{
  "service": "Sovereign Executive Interface",
  "generated": "2026-06-18T16:06:44Z",
  "base_url": "https://intentrouter.ai",
  "draft": false,
  "capabilities_digest": "1eb58a2e197ed182db7c222f1aa54cce4708185f178131fecb37a824ba0180d8",
  "artifacts": {
    ".well-known/agent.json": "cb082d1b320b2334a0dcb69275cae7bcccefd3e1b93f4157376bd0815f88f146",
    ".well-known/ai-plugin.json": "5d43133f78f1966c3926fb6b4b1ea70b2b76df511985d8615f700c9121663ad4",
    ".well-known/api-catalog": "07bb1fa1002588b33332192bef43712422c205189af7a31e45bed1aa7a58ac30",
    ".well-known/mcp/server-card.json": "8fc5a9a8ed858f0a5ed0b18f011908697ed41afa260c6f6429ed42c636ce078e",
    ".well-known/security.txt": "8a42d4a45b322ef44a88dcac27e989da11ca33365ba4044dbae47ffa685a7d50",
    ".well-known/sei-signing-key.pem": "e32660fe37011caea19ee87d1042803e89a62d86873fd5feb1d9a855dc831455",
    "index.html": "ac9d9f280dfe38cc6d4be839dce7e97fac44299f3fe6174cfd30cea182e140f8",
    "llms-full.txt": "2324a1d4d3fb36215de1119424d2ad0a066093f46459ffb52a85b5a84e662545",
    "llms.txt": "35e3444b1d66ff44b3436f5dfc5472e0423e0e0c146d4be567317e1cc2cf0b4e",
    "offer.json": "cd3666f7867957f696692f2b45eec27d8e2004ac38db2dd105520a598f322082"
  },
  "provability": {
    "ledger": "SHA-256 hash-chained model-call ledger per run.",
    "verify_run": "sei verify <run_id>",
    "claim": "Every advertised capability is derived from the live role registry and hashed here; no hallucinated capability."
  },
  "integrity": "Fetch each artifact, SHA-256 it, and compare to the digest in `artifacts`; this detects whether a served file differs from what was generated.",
  "signed": true,
  "key_fingerprint": "sha256:09e490ccc8fbbb4a019c64afd1561f08c665850aefb674ddfa741d9c6316c441",
  "authenticity": "Ed25519-signed (see `signature`). The signature proves the holder of the signing key produced this exact manifest body; stripping the signature is detected because `signed` and `key_fingerprint` are integrity-protected. A key served from this host alone is continuity, not a root-of-trust: pin `key_fingerprint` out-of-band (DNS TXT _sei-key.<domain>, or a DID) and verify with `--expect-fingerprint`.",
  "integrity_checksum": "5ffc63417ff89031670df1c7c8124ebcd7306c3c81a857136c6dad0be88deee9",
  "signature": {
    "alg": "Ed25519",
    "key_fingerprint": "sha256:09e490ccc8fbbb4a019c64afd1561f08c665850aefb674ddfa741d9c6316c441",
    "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAZNfg+Y7y1uZYiDH4HkCWsalQXe8dM5blZDv9Cz9UTCQ=\n-----END PUBLIC KEY-----\n",
    "value": "EphSIiFTzigv1qhgNLtz2TAQuRI3WIER/7Caz2pagk+YfJThpOcOeQV/50ql/1EDTeeVczqgfGrTt/YAc8NUAA==",
    "note": "Detached Ed25519 signature over the manifest body (all fields except this `signature` object). Proves key-holder authorship, not domain ownership \u2014 pin key_fingerprint out-of-band (DNS TXT _sei-key.<domain>, or a DID) for root-of-trust."
  }
}