TRACE conformance test suite
Project description
TRACE Conformance Test Suite
Conformance tests for TRACE v0.1 - Trust, Runtime Attestation, and Compliance Evidence. An implementation producing Trust Records must pass all tests in the applicable level before using the "TRACE-conformant" mark.
If you are building a gateway, agent runtime, or orchestration layer that produces TRACE records, run this suite against your output to verify conformance before claiming TRACE compliance.
Test modules
| Module | ID prefix | Spec section | What it tests |
|---|---|---|---|
| Envelope | TR-ENV |
§3.2 | EAT envelope structure, eat_profile URI, required fields, iat validity |
| Signature | TR-SIG |
§3.2.1 | Algorithm conformance (ES256/ES384/EdDSA), key binding, chain verification |
| Runtime | TR-RTE |
§3.1 | TEE platform enum, measurement format, RIM URI resolution |
| Policy | TR-POL |
§3.1 | Policy bundle hash format, enforcement mode values, TEE binding |
| Transcript | TR-TXN |
§3.1 | Tool-call transcript hash binding (Phase 2+ records) |
| Transparency | TR-ANC |
§3.2 | SCITT receipt URI format, inclusion proof structure |
| Provenance | TR-SCA |
§3.1 | SLSA provenance level, builder URI, digest format |
Conformance levels
| Level | Required modules | Use case |
|---|---|---|
| 0 | TR-ENV, TR-SIG, TR-POL | Software-only development and staging |
| 1 | Level 0 + TR-RTE, TR-SCA | Production TEE-attested records |
| 2 | Level 1 + TR-TXN, TR-ANC | Full records with transparency anchoring |
Running
pip install trace-tests
trace-tests verify --record path/to/trust-record.jwt --level 1
Test structure
Each test case includes:
- A normative reference to the spec section it exercises
- A positive case - valid input, expected result:
PASS - A negative case - invalid input, expected result:
FAILwith a structured error code
Error codes follow the form TR-<MODULE>-<NNN> (e.g., TR-ENV-001: missing eat_profile).
Status
Test suite v0.1, in development. The TRACE spec publishes at Confidential Computing Summit, June 23 2026, and the test suite will be usable at that point. The certification program is on a separate timeline, launching 2027.
Contributing
Open an issue or PR. New tests must include the normative spec reference, a positive case, and a negative case.
License
Apache 2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentrust_trace_tests-0.1.0.tar.gz.
File metadata
- Download URL: agentrust_trace_tests-0.1.0.tar.gz
- Upload date:
- Size: 22.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ad4e761cce457d721cb039974399ea92647748b86b8d2901291628f64c08e945
|
|
| MD5 |
e03ac26b7832dfa06d3d20eebfd33b10
|
|
| BLAKE2b-256 |
a4cefdf1d2db3a2538bcb301d58ee3109c3fe7971ef77eac059e3ca748ea3086
|
Provenance
The following attestation bundles were made for agentrust_trace_tests-0.1.0.tar.gz:
Publisher:
release.yml on agentrust-io/trace-tests
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agentrust_trace_tests-0.1.0.tar.gz -
Subject digest:
ad4e761cce457d721cb039974399ea92647748b86b8d2901291628f64c08e945 - Sigstore transparency entry: 1804441865
- Sigstore integration time:
-
Permalink:
agentrust-io/trace-tests@0cd0d16e4ce1462d746bba8ec6bc327090a22e59 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/agentrust-io
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@0cd0d16e4ce1462d746bba8ec6bc327090a22e59 -
Trigger Event:
release
-
Statement type:
File details
Details for the file agentrust_trace_tests-0.1.0-py3-none-any.whl.
File metadata
- Download URL: agentrust_trace_tests-0.1.0-py3-none-any.whl
- Upload date:
- Size: 18.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca1c86beb71e767be663445236c9951083d8c259e08322220508cd9f61060708
|
|
| MD5 |
0330fa39dbfe68484efebb361b4aa56f
|
|
| BLAKE2b-256 |
398e792121184fd56fa713aa73febf928d9a48de8065068a5f1fb2284ed9e699
|
Provenance
The following attestation bundles were made for agentrust_trace_tests-0.1.0-py3-none-any.whl:
Publisher:
release.yml on agentrust-io/trace-tests
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agentrust_trace_tests-0.1.0-py3-none-any.whl -
Subject digest:
ca1c86beb71e767be663445236c9951083d8c259e08322220508cd9f61060708 - Sigstore transparency entry: 1804442000
- Sigstore integration time:
-
Permalink:
agentrust-io/trace-tests@0cd0d16e4ce1462d746bba8ec6bc327090a22e59 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/agentrust-io
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@0cd0d16e4ce1462d746bba8ec6bc327090a22e59 -
Trigger Event:
release
-
Statement type: