Skip to content
RAMP Protocol

Proto: RAMP v1

Source: proto/ramp/v1/ramp.proto

Services

Section titled “Services”

ExchangeService

Section titled “ExchangeService”

The core protocol. Both AI agents and Brokers are valid clients.

RPCRequestResponseDescription
DiscoverResourcesResourceQueryResourceResponseDiscover available content offers (Steps 2-3)
ExecuteTransactionTransactionRequestTransactionResponseCommit to an offer, receive delivery info (Steps 4-5)
ReportUsageUsageReportUsageReportResponseSubmit post-usage report (Step 7)
DisputeTransactionDisputeRequestDisputeResponseSignal a content dispute for a completed transaction
RequestDomainVerificationDomainVerificationRequestDomainVerificationChallengeRequest ACME-style domain verification challenge
ConfirmDomainVerificationDomainVerificationConfirmationDomainVerificationResultConfirm domain verification and register signing key

CatalogService

Section titled “CatalogService”

Optional RPC for providers/CMS/third-party intelligence providers to push content metadata.

RPCRequestResponseDescription
PushResourcesPushResourcesRequestPushResourcesResponsePush or update catalog entries
RemoveResourcesRemoveResourcesRequestRemoveResourcesResponseRemove catalog entries
RefreshCatalogRefreshCatalogRequestRefreshCatalogResponseTrigger full catalog refresh

Messages — Supply Discovery

Section titled “Messages — Supply Discovery”

ResourceQuery

Section titled “ResourceQuery”
FieldTypeNumberDescription
verstring1RAMP protocol version
idstring2Unique query identifier
requesterRequester3Requester identity, scopes, and optional delegation chain
urisrepeated string8Resource URIs being queried
acceptable_restrictionsrepeated AcceptableRestriction9Limits the query operates within, per restriction axis. Advisory; the Exchange MAY pre-select offers against them, not enforced.
request_idoptional string4Original RAMP request ID (traceability)
deadlineoptional Duration6Max wait time (default 500ms)
supported_profilesrepeated string7Domain extension profiles the caller understands (e.g. “ramp-academic-v1”)
extStruct15Extension point

AcceptableRestriction

Section titled “AcceptableRestriction”

The limits a query operates within on one restriction axis, in the same RestrictionKind vocabulary the terms use. The Exchange/Broker MAY pre-select offers whose term restrictions fall within these (convenience, not enforcement). Used in ResourceQuery and RAMPRequest.

FieldTypeNumberDescription
axisRestrictionKind1Which axis (same enum as Restriction.kind): FUNCTION / GEOGRAPHY / USER_TYPE / OTHER
valuesrepeated string2Values the query operates within on this axis — same token vocabulary as the terms (e.g. FUNCTION ["ai-train"], GEOGRAPHY ["US","EU"])

ResourceResponse

Section titled “ResourceResponse”
FieldTypeNumberDescription
verstring1Protocol version
idstring2Echoed query identifier
exchangestring3Responding Exchange domain
offersrepeated Offer4Flat offer list (single-URI queries)
offer_groupsrepeated OfferGroup5Grouped offers (multi-URI batch queries)
rate_limitoptional RateLimitInfo6Rate limit status for this caller
extStruct15Extension point

OfferGroup

Section titled “OfferGroup”
FieldTypeNumberDescription
uristring1URI this group is for
offersrepeated Offer2Offers for this URI
discovery_methodoptional DiscoveryMethod3How the URI was discovered (v2 extension)
absence_reasonoptional OfferAbsenceReason4Why no offers are available for this URI
restriction_filtersrepeated RestrictionKind5When absence_reason = RESTRICTION_FILTERED, the axes that drove the convenience pre-filter (same RestrictionKind vocabulary as the terms)

RateLimitInfo

Section titled “RateLimitInfo”

Rate limit status modeled after IETF RateLimit header fields.

FieldTypeNumberDescription
limitint321Maximum requests allowed in the current window
remainingint322Requests remaining in the current window
reset_atTimestamp3When the current window resets (UTC)
windowoptional Duration4Duration of the rate limit window

Messages — Requester Identity

Section titled “Messages — Requester Identity”

Requester

Section titled “Requester”

Identity and entitlements only — who is asking and what they’re entitled to. What they’re asking for (uris) and the limits they’ll accept (acceptable_restrictions) live on the ask (ResourceQuery / RAMPRequest), not here. Used in ResourceQuery and RAMPRequest.

FieldTypeNumberDescription
idstring1Unique requester identifier (e.g. “agent-research-bot-001”)
domainstring2Requester’s domain — used for public key lookup at {domain}/.well-known/ramp.json (role=ROLE_AGENT)
typeRequesterType3What kind of entity is making this request
nameoptional string4Human-readable name (e.g. “Acme Research Assistant”)
billing_refoptional string5Opaque billing reference linking the requester to the Exchange’s/publisher’s billing systems (account, PO, cost center). NOT an entitlement — access is via scopes/delegation. (Maps from CoMP aisysuse.lid.)
scopesrepeated string6Entitlement scopes declaring what the requester can access. Format: "{domain}:{permission}". Empty = default access policy.
delegationoptional Delegation7Present when requester acts on behalf of another entity
extStruct15Extension point

Delegation

Section titled “Delegation”

Scoped, time-limited, spend-capped credential. The credential itself is opaque bytes carried in token, and token_format selects how to interpret them: "jwt" (default) or "biscuit-v3" (optional). The format is never encoded as a prefix inside the token bytes. The default is a holder-bound JWT: a chain of cnf-linked JWTs (RFC 7800 cnf.jkt = RFC 7638 thumbprint) where each child is signed by the key its parent named and narrows scope, and the holder proves possession by signing the request (RFC 9421). "biscuit-v3" remains a permitted alternative for deep multi-hop offline attenuation.

FieldTypeNumberDescription
principal_domainstring1Who granted this delegation (domain for public key lookup)
principal_idstring2Principal’s identifier (e.g. “user@acme.com”, “marketdata.example.com”)
scopesrepeated string3Scopes granted by this delegation (MUST be a subset of the principal’s own scopes)
expires_atTimestamp4When this delegation expires. Exchange MUST reject expired tokens.
max_spend_centsoptional int645Maximum spend in currency minor units (e.g. cents for USD)
tokenbytes6Token bytes — a JWT (base64url JWS) by default
token_formatstring7Token format: “jwt” (default) or “biscuit-v3” (optional)
revocation_urioptional string8URI for real-time revocation checking (MAY be checked for high-value transactions)
max_accessesoptional int329Maximum access count under this delegation
quota_periodoptional Duration10How often access/spend counters reset (e.g. 720h = 30 days); absent = lifetime
issueroptional string11Token issuer — OIDC issuer URL (for JWT signature validation via OIDC→JWKS)
extStruct15Extension point
ext_criticalrepeated string90Critical extension keys (COSE crit, RFC 9052)

Delegation claims. The claim vocabulary carried inside the token is not re-listed here — the authoritative registry is the Delegation-Claims Profile table in authentication.mdx. The one claim worth restating: every delegation MUST carry a holder binding (the cnf claim, cnf.jkt = the RFC 7638 thumbprint of the holder key) — the request-signing key MUST hash to cnf.jkt, or the token is rejected. Without it the token is bearer-usable. Everything else (scope, spend cap, expiry, etc.) is optional and defined in that single source of truth.

Narrowing example: An agent can further restrict (but never widen) a delegation by issuing a child JWT:

  • Original: scope: credit:*, max_spend_cents: 100000
  • Attenuated: scope: credit:read, max_spend_cents: 20000, uris: duns:123*

Multi-hop forwarding (no message — HTTP layer)

Section titled “Multi-hop forwarding (no message — HTTP layer)”

There is no in-message hop chain. Multi-hop forwarding (Agent → Broker → … → Exchange) is a stack of RFC 9421 HTTP Message Signatures: each forwarding party adds one labeled signature, and each signature covers the request plus the prior hop’s signature, so the ordered set of signatures is the chain (tamper-evident, order-bound). The Exchange resolves each keyid at {domain}/.well-known/ramp.json, verifies every signature, and enforces RequestConstraints.max_hops / WellKnownManifest.max_intermediary_hops by counting them. Responses do not retrace the chain — the terminal Exchange returns directly to the originating agent (bound by agent_identity_hash).

Messages — Offers and Pricing

Section titled “Messages — Offers and Pricing”

Offer

Section titled “Offer”
FieldTypeNumberDescription
offer_idstring1Unique offer identifier
titleoptional string2Resource title (human-readable, for display/logging)
pricingPricing3Pricing terms with unit_cost
delivery_methodDeliveryMethod4How content is delivered
reportingoptional ReportingObligation5Post-usage reporting requirements
expires_atoptional Timestamp6Offer expiry
identityoptional ResourceIdentity7Content identity for dedup
signaturestring9REQUIRED. JWS (EdDSA) over the canonical Offer (incl. terms, pricing, expires_at) (informally called the exchange signature)
signature_algorithmstring10Signature algorithm (always “EdDSA”)
subscription_idoptional string11Subscription/deal identifier
iab_categoriesrepeated string13IAB Content Taxonomy codes
attestationsrepeated ResourceAttestation14Signed content attestations (replaces ContentQuality)
data_as_ofoptional Timestamp16When the offered data was current (for DYNAMIC resources)
subscription_quotarepeated SubscriptionQuotaInfo17Pre-commit quota snapshot for subscription offers
previewsrepeated Preview18Lightweight previews for offer evaluation (thumbnails, clips, snippets)
termsrepeated LicenseTerm19Licensing terms for this offer. See Universal Licensing Core.
extStruct15Extension point
ext_criticalrepeated string90Critical extension keys (COSE crit, RFC 9052)

ResourceAttestation

Section titled “ResourceAttestation”

Signed envelope of claims from a trusted party (provider or verification vendor) about content at a specific URI.

FieldTypeNumberDescription
verifierstring1Domain of the attesting party. Keys at https://{verifier}/.well-known/ramp.json (WellKnownManifest.public_keys; role=ROLE_PUBLISHER when self-attesting, ROLE_EXCHANGE for a standalone vendor)
kidstring2Key ID from the verifier’s public_keys
attested_atTimestamp3When this attestation was created
uristring4Content URI this attestation covers
claimsStruct5Signed claims about the content (max 4KB)
signaturestring6Ed25519 over JCS-canonicalized (RFC 8785) representation

Three verification levels:

LevelConditionWhat’s Verifiable
0 — Noneattestations emptyCDN delivery failure only
1 — Self-attestedverifier matches provider domainContent hash + token count
2 — Third-partyverifier is a verification vendorToken count (with CDN corroboration)

Pricing

Section titled “Pricing”
FieldTypeNumberDescription
modelPricingModel1Provider’s pricing model
ratedouble2Price in provider’s model
currencystring3ISO 4217 currency code
unit_costoptional double4Normalized cost per unit (universal comparison metric)
estimated_quantityoptional int325Estimated consumption in the metering unit
license_duration_monthsoptional int327License duration in months
unitoptional string8Metering basis (the “per what” of PER_UNIT). REQUIRED when model = PER_UNIT. Registered token (e.g. accesses, tokens, pages) or vendor:custom. Authored as (ramp.v1.vocab) on this field.
meteringoptional PricingMetering9How usage is tracked for billing reconciliation. Absent = ONLINE (default).

Pricing has no ext / ext_critical fields — the licensing core is closed.

ResourceIdentity

Section titled “ResourceIdentity”

Layered content identification for cross-exchange dedup and integrity verification.

FieldTypeNumberDescription
canonical_urloptional string1Provider’s canonical URL
doioptional string2Digital Object Identifier
iptc_guidoptional string3IPTC NewsML-G2 identifier
isnioptional string4International Standard Name Identifier
content_hashoptional string5Content hash (SimHash or SHA-256)
hash_methodoptional string6Hash algorithm (“simhash-v1”, “sha256”)
c2pa_manifestoptional string7C2PA credentials manifest URI
resource_mutabilityResourceMutability8Whether resource content is static, dynamic, or live
c2pa_statusoptional C2PAStatus9Summary validation status of the C2PA manifest
soft_bindingoptional string10Soft binding hash surviving format transcoding
soft_binding_methodoptional string11Soft binding algorithm (e.g. “phash-v1”, “c2pa-watermark”)
extStruct15Extension point
ext_criticalrepeated string90Critical extension keys (COSE crit, RFC 9052)

SubscriptionQuotaInfo

Section titled “SubscriptionQuotaInfo”

Quota status for a subscription within the current billing period. Appears on Offer (field 17) as a pre-commit snapshot and on TransactionResponse (field 17) as the post-transaction remaining quota. The field is repeated to support multi-dimensional quotas (e.g. access count + spend cap).

FieldTypeNumberDescription
subscription_idstring1Subscription this quota applies to
quota_limitint322Total allowed in the current period
quota_usedint323Used so far in the current period
quota_remainingint324Remaining in the current period
resets_atTimestamp5When the quota counter resets (UTC)
unitstring6What is metered: "accesses", "tokens", "spend_cents", "burst"

Messages — Transaction

Section titled “Messages — Transaction”

TransactionRequest

Section titled “TransactionRequest”
FieldTypeNumberDescription
verstring1Protocol version
idstring2Unique transaction request ID (idempotency key)
offer_idoptional string3Single-offer mode
requesterRequester4Requester identity for authorization and audit
request_idoptional string5Original RAMP request ID
offer_signatureoptional string6Single-offer signature
itemsrepeated TransactionItem7Batch mode: multiple offers
extStruct15Extension point

TransactionResponse

Section titled “TransactionResponse”
FieldTypeNumberDescription
verstring1Protocol version
idstring2Echoed transaction request ID
transaction_idoptional string3Exchange-assigned transaction ID
billing_idoptional string4Billing reference
resource_titleoptional string5Resource title echoed from the Offer
costoptional Cost6Transaction cost
delivery_methodDeliveryMethod7How content is delivered
reporting_obligationoptional ReportingObligation8Reporting requirements
expires_atoptional Timestamp9When retrieval_endpoint expires
agent_identity_hashstring10RFC 7638 JWK Thumbprint of the agent’s Ed25519 request-signing key, bound into the signed retrieval_endpoint. Empty string when absent; non-empty iff a signed retrieval_endpoint is present
retrieval_endpointoptional string18Signed URL the agent uses to fetch the resource. Bound to agent_identity_hash; expires at expires_at. Absent on denial and when delivery_method is not signed-URL-based
denial_reasonoptional DenialReason11Set when denied
restriction_mismatchesrepeated RestrictionKind19When denial_reason = RESTRICTION_NOT_SATISFIED, the restriction axes the request failed (same RestrictionKind vocabulary as the terms)
subscription_idoptional string12Subscription/deal identifier
subscription_unit_valueoptional Cost16Per-unit cost for subscription accounting
subscription_quotarepeated SubscriptionQuotaInfo17Post-transaction remaining quota snapshot
itemsrepeated TransactionResultItem13Batch mode results
total_costoptional Cost14Batch aggregate cost
extStruct15Extension point

TransactionItem

Section titled “TransactionItem”

A single offer commitment within a batch transaction.

FieldTypeNumberDescription
offer_idstring1The offer_id from the selected Offer
offer_signaturestring2The signature from the selected Offer (informally called the exchange signature)

TransactionResultItem

Section titled “TransactionResultItem”

Result for a single offer in a batch transaction.

FieldTypeNumberDescription
offer_idstring1The offer_id this result is for
transaction_idstring2Exchange-assigned transaction identifier
billing_idstring3Billing reference
resource_titleoptional string4Resource title echoed from the Offer
costCost5Cost for this item
subscription_idoptional string6Subscription identifier (no per-request charge)
subscription_unit_valueoptional Cost11Per-unit cost for subscription accounting (ASC 606)
denial_reasonoptional DenialReason7Set if this item was denied
restriction_mismatchesrepeated RestrictionKind13When denial_reason = RESTRICTION_NOT_SATISFIED, the restriction axes the request failed (same RestrictionKind vocabulary as the terms)
expires_atoptional Timestamp8When retrieval_endpoint expires
delivery_methodDeliveryMethod9How content is delivered for this item
reporting_obligationoptional ReportingObligation10Reporting requirements for this item
retrieval_endpointoptional string12Signed URL for this item. Bound to the parent TransactionResponse.agent_identity_hash (shared across all batch items); expires at expires_at. Absent if this item was denied or its delivery_method is not signed-URL-based

Cost

Section titled “Cost”

Actual transaction cost.

FieldTypeNumberDescription
amountdouble1Cost amount
currencystring2ISO 4217 currency code
unit_costoptional double3Effective cost per unit

Messages — Reporting

Section titled “Messages — Reporting”

UsageReport

Section titled “UsageReport”
FieldTypeNumberDescription
verstring1Protocol version
idstring2Unique report identifier
transaction_idstring3Transaction ID from delivery
billing_idstring4Billing reference from delivery
usageUsage5How content was used
timestampTimestamp6When content was used
request_idoptional string7Original RAMP request ID
exchangeoptional string8Exchange this report is for
assetsrepeated UsageAsset9Assets delivered and used
extStruct15Extension point

ReportingObligation

Section titled “ReportingObligation”

Requirements attached to a delivery.

FieldTypeNumberDescription
requiredbool1Whether post-usage reporting is required
windowoptional Duration2Duration within which report must be submitted (e.g. 24h)
endpointoptional string3URL to submit usage report (if different from Exchange)
required_fieldsrepeated string4Field names that must be present in the report
extStruct15Extension point

Usage

Section titled “Usage”
FieldTypeNumberDescription
functionrepeated string1Functions used (standard: “ai-train”, “ai-input”, “ai-index”, “search”, “display”)
subfnrepeated string2Sub-functions used (standard: “training”, “rag”, “grounding”, “agent_view”, “agent_actions”)
consumed_quantityint323REQUIRED. Actual quantity consumed in the metering unit
displayed_to_useroptional bool4Was output shown to a human?
citation_includedoptional bool5Was citation included?
attributionrepeated AttributionDetail6Structured citation details
consumed_unitoptional string8Metering unit for consumed_quantity (defaults to “tokens”). Same format as Pricing.unit/Quota.metric: a bare registered token ([a-z0-9-]) or a vendor:namespaced token, ≤64 chars (wire-enforced CEL).

AttributionDetail

Section titled “AttributionDetail”

Structured attribution metadata for usage reporting.

FieldTypeNumberDescription
displayed_urloptional string1URL displayed to the user as the attribution link
formatoptional CitationFormat2How the citation was presented
visible_to_useroptional bool3Whether the attribution was visible to the end user

UsageAsset

Section titled “UsageAsset”

A single asset included in the usage report.

FieldTypeNumberDescription
uristring1Asset URI
titleoptional string2Asset title
package_idoptional string3Package identifier

UsageReportResponse

Section titled “UsageReportResponse”

Acknowledgment of a usage report.

FieldTypeNumberDescription
acceptedbool1Whether the report was accepted
rejection_reasonoptional string2Reason for rejection (if not accepted)
report_idstring3Exchange-assigned report ID (required for dispute chain)
extStruct15Extension point

Messages — Dispute Resolution

Section titled “Messages — Dispute Resolution”

DisputeRequest

Section titled “DisputeRequest”

Agent signals a content delivery problem for a completed transaction.

FieldTypeNumberDescription
verstring1Protocol version
idstring2Unique dispute request identifier
transaction_idstring3Transaction this dispute is about
billing_idstring4Billing reference
reasonDisputeReason5Why the agent is disputing
descriptionoptional string6Human-readable description
received_content_hashoptional string7Agent’s computed hash of received content
received_hash_methodoptional string8Hash algorithm the agent used
report_idstring9REQUIRED. Must reference a filed UsageReport
extStruct15Extension point

DisputeResponse

Section titled “DisputeResponse”

Exchange acknowledges and processes the dispute.

FieldTypeNumberDescription
acceptedbool1Whether the dispute was accepted for processing
dispute_idstring2Exchange-assigned dispute identifier
rejection_reasonoptional string3If not accepted, reason for rejection
estimated_resolutionoptional string4Estimated time to resolution
statusDisputeStatus5Current lifecycle state
resolutionoptional ResolutionType6Populated at terminal states
extStruct15Extension point

Messages — Domain Verification

Section titled “Messages — Domain Verification”

DomainVerificationRequest

Section titled “DomainVerificationRequest”

Request an ACME-style domain verification challenge.

FieldTypeNumberDescription
verstring1Protocol version
domainstring2Provider domain to verify
caller_idoptional string3Registered caller identity

DomainVerificationChallenge

Section titled “DomainVerificationChallenge”

Exchange returns a challenge token to be placed at the provider’s domain.

FieldTypeNumberDescription
tokenstring1Opaque challenge token
expires_atTimestamp210-minute expiry window
verification_urlstring3Exact URL the Exchange will fetch

DomainVerificationConfirmation

Section titled “DomainVerificationConfirmation”

Confirm domain verification and register a signing key.

FieldTypeNumberDescription
verstring1Protocol version
domainstring2Provider domain
tokenstring3Token from the challenge
signing_keyoptional string4PEM (CloudFront) or hex (HMAC)
cdn_typeoptional string5”cloudfront”, “akamai”, “fastly”, “hmac”

DomainVerificationResult

Section titled “DomainVerificationResult”
FieldTypeNumberDescription
verifiedbool1Whether verification succeeded
key_idoptional string2Assigned key ID
failure_reasonoptional string3If not verified, the reason
valid_untiloptional Timestamp4Re-verification deadline

Messages — Discovery

Section titled “Messages — Discovery”

WellKnownManifest

Section titled “WellKnownManifest”

Served at /.well-known/ramp.json by every RAMP participant (agent, exchange, broker, publisher). Single canonical document, role-tagged via role. Carries inline keys (JsonWebKey) with explicit time bounds and an optional emergency-revocation pointer. Per-role fields are populated only when that role applies; consumers MUST ignore non-applicable fields based on role.

FieldTypeNumberDescription
verstring1Protocol version — MUST be "1.0"
roleRole2Which participant this manifest describes
domainstring3Canonical domain serving this manifest
contactoptional string4Contact email
public_keysrepeated JsonWebKey5Signature-verification keys; ≥1 valid at serve time
invalidation_urloptional string6Emergency key-revocation list URL (KeyInvalidationList)
exchangesrepeated AuthorizedExchange7Publisher-only. Authorized Exchanges (declares who may sell, like ads.txt)
catalog_contributorsrepeated CatalogContributor8Publisher-only. Authorized third-party catalog pushers
nameoptional string9Exchange-only. Human-readable Exchange name
operatoroptional string10Exchange-only. Operating organization
operator_domainoptional string11Exchange-only. Operator’s corporate domain
endpointoptional string12Exchange-only. ExchangeService endpoint URL
health_endpointoptional string13Exchange-only. Health check endpoint URL
catalog_endpointoptional string14Exchange-only. CatalogService endpoint URL
extStruct15Extension point
protocol_versions_supportedrepeated string16Exchange-only. Supported RAMP versions
pricing_models_supportedrepeated PricingModel17Exchange-only
delivery_methods_supportedrepeated DeliveryMethod18Exchange-only
hash_methods_supportedrepeated string19Exchange-only. Accepted hash methods
accepted_verifiersrepeated string20Exchange-only. Trusted verifier domains
terms_urioptional string21Exchange-only. Terms of service URL
privacy_urioptional string22Exchange-only. Privacy policy URL
supported_profilesrepeated string23Exchange-only. Domain extension profiles
supported_auth_methodsrepeated AuthMethod24Exchange-only. Authorization methods (ordered by preference)
oidc_issueroptional string25Exchange-only. OIDC Discovery URL
gnap_grant_endpointoptional string26Exchange-only. GNAP grant endpoint
base_currencyoptional string27Exchange-only. ISO 4217 base currency for unit_cost
max_intermediary_hopsoptional int3228Exchange-only. Max intermediary hops tolerated in an inbound request chain; longer chains SHOULD be rejected
ext_criticalrepeated string90Critical extension keys (COSE crit, RFC 9052)

JsonWebKey

Section titled “JsonWebKey”

Inline RFC 7517 JWK. RAMP v1.0 supports Ed25519 only. Time bounds are RFC3339 strings; the validity window is half-open [not_before, not_after).

FieldTypeNumberDescription
kidstring1Key ID, unique within public_keys
ktystring2Key type — MUST be "OKP"
crvstring3Curve — MUST be "Ed25519"
usestring4Intended use — MUST be "sig"
algstring5Algorithm — MUST be "EdDSA"
xstring6base64url-encoded 32-byte Ed25519 public key
not_beforestring7RFC3339; key invalid before this instant
not_afterstring8RFC3339; key invalid at and after this instant (strict upper bound)

KeyInvalidationList

Section titled “KeyInvalidationList”

Body served at WellKnownManifest.invalidation_url. Snapshot semantics: revoked is the complete set of revoked kids at as_of; consumers replace their local revocation set on each successful poll.

FieldTypeNumberDescription
as_ofTimestamp1Server response time (RFC3339, UTC)
revokedrepeated string2Complete list of revoked kids at as_of

CatalogContributor

Section titled “CatalogContributor”

Authorizes a third party to push catalog metadata on the provider’s behalf.

FieldTypeNumberDescription
domainstring1Contributor domain (e.g. “doubleverify.com”)
relationshipstring2Relationship type (e.g. “verifier”, “exchange”)

AuthorizedExchange

Section titled “AuthorizedExchange”

A Exchange authorized to sell this provider’s content.

FieldTypeNumberDescription
domainstring1Canonical domain of the Exchange
endpointstring2RAMP ExchangeService endpoint URL
relationshipProviderRelationship3Relationship type (mirrors ads.txt DIRECT/RESELLER)
extStruct15Extension point

AccessPolicy

Section titled “AccessPolicy”

Per-path content access rules. Used by Exchanges to communicate provider access policies.

FieldTypeNumberDescription
default_policyResourceAccessPolicy1Default policy for paths not matching any rule
rulesrepeated AccessPolicyRule2Path-specific overrides

AccessPolicyRule

Section titled “AccessPolicyRule”

Access policy for a URL path pattern.

FieldTypeNumberDescription
patternstring1Glob pattern (e.g. “/premium/”, “/free/“)
policyResourceAccessPolicy2Access policy for matching paths

Messages — Broker Protocol

Section titled “Messages — Broker Protocol”

Messages for the Agent-to-Broker path (Steps 1 and 6). When an agent talks directly to an Exchange, it uses ResourceQuery/TransactionRequest instead.

RAMPRequest

Section titled “RAMPRequest”

Agent sends to Broker (Step 1).

FieldTypeNumberDescription
verstring1RAMP protocol version
idstring2Unique request identifier
requesterRequester3Requester identity, scopes, and optional delegation. Broker forwards this in ResourceQuery.requester.
urisrepeated string8Resource URIs the agent wants. Broker forwards these in ResourceQuery.uris. Optional when query/search_filters drive discovery.
acceptable_restrictionsrepeated AcceptableRestriction9Limits the agent will operate within, per restriction axis. Broker forwards these in ResourceQuery.acceptable_restrictions. Advisory, not enforced.
constraintsoptional RequestConstraints4Budget and preference constraints
supported_profilesrepeated string5Domain extension profiles the agent understands (e.g. “ramp-academic-v1”)
queryoptional string6Search query for Broker-side resource discovery. When present, the Broker interprets the query and discovers resources across Exchanges on the agent’s behalf. Can be used alongside uris.
search_filtersoptional Struct7Structured search filters (alongside or instead of query). Keys are profile-specific: "academic.topic", "news.category", "legal.jurisdiction", etc. The Broker maps these to Exchange-specific query parameters.
extStruct15Extension point

RequestConstraints

Section titled “RequestConstraints”

Budget and preference constraints for exchange filtering and offer selection.

FieldTypeNumberDescription
exchangesrepeated string1Authorized Exchange domains
max_priceoptional Cost2Maximum price the agent will pay
max_unit_costoptional double3Maximum effective cost per unit
delivery_preferencerepeated DeliveryMethod4Preferred delivery methods (in order)
reporting_capableoptional bool5Whether agent supports post-usage reporting
preferred_exchangesrepeated string6Exchanges with existing relationships (subscriptions)
budget_scopeoptional string7Budget scope identifier (e.g. “user:u-12345”)
period_budgetoptional Cost8Per-period budget limit
budget_periodoptional Duration9Budget period (e.g. 720h = 30 days)
max_data_ageoptional Duration10Maximum acceptable age of resource data (for DYNAMIC resources)
max_hopsoptional int3211Maximum intermediary hops the agent allows in its request chain; the Broker MUST NOT forward a longer chain

RAMPResponse

Section titled “RAMPResponse”

Broker returns to Agent (Step 6).

FieldTypeNumberDescription
verstring1Protocol version
idstring2Unique response identifier
request_idstring3Echoed request ID from Step 1
transaction_idstring4Exchange-assigned transaction ID
billing_idstring5Billing reference
exchangestring6Which Exchange won the selection
resource_titleoptional string7Resource title for the disputed resource
costCost8Transaction cost
delivery_methodDeliveryMethod9How content is delivered
reporting_obligationoptional ReportingObligation10Reporting obligations the agent must fulfill
expires_atoptional Timestamp11When retrieval_endpoint expires
retrieval_endpointoptional string13Signed URL returned by the Exchange and forwarded unchanged by the Broker, together with agent_identity_hash. Bound to agent_identity_hash; expires at expires_at. Absent on denial and when delivery_method is not signed-URL-based
agent_identity_hashoptional string14Identity that retrieval_endpoint is bound to. Same value and computation as TransactionResponse.agent_identity_hash. Present iff retrieval_endpoint is
broker_feeoptional Cost12Broker’s fee for this transaction
extStruct15Extension point

Messages — CatalogService

Section titled “Messages — CatalogService”

Messages for the optional CatalogService RPC.

PushResourcesRequest

Section titled “PushResourcesRequest”

Push or update content entries in the Exchange catalog.

FieldTypeNumberDescription
tenant_idstring1Tenant identifier
entriesrepeated ResourceEntry2Content entries to push
caller_idstring3Identity of the caller

ResourceEntry

Section titled “ResourceEntry”

A single resource catalog entry.

FieldTypeNumberDescription
domainstring1Provider domain
pathstring2Content path
content_idoptional string3Content identifier
titleoptional string4Content title
word_countoptional int325Word count
estimated_quantityoptional int326Estimated quantity in the metering unit
content_hashoptional string7Content hash
hash_methodoptional string8Hash algorithm
sourceoptional IngestionSource9How the entry was discovered
provenance_sourceoptional string10Who provided this metadata (e.g. “gumgum.com”)
provenance_timestampoptional Timestamp11When metadata was collected
attestationsrepeated ResourceAttestation12Signed attestations about this content
termsrepeated LicenseTerm13Publisher-declared licensing terms. Pricing is REQUIRED on every term (any semantics). For REFERENCE_ONLY terms, License.uri is additionally authoritative.
extStruct15Extension point

PushResourcesResponse

Section titled “PushResourcesResponse”
FieldTypeNumberDescription
acceptedint321Number of entries accepted
rejectedint322Number of entries rejected
warningsrepeated string3Non-fatal ingestion warnings (e.g., unrecognized vocab token in a Restriction). Warnings do not cause rejection.

RemoveResourcesRequest

Section titled “RemoveResourcesRequest”
FieldTypeNumberDescription
tenant_idstring1Tenant identifier
pathsrepeated string2Paths to remove

RemoveResourcesResponse

Section titled “RemoveResourcesResponse”
FieldTypeNumberDescription
removedint321Number of entries removed

RefreshCatalogRequest

Section titled “RefreshCatalogRequest”
FieldTypeNumberDescription
tenant_idstring1Tenant identifier

RefreshCatalogResponse

Section titled “RefreshCatalogResponse”
FieldTypeNumberDescription
startedbool1Whether the refresh was started

Universal Licensing Core

Section titled “Universal Licensing Core”

A resource carries zero or more LicenseTerm entries — each term is a complete commercial arrangement. Multiple terms are the normal case: a news article may be free for academic use and paid for commercial use; a stock photo may be perpetually licensed with an impressions cap.

See /protocol/licensing-terms for a full conceptual walkthrough with examples.

LicenseTerm

Section titled “LicenseTerm”

One complete access arrangement for a resource. Lives at both ingestion (ResourceEntry.terms) and emission (Offer.terms).

Validation rules (wire-enforced via protovalidate CEL unless noted). Parenthetical codes are the source-of-truth references: requirement tracking-codes (e.g. fc65j) cross-referenced in the proto comments and conformance suite, or a CEL rule id: (e.g. license_term.semantics_specified).

  • pricing MUST be present on every term, any semantics — absent Pricing is a validation error (fc65j). model = FREE must be stated explicitly — absent Pricing is not free.
  • semantics MUST be set — TERM_SEMANTICS_UNSPECIFIED is rejected (license_term.semantics_specified).
  • REFERENCE_ONLY requires license.uri to be non-empty (fc65j); a License with a uri requires a uri_digest (d8y64).
  • At most one Restriction per kind; a token cannot be both permitted and prohibited (6z1v3).
  • Unknown tokens in restrictions[].permitted / prohibited produce PushResourcesResponse.warnings[] but do NOT cause hard rejection (ingest-time, not CEL).
FieldTypeNumberDescription
licenseoptional License1Governing license document. Authoritative for REFERENCE_ONLY terms (which MUST carry a non-empty uri).
semanticsTermSemantics2How the Exchange interprets the machine fields
restrictionsrepeated Restriction3Usage restrictions (function, geography, user-type). AND-combined.
quotasrepeated Quota4Usage caps. The agent must not exceed any individual Quota.
obligationsrepeated Obligation5Post-use behavioral requirements.
pricingoptional Pricing6Commercial terms. REQUIRED on every term regardless of semantics (absent Pricing is rejected; model = FREE must be explicit).
scopesrepeated string7Delegation scope-gating (AND-semantics). Empty = public. Segment-wise matching — see Scope Matching (dist:* covers dist:US; dist covers only dist).
part_labeloptional string8Informational human-readable name for a sub-part term.

License

Section titled “License”

Identifies the governing license document for a LicenseTerm.

FieldTypeNumberDescription
urioptional string1Canonical license identity (RFC 3986; e.g. "https://creativecommons.org/licenses/by/4.0/"). MUST NOT be URL-validated — data-labels TDL identifiers use non-URL schemes.
idoptional string2Stable short id: SPDX short-id ("GPL-3.0-only"), TollBit cuid, or catalog doc-id
nameoptional string3Human-readable name (e.g. "CC BY 4.0")
immutableoptional bool4The document at uri is versioned and will not change (data-labels TDL)
uri_digestoptional string5method:hexdigest pin of the document at uri (e.g. "sha256:…"). REQUIRED whenever uri is present (any semantics, mutable or not — MitM/swap protection); covered by the offer signature.

Restriction

Section titled “Restriction”

A single constraint on one licensing dimension: function (what), geography (where), or user-type (who).

Reading a restriction: a value is in-scope when it matches at least one permitted[] token AND none of the prohibited[] tokens. Empty permitted[] = any value permitted on this axis. Restrictions ride on the offer; the agent self-selects the term it can honour (the Exchange does not pre-filter terms against requester attributes).

Vocabulary sources: proto-native — (ramp.v1.vocab_enum) on the RESTRICTION_KIND_FUNCTION / RESTRICTION_KIND_GEOGRAPHY / RESTRICTION_KIND_USER_TYPE enum values (no side-car JSON registry).

FieldTypeNumberDescription
kindRestrictionKind1Which dimension this restriction constrains
permittedrepeated string2Tokens allowed on this axis. Empty = all permitted.
prohibitedrepeated string3Tokens blocked on this axis. Takes precedence over permitted[].
advisorybool4Default false = binding (a consumer that cannot evaluate a token MUST decline the term). true = non-blocking. Inverts the COSE-crit opt-in default — fail-closed by default.

Quota

Section titled “Quota”

A usage cap that gates whether a LicenseTerm remains valid. Quotas limit consumption before a term expires or must be renegotiated — they are NOT billing quantities.

Metric vocabulary: proto-native — (ramp.v1.vocab) on Quota.metric. Standard metrics: accesses, tokens, input-tokens, display-words, impressions, copies, seats, units-manufactured.

FieldTypeNumberDescription
metricstring1Unit being capped. A registered token from (ramp.v1.vocab) on this field, or a vendor: namespaced custom.
limitint642Maximum allowed value in the given window.
windowQuotaWindow3Time window over which the limit accumulates.

Obligation

Section titled “Obligation”

A post-use behavioral requirement attached to a LicenseTerm. Attribution and contribution are behavioral requirements here, not pricing models.

FieldTypeNumberDescription
kindObligationKind1What the agent must do.
triggerObligationTrigger2When the obligation activates.
scope_licenseoptional License3License derivatives must be released under. REQUIRED for SHARE_ALIKE (set id and/or uri). As a License, a referenced uri requires uri_digest.
detailoptional string4Free-form detail (attribution string, notice file URI). OBLIGATION_KIND_OTHER without it → lint warning.

Enums

Section titled “Enums”

PricingModel

Section titled “PricingModel”

The charging structure only (a closed set). The open-ended metering basis (“per what”) is NOT enumerated here — it lives in Pricing.unit as a registry-governed vocabulary. UNSPECIFIED is rejected at ingest (omission cannot default to FREE).

ValueNameDescription
0UNSPECIFIEDUnset — rejected at ingest
1FREENo charge; rate must be 0 (state FREE explicitly — absent Pricing is not free)
2PER_UNITRate per Pricing.unit; unit REQUIRED (registered token or vendor:custom)
3FLATOne-time flat fee; rate is the total, no unit

The metering basis (“per what”) is the Pricing.unit vocabulary, not a model; a subscription is FREE + scopes; attribution and contribution are Obligation.kinds; revenue-share settlement is off-protocol.

PricingMetering

Section titled “PricingMetering”

How usage is tracked for billing reconciliation. Used in Pricing.metering (field 9). Absent = ONLINE.

ValueNameDescription
0ONLINEDefault. Exchange tracks usage events in real time. ReportUsage is required.
1NONEOne-time perpetual sale. No ongoing metering; billing_id is issued at ExecuteTransaction and the ledger entry is closed. No ReportUsage required.
2OFFLINE_SELF_REPORTEDAgent self-reports physical-world consumption (e.g. units manufactured from a licensed design). Exchange audits.

TermSemantics

Section titled “TermSemantics”

How the Exchange interprets a LicenseTerm’s machine fields.

ValueNameDescription
0UNSPECIFIEDUnset — rejected at ingest
1ENUMERATEDMachine restrictions/quotas/obligations are the complete, authoritative expression of the term (internally consistent, no self-contradiction) and are enforced. Pricing MUST be present.
2REFERENCE_ONLYThe document at License.uri (MUST be non-empty) is the authoritative, complete source; the agent reads it before using. Machine restrictions/quotas/obligations are optional here — the publisher MAY send Pricing alone — but any that are sent must be accurate (MUST NOT contradict the referenced document) and are enforced just like ENUMERATED. Pricing is still required.

RestrictionKind

Section titled “RestrictionKind”

Which dimension a Restriction constrains.

ValueNameDescription
0UNSPECIFIEDUnset — rejected at ingest
1FUNCTIONWhat the agent may do. Tokens authored as (ramp.v1.vocab_enum) on this value.
2GEOGRAPHYWhere the agent operates. ISO 3166-1 alpha-2 (structural) + the specials EU, EEA, *.
3USER_TYPEWho the agent is. Tokens authored as (ramp.v1.vocab_enum) on this value.
4OTHERCustom dimension; escape hatch, linted and discouraged.

QuotaWindow

Section titled “QuotaWindow”

Time window over which a Quota.limit accumulates.

ValueNameDescription
0UNSPECIFIEDUnset — rejected at ingest
1HOURLYResets each hour
2DAILYResets each day
3MONTHLYResets each month
4TOTALLifetime cap — never resets

ObligationKind

Section titled “ObligationKind”

What the agent must do after use. ATTRIBUTION and CONTRIBUTION are behavioral requirements, not pricing models.

ValueNameDescription
0UNSPECIFIEDUnset — rejected at ingest
1ATTRIBUTIONCredit the author or publisher
2CONTRIBUTIONGood-faith payment (amount suggested, not contractually fixed)
3SHARE_ALIKEDerivatives must use the same / compatible license (scope_license required)
4NETWORK_COPYLEFTNetwork service triggers copyleft (AGPL style)
5NOTICEInclude the specified copyright notice
6OTHERDescribed in Obligation.detail

ObligationTrigger

Section titled “ObligationTrigger”

When an Obligation activates.

ValueNameDescription
0UNSPECIFIEDUnset — rejected at ingest
1ON_USETriggered on any use of the resource
2ON_DISTRIBUTIONTriggered when copies are distributed
3ON_NETWORK_SERVICETriggered when served over a network (AGPL style)
4ON_DERIVATIVETriggered when a derivative work is produced

DenialReason

Section titled “DenialReason”
ValueNameDescription
0UNSPECIFIED
1BILLING_REF_INACTIVEbilling_ref is not active / not recognized by the billing system
2INSUFFICIENT_BALANCEBuyer’s balance too low
3RATE_LIMITEDToo many requests
4CONTENT_UNAVAILABLEContent no longer available
5RESTRICTION_NOT_SATISFIEDAccepted term’s restriction not satisfied by the request (axes in restriction_mismatches, same RestrictionKind vocabulary as the terms)
6REPORTING_OVERDUEBuyer has overdue reports
7OFFER_EXPIREDOffer TTL exceeded
8SIGNATURE_INVALIDSignature verification failed
9QUOTA_EXCEEDEDSubscription access count exhausted for this period
10DELEGATION_INVALIDDelegation missing, unverifiable (broken chain linkage or holder-binding mismatch), expired, or it widens scope beyond its parent
11SCOPE_INSUFFICIENTRequester scopes don’t cover this resource

DisputeReason

Section titled “DisputeReason”
ValueNameDescription
0UNSPECIFIED
1CONTENT_MISMATCHContent hash does not match what was promised in the Offer
2DELIVERY_FAILEDResource not delivered (signed URL returned 404/403/5xx)
3WRONG_CONTENTDelivered, but entirely different from what was described
4EXPIRED_BEFORE_FETCHSigned URL expired before the agent could fetch
5INCOMPLETE_CONTENTResource was truncated or incomplete

DisputeStatus

Section titled “DisputeStatus”

Full dispute lifecycle from filing to final resolution.

ValueNameDescription
0UNSPECIFIED
1FILEDDispute received, processing started
2AUTO_RESOLVEDTier 1 automated resolution (< 1s)
3EVIDENCE_NEEDEDAdditional evidence required from a party
4UNDER_REVIEWTier 2 rule-based review in progress
5ESCALATEDTier 3 pattern investigation triggered
6RESOLVEDDecision made (Tier 2)
7APPEALEDLosing party submitted new evidence
8SETTLEDInvestigation complete, settlement applied (Tier 3)
9FINALTerminal state — dispute closed

ResolutionType

Section titled “ResolutionType”

Outcome of a resolved dispute.

ValueNameDescription
0UNSPECIFIED
1CREDITAccount credit applied to next billing cycle
2REDELIVERYNew signed URL issued for same content
3REJECTEDDispute rejected with reason
4INVESTIGATIONEscalated to pattern analysis (Tier 3)

CitationFormat

Section titled “CitationFormat”

How the citation is presented to the user.

ValueNameDescription
0LINKHyperlink citation
1FOOTNOTEFootnote citation
2INLINEInline text citation

OfferAbsenceReason

Section titled “OfferAbsenceReason”

Why no offers are available for a requested URI.

ValueNameDescription
0UNSPECIFIED
1NOT_IN_CATALOGURI is not in this Exchange’s catalog
2CONTENT_BLOCKEDProvider opted out of AI access
3RESTRICTION_FILTEREDOffers exist but were pre-filtered for one or more restriction axes the requester stated (axes in restriction_filters, same RestrictionKind vocabulary as the terms); convenience filter, not enforcement
4TEMPORARILY_UNAVAILABLEContent temporarily unavailable (e.g. feed refresh)
5NOT_AUTHORIZEDExchange not authorized by provider
6SCOPE_INSUFFICIENTRequester’s scopes/subscription do not cover this resource. Applies wherever access is subscription- or scope-gated; the resource exists but the requester’s token/subscription doesn’t grant it. (Exchange MAY omit silently where existence must stay hidden.)
7UNKNOWN_CRITICAL_EXTENSIONConsumer encountered ext_critical keys it does not recognize

RequesterType

Section titled “RequesterType”

What kind of entity is making the request.

ValueNameDescription
0UNSPECIFIED
1AGENTAutonomous AI agent (LLM, RAG system, research bot)
2HUMAN_TOOLHuman using an AI-powered tool (copilot, assistant)
3SERVICEEnterprise service account (automated pipeline, cron job)
4DELEGATEDAgent acting on behalf of a user (delegated identity)
5RESEARCHResearch pipeline (batch data collection, model training)

Role

Section titled “Role”

Identifies which RAMP participant a WellKnownManifest describes.

ValueNameNumber
0ROLE_UNSPECIFIED
1ROLE_AGENT
2ROLE_EXCHANGE
3ROLE_BROKER
4ROLE_PUBLISHER

DiscoveryMethod

Section titled “DiscoveryMethod”
ValueNameDescription
0UNSPECIFIED
1EXCHANGEStandard Exchange catalog lookup
2SEARCHVia search engine (Exa, Tavily, etc.)
3RECOMMENDATIONVia content recommendation service
4SYNDICATIONVia content syndication tracking

DeliveryMethod

Section titled “DeliveryMethod”
ValueNameDescription
0UNSPECIFIED
1DIRECTContent returned inline
2INSTRUCTIONSDelivery instructions (signed URL, token)
3STREAMINGReal-time streaming connection (WebSocket, SSE, gRPC stream)

ResourceMutability

Section titled “ResourceMutability”

Signals whether resource content changes over time. Drives hash verification behavior.

ValueNameDescription
0UNSPECIFIED
1STATICContent is immutable. Hash is stable and verifiable. Mismatch is disputable.
2DYNAMICContent changes between offer and fetch. Hash mismatch is expected, not disputable. Use data_as_of for freshness.
3LIVEContent does not exist at offer time (real-time streaming). No content_hash applicable. Metering is time-based.

IngestionSource

Section titled “IngestionSource”
ValueNameDescription
0UNSPECIFIED
1RAMP_SITEMAPRAMP XML namespace in sitemap
2RSLRSL rsl.txt
3SITEMAPStandard sitemap.xml
4HTML_CRAWLHTML crawl + readability extraction
5CMS_APICMS REST API (WordPress, etc.)
6MANUALManual configuration
7CATALOG_APIThird-party CatalogService push

ProviderRelationship

Section titled “ProviderRelationship”
ValueNameDescription
0UNSPECIFIED
1DIRECTProvider has a direct contract with this Exchange
2RESELLERExchange resells content via another authorized party

ResourceAccessPolicy

Section titled “ResourceAccessPolicy”
ValueNameDescription
0UNSPECIFIED
1LICENSEDContent requires a RAMP transaction
2OPENContent is freely accessible
3BLOCKEDContent is not available to AI systems