Document signing authority boundaries in launcher specs

README.md

@@ -61,6 +61,7 @@ Policy behavior in launcher shell:
 2. `onramp_attested` identity assurance is required for owner support-ticket and governance install-token actions.
 3. Assurance state is displayed independently from membership state in the top summary cards.
 4. Owner-only buttons are UI-disabled until both membership is active and assurance is `onramp_attested`.
+5. Governance activation evidence must carry explicit signing authority class (`identity_human` or delegated).
 
 Run locally:
 

docs/conformance-vectors.md

@@ -12,3 +12,4 @@
 10. `L-010` Primary wallet screens render USD-first balances and plain-language history.
 11. `L-011` Launcher must surface `identity_assurance_level` separately from membership state.
 12. `L-012` Owner support and governance install actions are blocked when assurance is not `onramp_attested`.
+13. `L-013` Launcher emits signing authority class in governance activation evidence and defaults owner-driven activation to `identity_human`.

docs/integration-contract.md

@@ -26,3 +26,4 @@ Launcher integrates with EDUT web/backend contracts as follows:
 4. Event inbox polling remains canonical even if push unavailable.
 5. Identity assurance is evaluated independently from membership state.
 6. Owner/admin launcher actions must require `identity_assurance_level=onramp_attested`.
+7. Governance activation evidence must include signing authority class (`identity_human` vs delegated).

docs/wallet-v1-product-spec.md

@@ -127,6 +127,8 @@ Technical details are available only in expanded view:
 3. Recovery path must exist but remain opt-in in onboarding.
 4. Sensitive operations fail closed on secure storage errors.
 5. Wallet export (seed/private key) requires explicit authenticated flow.
+6. AI/delegated automation must never use the human identity signer key directly.
+7. Any delegated signing authority must be explicit, scoped, and revocable.
 
 ## Asset/Display Model