AgentEnvelope Working draft

Documentation

Glossary

The vocabulary of the envelope.

Core

Attested Action Envelope (AAE)
A signed, per-agent hash-chained record of a pre-action authorization verdict — what an agent may do, with refusals as first-class signed artifacts. Reference implementation: sm-aae.
envelope
The eight-field signed JSON object: agent_id, action, policy_id, outcome, prev_hash, issued_at, sig, pubkey. See What is the Attested Action Envelope.
outcome
The verdict field: one of authorized, denied, or conditional.
conditional
One of the three outcome values, alongside authorized and denied. sm-aae signs and chains a conditional verdict exactly like the other two; the meaning of the condition itself is the caller's policy domain, not defined by the SPEC.
policy_id
The identifier of the policy entry that produced the verdict — an opaque string sm-aae signs but does not interpret. The caller supplies it.
prev_hash
The hex SHA-256 of this agent's previous envelope, or null for its first envelope. What chains one verdict to the next.
envelope hash
The lowercase-hex SHA-256 of the full signed envelope (including sig) — the value a successor's prev_hash points at.
chain
An agent's envelopes linked genesis-first by prev_hash. Reconstructed by order_chain, which returns the ordering or rejects a set that isn't exactly one intact chain.
canonicalization
The deterministic serialization the signature covers: sorted-key, compact-separator JSON over the envelope with sig removed, UTF-8 encoded. Identical inputs always produce byte-identical canonical bytes.
gap / fork / foreign-chain splice
The three chain defects order_chain rejects: a missing interior envelope, two envelopes claiming the same predecessor, and a prev_hash that reaches into another agent's chain, respectively.

Stack acronyms

Canonical expansions used across the Stellarminds agent-evidence stack.

AAE
Attested Action Envelope — the signed, per-agent-chained record of a pre-action authorization verdict (this project).
ARP
Agency Receipt Protocol — the signed receipt envelope: what an agent did. See Primitives.
DAT
Delegated Authority Token — the principal-signed grant defining what an agent was allowed to do.
PARC
Portable Agent Reputation Credential — portable reputation computed over an agent's ARP receipt history.