{"boundary_api":{"auth_configured":true,"auth_header_options":["Authorization: Bearer ","X-API-Key: ","X-BOUNDARY-API-KEY: "],"endpoint":"/v1/boundary/check","legacy_endpoint":"/boundary/check","optional_headers":["Idempotency-Key: "],"versioning":"v1"},"name":"Craton Boundary Infrastructure","notes":["Host retains execution authority.","Integrations should verify the receipt signature before trusting the verdict.","Integrations can verify directly against receipt.payload_b64 without re-canonicalizing JSON.","Boundary verdict logic is path-level configurable rather than hardcoded per deployment.","Idempotency-Key is optional but recommended for safe retries."],"policy_contract":{"path_level_policy":true,"rule_mode":"structured","unit_level_constraints":true,"unit_level_thresholds":true,"verdicts_supported":["allow","constrain","reject"]},"primitives":["receipt","continuation","shared_standard"],"receipt_contract":{"kid_field":"receipt.kid","payload_b64_field":"receipt.payload_b64","payload_encoding_field":"receipt.payload_encoding","payload_field":"receipt.payload","receipt_field":"receipt","sig_alg_field":"receipt.sig_alg","signature_encoding_field":"receipt.signature_encoding","signature_field":"receipt.signature"},"receipt_schema_version":"v0.5-policy-surface","runtime_contract":{"idempotent_replay_field":"runtime.idempotent_replay","request_id_field":"runtime.request_id","runtime_call_id_field":"runtime.runtime_call_id"},"service":"craton-system-v1","signing":{"alg":"ed25519","jwks_endpoint":"/protocol/v1/jwks.json","keys_endpoint":"/protocol/v1/jwks.json","kid":"k1","public_key_b64":"/oKU6OLcMLjZLYx8YBN+4jSK6HAQ8b+3qnAPKUxHg24=","sig_alg":"ed25519","signing_configured":true},"status":"operational","verification_contract":{"canonicalization_required_on_client":false,"client_verifies":true,"interactive_verifier":"/verify","json_schema_endpoint":"/protocol/v1/schema","jwks_endpoint":"/protocol/v1/jwks.json","machine_spec_endpoint":"/protocol/v1/spec","public_protocol_endpoint":"/protocol","verification_message_bytes":"decoded receipt.payload_b64 bytes","verification_message_source":"receipt.payload_b64","verify_then_read_verdict":true},"version":"v0.5-policy-surface"}