Skip to content
RAMP Protocol

Changelog

Unreleased

Section titled “Unreleased”

CoMP re-baseline to canonical V1 (breaking). proto/comp/v1/comp.proto is re-aligned to be a 1:1 mirror of IAB Tech Lab Content Monetization Protocols CoMP V1 (finalized 2026-04-28, CoMP-1.0.md). The prior snapshot mirrored a pre-final draft. This breaks the comp.v1 generated types (accepted pre-v1 of the CoMP profile; buf breaking reports the deltas as expected). Changes:

  • Removed the License message, the LicenseUse enum, and Package.license — canonical V1 has no separate License object.
  • Folded licensing into Scope: added ause (AllowedUse), pricetype (PriceType), pricetier, unitprice, cur (default "USD"), country (ISO-3166 numeric), and licensedur (days).
  • Added Package.reporturl (usage-reporting URL).
  • Added per-media taxonomy cattax (default 9), cat, and language to Text, Video, Image, and Audio.
  • Removed the RAMP-invented non-CoMP fields: Text.authority/originality, Image.alt/caption, Video/Image/Audio.c2pa, and Retrieval.ratelmt.
  • Added RETRIEVAL_AUTH_OTHER = 4.

The request-side model (AISystem/AISystemUse, Function, SubFunction, AuthMethod, ScopeType, ContentType) is unchanged.

v1.0.0 — Initial release

Section titled “v1.0.0 — Initial release”

First public release of the RAMP Protocol (Resource Access Metering Protocol): the wire format, the generated Go and TypeScript SDKs, and this specification site. One protocol for discovering, pricing, transacting, delivering, and verifying access to any digital resource by an AI agent. The reasoning behind the major design decisions is recorded in docs/design-history.md.

Core protocol

Section titled “Core protocol”
  • ExchangeServiceDiscoverResources, ExecuteTransaction, ReportUsage, DisputeTransaction, and domain-verification RPCs. Agents and Brokers are interchangeable clients.
  • ResourceQuery / ResourceResponse — query an Exchange for available resource offers.
  • RAMPRequest — Agent → Broker entry point, with natural-language query and structured search_filters for Broker-side discovery.
  • Requester — universal actor identity (AGENT, HUMAN_TOOL, SERVICE, DELEGATED, RESEARCH).
  • Delegation — holder-bound JWT by default (RFC 7800 cnf/jkt + RFC 9421 proof-of-possession; chain of cnf-linked JWTs), with token_format: "biscuit-v3" as an optional alternative. Scoped, time-limited, spend-capped, narrowable offline.
  • Scope-based access control — the Exchange filters its catalog by the requester’s scopes; subscriptions are scopes.
  • SubscriptionQuotaInfo — proactive, multi-dimensional quota signaling on Offer and TransactionResponse.
  • ResourceMutability — STATIC (hash stable), DYNAMIC (hash drifts), LIVE (streaming, no content at offer time).
  • Data freshnessOffer.data_as_of + RequestConstraints.max_data_age for staleness filtering.
  • Unit-agnostic meteringunit_cost + estimated_quantity + unit: tokens, pages, seconds, records, bytes, sq_km, and domain-specific units.
  • ResourceAttestation — Ed25519-signed claim envelope for resource integrity. Three levels: none, self-attested, third-party verified.
  • Dispute resolution — three-tier (automated <1s, rule-based <24h, human escalation). Evidence chain: Transaction → UsageReport → Dispute.
  • Domain verification — ACME HTTP-01-style provider onboarding.
  • CatalogServicePushResources, RemoveResources, RefreshCatalog.
  • ext_critical — critical-extension signaling (COSE crit pattern, RFC 9052): a consumer MUST understand listed keys or reject the message.
  • Resource previews — lightweight Preview assets on Offer for pre-transaction evaluation (URLs only, zero Exchange memory impact).

Multi-hop

Section titled “Multi-hop”
  • Signature-stack forwarding chain — schain-inspired forwarding for the Agent → Broker → … → Exchange path carried as a stack of RFC 9421 HTTP Message Signatures in HTTP headers. Each forwarding party adds one labeled signature covering the request plus the prior hop’s signature; the ordered set of signatures is the chain. (Replaces the in-message IntermediaryHop / ResourceQuery.intermediaries and the removed broker_signature.)
  • Chain-depth capsRequestConstraints.max_hops (agent-side) and WellKnownManifest.max_intermediary_hops (Exchange-published).
  • Direct response path — the terminal Exchange returns directly to the originating agent; intermediaries are forward-path only.

Discovery & keys

Section titled “Discovery & keys”
  • WellKnownManifest — a single canonical document served at /.well-known/ramp.json by every participant, role-tagged via the Role enum (AGENT, EXCHANGE, BROKER, PUBLISHER). Carries inline keys, optional invalidation_url, publisher authorization (exchanges[], catalog_contributors[]), and exchange capability fields (pricing, delivery, auth methods, OIDC issuer, GNAP endpoint, base currency, supported profiles).
  • JsonWebKey — inline RFC 7517 JWKs (Ed25519: kty="OKP", crv="Ed25519", alg="EdDSA") with explicit not_before / not_after RFC3339 bounds. Key-validity window is half-open [not_before, not_after).
  • KeyInvalidationList — snapshot-semantic kid revocation list served at invalidation_url for emergency revocation.
  • Caching contract/.well-known/ramp.json MAY be cached (minutes–hours); the invalidation_url body SHOULD be short/no-store.
  • Domainless requesters — accommodated via a registry-hosted WellKnownManifest (the agent sets Requester.domain to the registry host).

Authentication

Section titled “Authentication”
  • Auth-agnostic — the Exchange advertises supported methods: GNAP (RFC 9635), OAuth + DPoP, OAuth Bearer, mTLS.
  • JWS for content signaturesOffer and attestation signatures use JWS Compact Serialization (alg=EdDSA).
  • RFC 9421 for request signatures — HTTP Message Signatures authenticate agents and each intermediary hop.
  • Retrieval-URL identity binding — the Exchange MAY bind a signed retrieval_endpoint to the agent via agent_identity_hash (RFC 7638 JWK Thumbprint, DPoP-style per RFC 9449), verifiable fully offline by a capable edge function.

Content provenance (C2PA)

Section titled “Content provenance (C2PA)”
  • ResourceIdentity C2PA fields (c2pa_manifest, c2pa_status, soft_binding, soft_binding_method) and the C2PAStatus enum (TRUSTED, VALID, INVALID, ABSENT).
  • The ramp-c2pa-v1 extension profile bridges C2PA X.509/COSE trust into RAMP Ed25519 attestations.

Pricing models

Section titled “Pricing models”

PRICING_MODEL is the charging structure only: FREE, PER_UNIT, FLAT (plus UNSPECIFIED=0, rejected at ingest). The metering basis (“per what”) moved to the Pricing.unit vocabulary; revenue-share was removed (settlement is off-protocol); attribution/contribution are Obligations.

Denial reasons

Section titled “Denial reasons”

BILLING_REF_INACTIVE, INSUFFICIENT_BALANCE, RATE_LIMITED, CONTENT_UNAVAILABLE, RESTRICTION_NOT_SATISFIED, REPORTING_OVERDUE, OFFER_EXPIRED, SIGNATURE_INVALID, QUOTA_EXCEEDED, DELEGATION_INVALID, SCOPE_INSUFFICIENT.

Extension profiles

Section titled “Extension profiles”

Domain-specific metadata carried in ext fields:

  • ramp-news-v1 — articles, podcasts, broadcasting (IPTC NewsML-G2, Podcasting 2.0)
  • ramp-academic-v1 — scholarly articles, preprints (CrossRef, OpenAlex, COUNTER 5.1)
  • ramp-legal-v1 — legislation, case law, patents (ELI, ECLI, Akoma Ntoso)
  • ramp-comp-v1 — IAB CoMP V1 metadata (Package, Scope with folded licensing, Retrieval, per-media taxonomy) as optional ext fields

Licensing terms

Section titled “Licensing terms”
  • LicenseTerm — universal licensing unit. A resource carries zero or more terms; each term is a complete, self-contained access arrangement (restrictions + quotas + obligations + pricing). Same shape at ingestion (ResourceEntry.terms) and emission (Offer.terms).
  • License — identifies the governing license document (uri, id, name, immutable, uri_digest). uri_digest pins the document hash and is required whenever a License carries a uri (any semantics, mutable or not).
  • Restriction — constrains one axis: FUNCTION (what), GEOGRAPHY (where), USER_TYPE (who). Tokens are proto-native ((ramp.v1.vocab_enum) on the RestrictionKind values). restrictions are binding by default (advisory=true downgrades an unverifiable restriction to non-blocking).
  • Quota — usage cap that gates term validity, not billing. Metrics are proto-native ((ramp.v1.vocab) on Quota.metric): accesses, tokens, display-words, impressions, units-manufactured, and more.
  • Obligation — post-use behavioral requirement. Replaces the retired PRICING_MODEL_ATTRIBUTION / PRICING_MODEL_CONTRIBUTION (attribution and contribution are obligations, not payment models). Kinds: ATTRIBUTION, CONTRIBUTION, SHARE_ALIKE, NETWORK_COPYLEFT, NOTICE, OTHER. Obligation.scope_license is a License (not a bare string), so a SHARE_ALIKE target inherits the uri ⇒ uri_digest tamper-evidence rule.
  • TermSemanticsENUMERATED (machine fields are the complete, authoritative term; enforced downstream at reconciliation; Pricing required) vs REFERENCE_ONLY (the document at License.uri is the authoritative, complete source; machine restrictions/quotas/obligations are optional but, when present, must be accurate and are enforced; Pricing still required).
  • PricingMeteringONLINE (default), NONE (one-time sale, no ongoing tracking), OFFLINE_SELF_REPORTED (agent self-reports; Exchange audits). Added as Pricing.metering (field 9).
  • Offer.terms (field 19) — repeated LicenseTerm from the publisher catalog. Offer.restrictions (the flat AccessRestrictions field) removed.
  • ResourceEntry.terms (field 13) — publisher-declared terms pushed via CatalogService.PushResources.
  • PushResourcesResponse.warnings (field 3) — non-fatal ingestion warnings (e.g., unrecognized vocab token).
  • PRICING_MODEL_ATTRIBUTION (6) and PRICING_MODEL_CONTRIBUTION (7) removed from PricingModel. Migrate to Obligation.kind = ATTRIBUTION / CONTRIBUTION in a LicenseTerm.
  • Wire-enforced validation — licensing presence and coherence rules are now expressed as protovalidate CEL embedded in the descriptors (not prose-only): pricing required on every term, REFERENCE_ONLY ⇒ license.uri, uri ⇒ uri_digest, the required discriminator enums reject UNSPECIFIED (LicenseTerm.semantics, Pricing.model, Restriction.kind, Obligation.kind, Obligation.trigger, Quota.window), one restriction per kind, permitted/prohibited disjoint, and token-format rules. A conformance/ test suite evaluates the CEL against valid/invalid instances and validates the doc examples, wired into CI; a guard derives the discriminator set from the proto (each such enum’s zero value is marked “rejected at ingest”) and fails if any field of one is left unenforced, so the set can’t silently drift. Enforced and tested in the Go SDK today; the TypeScript SDK is generated (protovalidate-es not yet wired) and Python is a tracked follow-up.

Wire format

Section titled “Wire format”

Protocol Buffers. Package ramp.v1. Dual transport via Connect (HTTP/JSON + binary protobuf from the same handler).