The Agent Evidence Protocol (AEP) is the cross-repo evidence contract for the WasmAgent ecosystem. AEPRecord is emitted by @wasmagent/aep after every agent run and consumed by trace-pipeline (evomerge) for audit and training data export.
Current shipped contract (2026-06-26). Adds a required Ed25519 signature field; emitter now always signs records via AEPSigner (default: LocalEd25519Signer; KMS adapter slot reserved). v0.1 records are still parsed for backward compatibility but no longer produced.
New optional fields may be added without a version bump. Breaking changes require aep/v0.3 and a migration script.
The literal schema tag. New emitters always write "aep/v0.2".
run_id
string
yes
Unique identifier for this agent run
created_at_ms
number
yes
Unix epoch ms when the record was built
trace_id
string
no
OpenTelemetry-compatible trace ID for cross-signal correlation
parent_trace_id
string | null
no
Parent trace ID for nested/multi-agent runs
repo_commit
string
no
Git commit SHA of the running code
runtime_version
string
no
@wasmagent/core version string
model_provider
string
no
e.g. "anthropic", "openai"
model_id
string
no
e.g. "claude-sonnet-4-6"
policy_bundle_digest
string
no
sha256 hex of the PolicyBundle applied
tool_manifest_digest
string
no
sha256 hex of the MCP tool manifest used
mcp_server_card_digest
string | null
no
sha256 hex of the ServerCard
input_refs
InputRef[]
no
Digested references to run inputs
output_refs
OutputRef[]
no
Digested references to run outputs
capability_decisions
CapabilityDecision[]
no
Policy decisions made during the run
actions
ActionEvidence[]
no
Evidence for each tool call
verifier_results
VerifierResult[]
no
Per-verifier pass/fail + score
budget_ledger
BudgetLedger
no
Budget consumption for tokens, latency, tools, risk, retries, human approvals
signature
{ alg: "ed25519", key_id, sig }
yes (v0.2)
Ed25519 cryptographic signature over the canonical bytes of the record. Required by AEPRecordSchema in aep/v0.2; verification via verifyAEPRecord(record, publicKey).