What is the Attested Action Envelope, in one sentence?+
A signed, per-agent hash-chained record of a pre-action authorization verdict: a small object issued before an action runs, stating who asked to do what, which policy decided, and what the verdict was — with a denial recorded exactly as durably as a grant.
What are the eight fields?+
agent_id, action (verb/resource/params), policy_id, outcome (authorized/denied/conditional), prev_hash, issued_at, sig, and pubkey. A document with any additional or missing member is not an envelope and fails verification. See What is the Attested Action Envelope for the normative table.
Why are refusals first-class?+
Because a denial is normally a silent absence — a system that declines an action typically just doesn't do it, leaving no artifact that says "we were asked, and we said no." A denied outcome produces a fully signed envelope, identical in shape to a grant, so the refusal becomes a durable, verifiable receipt an audit can count and inspect.
What does the envelope NOT do?+
It does not evaluate policy — it signs whatever policy_id and outcome the caller supplies. It does not pin an agent to a fixed key across its chain, issue identities, provide a trusted clock, or defend against replay of a valid envelope outside its own chain. It does not prove that the action it authorized actually happened. See What is the Attested Action Envelope and the repository's THREATMODEL.md.
How does chaining work, and what does it catch?+
Every envelope's prev_hash is the SHA-256 of the agent's previous envelope, including that envelope's signature. Reconstructing the unique genesis-first order rejects a gap (a deleted interior envelope), a fork (two envelopes claiming the same predecessor), a foreign-chain splice (a prev_hash reaching into another agent's chain), and duplicates or multiple/zero genesis envelopes.
How does this relate to sm-arp, sm-dat, and sm-locp?+
sm-arp records that an action happened, after the fact — the occurrence complement to the envelope's pre-action verdict. sm-dat is a principal-signed grant that can be the concrete authority a verdict's policy_id cites. sm-locp is a defeasible-logic compliance engine that plays the caller role sm-aae expects — it decides the outcome that sm-aae then signs and chains, though the two libraries' own documentation does not currently name each other directly. See Primitives.
Is this open source?+
Yes — MIT-licensed, published to PyPI as sm-aae, with runtime dependency on cryptography only. Source: github.com/Sharathvc23/sm-aae.
Is this a finished standard?+
No. SPEC.md is versioned v0.1 and marked a working draft, documenting the format the reference implementation produces and verifies — offered for review, not yet a normative standard. The field set, canonicalization, and signature scheme are frozen within a major version per GOVERNANCE.md.
Does the envelope prove the action happened?+
No — that is explicitly out of scope. An AAE proves a policy decision was made, by whom, and when. Whether the agent went on to perform the action is the occurrence half of the accountability question, covered by agency receipts. See agencyreceipts.ai.