Standard receipts and trace semantics for verifiable agent execution.
This repo defines:
- Receipt and trace event schemas
- Canonicalization rules for deterministic hashing
- Hash-chaining and signature envelopes
- Redaction semantics that preserve integrity verification
- Test vectors for cross-implementation compatibility
Most agent systems produce logs. Logs are not verification. This specification defines receipts that can be independently validated to confirm:
- What the agent did
- Under which policy constraints
- What artifacts were produced
- Whether the record was tampered with
- Trace: ordered event stream (JSONL) describing agent actions.
- Receipt: cryptographic attestation for an event (hash + prev_hash + signature).
- Bundle: portable directory containing trace + receipts + artifacts + metadata.
- Policy Decision: allow/deny receipt produced by a non-bypassable policy layer.
- Validate schemas:
./tools/validate_schemas.sh - Review examples:
examples/minimal/ - Use vectors to build verifiers:
vectors/v1/
Downstream projects should treat this repo as the canonical source of truth for:
schemas/spec/vectors/
See: spec/threat-model.md
This repo is part of the Agentic Evidence Suite:
- agentic-receipts (standard)
- agentic-trace-cli (tooling)
- agentic-artifacts (outputs)
- agentic-policy-engine (governance)
- agentic-eval-harness (scenarios)
- agentic-evidence-viewer (review UI)
MIT