{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:GRUVDJFPCW4M65JADI7LGH6BML","short_pith_number":"pith:GRUVDJFP","canonical_record":{"source":{"id":"2605.16976","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-16T12:53:31Z","cross_cats_sorted":[],"title_canon_sha256":"c6b60f77dab9a51a3429a3bd3b4ddc94cd7217ba5de6e0a772c4734e76a229df","abstract_canon_sha256":"1200fcaf038b56e74891a13b38c787d19503109a224a0dd53a59d9eb5d43b40b"},"schema_version":"1.0"},"canonical_sha256":"346951a4af15b8cf75201a3eb31fc162ceb66188cf03825f4c385b1d8136bb5d","source":{"kind":"arxiv","id":"2605.16976","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.16976","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"arxiv_version","alias_value":"2605.16976v1","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.16976","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"pith_short_12","alias_value":"GRUVDJFPCW4M","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"pith_short_16","alias_value":"GRUVDJFPCW4M65JA","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"pith_short_8","alias_value":"GRUVDJFP","created_at":"2026-05-20T00:03:34Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:GRUVDJFPCW4M65JADI7LGH6BML","target":"record","payload":{"canonical_record":{"source":{"id":"2605.16976","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-16T12:53:31Z","cross_cats_sorted":[],"title_canon_sha256":"c6b60f77dab9a51a3429a3bd3b4ddc94cd7217ba5de6e0a772c4734e76a229df","abstract_canon_sha256":"1200fcaf038b56e74891a13b38c787d19503109a224a0dd53a59d9eb5d43b40b"},"schema_version":"1.0"},"canonical_sha256":"346951a4af15b8cf75201a3eb31fc162ceb66188cf03825f4c385b1d8136bb5d","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-20T00:03:34.046718Z","signature_b64":"fI6fQeqtqw5wvCFLqq/yb049WTiUCqS/0TekSJ0wP3Mln3OhnMR4bgjh1Lw51RYFb+FhMKqaCt8j49MWgJ4cAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"346951a4af15b8cf75201a3eb31fc162ceb66188cf03825f4c385b1d8136bb5d","last_reissued_at":"2026-05-20T00:03:34.045936Z","signature_status":"signed_v1","first_computed_at":"2026-05-20T00:03:34.045936Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2605.16976","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-20T00:03:34Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"95LePJsVFY6VkaufkBQkfR4XYcZnTno1gd6DV5WrDD0mDXRHSY8tV/aP1s91H7K0vxO/r7/lugykYSGP2tZmDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-24T11:22:56.389193Z"},"content_sha256":"3424b6c97c3ef9d84858147f44a284a4c1ca3a342734aaaf7db5d380f8fdd2d0","schema_version":"1.0","event_id":"sha256:3424b6c97c3ef9d84858147f44a284a4c1ca3a342734aaaf7db5d380f8fdd2d0"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:GRUVDJFPCW4M65JADI7LGH6BML","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Securing LLM Agents Need Intent-to-Execution Integrity","license":"http://creativecommons.org/licenses/by/4.0/","headline":"Securing LLM agents requires intent-to-execution integrity so executions faithfully match user intent even with untrusted tools.","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Dawn Song, Jiaheng Zhang, Ming Xu, Peiran Wang, Shengfang Zhai, Wenjie Qu","submitted_at":"2026-05-16T12:53:31Z","abstract_excerpt":"This position paper argues that securing LLM agents requires first defining an end-to-end correctness property that specifies when an agent's execution faithfully reflects the user's intent. Modern LLM agents operate over an \\emph{intent-to-execution pipeline}, where natural-language instructions are translated into concrete system operations such as tool calls, API requests, and code execution. While recent defenses have made progress in constraining how agents construct tool calls, most existing formulations implicitly assume that tools are trusted. The emergence of systems such as OpenClaw,"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"Analyzing existing agentic defenses against these properties reveals that current systems provide only partial and non-compositional coverage, leaving fundamental gaps in securing modern LLM agents.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The structural analogy between LLM agents and compilers holds sufficiently to derive the four integrity properties as both necessary and jointly sufficient for end-to-end correctness.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"The paper defines intent-to-execution integrity as the conjunction of Tool Integrity, Instruction Integrity, Judgment Integrity, and Data Flow Integrity, arguing that existing LLM agent defenses provide only partial coverage of these properties.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Securing LLM agents requires intent-to-execution integrity so executions faithfully match user intent even with untrusted tools.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"372a274b0d7b388f9503f1fc8d1ccc35bfc0b1a89a3a32d5b812c49a021ffe11"},"source":{"id":"2605.16976","kind":"arxiv","version":1},"verdict":{"id":"476a4d37-282c-4cc2-8066-7b671d75706b","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T20:12:41.744001Z","strongest_claim":"Analyzing existing agentic defenses against these properties reveals that current systems provide only partial and non-compositional coverage, leaving fundamental gaps in securing modern LLM agents.","one_line_summary":"The paper defines intent-to-execution integrity as the conjunction of Tool Integrity, Instruction Integrity, Judgment Integrity, and Data Flow Integrity, arguing that existing LLM agent defenses provide only partial coverage of these properties.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The structural analogy between LLM agents and compilers holds sufficiently to derive the four integrity properties as both necessary and jointly sufficient for end-to-end correctness.","pith_extraction_headline":"Securing LLM agents requires intent-to-execution integrity so executions faithfully match user intent even with untrusted tools."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.16976/integrity.json","findings":[],"available":true,"detectors_run":[{"name":"doi_title_agreement","ran_at":"2026-05-19T20:31:19.050382Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T20:21:39.867412Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"cited_work_retraction","ran_at":"2026-05-19T19:51:56.598002Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"citation_quote_validity","ran_at":"2026-05-19T19:50:07.194706Z","status":"skipped","version":"0.1.0","findings_count":0},{"name":"claim_evidence","ran_at":"2026-05-19T18:41:56.218787Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T18:33:26.305915Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"e6cd85cab458ad41408189ea61aaf568f70f447289ad1f3c6e0f29199da36878"},"references":{"count":30,"sample":[{"doi":"","year":2025,"title":"OpenClaw: An open-source framework for AI agents","work_id":"0ce3c522-a447-46da-8419-bd9dd5a49604","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2026,"title":"NemoClaw: Hardened OpenClaw runtime with Landlock and seccomp sandboxing","work_id":"3642359b-c7c9-42dd-b7a6-a2c505e2dae8","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2026,"title":"IronClaw: Agent OS focused on privacy, security, and extensibility","work_id":"9830e3e7-33d5-4aaf-a979-f5dc26f7f60d","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2024,"title":"System-Level Defense against Indirect Prompt Injection Attacks: An Information Flow Control Perspective","work_id":"c3786d6b-d1c5-4d79-af2c-1215479ed680","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2026,"title":"SeClaw: The security armored personal AI assistant","work_id":"97db09da-719e-40dc-a4aa-21b55d1aef6d","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":30,"snapshot_sha256":"f674b56d76636a6aeabad05513b358e79d026e09e8b0f70b39c3991d7e47fb6a","internal_anchors":3},"formal_canon":{"evidence_count":2,"snapshot_sha256":"76d5a6aaa2c8891ee84df9ca241f8f62ffa9f07b117d245653dd0cd7728d761c"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":"476a4d37-282c-4cc2-8066-7b671d75706b"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-20T00:03:34Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"g4xkhucujGVcjMVECI2VtplBGZcHkq+3V6umHhCXZf+r3ud1ttOEisgUliis4bOh1ON6WJcMeVF/CPU3l3XgCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-24T11:22:56.390438Z"},"content_sha256":"d120cdff5e61139ddf17b758d1d6465f12339bec0b7726a5ed26c353bcbda6b1","schema_version":"1.0","event_id":"sha256:d120cdff5e61139ddf17b758d1d6465f12339bec0b7726a5ed26c353bcbda6b1"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/GRUVDJFPCW4M65JADI7LGH6BML/bundle.json","state_url":"https://pith.science/pith/GRUVDJFPCW4M65JADI7LGH6BML/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/GRUVDJFPCW4M65JADI7LGH6BML/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-24T11:22:56Z","links":{"resolver":"https://pith.science/pith/GRUVDJFPCW4M65JADI7LGH6BML","bundle":"https://pith.science/pith/GRUVDJFPCW4M65JADI7LGH6BML/bundle.json","state":"https://pith.science/pith/GRUVDJFPCW4M65JADI7LGH6BML/state.json","well_known_bundle":"https://pith.science/.well-known/pith/GRUVDJFPCW4M65JADI7LGH6BML/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:GRUVDJFPCW4M65JADI7LGH6BML","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"1200fcaf038b56e74891a13b38c787d19503109a224a0dd53a59d9eb5d43b40b","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-16T12:53:31Z","title_canon_sha256":"c6b60f77dab9a51a3429a3bd3b4ddc94cd7217ba5de6e0a772c4734e76a229df"},"schema_version":"1.0","source":{"id":"2605.16976","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.16976","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"arxiv_version","alias_value":"2605.16976v1","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.16976","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"pith_short_12","alias_value":"GRUVDJFPCW4M","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"pith_short_16","alias_value":"GRUVDJFPCW4M65JA","created_at":"2026-05-20T00:03:34Z"},{"alias_kind":"pith_short_8","alias_value":"GRUVDJFP","created_at":"2026-05-20T00:03:34Z"}],"graph_snapshots":[{"event_id":"sha256:d120cdff5e61139ddf17b758d1d6465f12339bec0b7726a5ed26c353bcbda6b1","target":"graph","created_at":"2026-05-20T00:03:34Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"Analyzing existing agentic defenses against these properties reveals that current systems provide only partial and non-compositional coverage, leaving fundamental gaps in securing modern LLM agents."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"The structural analogy between LLM agents and compilers holds sufficiently to derive the four integrity properties as both necessary and jointly sufficient for end-to-end correctness."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"The paper defines intent-to-execution integrity as the conjunction of Tool Integrity, Instruction Integrity, Judgment Integrity, and Data Flow Integrity, arguing that existing LLM agent defenses provide only partial coverage of these properties."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"Securing LLM agents requires intent-to-execution integrity so executions faithfully match user intent even with untrusted tools."}],"snapshot_sha256":"372a274b0d7b388f9503f1fc8d1ccc35bfc0b1a89a3a32d5b812c49a021ffe11"},"formal_canon":{"evidence_count":2,"snapshot_sha256":"76d5a6aaa2c8891ee84df9ca241f8f62ffa9f07b117d245653dd0cd7728d761c"},"integrity":{"available":true,"clean":true,"detectors_run":[{"findings_count":0,"name":"doi_title_agreement","ran_at":"2026-05-19T20:31:19.050382Z","status":"completed","version":"1.0.0"},{"findings_count":0,"name":"doi_compliance","ran_at":"2026-05-19T20:21:39.867412Z","status":"completed","version":"1.0.0"},{"findings_count":0,"name":"cited_work_retraction","ran_at":"2026-05-19T19:51:56.598002Z","status":"completed","version":"1.0.0"},{"findings_count":0,"name":"citation_quote_validity","ran_at":"2026-05-19T19:50:07.194706Z","status":"skipped","version":"0.1.0"},{"findings_count":0,"name":"claim_evidence","ran_at":"2026-05-19T18:41:56.218787Z","status":"completed","version":"1.0.0"},{"findings_count":0,"name":"ai_meta_artifact","ran_at":"2026-05-19T18:33:26.305915Z","status":"skipped","version":"1.0.0"}],"endpoint":"/pith/2605.16976/integrity.json","findings":[],"snapshot_sha256":"e6cd85cab458ad41408189ea61aaf568f70f447289ad1f3c6e0f29199da36878","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"This position paper argues that securing LLM agents requires first defining an end-to-end correctness property that specifies when an agent's execution faithfully reflects the user's intent. Modern LLM agents operate over an \\emph{intent-to-execution pipeline}, where natural-language instructions are translated into concrete system operations such as tool calls, API requests, and code execution. While recent defenses have made progress in constraining how agents construct tool calls, most existing formulations implicitly assume that tools are trusted. The emergence of systems such as OpenClaw,","authors_text":"Dawn Song, Jiaheng Zhang, Ming Xu, Peiran Wang, Shengfang Zhai, Wenjie Qu","cross_cats":[],"headline":"Securing LLM agents requires intent-to-execution integrity so executions faithfully match user intent even with untrusted tools.","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-16T12:53:31Z","title":"Securing LLM Agents Need Intent-to-Execution Integrity"},"references":{"count":30,"internal_anchors":3,"resolved_work":30,"sample":[{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":1,"title":"OpenClaw: An open-source framework for AI agents","work_id":"0ce3c522-a447-46da-8419-bd9dd5a49604","year":2025},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":2,"title":"NemoClaw: Hardened OpenClaw runtime with Landlock and seccomp sandboxing","work_id":"3642359b-c7c9-42dd-b7a6-a2c505e2dae8","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":3,"title":"IronClaw: Agent OS focused on privacy, security, and extensibility","work_id":"9830e3e7-33d5-4aaf-a979-f5dc26f7f60d","year":2026},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":4,"title":"System-Level Defense against Indirect Prompt Injection Attacks: An Information Flow Control Perspective","work_id":"c3786d6b-d1c5-4d79-af2c-1215479ed680","year":2024},{"cited_arxiv_id":"","doi":"","is_internal_anchor":false,"ref_index":5,"title":"SeClaw: The security armored personal AI assistant","work_id":"97db09da-719e-40dc-a4aa-21b55d1aef6d","year":2026}],"snapshot_sha256":"f674b56d76636a6aeabad05513b358e79d026e09e8b0f70b39c3991d7e47fb6a"},"source":{"id":"2605.16976","kind":"arxiv","version":1},"verdict":{"created_at":"2026-05-19T20:12:41.744001Z","id":"476a4d37-282c-4cc2-8066-7b671d75706b","model_set":{"reader":"grok-4.3"},"one_line_summary":"The paper defines intent-to-execution integrity as the conjunction of Tool Integrity, Instruction Integrity, Judgment Integrity, and Data Flow Integrity, arguing that existing LLM agent defenses provide only partial coverage of these properties.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"Securing LLM agents requires intent-to-execution integrity so executions faithfully match user intent even with untrusted tools.","strongest_claim":"Analyzing existing agentic defenses against these properties reveals that current systems provide only partial and non-compositional coverage, leaving fundamental gaps in securing modern LLM agents.","weakest_assumption":"The structural analogy between LLM agents and compilers holds sufficiently to derive the four integrity properties as both necessary and jointly sufficient for end-to-end correctness."}},"verdict_id":"476a4d37-282c-4cc2-8066-7b671d75706b"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:3424b6c97c3ef9d84858147f44a284a4c1ca3a342734aaaf7db5d380f8fdd2d0","target":"record","created_at":"2026-05-20T00:03:34Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"1200fcaf038b56e74891a13b38c787d19503109a224a0dd53a59d9eb5d43b40b","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-16T12:53:31Z","title_canon_sha256":"c6b60f77dab9a51a3429a3bd3b4ddc94cd7217ba5de6e0a772c4734e76a229df"},"schema_version":"1.0","source":{"id":"2605.16976","kind":"arxiv","version":1}},"canonical_sha256":"346951a4af15b8cf75201a3eb31fc162ceb66188cf03825f4c385b1d8136bb5d","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"346951a4af15b8cf75201a3eb31fc162ceb66188cf03825f4c385b1d8136bb5d","first_computed_at":"2026-05-20T00:03:34.045936Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-20T00:03:34.045936Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"fI6fQeqtqw5wvCFLqq/yb049WTiUCqS/0TekSJ0wP3Mln3OhnMR4bgjh1Lw51RYFb+FhMKqaCt8j49MWgJ4cAA==","signature_status":"signed_v1","signed_at":"2026-05-20T00:03:34.046718Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.16976","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:3424b6c97c3ef9d84858147f44a284a4c1ca3a342734aaaf7db5d380f8fdd2d0","sha256:d120cdff5e61139ddf17b758d1d6465f12339bec0b7726a5ed26c353bcbda6b1"],"state_sha256":"925890c4b783060f87346bfd69f4b73607cb7171df6ab3c5d7da4f2f8b516947"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"vgsl2/jaHkIE4OOJ6yIO6aGjMvi4m3GGZWMarCA1JjZsraK6PrbZWaHwNoUI2AW4/WfkdK2QfUChhuiEM8zTCA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-24T11:22:56.395012Z","bundle_sha256":"e8b88558c18b235de657c4384681a323975585c1dd8450719fcf077d06c8e42e"}}