Skip to content

AEP Schema Contract (aep/v0.2)

The Agent Evidence Protocol (AEP) is the cross-repo evidence contract for the WasmAgent ecosystem. AEPRecord is emitted by @wasmagent/aep after every agent run and consumed by trace-pipeline (evomerge) for audit and training data export.


Schema version: aep/v0.2

Current shipped contract (2026-06-26). Adds a required Ed25519 signature field; emitter now always signs records via AEPSigner (default: LocalEd25519Signer; KMS adapter slot reserved). v0.1 records are still parsed for backward compatibility but no longer produced.

New optional fields may be added without a version bump. Breaking changes require aep/v0.3 and a migration script.


AEPRecord fields

FieldTypeRequiredDescription
schema_version"aep/v0.1" | "aep/v0.2"yesThe literal schema tag. New emitters always write "aep/v0.2".
run_idstringyesUnique identifier for this agent run
created_at_msnumberyesUnix epoch ms when the record was built
trace_idstringnoOpenTelemetry-compatible trace ID for cross-signal correlation
parent_trace_idstring | nullnoParent trace ID for nested/multi-agent runs
repo_commitstringnoGit commit SHA of the running code
runtime_versionstringno@wasmagent/core version string
model_providerstringnoe.g. "anthropic", "openai"
model_idstringnoe.g. "claude-sonnet-4-6"
policy_bundle_digeststringnosha256 hex of the PolicyBundle applied
tool_manifest_digeststringnosha256 hex of the MCP tool manifest used
mcp_server_card_digeststring | nullnosha256 hex of the ServerCard
input_refsInputRef[]noDigested references to run inputs
output_refsOutputRef[]noDigested references to run outputs
capability_decisionsCapabilityDecision[]noPolicy decisions made during the run
actionsActionEvidence[]noEvidence for each tool call
verifier_resultsVerifierResult[]noPer-verifier pass/fail + score
budget_ledgerBudgetLedgernoBudget consumption for tokens, latency, tools, risk, retries, human approvals
signature{ alg: "ed25519", key_id, sig }yes (v0.2)Ed25519 cryptographic signature over the canonical bytes of the record. Required by AEPRecordSchema in aep/v0.2; verification via verifyAEPRecord(record, publicKey).

ActionEvidence fields

FieldTypeRequiredDescription
action_idstringyesUnique ID for this action
tool_namestringyesName of the tool called
state_changingbooleanyesWhether this tool modifies external state
timestamp_msnumberyesUnix epoch ms when the action was taken
precondition_digeststringnosha256 of relevant state before the call
result_digeststringnosha256 of the tool's return value
evidence_refsstring[]noURIs to additional evidence artifacts
capability_decisionCapabilityDecisionnoThe policy decision for this specific call

CapabilityDecision fields

FieldTypeRequiredDescription
capabilitystringyesCapability name (typically tool name)
subjectstringyesWho is requesting (e.g. "agent")
resourcestringyesWhat is being accessed
decision"allow" | "deny" | "ask_user" | "dry_run"yesPolicy outcome
reason_codestringnoMachine-readable reason (e.g. "DENY_BLOCKED")

BudgetLedger fields

Each budget entry has { limit?: number, spent: number }.

FieldTypeDescription
token_budgetBudgetEntryLLM token consumption
latency_budget{ limit_ms?, actual_ms }Wall-clock latency
tool_budgetBudgetEntryNumber of tool calls
risk_budgetBudgetEntryRisk units consumed (e.g. high-risk actions)
retry_budgetBudgetEntryNumber of retries
human_approval_budgetBudgetEntryHuman-in-the-loop approvals requested

Compatibility policy

Change typeHandling
Add optional field to AEPRecord or ActionEvidenceAllowed without version bump
Add optional field to CapabilityDecision or BudgetLedgerAllowed without version bump
Add new required fieldRequires aep/v0.2 + migration script in evomerge
Remove any fieldRequires aep/v0.2 + deprecation period (min. 2 weeks)
Change enum valuesRequires aep/v0.2
Change field typeRequires aep/v0.2

Example AEPRecord

json
{
  "schema_version": "aep/v0.1",
  "run_id": "run-2026-06-26-001",
  "trace_id": "4bf92f3577b34da6a3ce929d0e0e4736",
  "model_provider": "anthropic",
  "model_id": "claude-sonnet-4-6",
  "policy_bundle_digest": "a3f4e2b1c9d8e7f6a5b4c3d2e1f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f2",
  "actions": [
    {
      "action_id": "act-001",
      "tool_name": "bash",
      "state_changing": false,
      "precondition_digest": "sha256-abc123",
      "result_digest": "sha256-def456",
      "evidence_refs": [],
      "capability_decision": {
        "capability": "bash",
        "subject": "agent",
        "resource": "bash",
        "decision": "allow"
      },
      "timestamp_ms": 1750950000000
    }
  ],
  "verifier_results": [
    {
      "verifier_id": "build-passes",
      "passed": true,
      "score": 1.0,
      "claim_ids": []
    }
  ],
  "budget_ledger": {
    "token_budget": { "limit": 10000, "spent": 3421 },
    "tool_budget": { "limit": 20, "spent": 4 }
  },
  "created_at_ms": 1750950001234
}

What consumes AEP records

ConsumerHow
evomerge validate-aepSchema validation + completeness gate (trace-pipeline)
evomerge exportConvert to SFT/DPO/PPO/router training data
evomerge audit-reportGenerate Markdown audit report
wasmagent evidence exportCLI export to JSON/HTML report
agent-evidence-gate GitHub ActionCI validation + evidence artifact upload

Released under the Apache-2.0 License.