Verifiable Action Record

The digital signature is the foundational security element. It is generated using the agent's private key and binds the entire record's contents—action, context, timestamp—into a single, immutable unit. This provides non-repudiation, proving the action originated from a specific, identifiable agent and has not been altered. Verification is performed using the corresponding public key.

• Mechanism: Typically uses elliptic-curve cryptography (e.g., Ed25519) or RSA.
• Purpose: Guarantees authenticity and integrity, forming the basis for deterministic execution proof.

This is the structured, machine-readable description of the action itself. It must be serialized in a deterministic format (e.g., JSON Canonicalization) before signing to ensure the same data always produces the same signature. The payload includes:

• Action Type: A unique identifier (e.g., tool_call:database_query).
• Action Parameters: The precise inputs and arguments used.
• Output/Result: The data returned or state change effected by the action.

This component provides the forensic evidence of what the agent actually did.

A snapshot of the agent's operational context at the moment of action. This is critical for forensic state reconstruction and understanding the why behind an action. It includes:

• Session ID & Sequence Number: For ordering actions within a session.
• Input/Trigger: The user query, event, or prior agent output that precipitated this action.
• Relevant Memory/Knowledge: Pointers to or hashes of the data from agentic memory that informed the decision (e.g., retrieved context IDs).
• Policy/Guardrail Context: The specific governance rules in scope.

This creates the causal action graph by linking actions to their preceding states.

This component establishes the temporal and ordinal integrity of the record. It prevents back-dating and ensures actions are logged in the correct, verifiable sequence.

• Trusted Timestamp: Often obtained from a Trusted Timestamping Authority (TSA) via protocols like RFC 3161, or anchored in a decentralized system (e.g., blockchain transaction). This provides tamper-proof timestamping.
• Sequence Proof: A cryptographic link to the previous action record, such as the hash of the prior record. This creates an immutable action ledger, forming a provenance chain where altering one record invalidates all subsequent ones.

This component cryptographically attests which agent performed the action. It moves beyond simple API keys to a verifiable identity model.

• Agent Identifier: A unique, public identifier (e.g., a DID - Decentralized Identifier).
• Attestation Evidence: May include a hardware-based attestation (e.g., from a Trusted Platform Module) or a certificate chain proving the agent's code is authorized and unaltered. This is key for agentic threat modeling and establishing a chain of custody.

This allows auditors to verify not just that an agent acted, but that a specific, authorized agent instance did so.

Structured data that facilitates automated regulatory auditing. This metadata pre-labels the record for compliance checks.

• Policy ID: Identifier of the governance policy or compliance checkpoint evaluated.
• Check Result: Pass/Fail/Error outcome of any automated policy check run before or after the action.
• Data Provenance Tags: Labels indicating the classification and origin of data used (e.g., PII:Customer_EU, Source:Internal_CRM).
• Jurisdiction Flags: Tags for regulations in scope (e.g., GDPR, HIPAA).

This transforms raw logs into a policy compliance log, enabling efficient cross-session auditing for regulatory reports.