Skip to content

agentrust-io/trace-spec

Repository files navigation

TRACE

TRACE: Trust Runtime Attestation and Compliance Evidence

Full Documentation

Specification  |  Schema  |  Examples  |  Registry  |  Test Suite  |  Reference Impl

License: CC BY 4.0 Spec PyPI CI Discord

Developer Preview. Launching at Confidential Computing Summit, June 23 2026.

An open specification for hardware-attested AI agent governance records. TRACE defines the format, anchoring protocol, and verification rules for cryptographically provable evidence that an AI agent ran under a specific policy, in a verified hardware environment, on classified data, invoking identified tools — bound into a single signed artifact rooted in silicon attestation.

A TRACE Trust Record answers: what ran, where, under which policy, touching which data, calling which tools — in a form any third party can verify without trusting the operator.

Quick start

pip install agentrust-trace
from agentrust_trace import TrustRecord, sign_record

record = TrustRecord(
    subject="spiffe://trust.example.org/agent/payments-processor",
    model_id="claude-sonnet-4-6",
    platform="amd-sev-snp",
    policy_hash="sha256:b2c3d4...",
)
signed = sign_record(record, key=signing_key)

Resources

📖 Full documentation trace.agentrust-io.com
📄 Specification spec/trace-v0.1.md
🔍 Schema schema/trace-claim.json
📦 PyPI agentrust-trace
🧪 Test suite trace-tests
🗂 Registry trace-registry
🔗 Reference implementation cmcp
💬 Discussions GitHub Discussions
📋 Changelog CHANGELOG.md

Standards alignment

Targeting the Agentic AI Foundation (AAIF) at the Linux Foundation. Active standardization track in CoSAI WS4. Builds on RFC 9711 (EAT), RFC 9334 (RATS), and SCITT draft-22.

Frequently asked questions

What is TRACE?

TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools.

What does a TRACE Trust Record prove?

A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger.

What standards is TRACE built on?

TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability.

How do I create and verify a Trust Record?

Install the Python library with pip install agentrust-trace, sign a record with TrustRecord.sign(claims, signing_key), anchor it to a SCITT ledger with record.anchor(), and check it with record.verify(verifying_key).

How does TRACE relate to AGT and cMCP?

TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details.

What is the current status of TRACE?

The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is TRACE?", "acceptedAnswer": { "@type": "Answer", "text": "TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools." } }, { "@type": "Question", "name": "What does a TRACE Trust Record prove?", "acceptedAnswer": { "@type": "Answer", "text": "A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger." } }, { "@type": "Question", "name": "What standards is TRACE built on?", "acceptedAnswer": { "@type": "Answer", "text": "TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability." } }, { "@type": "Question", "name": "How do I create and verify a Trust Record?", "acceptedAnswer": { "@type": "Answer", "text": "Install the Python library with pip install agentrust-trace, sign a record with TrustRecord.sign(claims, signing_key), anchor it to a SCITT ledger with record.anchor(), and check it with record.verify(verifying_key)." } }, { "@type": "Question", "name": "How does TRACE relate to AGT and cMCP?", "acceptedAnswer": { "@type": "Answer", "text": "TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details." } }, { "@type": "Question", "name": "What is the current status of TRACE?", "acceptedAnswer": { "@type": "Answer", "text": "The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production." } } ] } </script>

Contributing

See CONTRIBUTING.md and GOVERNANCE.md. All contributors must agree to the ANTITRUST.md policy.

About

TRACE — Trust Runtime Attestation and Compliance Evidence. Open attestation standard for agentic AI governance.

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors