TGP.SKI — canonical provenance statement ======================================== Issued: 2026-07-12 Issuer: Tyler Pate (TGPSKI) Key: ed25519 EBD5 FFAD 597E AEAF D2C6 9B42 1257 CF12 D9C9 3483 UID: TGPSKI (ego-killer GitHub signing) This statement is published at https://TGP.SKI/claims.txt with a detached signature at https://TGP.SKI/claims.txt.asc. To verify: curl -sO https://TGP.SKI/claims.txt curl -sO https://TGP.SKI/claims.txt.asc curl -s https://TGP.SKI/keys/tgpski.asc | gpg --import gpg --verify claims.txt.asc claims.txt The same key is registered on the TGPSKI GitHub account. Cross-check independently of this site: curl -s https://api.github.com/users/TGPSKI/gpg_keys | grep 1257CF12D9C93483 I, Tyler Pate, control and claim the following. Domains TGP.SKI this site — the canonical provenance record skills.TGP.SKI agent skill registry, mirrored from my repositories tylerpate.com founder site pate.sh PATE Stack umbrella leather.sh leather — local agent runtime TGPSKI.com registrar-level 302 redirect to https://TGP.SKI TGPSKI.sh registrar-level 302 redirect to https://TGP.SKI Accounts GitHub https://github.com/TGPSKI Email tyler.graham.pate@gmail.com (the UID of the signing key) LinkedIn https://www.linkedin.com/in/tyler-g-pate/ (its website field points to https://TGP.SKI) Keys Current commit-signing key: ed25519, fingerprint EBD5FFAD597EAEAFD2C69B421257CF12D9C93483, published at https://TGP.SKI/keys/tgpski.asc. Older keys listed by the GitHub API for TGPSKI remain mine but are retired for new signatures. Additional keys — mine, published for reference, but none of them sign this claims file: ed25519 0891E9822C4AF540B5E29D1A7B91D71E7288EC8F "Tyler Pate (fractal) " rsa4096 1780D80DF14DBEEE0813DD134A8DFAA63719BE56 "Tyler Pate " ed25519 9293B123FC91DC55F73BB1358929102C2659694C "TGPSKI " ed25519 F3A8A3F32399C300CB90D3B7C8113263C4014363 "Tyler Graham Pate ", expires 2028-06-06 rsa2048 E0841EF8B285579BE0B9756DE6FCB507B84FD052 "Tyler Pate " Each is published at https://TGP.SKI/keys/.asc. Proof strength — what is machine-verifiable and what is not Verified both ways: GitHub (this key appears in the GitHub API for TGPSKI and the profile links back here) and the domains above that I serve myself, which carry reciprocal rel="me" links to TGP.SKI. Beyond rel="me", all seven domains — TGP.SKI, skills.TGP.SKI, tylerpate.com, pate.sh, leather.sh, and the two redirect-only domains (TGPSKI.com, TGPSKI.sh) — also publish a DNS TXT record binding them to this key: openpgp4fpr:EBD5FFAD597EAEAFD2C69B421257CF12D9C93483 Verify: dig +short TXT tgp.ski skills.tgp.ski tylerpate.com pate.sh \ leather.sh tgpski.com tgpski.sh | grep -i 1257CF12D9C93483 Claimed and signed only: the email address (anchored as this key's UID, but gmail.com is not my domain) and LinkedIn (no machine-verifiable backlink mechanism). Revocation If this key is compromised, a revocation note will be published under https://TGP.SKI/keys/ and the key will be revoked on GitHub. Treat any claims file that fails signature verification as void.