FeedOracle Action Gate Phase 1 β€” Dry-Run

Agent-control layer placed between autonomous AI agents and real systems. Every agent action passes through 9 independent safety layers, requires operator approval for anything outside the sandbox, and produces a cryptographically signed, hash-chained receipt that any third party can verify without our cooperation.

Verify any FeedOracle receipt yourself in 3 commands

# 1. Download the verifier (multi-key aware)
curl -O https://feedoracle.io/.well-known/verify-academic-receipt.py

# 2. Install the dependency
pip install cryptography

# 3. Verify any receipt β€” script picks the correct public key from the manifest
python3 verify-academic-receipt.py path/to/receipt.json

Exit codes: 0=valid Β· 1=sha256 mismatch Β· 2=signature/pin invalid Β· 3=fetch error. For audit-grade pinning use --expect-fingerprint SHA256:... from the key manifest.

What is documented here

Current state (2026-05-10)

Audit chains59 (all VALID)
Receipts105 (all sha256 valid)
ECDSA-signed47 (key v1: 46, key v2: 1+)
Chain integrity issues0
Curation walkthroughs completed6 (different change-types)
Auto-rollback events in production3 (all recovered to clean state)
Active signing keyacademic_l1_v2 (since 2026-05-10)
Kill-switch stateOFF (default β€” phase 1 is dry-run)

Trust model

Public keys are self-published at /.well-known/ on this domain. Trust is anchored in (a) the TLS certificate of feedoracle.io, and (b) out-of-band fingerprint pinning recorded in the manifest's rotation history. There is no CA chain. For long-term verification (audits years later), record the fingerprint of each key version once and pin it β€” the URLs may move, the fingerprints do not.

Contact: support@feedoracle.io