TRACE v0.1 — hardware-attested governance records for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mosiddi from gravatar.com mosiddi

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Tags ai-governance , attestation , confidential-computing , eat , rats , tee , trace
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

TRACE

TRACE — Trust Runtime Attestation and Compliance Evidence

An open specification for hardware-attested AI agent governance records. TRACE defines the format, anchoring protocol, and verification rules for cryptographically provable evidence that an AI agent ran under a specific policy, in a verified hardware environment, on classified data, invoking identified tools — bound into a single signed artifact rooted in silicon attestation.

What a TRACE Trust Record Is

{
  "eat_profile": "tag:agentrust.io,2026:trace-v0.1",
  "iat": 1750676142,
  "subject": "spiffe://trust.example.org/agent/payments-processor/prod",
  "model": {
    "provider": "anthropic",
    "model_id": "claude-sonnet-4-6",
    "version": "20251001",
    "weights_digest": "sha256:a3f8d2c1..."
  },
  "runtime": {
    "platform": "amd-sev-snp",
    "measurement": "sha384:c9e4b1d2e3f4...",
    "rim_uri": "https://kdsintf.amd.com/vcek/v1/..."
  },
  "policy": {
    "bundle_hash": "sha256:b2c3d4e5...",
    "enforcement_mode": "enforce",
    "version": "1.2.0"
  },
  "data_class": "confidential",
  "tool_transcript": {
    "hash": "sha256:d4e5f6a7...",
    "call_count": 3
  },
  "build_provenance": {
    "slsa_level": 2,
    "builder": "https://github.com/slsa-framework/slsa-github-generator",
    "digest": "sha256:e5f6a7b8..."
  },
  "appraisal": {
    "status": "affirming",
    "verifier": "https://trust-authority.example.org",
    "policy_ref": "https://trust-authority.example.org/policy/agent-v1"
  },
  "transparency": "https://registry.agentrust.io/claim/trace-2026-06-23T09:15:42Z-f2a8d1",
  "cnf": {
    "jwk": {"kty": "EC", "crv": "P-256", "x": "MEkwEw...", "y": "..."}
  }
}

The record is a single EAT envelope (RFC 9711). Each field is independently verifiable. No callback to the issuer is required.

Specification

Standards composition

TRACE profiles existing standards rather than replacing them:

Primitive Role in TRACE
RATS / EAT (RFC 9711) Wire envelope and claim model
SLSA Provenance v1.0 Build-time provenance (build_provenance)
SPIFFE SVID Workload identity (subject)
SCITT Append-only transparency anchoring (transparency)
EAR (draft-ietf-rats-ar4si) Verifier appraisal output (appraisal)
MCP / A2A Agent tool-call transcript surface (tool_transcript)
AIBOM (SPDX 3.0 / CycloneDX 1.7) Model component inventory (model)

Reference implementation

agentrust-io/cmcp — Confidential MCP Gateway. Hardware-attested policy enforcement at the MCP tool-call boundary on Intel TDX, AMD SEV-SNP, and NVIDIA H100/Blackwell.

Registry

A public append-only Merkle registry of TRACE Trust Record anchors: agentrust-io/trace-registry.

Status

Draft v0.1 — publishing at Confidential Computing Summit, San Francisco, June 23 2026. Targeting submission to the Agentic AI Foundation (AAIF) under the Linux Foundation.

License

Creative Commons Attribution 4.0 International (CC BY 4.0)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mosiddi from gravatar.com mosiddi

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Tags ai-governance , attestation , confidential-computing , eat , rats , tee , trace
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentrust_trace-0.1.0.tar.gz (28.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentrust_trace-0.1.0-py3-none-any.whl (8.8 kB view details)

Uploaded Python 3

File details

Details for the file agentrust_trace-0.1.0.tar.gz.

File metadata

  • Download URL: agentrust_trace-0.1.0.tar.gz
  • Upload date:
  • Size: 28.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agentrust_trace-0.1.0.tar.gz
Algorithm Hash digest
SHA256 fb5bf0d5dda299b0dcd4890cf91e405e1e0b2ab7aead0101136c353e0688e976
MD5 d22b209ce7d5de2f2d097ddb28b817ba
BLAKE2b-256 c75b05abbe073ea13dfb6a4e0293d23c68729b0cdf96cc75adffa716b9a7a62a

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentrust_trace-0.1.0.tar.gz:

Publisher: publish.yml on agentrust-io/trace-spec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agentrust_trace-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for agentrust_trace-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e644480f7ff5ce9d218da26805ba8f675361f3e3bc14d94d8ae7c6a374c45122
MD5 554aeeeec2a259b0c46f9a8c34798b08
BLAKE2b-256 08bea8b50da697bf2608d836b32d1d8857caa11513ed36702c8e123f69a8bbeb

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentrust_trace-0.1.0-py3-none-any.whl:

Publisher: publish.yml on agentrust-io/trace-spec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page