ANCHORED AGENT-TRACE RECEIPTS

Anchored Agent-Trace Receipts

A signed, anchored receipt for how an agent run executed — the named pipeline stages it passed through, in order, each with a duration and status, the outcome it reached, and a commitment to the full detailed trace. The body carries only the non-PII execution skeleton in plaintext; anything data-bearing stays behind a salted commit. It records execution provenance, never verified behaviour.

AgTR · Shipped1 wire typeApache-2.0 · CC0 spec
← All familiesVerify a receipt →

WIRE TYPES

ar.trace.v1 (agent.trace)

Single canonical wire type, one receipt per agent run. Records the ordered pipeline stages (each a fixed plaintext label like validate / oversight / execute, with a duration in ms and status of ok / error / skipped), the terminal outcome (ok / error / denied / checkpoint), total elapsed time, and a salted SHA-256 commit over the full detailed trace. Joins to the run's other receipts by request_id_commit.

WHAT IT PROVES

  • An agent run executed the recorded stages, in the recorded order, reaching the recorded outcome at a specific UTC start time (Merkle inclusion proof).
  • The recorded stage list, timings, and outcome are exactly as the issuer sealed them and have not been altered (Ed25519 signature check).
  • The receipt was signed by a registered issuer key (Ed25519 signature check).
  • The full detailed trace — stage inputs, outputs, and errors — is committed and selectively disclosable later without the body ever carrying that data (trace_commit salted commitment).

WHAT IT DOESN'T PROVE

  • That the run was correct, safe, wise, or authorised — the receipt records the path taken, not the quality of the behaviour.
  • That the recorded timings are accurate — the issuer asserts the durations; the verifier records them, it does not re-time the run.
  • That total_ms equals the sum of the stage durations — clocks, gaps, and parallelism make this not generally true and it is deliberately not enforced.
  • That a human reviewed the run or could have intervened — the trace is a record of execution, not of oversight.

COMPOSES WITH

AgTR receipts reference other family members via body-level composition pointers — verifier-coordinated, not signature-mandated.

AActRAnchored Action Receipts

Same run, two receipts joined by request_id_commit: the AActR records what authority the agent consumed, the AgTR records how the run executed stage by stage.

AQRAnchored Quality Receipts

An AQR for a run's output and an AgTR for that run share the same request_id_commit — output quality and execution path cross-referenced to one agent run.

Verify any
AgTR receipt.

verify.dekimu.com ↗

Paste any claim ID to verify a receipt, check its anchor, and inspect the issuer signature.

REFERENCES

AI Act Art. 12 — Record-keeping / logging (EUR-Lex)
AI Act Art. 14 — Human oversight (EUR-Lex)

Anchored Agent-Trace Receipts are cryptographic provenance and privacy-lifecycle protocols. verify.dekimu.com is a reference implementation, not a qualified trust service under Regulation (EU) No 910/2014 (eIDAS) or successor.