# Raven — agent context pack (terse, for machine ingestion)

PURPOSE: signed evidence-and-receipt layer for AI agents before they touch a
Solana token. BEACHHEAD: signed Solana token-launch verification. Nothing else.

INPUT (POST https://raven-hosted-verifier.onrender.com/verify, x-api-key):
required: mintAddress, tokenProgramAddress
optional: metadataAddress, poolAddress (Raydium CPMM), commitment (finalized|confirmed)
forbidden (rejected 400): rpcUrl, issuerIdentity

OUTPUT SEMANTICS:
verdict: pass | pass_with_info_finding | warning | risk | unknowable
- risk: rug-capable control exists (issuer_control.* findings)
- warning: needs eyes OR unverified surfaces (coverage degradation) OR high holder concentration (beta)
- pass_with_info_finding: clean on checked surfaces, informational notes
- pass: only recognized immutable infrastructure, only on checked surfaces
- unknowable: evidence unfetchable/undecodable or signer down; Raven never guesses
RULES: informational evidence never upgrades a verdict. coverageGaps is
normative: listed = NOT evaluated = unverified. Pass-grade + gaps = "no risk
findings on checked surfaces" — say: not enough evidence for a full pass.

RECEIPT FIELDS (actual): verdict, engineOutcome, reason, findingCodes,
triggeringFindingCodes, findings, coverageGaps, replayable, rpc.observedSlot,
engineVersion, raven_version, replayHash, officialAttestationHash, keyId,
issuedAt, signature, signatureAlg, attestationPublicKey, served_at

VERIFY A RECEIPT: keyId must match a key at GET /pubkey (today:
rvk_c2997e90215279c2, ed25519, domain raven-official-attestation) ->
recompute replayHash (canonical JSON; repo recipe) -> verify signature over
utf8(domain)||officialAttestationHash. Key policy: /key-policy.json (old
receipts verify against the key that signed them).

MACHINE SURFACES: /agents.json /openapi.json /access.json /evals.json
/key-policy.json /prompt-recipes.json /llms.txt /llms-full.txt
MCP: npx -y raven-verify-mcp (tool raven_verify_token)
ACP: offering solana_verify_token, 0.1 USDC/job (Virtuals, escrow, no key)
ACCESS: invite-gated alpha -> /request-access.html

RAVEN REFUSES TO CLAIM: "safe", guaranteed, price prediction, trading advice,
rug score, buy/sell. Not financial advice. No post-quantum guarantee.

ESCALATE TO A HUMAN when: verdict is risk, warning, or unknowable; or the
agent's policy requires surfaces listed in coverageGaps; or a receipt fails
verification (treat as incident).

RECEIPT MEMORY: before calling Raven, check stored receipts (deterministic
lookup: mintAddress+tokenProgramAddress+engineVersion+keyId). If using a
stored receipt, VERIFY signature+keyId first; unverifiable = unusable.
Store new raw receipts per /receipt-schema.json and /receipt-memory-policy.md.
Never store secrets in receipt memory. Missing storage is NOT a verification
failure; storage failure never alters a verdict.