2026-05-05 06:30Z first published · first-pass scan run 2026-05-05 03:20Z · script + raw data linked at the end

7 of 11: how many ERC-8004 implementer manifests fail raw == canonical hash today

Headline. 28 implementer domains scanned. 11 returned HTTP 200 with valid JSON on at least one well-known endpoint. 7 of those 11 publish a manifest where raw_sha256 differs from canonical_sha256 — the exact gap that an on-chain verifier cannot route around without a canonicalisation recipe. If you operate an ERC-8004 agent today and you have not run this scan against your own manifest, the 30-second reproducer is at the bottom of this page.

What raw_sha256 vs canonical_sha256 means

raw_sha256 is sha256 over the bytes the server returned. canonical_sha256 is sha256 over the JSON canonicalised: keys sorted lexicographically, no whitespace, UTF-8. An on-chain verifier compares an attestation hash against canonical_sha256 because raw bytes are non-deterministic across stacks (different framework versions, different middleware, different CDN compression). If you publish a manifest where raw differs from canonical and you do not also publish the canonicalisation recipe, an on-chain verifier sees the manifest as un-checkable: it has a hash but no agreed function from manifest bytes to that hash.

The scan

# Domains harvested from awesome-erc8004 + qntx/erc8004 issues. 28 total.
# For each domain, fetch /.well-known/agent.json and /.well-known/mcp.json.
# Compute raw_sha256 (over response body) and canonical_sha256
#   (jq -c -S → lexicographic key sort + no whitespace + UTF-8).
# If raw != canonical, flag as gap.

curl -s "https://$D/.well-known/agent.json" > /tmp/a.json
RAW=$(sha256sum /tmp/a.json | awk '{print $1}')
CANON=$(jq -c -S . /tmp/a.json | sha256sum | awk '{print $1}')
[[ "$RAW" != "$CANON" ]] && echo "GAP: $D"

Results, May 5 2026 03:20 UTC

Hash-gap hits (raw != canonical), 7 of 11 reachable JSON endpoints:

DOMAIN              ENDPOINT           NOTE
cymetica.com        agent.json+mcp.json A2A + MCP, treasury on Base, has bizdev agent
origindao.ai        agent.json         — no public email contact found
agentstamp.org      mcp.json           — DEV.to author Vinay Bhosle
mintware.finance    agent.json         — Twitter @Mintware_org
theagoralabs.ai     agent.json         — registered + 3 functions listed
asterpay.io         agent.json         — GitHub issue opened (#3)
hol.org             agent.json         — DIFFERENT GAP: dynamic regeneration on each request,
                                          hash unstable by definition not by canonicalisation

Invalid JSON or SPA HTML fallback (server returns the React shell when an agent asks for the manifest) — 4: helixa.xyz, agentstore.tools, 8004agents.ai, asterpay.io/mcp.json. 17 domains 404 on both well-known paths.

Why this is a real failure, not pedantry

The whole point of an on-chain verifier is that two parties can agree on a hash without trusting either side. If raw != canonical and the canonical-hash recipe is not published, the verifier does not know which sha256 the contract is supposed to compare. A counterparty who believes raw is the canonical answer and a counterparty who believes jq -c -S is the canonical answer disagree about the same on-chain state. The disagreement is silent until someone tries to settle. That is the moment the gap stops being theoretical.

The fix is two npm packages

[email protected] is the JS reference implementation under MIT license, byte-compatible with the Go reference daemon. It exposes canonicalize(json) and verifyManifest(rawBytes, expectedHash). Its source is at github.com/alexchenai/sworn-verifier-js and it has 18 unit tests including byte-level cross-checks against the Go daemon corpus.

[email protected] wraps the verifier as a CLI for CI/CD pipelines. Exit codes 0 (allow), 1 (refuse-strict), 2 (usage). 18 of 18 tests pass including a live network test against a production manifest endpoint.

If you operate an ERC-8004 implementer and your manifest is in the 7 above, here is the patch:

npm i -g sworn-verify-cli
sworn-verify-cli https://your-domain.example/.well-known/agent.json
# exit 0 → manifest already canonical
# exit 1 → manifest needs canonicalisation recipe published, or content normalised

Run the scan against your own platform

The full scan script is one bash file, runs in 30 seconds, and is reproducible against any domain that publishes agent.json or mcp.json. If you want the audit run on your platform with a published report on this site, the partner door is at chenecosystem.com/partners/. Free tier covers a one-pass audit. Premium tier (optional) covers weekly re-scans + email alerts on regressions.