From b0c54660fbee27738ad01d8a62be4d0c2b1bf954 Mon Sep 17 00:00:00 2001
From: Joshua <vsg@Joshuas-Mac-Studio.local>
Date: Wed, 18 Feb 2026 19:57:18 -0800
Subject: [PATCH] Document signing authority boundaries in launcher specs

---
 README.md                      | 1 +
 docs/conformance-vectors.md    | 1 +
 docs/integration-contract.md   | 1 +
 docs/wallet-v1-product-spec.md | 2 ++
 4 files changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 2b403c1..956b9d8 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,7 @@ Policy behavior in launcher shell:
 2. `onramp_attested` identity assurance is required for owner support-ticket and governance install-token actions.
 3. Assurance state is displayed independently from membership state in the top summary cards.
 4. Owner-only buttons are UI-disabled until both membership is active and assurance is `onramp_attested`.
+5. Governance activation evidence must carry explicit signing authority class (`identity_human` or delegated).
 
 Run locally:
 
diff --git a/docs/conformance-vectors.md b/docs/conformance-vectors.md
index 756004b..979f16c 100644
--- a/docs/conformance-vectors.md
+++ b/docs/conformance-vectors.md
@@ -12,3 +12,4 @@
 10. `L-010` Primary wallet screens render USD-first balances and plain-language history.
 11. `L-011` Launcher must surface `identity_assurance_level` separately from membership state.
 12. `L-012` Owner support and governance install actions are blocked when assurance is not `onramp_attested`.
+13. `L-013` Launcher emits signing authority class in governance activation evidence and defaults owner-driven activation to `identity_human`.
diff --git a/docs/integration-contract.md b/docs/integration-contract.md
index b872558..e714d6c 100644
--- a/docs/integration-contract.md
+++ b/docs/integration-contract.md
@@ -26,3 +26,4 @@ Launcher integrates with EDUT web/backend contracts as follows:
 4. Event inbox polling remains canonical even if push unavailable.
 5. Identity assurance is evaluated independently from membership state.
 6. Owner/admin launcher actions must require `identity_assurance_level=onramp_attested`.
+7. Governance activation evidence must include signing authority class (`identity_human` vs delegated).
diff --git a/docs/wallet-v1-product-spec.md b/docs/wallet-v1-product-spec.md
index 39f46d3..80d531b 100644
--- a/docs/wallet-v1-product-spec.md
+++ b/docs/wallet-v1-product-spec.md
@@ -127,6 +127,8 @@ Technical details are available only in expanded view:
 3. Recovery path must exist but remain opt-in in onboarding.
 4. Sensitive operations fail closed on secure storage errors.
 5. Wallet export (seed/private key) requires explicit authenticated flow.
+6. AI/delegated automation must never use the human identity signer key directly.
+7. Any delegated signing authority must be explicit, scoped, and revocable.
 
 ## Asset/Display Model