# FARIGATE Cloud hosted-gate trust

This directory publishes the PUBLIC signing keys of FARIGATE Cloud
deployments, plus an assembled trust JSON for the browser verifier's
"FARIGATE Cloud (registry)" mode.

## What these keys sign

- **Decision receipts**: the hosted gate's signed record of every decision
  (allow or refuse) for an exact action digest, including the policy
  snapshot hash and the receipt hash-chain link.
- **Evidence-pack bindings**: the signed manifest binding every artifact
  in a dispute pack (mandate tokens, receipts, policy snapshots) to that
  decision.

Key format: `{kid}.pub` files contain the base64 raw Ed25519 public key;
`kid` is the lowercase hex sha256 of the raw 32-byte public key — the same
derivation `farigate-ingest`, `farigate-evidence`, `farigate-cli`, and the
browser verifier use. `cloud-trust-info.json` carries the current key with
its kid. `cloud-trust.json` is the complete verifier trust document:
hosted-gate receipt-signer keys plus the published FARIGATE Cloud v0
governance bundle, profile reason registries, and AP2 agent-mandate user
JWKs that the hosted gate actually enforces.

## Anchored verification (trust-anchor bundle)

`trust-anchor-bundle.json` is a ceremony-root-signed bundle that certifies the
hosted-gate receipt-signer key(s) above as `receipt_signer` (plus the
governance signer). `ceremony-root.json` carries the ceremony-root PUBLIC
fingerprint to pin. A verifier that pins this fingerprint will only read a pack
as **ANCHORED** when its receipt-signer key chains to it; a key that does not
chain is **UNANCHORED / NON-PRODUCTION**, never a green production verdict. This
closes the forge gap where an attacker re-signs a pack with their own key.

At v0 the ceremony root is **DEMO-labeled** (`demo: true`): anchored to it reads
as **ANCHORED (DEMO CEREMONY ROOT)** — not production. The real ceremony root is
a human act (softHSM / air-gapped) that swaps the demo root for a real one and
publishes its fingerprint out-of-band; see the ceremony runbook.

## What these keys do NOT prove

- **Not ceremony trust.** Each key is generated by a FARIGATE Cloud
  deployment at first boot. The v0 trust-anchor bundle is signed by a
  DEMO ceremony root — no production HSM custody or multi-party control
  is claimed.
- **Not production or customer readiness.** A verification PASS against
  this material proves that a pack was signed by that hosted gate under
  the published governance — nothing more.
- **Not an enforcement guarantee.** FARIGATE is evidence infrastructure;
  a PASS does not prove an action could not have happened through some
  other system.
- The governance bundle and AP2 mandate trust in `cloud-trust.json` are
  the published FARIGATE Cloud v0 set (the same committed fixture set the
  in-repo demos use) until design partners register their own material.
- No Visa, Google, or FIDO endorsement is implied. Mandates are verified
  against the AP2 v0.2.0 mandate profile.

## Note on the registry index

`trust/` is added by the FARIGATE Cloud site packaging
(`web/registry/build.sh`) on top of the signed registry export; it is NOT
listed in `.well-known/farigate/registry.json`. Treat the export index as
authoritative for protocol artifacts and this directory as the hosted-gate
trust publication channel.