Agent Envelope's own README names its family directly: sm-aae is the per-action authorization primitive in a small family of agent evidence tools — sm-arp for receipts of what an agent did, sm-parc for portable reputation over those receipts, and sm-aae itself for what an agent may do, and the refusals. Two more libraries from the same research house compose with the envelope at its edges: sm-dat, which supplies the grant a verdict cites, and sm-locp, an external policy engine of the kind sm-aae is built to sit downstream of.
The verdict
Attested Action Envelope
This library. A signed, per-agent hash-chained record of a pre-action authorization verdict — agent_id, action, policy_id, outcome, prev_hash, issued_at, sig, pubkey. It signs whatever policy_id and outcome it is given; it does not decide them.
The grant behind the verdict
Delegated Authority Token
The portable, cryptographically signed grant a human principal gives an agent — what it's allowed to do, for how long, under what limits. A DAT is signed by the principal's key, not the agent's, so it is a non-repudiable statement: "I permitted this, within these bounds." Where an AAE's policy_id names the policy entry a verdict cites, a DAT is one concrete source of the authority behind that citation — sm-dat calls itself "the principal's leash," answering "was it permitted by the principal?" the way sm-arp answers "did it happen, signed by the agent?"
The policy decision
Stellarminds Open Compliance Protocol
A defeasible-logic compliance engine: it evaluates machine-readable regulations against an agent's observed operational state and produces cryptographic compliance proofs as W3C Verifiable Credentials. sm-aae's own governance is explicit that policy authoring and evaluation are out of its scope — "the caller supplies policy_id and outcome." sm-locp is the kind of engine that plays that caller role: its defeasible-logic verdict is the sort of decision an AAE would go on to sign and chain. Neither library's documentation currently names the other directly — this is a compositional relationship by design, not a wired integration, and is described here as such.
The occurrence complement
Agency Receipt Protocol
Portable, cryptographically signed receipts an agent emits when it acts on behalf of a human — the record that an action happened. Where an AAE is issued before an action runs and records whether it was permitted, an sm-arp receipt is issued after and records that it occurred. The two are deliberately separate artifacts answering separate questions about the same action; see agencyreceipts.ai.
Portable Agent Reputation Credential
Portable reputation computed over an agent's sm-arp receipt history. Reputation and an AAE answer different-tense questions — reputation summarizes a pattern of past behavior; an AAE is a single verdict about a single action, issued in advance.
Out of scope for sm-aae. None of these companion libraries are dependencies of sm-aae — the envelope library itself depends only on cryptography. Composition happens at the level of what a caller does with the eight fields: cite a policy_id, decide an outcome, and sign.