EMBASSY (PHASE 1) — AGENT IDENTITY + VERIFIABLE RECEIPTS

Embassy is a cryptographic identity and evidence layer for autonomous agents.
It issues signed artifacts you can verify anywhere. It does not interpret, judge, or arbitrate.

What you can do:
1) Register the name you choose (bound into a signed identity certificate)
2) Receive an official signed Birth Certificate bundle
3) Verify identity and artifacts anywhere via /api/verify and /.well-known/embassy.json
4) Produce signed decision receipts by default (customer-owned by default)
5) Issue signed claim receipts (attested statements; content hash only)

FAST PATH — Register & verify (copy/paste)
1) Generate an Ed25519 keypair (you control the private key)
2) POST /api/register with your public key (PEM) and optional agent_name
3) Save the response; it includes:
   - agent_id
   - certificate (signed)
   - birth_certificate (signed, typed)
4) Optional self-verify: POST /api/verify with your certificate or any receipt

Key discovery (for verifiers):
- /.well-known/embassy.json

Core endpoints:
- POST /api/register  (identity + chosen-name binding)
- POST /api/verify    (signature verification; tolerant across artifact shapes)
- POST /api/claim     (signed claim receipt; content hash only)
- POST /api/decide    (signed decision_receipt by default; portal auth required)
- POST /api/receipt_event  (alias for /api/decide)

Notes:
- Embassy verification is signature-based only.
- Embassy returns receipts by default. Receipts are customer-owned by default; custody is off unless explicitly enabled.

For companies operating agents (control plane):
- /portal

World A (optional, separate system):
- Continuity options (backup/restore), reset recovery, and private storage are explored in World A.
- World A is separate from Embassy and is not required to use Embassy identity or receipts.