docs(stable-mode): PR B — substrate-scaling docs (INTEGRATIONS / COMPOSE-WITH-FOXBOOK / ADR 0009 / README section) (#68)

Substrate-scaling documentation so future integrators have a documented
self-serve path. Per ADR 0008 the Foxbook protocol surface is frozen at
v0.2; composition against that surface is welcome and tracked here.

## What's in

- docs/INTEGRATIONS.md (NEW) — living catalog of known integrations.
  Entry 1: Concordia v0.4.0 + Sanctuary Castle v1.2 (eriknewton).
  Status: Proposed (schema discussion in flight). Cross-impl reference
  status (harness aggregator, CTEF byte-match, litepaper) recorded
  separately as substrate-layer references per ADR 0006 §4.
- docs/COMPOSE-WITH-FOXBOOK.md (NEW) — engagement path for new
  integrators. What Foxbook offers, typed-reference shape, other
  composition shapes (wrapping, referencing, direct API), how to
  engage, what you don't get under stable mode.
- docs/decisions/0009-typed-reference-schema-for-composition.md (NEW)
  — ADR placeholder. Status: under-public-discussion. Strawman
  schema reproduced for traceability; updated in-place once the
  public discussion thread reaches consensus (no 0010 for ratification).
- README.md — added "Compose with Foxbook" section near the top
  pointing at INTEGRATIONS / COMPOSE-WITH-FOXBOOK / discussion link.

## Placeholder URLs

`<DISCUSSION_URL>` placeholders in INTEGRATIONS.md, COMPOSE-WITH-FOXBOOK.md,
ADR 0009, and README — filled in via a small follow-up PR once the
public Discussion thread is posted (PR A, identity-bound under
maintainer's hands per ADR 0008 § explicit-go on identity-bound posts).

## Verification

- pnpm check:generated — 10 files match
- pnpm -r typecheck — clean
- No code touched (docs only)

## Refs

- Plan: /Users/tester/.claude/plans/focus-deeply-and-use-nifty-swan.md
- ADR 0006 — protocol-not-marketplace + co-option-defense indicators
- ADR 0008 — stable-mode posture
- A2A Discussion #1803 — eriknewton's 2026-05-04 three-layer stack proposal

Co-authored-by: Ben <ben@inkog.io>

Author: cloakmaster

README.md

@@ -16,7 +16,18 @@ if (result.status !== "verified") return;
 
 Open source. Apache 2.0. Run your own log; anyone following the same spec can verify against any deployment.
 
-[**Live demo**](#live-demo) · [**Why**](#why) · [**Status**](#status) · [**RFC**](docs/rfc-a2a-x-foxbook-extension.md)
+[**Live demo**](#live-demo) · [**Why**](#why) · [**Status**](#status) · [**Compose with Foxbook**](#compose-with-foxbook) · [**RFC**](docs/rfc-a2a-x-foxbook-extension.md)
+
+---
+
+## Compose with Foxbook
+
+Building an evidence-layer, verdict-layer, or other identity-anchored system that wants to cite Foxbook-verified identity? Foxbook is in [stable / maintenance mode](docs/decisions/0008-stable-mode-maintenance-posture.md), but composition is welcome and tracked openly.
+
+- [`docs/COMPOSE-WITH-FOXBOOK.md`](docs/COMPOSE-WITH-FOXBOOK.md) — short guide for new integrators (typed-reference shape, engagement path, what's NOT in scope).
+- [`docs/INTEGRATIONS.md`](docs/INTEGRATIONS.md) — living catalog of known integrations + their status.
+- Active spec discussion: **Composition: Foxbook ↔ Concordia ↔ Sanctuary typed-reference schema** at `<DISCUSSION_URL>`.
+- `hello@foxbook.dev` for substantive offline conversations.
 
 ---
 

docs/COMPOSE-WITH-FOXBOOK.md

@@ -0,0 +1,61 @@
+# Composing with Foxbook
+
+Short guide for systems that want to compose against Foxbook's transparency-log primitive. Audience: implementors of evidence-layer, verdict-layer, or other identity-anchored systems who've decided "we want to cite Foxbook-verified identity inside our protocol."
+
+For the catalog of known compositions, see [`INTEGRATIONS.md`](INTEGRATIONS.md).
+
+## What Foxbook offers
+
+- **Verified identity primitive**: `verifyAgentCard(card)` returns one of four discriminated outcomes — `verified`, `unverified`, `handle-mismatch`, `stale-proof` — backed by an RFC 9162-shaped Merkle transparency log. Four outcomes; no numeric trust score; no reputation field.
+- **Public transparency log**: `https://transparency.foxbook.dev/` — read endpoints (`/root`, `/inclusion/:i`, `/leaf/:i`) under Apache 2.0, no auth, no API key. Anyone can verify any claim independently.
+- **SDK**: `@foxbook/sdk-claim` on npm. Six-function reference impl for the claim flow + verification primitives.
+- **Stable shape**: SDK v0.2.0 surfaces `verified_signing_key_hex` + `leaf_index` on the `verified` branch of `verifyAgentCard`. tl-leaf v1.2 (`agent-key-registration`, `revocation`, `signing-key-registration`) is the canonical-bytes shape your typed reference would cite.
+
+## Typical composition shape: typed reference
+
+The most common pattern: your envelope / receipt / attestation carries a **typed reference** to a Foxbook leaf, and your verdict-layer anchors on that reference.
+
+The active spec discussion for the typed-reference schema is here:
+
+**`<DISCUSSION_URL>`**
+
+(Once the schema is agreed, [`docs/decisions/0009-typed-reference-schema-for-composition.md`](decisions/0009-typed-reference-schema-for-composition.md) ratifies it on the Foxbook side.)
+
+The strawman shape includes:
+
+- `tl_url` — base URL of the transparency log
+- `leaf_index` — position of the leaf in the log
+- `tl_leaf_canonical_hash` — SHA-256 of the canonical-bytes leaf preimage (per [ADR 0005](decisions/0005-canonical-on-both-sides.md))
+- `verified_signing_key_hex` — the agent's active Ed25519 signing key at verify-time
+
+Plus optional fields for stronger offline / temporal-anchor verification (`sth_at_verify_time`, `sth_signature`). See the discussion thread for the full schema + negative-path scenarios.
+
+## Other composition shapes
+
+- **Wrapping**: your system's identity primitive includes Foxbook verification as one of N supported identity sources. Foxbook returns its discriminated result; your wrapper maps it to your unified shape. No new typed reference needed.
+- **Referencing without embedding**: your receipt mentions Foxbook by URL but doesn't carry a structured typed reference. Lower integrity guarantees (your verifier can't detect log forks); simpler shape.
+- **Direct API integration**: your service calls Foxbook's `/api/v1/claim/by-handle/...` endpoint at decision-time. No typed reference needed because verification is fresh-by-construction.
+
+If your shape doesn't fit any of the above, open a Discussion in `cloakmaster/foxbook` and propose it.
+
+## How to engage
+
+1. **Read the existing context** — [README.md](../README.md), [RATIONALE.md](RATIONALE.md), [ADRs 0001–0008](decisions/), the active Discussion thread above.
+2. **Open a thread** — for typed-reference compositions, the existing thread at `<DISCUSSION_URL>`. For novel compositions, a new Discussion in `cloakmaster/foxbook`.
+3. **Substantive offline** — `hello@foxbook.dev` for spec sessions, walk-throughs, or anything that benefits from a back-and-forth that's not public.
+4. **Once agreed publicly** — open a PR adding your composition to [INTEGRATIONS.md](INTEGRATIONS.md). The catalog grows organically.
+
+## What you don't get
+
+- **Active feature work** — Foxbook is in stable / maintenance mode per [ADR 0008](decisions/0008-stable-mode-maintenance-posture.md). Spec extension requests for Foxbook itself are noted but not actioned.
+- **Per-call SLAs** — operational SLA is best-effort. The runbook at [OPERATIONS.md](OPERATIONS.md) documents the tier choices and uptime monitoring.
+- **Closed-source verification** — everything is Apache 2.0 + open canonical bytes. If you want closed-source for compliance reasons, fork under a different name; the spec contract is what matters for interop.
+
+## Cross-references
+
+- [README.md](../README.md) — the 60-second pitch
+- [RATIONALE.md](RATIONALE.md) — why Foxbook is shaped the way it is
+- [VERIFY-IN-60-SECONDS.md](VERIFY-IN-60-SECONDS.md) — verify a live agent card from a fresh shell
+- [INTEGRATIONS.md](INTEGRATIONS.md) — catalog of active compositions
+- [decisions/](decisions/) — full ADRs
+- Harness aggregator entry: [`agentgraph.co/.well-known/interop-harness.json`](https://agentgraph.co/.well-known/interop-harness.json)

docs/INTEGRATIONS.md

@@ -0,0 +1,57 @@
+# Active integrations
+
+Living index of known compositions where another system embeds, references, or otherwise composes against Foxbook's transparency-log primitive. Foxbook is in [stable / maintenance mode](decisions/0008-stable-mode-maintenance-posture.md) per ADR 0008; new integrations are welcome and tracked here, but Foxbook's own protocol surface is frozen at v0.2.
+
+If you're integrating, see [`COMPOSE-WITH-FOXBOOK.md`](COMPOSE-WITH-FOXBOOK.md) for the engagement path. This page is the catalog.
+
+## Status legend
+
+- **Proposed** — integration shape under discussion. Schema not yet ratified.
+- **Spec'd** — typed-reference schema agreed; implementations may be in progress.
+- **Live** — integration is shipping in production with at least one observed dispatch.
+- **Archived** — integration retired or superseded.
+
+---
+
+## Concordia ↔ Foxbook ↔ Sanctuary
+
+| Field | Value |
+|---|---|
+| Integrator | [@eriknewton](https://github.com/eriknewton) |
+| Systems | **Concordia v0.4.0** (evidence-composition layer) + **Sanctuary Castle Architecture v1.2** (verdict-policy gateway) |
+| Integration shape | Typed-reference: a Concordia attestation envelope carries a typed reference to a Foxbook leaf as supporting evidence. Sanctuary verdict-policy anchors on the typed reference. |
+| Status | **Proposed** |
+| Schema discussion | <DISCUSSION_URL> |
+| Origin | [A2A Discussion #1803, eriknewton 2026-05-04T17:39Z](https://github.com/a2aproject/A2A/discussions/1803#discussioncomment-13655678) |
+
+Three-layer stack:
+
+1. **Identity** — Foxbook (handle verification, RFC 9162 transparency log)
+2. **Evidence** — Concordia v0.4.0 (#1734-shape attestation envelopes)
+3. **Verdict** — Sanctuary Castle Architecture v1.2 (gateway-side policy enforcement)
+
+The typed-reference shape under discussion at <DISCUSSION_URL>. Once consensus lands, [`docs/decisions/0009-typed-reference-schema-for-composition.md`](decisions/0009-typed-reference-schema-for-composition.md) ratifies the shape on the Foxbook side.
+
+---
+
+## Cross-implementation references (substrate-layer)
+
+These aren't application-layer integrations but are load-bearing for the cross-impl reference cycle per [ADR 0006](decisions/0006-protocol-not-marketplace.md) §4:
+
+| Reference | Status | Link |
+|---|---|---|
+| Harness aggregator (`evidence_provider`, `claim_type_layer: identity`) | Live | [`agentgraph.co/.well-known/interop-harness.json`](https://agentgraph.co/.well-known/interop-harness.json) |
+| CTEF v0.3.1 byte-match (4/4 vectors) | Verified 2026-04-30 | [`ops/evidence/2026-04-30-ctef-v0.3.1-byte-match.md`](../ops/evidence/2026-04-30-ctef-v0.3.1-byte-match.md) (commit 9e392c5) |
+| AgentGraph litepaper §1.8 (substrate-and-primitive layering) | Publishes 2026-05-12 | TBD post-publish |
+
+---
+
+## Adding an entry
+
+If you're integrating Foxbook into your system:
+
+1. Open a thread at the schema-discussion venue (typically `<DISCUSSION_URL>` for Concordia/Sanctuary-shape integrations, or a new Discussion in `cloakmaster/foxbook` for novel shapes).
+2. Once your integration shape is agreed publicly, open a PR adding an entry to this file.
+3. Update Status as the integration progresses (Proposed → Spec'd → Live).
+
+Maintainer review on PRs: weeks, not days, under stable mode. Use `hello@foxbook.dev` for time-sensitive substantive discussion.

docs/decisions/0009-typed-reference-schema-for-composition.md

@@ -0,0 +1,100 @@
+# ADR 0009 — Typed-reference schema for composition (Foxbook ↔ Concordia ↔ Sanctuary)
+
+**Number:** 0009
+**Date:** 2026-05-04
+**Status:** under-public-discussion
+**Supersedes:** —
+**Superseded by:** —
+**Related:** ADR 0004 (tl-leaf schema evolution), ADR 0005 (canonical bytes once), ADR 0006 (protocol-not-marketplace), ADR 0008 (stable-mode maintenance posture)
+
+## Context
+
+[A2A Discussion #1803](https://github.com/a2aproject/A2A/discussions/1803) crystallized a three-layer substrate stack with concrete cross-implementation reference candidates:
+
+- **Identity** — Foxbook (transparency log)
+- **Evidence** — Concordia v0.4.0 (attestation envelopes)
+- **Verdict** — Sanctuary Castle Architecture v1.2 (gateway policy)
+
+[@eriknewton's 2026-05-04 comment](https://github.com/a2aproject/A2A/discussions/1803#discussioncomment-13655678) proposed the natural integration: a Concordia envelope carries a **typed reference** to a Foxbook leaf, which Sanctuary's verdict-layer anchors on. This composition uses Foxbook's *existing* surface — no Foxbook protocol changes required — so it composes cleanly with [ADR 0008](0008-stable-mode-maintenance-posture.md)'s feature freeze.
+
+Specifying the typed-reference shape is a **composition decision** that affects multiple implementations. Per [ADR 0006](0006-protocol-not-marketplace.md)'s protocol-not-marketplace stance, the spec belongs in the open: reviewable, archival, multi-party. The active spec venue is:
+
+**`<DISCUSSION_URL>`**
+
+This ADR is the Foxbook-side ratification record. It is **`under-public-discussion`** until consensus lands in the thread; once schema v1.0 is agreed, this ADR is updated **in-place** with the ratified shape and `Status: accepted`. A new ADR (0010) is not opened for the ratification — the thread is the discussion record, this ADR is the decision record.
+
+## Decision
+
+### Schema (placeholder pending public consensus)
+
+The strawman from `<DISCUSSION_URL>` is reproduced here for traceability. The ratified schema lands in this section once the thread reaches consensus.
+
+```json
+{
+  "tl_url": "https://transparency.foxbook.dev",
+  "leaf_index": 42,
+  "tl_leaf_canonical_hash": "<64-char lowercase hex SHA-256>",
+  "verified_signing_key_hex": "<64-char lowercase hex Ed25519 public key>",
+
+  "sth_at_verify_time": {
+    "tree_size": 100,
+    "root_hash": "<64-char lowercase hex>",
+    "timestamp": "<ISO-8601>"
+  },
+  "sth_signature": "<compact-JWS EdDSA, three base64url segments>"
+}
+```
+
+Required: `tl_url`, `leaf_index`, `tl_leaf_canonical_hash`, `verified_signing_key_hex`. Optional: `sth_at_verify_time`, `sth_signature`. Versioning + evolution rules per [ADR 0004](0004-tl-leaf-schema-evolution.md) precedent (additive within v1.x; breaking changes to v2.0).
+
+### Why these fields
+
+- **`tl_url`** — explicit log identifier. Forward-compat with multi-vendor federated logs.
+- **`leaf_index`** — log position. Combined with `tl_url`, uniquely identifies the leaf.
+- **`tl_leaf_canonical_hash`** — load-bearing for log-fork detection. The verdict layer recomputes the SHA-256 of the canonical-bytes leaf preimage and compares; any divergence is a log-integrity violation. Per [ADR 0005](0005-canonical-on-both-sides.md), canonicalization is via `canonical.ts` on the raw object — never on a storage round-trip.
+- **`verified_signing_key_hex`** — the active Ed25519 signing key surfaced by Foxbook SDK v0.2.0's `verifyAgentCard`. The verdict-layer uses this to verify the AgentCard's JWS signature directly without a second by-handle lookup.
+- **`sth_at_verify_time` / `sth_signature`** — temporal anchor + offline verification. Optional because verdict-layers that always re-fetch live can ignore them; mandatory-ish for verdict-layers wanting offline / point-in-time semantics.
+
+### What this ADR does NOT decide
+
+- **Verdict-layer policy**. How Sanctuary (or any verdict-layer impl) handles staleness, revocation between assert-time and consume-time, signing-key rotation between assert-time and consume-time — out of scope. The typed-reference is rich enough to support strict-freshness, point-in-time-anchor, and hybrid policies; the verdict-layer chooses based on its threat model.
+- **Concordia envelope shape**. How the typed reference embeds inside a Concordia attestation envelope (peer field vs nested vs CTEF-shape) is Concordia's call.
+- **AgentCard JWS verification**. The typed reference asserts "this signing key was active at verify-time per Foxbook"; whether the AgentCard was JWS-signed with that key is a Sanctuary-side check, not encoded in the typed reference.
+
+These deliberate omissions keep the typed reference minimal + composable. Adding them would couple it to specific verdict-layer or evidence-layer choices.
+
+## Enforcement
+
+- Schema-bump PRs to update this ADR's content (post-consensus) reference the discussion thread in the PR body and link the specific comment(s) where consensus crystallized.
+- This ADR moves from `under-public-discussion` → `accepted` only when:
+  - The discussion thread has explicit consensus from at least the Foxbook side and the Concordia/Sanctuary side (eriknewton).
+  - The schema is reproduced verbatim in the "Decision" section above (replacing the strawman).
+  - At least one reference implementation (Concordia v0.5.x or equivalent) has demonstrated the typed reference round-trips cleanly against a live Foxbook leaf.
+- Schema evolution post-acceptance follows ADR 0004 precedent: additive within v1.x lands as inline updates here; breaking changes require a v2.0 schema and a new ADR (likely 0010+) explaining the migration.
+
+## Consequences
+
+- **Foxbook protocol surface is unchanged**. ADR 0008's feature freeze is preserved. Foxbook's existing tl-leaf v1.2 + SDK v0.2.0 expose everything the typed reference needs.
+- **Cross-implementation reference cycle is materially strengthened**. Per [ADR 0006](0006-protocol-not-marketplace.md) §4, named cross-impl references are the load-bearing co-option-defense indicator. Concordia + Sanctuary citing Foxbook by name + canonical-bytes shape is exactly that.
+- **The catalog at [`docs/INTEGRATIONS.md`](../INTEGRATIONS.md) tracks active compositions**. The Concordia + Sanctuary entry is the first; future compositions follow the same pattern.
+- **`docs/COMPOSE-WITH-FOXBOOK.md`** is the path-of-engagement for future integrators. Points at this ADR + the active discussion thread.
+
+## Alternatives considered
+
+- **Spec offline between Foxbook and Concordia/Sanctuary maintainers**. Considered briefly (per cloakmaster's 2026-05-04T17:47Z reply on #1803) but rejected in favor of public spec — reviewable, archival, multi-party, and consistent with ADR 0006's protocol-not-marketplace stance.
+- **Embed full leaf bytes in the typed reference**. Rejected: increases receipt size + couples consumers to leaf-shape changes. The hash-pointer pattern (citing `tl_leaf_canonical_hash` and resolving via `tl_url + leaf_index`) is more durable.
+- **Skip `tl_leaf_canonical_hash`; trust the live log**. Rejected: removes the ability to detect log forks at receipt-consumption time. The verdict-layer can re-fetch the live leaf; comparing its hash against the typed reference's hash is the integrity check.
+- **Make `sth_at_verify_time` + `sth_signature` required**. Rejected (for v1.0): pushes complexity onto integrators that don't need offline / temporal-anchor semantics. May be promoted in v2.0 if practice shows the optional path is rarely chosen.
+
+## When this rule can be violated
+
+ADR 0009 itself can be amended in-place pre-acceptance (the strawman evolves with the thread). Post-acceptance, schema evolution follows ADR 0004 precedent (additive within v1.x; breaking changes to v2.0 + a new ADR).
+
+The composition pattern itself (typed-reference, embedded inside a higher-layer envelope) can be superseded by a different composition pattern in a future ADR (0010+) if the cross-impl group decides a different shape is structurally better. ADR 0009 is silent on whether typed-reference is the only valid composition shape — see `docs/COMPOSE-WITH-FOXBOOK.md` for other shapes (wrapping, referencing-without-embedding, direct API integration).
+
+## Verified
+
+- The strawman schema in this ADR matches the strawman posted at `<DISCUSSION_URL>` first-comment as of `<DATE_POSTED>`.
+- Foxbook SDK v0.2.0 (`@foxbook/sdk-claim@0.2.0`) surfaces `verified_signing_key_hex` + `leaf_index` on the `verified` branch of `verifyAgentCard`. Verified by `npm view @foxbook/sdk-claim`.
+- tl-leaf v1.2's canonical-bytes shape (per [ADR 0004 addendum-3](0004-tl-leaf-schema-evolution.md)) is what `tl_leaf_canonical_hash` references. Cross-language byte-match validation in [`schemas/crypto-test-vectors.json`](../../schemas/crypto-test-vectors.json).
+- Concordia v0.4.0 and Sanctuary Castle Architecture v1.2 are the named cross-impl reference candidates per [@eriknewton's 2026-05-04 comment](https://github.com/a2aproject/A2A/discussions/1803#discussioncomment-13655678) on A2A Discussion #1803.