What the envelope binds
Every Attested Action Envelope carries exactly eight fields. Nothing optional, nothing implicit — a document with an extra member, a missing one, or an outcome outside the closed set is not an envelope and fails verification.
Who asked, to do what
agent_id names the acting agent. action is {verb, resource, params} — what it asked to do.
Which policy decided
policy_id names the policy entry that produced the verdict. sm-aae does not evaluate policy itself — the caller supplies both policy_id and outcome.
Authorized, denied, or conditional
outcome is one of authorized, denied, or conditional. Refusals are first-class signed envelopes, not a silent absence.
Linked to what came before
prev_hash is the hex SHA-256 of this agent's previous envelope, or null for its first. Deleting or reordering an interior envelope breaks the chain.
When, and by whom
issued_at is an RFC 3339 timestamp. sig is the Ed25519 signature over the canonical envelope; pubkey is the signer's raw Ed25519 public key.
Refusals are first-class
When a system declines an action, it typically just doesn't do it — there is no signed artifact that
says "we were asked, and we said no, here, then." A denial is a silent absence, indistinguishable
later from "never asked." A denied verdict produces a fully signed envelope, identical
in shape to a grant. The refusal becomes a durable, verifiable receipt: an audit can count and
inspect refusals the same way it inspects grants.
Out of scope. The envelope answers "was it authorized?" — not "did it happen?". A signed AAE proves a policy decision was made, by whom, and when; it says nothing about whether the agent went on to actually perform the action. That's the occurrence half of the accountability question, and it belongs to agency receipts — the companion signed record an agent emits when it acts. AAE and receipts answer different questions about the same action.