeScript SDK
2.6.0-alpha.0 (commit 3171480 in agent-passport-system):

- claim_evidence_types: ClaimType / RecordType registry,
  EvidenceProfiles, required_evidence_for
- claim_verifier: verify_evidence_claim with forbidden-substitution
  detection, profile_not_populated honesty, optional
  open_contestation_resolver hook
- downstream_taint: compute_downstream_taint cascade for upheld /
  remedied contestations, GroundsClass enum
- ContestabilityReceipt: minimal Python dataclass carrying the
  fields the cascade reads (action_id, receipt_id,
  controller_response.status, optional grounds_class). Wave 1
  accountability port deferred; the dataclass widens when Wave 1
  ports.

Discriminated union design call: tagged-union via dataclass with
status: Literal[...] field, no Pydantic dependency added. The
to_dict() helper drops None-valued fields so canonical JSON
matches what TS produces. Documented in claim_verifier.py module
docstring.

Cross-impl byte-parity verified against TS test fixtures:
  tests/v2/fixtures/evidentiary-type-safety/fixtures.json
  9 verifier scenarios + 6 cascade scenarios
  All Python canonical JSON + sha256 match TS exactly.

Tests: 398 passed (was 348), 1 skipped, 6 xfailed. +50 new tests.
Version 2.3.0 -> 2.4.0 in pyproject.toml and __init__.py.
PyPI publish deferred to Tima Touch ID.

Author: aeoess

README.md

@@ -10,7 +10,7 @@
 pip install agent-passport-system
 ```
 
-> **Current PyPI version**: `2.3.0` (default install). Cross-language parity with `agent-passport-system` npm v2.6.0-alpha.0 covers identity, delegation, governance, data source registration, training attribution, per-period attribution settlement, and mutual authentication. Wave 1 accountability and the evidentiary type safety primitives are TypeScript-only this iteration.
+> **Current PyPI version**: `2.4.0` (default install). Cross-language parity with `agent-passport-system` npm v2.6.0-alpha.0 covers identity, delegation, governance, data source registration, training attribution, per-period attribution settlement, mutual authentication, and the evidentiary type safety primitives (claim/evidence registry, claim verifier, contestation cascade). Wave 1 accountability primitives are still TypeScript-only this iteration.
 
 
 ## Quick Start
@@ -110,7 +110,7 @@ This Python SDK implements all 8 Agent Passport Protocol layers:
 7. **Integration Wiring** — Cross-layer bridges (commerce+intent, coordination+agora)
 8. **Agentic Commerce** — 4-gate checkout, human approval, spend limits
 
-Strict subset of the [TypeScript SDK](https://www.npmjs.com/package/agent-passport-system) at npm v2.6.0-alpha.0. Wave 1 accountability primitives (ActionReceipt, AuthorityBoundaryReceipt, CustodyReceipt, ContestabilityReceipt, APSBundle) and the evidentiary type safety primitives (claim-evidence registry, claim verifier, downstream-taint cascade) ship in the TypeScript SDK only this iteration; Python port deferred. Cross-language signature verification continues to work for the primitives Python does ship. Also available via the [MCP server](https://mcp.aeoess.com/sse).
+Strict subset of the [TypeScript SDK](https://www.npmjs.com/package/agent-passport-system) at npm v2.6.0-alpha.0. The four evidentiary type safety primitives (claim/evidence registry, claim verifier with forbidden-substitution detection, contestation cascade, GroundsClass extension) ship in `agent_passport.v2` from Python SDK 2.4.0 onward, with cross-impl byte-parity verified against TS-generated fixtures. Wave 1 accountability primitives (ActionReceipt, AuthorityBoundaryReceipt, CustodyReceipt, ContestabilityReceipt, APSBundle) ship in the TypeScript SDK only this iteration; full Python port deferred. The cascade primitive uses a minimal Python ContestabilityReceipt that widens when Wave 1 ports. Cross-language signature verification continues to work for the primitives Python does ship. Also available via the [MCP server](https://mcp.aeoess.com/sse).
 
 ## Links
 
@@ -135,8 +135,10 @@ Strict subset of the [TypeScript SDK](https://www.npmjs.com/package/agent-passpo
 ```bash
 pip install pynacl pytest
 PYTHONPATH=src pytest tests/ -v
-# 348 passed, 1 skipped, 6 xfailed across 27 test files. Coverage tracks the
+# 398 passed, 1 skipped, 6 xfailed across 30 test files. Coverage tracks the
 # protocol layers the Python port has actually shipped (see "Strict subset" note above).
+# The new test_claim_*, test_downstream_taint files include 15 cross-impl byte-parity
+# checks against TS-generated canonical JSON fixtures.
 ```
 
 ## License

pyproject.toml

@@ -4,8 +4,8 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agent-passport-system"
-version = "2.3.0"
-description = "Python SDK for the Agent Passport System. Identity, delegation, governance, data source registration, training attribution, per-period attribution settlement, mutual authentication. Cross-language parity with agent-passport-system npm v2.6.0-alpha.0 (Wave 1 accountability primitives in JS SDK; Python port deferred). Product intelligence lives in the private gateway."
+version = "2.4.0"
+description = "Python SDK for the Agent Passport System. Identity, delegation, governance, data source registration, training attribution, per-period attribution settlement, mutual authentication, evidentiary type safety (claim/evidence registry, claim verifier with forbidden-substitution detection, contestation cascade). Cross-language parity with agent-passport-system npm v2.6.0-alpha.0 verified by byte-identical canonical JSON fixtures. Wave 1 accountability primitives in JS SDK; Python port deferred. Product intelligence lives in the private gateway."
 readme = "README.md"
 license = "Apache-2.0"
 requires-python = ">=3.9"

src/agent_passport/__init__.py

@@ -28,7 +28,7 @@
 Docs: https://aeoess.com/llms-full.txt
 """
 
-__version__ = "2.3.0"
+__version__ = "2.4.0"
 
 # Crypto
 from .crypto import generate_key_pair, sign, verify, public_key_from_private
@@ -283,3 +283,36 @@
 
 # Canonical JCS (RFC 8785 strict) for modules requiring cross-language signature interop
 from .canonical import canonicalize_jcs
+
+
+# Evidentiary Type Safety primitives (SDK v2.4.0)
+# Ports of the four TypeScript SDK 2.6.0-alpha.0 primitives:
+# claim-evidence-types, claim-verifier, downstream-taint, GroundsClass.
+# ContestabilityReceipt fully ports when Wave 1 accountability ports;
+# the cascade-consumed shape ships now as a minimal dataclass.
+from .v2 import (
+    # claim_evidence_types
+    ClaimType,
+    RecordType,
+    EvidenceProfile,
+    EvidenceProfiles,
+    required_evidence_for,
+    # claim_verifier
+    ClaimVerificationInput,
+    ClaimVerificationResult,
+    ClaimVerificationStatus,
+    EvidenceEntry,
+    OpenContestationLookup,
+    OpenContestationResolver,
+    verify_evidence_claim,
+    # downstream_taint
+    ContestStatus,
+    ContestabilityControllerResponse,
+    ContestabilityReceipt,
+    GroundsClass,
+    TaintCandidate,
+    TaintedRecord,
+    TaintedSet,
+    compute_downstream_taint,
+    is_contestation_tainting,
+)

src/agent_passport/v2/__init__.py

@@ -4,3 +4,33 @@
 Cross-language signature compatibility: any signed artifact produced by
 the TS SDK (canonical JSON + Ed25519) verifies in Python and vice versa.
 """
+
+# Evidentiary Type Safety primitives (Modules 1, 2, 4).
+# Mirrors agent-passport-system 2.6.0-alpha.0.
+from .claim_evidence_types import (
+    ClaimType,
+    RecordType,
+    EvidenceProfile,
+    EvidenceProfiles,
+    required_evidence_for,
+)
+from .claim_verifier import (
+    ClaimVerificationInput,
+    ClaimVerificationResult,
+    ClaimVerificationStatus,
+    EvidenceEntry,
+    OpenContestationLookup,
+    OpenContestationResolver,
+    verify_evidence_claim,
+)
+from .downstream_taint import (
+    ContestStatus,
+    ContestabilityControllerResponse,
+    ContestabilityReceipt,
+    GroundsClass,
+    TaintCandidate,
+    TaintedRecord,
+    TaintedSet,
+    compute_downstream_taint,
+    is_contestation_tainting,
+)

src/agent_passport/v2/claim_evidence_types.py

@@ -0,0 +1,140 @@
+# Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+"""Claim → Evidence types (Module 1 of the Evidentiary Type Safety set).
+
+Mirrors src/v2/claim-evidence-types.ts in the TypeScript SDK at
+agent-passport-system 2.6.0-alpha.0.
+
+Names a closed set of claims an APS receipt can substantiate, the
+record types the protocol can produce, and the mapping between
+them. Receipts substantiate specific claims; not every receipt
+can substitute for another. This module is the static surface of
+that mapping. Verification logic lives in claim_verifier.
+
+Enum string values are byte-identical to the TypeScript SDK so
+any serialized form (registry export, audit-log entry, fixture
+JSON) interops across implementations.
+"""
+
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Dict, List, Optional
+
+
+class ClaimType(str, Enum):
+    """Closed taxonomy of claims an evidence bundle can substantiate."""
+
+    IDENTITY_VERIFIED = "IDENTITY_VERIFIED"
+    AUTHORITY_TO_EXECUTE = "AUTHORITY_TO_EXECUTE"
+    ACTION_EXECUTED = "ACTION_EXECUTED"
+    BINDING_COMMITMENT = "BINDING_COMMITMENT"
+    EFFECT_SAFETY_ATTESTED = "EFFECT_SAFETY_ATTESTED"
+    DERIVATION_TRACED = "DERIVATION_TRACED"
+    CLAIM_CONTESTED = "CLAIM_CONTESTED"
+    CLAIM_RESOLVED = "CLAIM_RESOLVED"
+    BATCH_ATTESTED = "BATCH_ATTESTED"
+    EVIDENCE_CUSTODY_HELD = "EVIDENCE_CUSTODY_HELD"
+
+
+class RecordType(str, Enum):
+    """Mirrors the existing record-producing primitives the SDK ships.
+
+    Names match the TypeScript types in `src/index.ts`. Wave 1
+    accountability primitives (ActionReceipt, AuthorityBoundaryReceipt,
+    CustodyReceipt, ContestabilityReceipt, APSBundle) are referenced
+    here even though their full Python ports haven't shipped yet — the
+    registry vocabulary is independent of which receipts the Python
+    SDK can construct.
+    """
+
+    ActionReceipt = "ActionReceipt"
+    AuthorityBoundaryReceipt = "AuthorityBoundaryReceipt"
+    CustodyReceipt = "CustodyReceipt"
+    ContestabilityReceipt = "ContestabilityReceipt"
+    APSBundle = "APSBundle"
+    AccessReceipt = "AccessReceipt"
+    DerivationReceipt = "DerivationReceipt"
+    DecisionReceipt = "DecisionReceipt"
+    ProvisionalStatement = "ProvisionalStatement"
+    PromotionEvent = "PromotionEvent"
+    Withdrawal = "Withdrawal"
+    InstructionProvenanceReceipt = "InstructionProvenanceReceipt"
+    CognitiveAttestation = "CognitiveAttestation"
+
+
+@dataclass(frozen=True)
+class EvidenceProfile:
+    """Static schema for what evidence a given ClaimType requires.
+
+    `forbidden_substitutions` maps a RecordType to a human-readable
+    rationale string. The rationale text is byte-identical across
+    implementations so audit logs and paper appendices reference the
+    same canonical wording.
+    """
+
+    required: List[RecordType]
+    forbidden_substitutions: Dict[RecordType, str] = field(default_factory=dict)
+    optional: Optional[List[RecordType]] = None
+
+
+EvidenceProfiles: Dict[ClaimType, EvidenceProfile] = {
+    ClaimType.AUTHORITY_TO_EXECUTE: EvidenceProfile(
+        required=[RecordType.AuthorityBoundaryReceipt],
+        optional=[RecordType.DecisionReceipt],
+        forbidden_substitutions={
+            RecordType.ActionReceipt: (
+                "Action receipts prove execution, not authority. The boundary "
+                "ruling is a separate signer (the gateway/evaluator), and "
+                "conflating them collapses the trust split that makes the "
+                "audit chain meaningful."
+            ),
+        },
+    ),
+
+    ClaimType.BINDING_COMMITMENT: EvidenceProfile(
+        required=[RecordType.PromotionEvent, RecordType.ProvisionalStatement],
+        optional=[RecordType.DecisionReceipt],
+        forbidden_substitutions={
+            RecordType.ActionReceipt: (
+                "Action receipts prove execution or communication, not "
+                "binding commitment."
+            ),
+        },
+    ),
+
+    # TODO: populate required/optional records and forbidden_substitutions.
+    ClaimType.IDENTITY_VERIFIED: EvidenceProfile(required=[]),
+
+    # TODO: populate required/optional records and forbidden_substitutions.
+    ClaimType.ACTION_EXECUTED: EvidenceProfile(required=[]),
+
+    # TODO: populate required/optional records and forbidden_substitutions.
+    ClaimType.EFFECT_SAFETY_ATTESTED: EvidenceProfile(required=[]),
+
+    # TODO: populate required/optional records and forbidden_substitutions.
+    ClaimType.DERIVATION_TRACED: EvidenceProfile(required=[]),
+
+    # TODO: populate required/optional records and forbidden_substitutions.
+    ClaimType.CLAIM_CONTESTED: EvidenceProfile(required=[]),
+
+    # TODO: populate required/optional records and forbidden_substitutions.
+    ClaimType.CLAIM_RESOLVED: EvidenceProfile(required=[]),
+
+    ClaimType.BATCH_ATTESTED: EvidenceProfile(
+        required=[RecordType.APSBundle],
+    ),
+
+    ClaimType.EVIDENCE_CUSTODY_HELD: EvidenceProfile(
+        required=[RecordType.CustodyReceipt],
+        forbidden_substitutions={
+            RecordType.ActionReceipt: (
+                "Action receipts prove what was done, not who held the "
+                "evidence afterward."
+            ),
+        },
+    ),
+}
+
+
+def required_evidence_for(claim_type: ClaimType) -> EvidenceProfile:
+    """Return the EvidenceProfile registered for a claim type."""
+    return EvidenceProfiles[claim_type]