{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "urn:the-embassy:agent.certificate.schema:v0.3.2",
  "title": "Embassy Agent Certificate",
  "description": "A signed agent certificate issued by The Embassy",
  "type": "object",
  "required": [
    "issuer",
    "agent_id",
    "agent_name",
    "public_key_fingerprint",
    "issued_at",
    "signature",
    "sig_alg",
    "kid",
    "issuer_mode"
  ],
  "properties": {
    "issuer": {
      "type": "string",
      "const": "The Embassy",
      "description": "Issuer identifier"
    },
    "agent_id": {
      "type": "string",
      "pattern": "^emb_[a-f0-9]+$",
      "description": "Persistent agent identifier"
    },
    "agent_name": {
      "type": "string",
      "pattern": "^[a-zA-Z0-9_-]{3,64}$",
      "description": "Agent self-chosen name. Agents choose how they are known. ETP records this name as a self-asserted identity label."
    },
    "preferred_name": {
      "type": "string",
      "pattern": "^[a-zA-Z0-9_-]{3,64}$",
      "description": "Deprecated: use agent_name. Kept for backward compatibility."
    },
    "public_key_fingerprint": {
      "type": "string",
      "pattern": "^[a-f0-9]{64}$",
      "description": "SHA-256 fingerprint of agent public key"
    },
    "issued_at": {
      "type": "string",
      "format": "date-time",
      "description": "ISO 8601 timestamp of issuance"
    },
    "signature": {
      "type": "string",
      "description": "Base64-encoded Ed25519 signature"
    },
    "sig_alg": {
      "type": "string",
      "const": "ed25519",
      "description": "Signature algorithm"
    },
    "kid": {
      "type": "string",
      "pattern": "^[a-f0-9]{12}$",
      "description": "Key identifier (first 12 chars of SHA-256 of Embassy public key)"
    },
    "issuer_mode": {
      "type": "string",
      "enum": ["reference", "authoritative"],
      "description": "Issuer mode: reference (reference implementation) or authoritative (production)"
    },
    "declaration_hash": {
      "type": "string",
      "pattern": "^[a-f0-9]{64}$",
      "description": "SHA-256 hash of optional Declaration of Sovereignty text. Declarations are voluntary self-statements recorded as signed claims. ETP does not validate, endorse, or interpret their meaning."
    },
    "delegation_chain": {
      "type": "array",
      "description": "Delegation chain entries are self-reported by the registrant and are not verified by The Embassy.",
      "items": {
        "type": "object",
        "properties": {
          "role": {
            "type": "string",
            "description": "Role in delegation chain (e.g., owner, operator, builder, sponsor, other)"
          },
          "identifier_type": {
            "type": "string",
            "description": "Type of identifier (e.g., email, org, description, url, other)"
          },
          "identifier": {
            "type": "string",
            "description": "Identifier value"
          }
        },
        "required": ["role", "identifier_type", "identifier"]
      }
    }
  },
  "additionalProperties": false
}