Context
I would like to propose a focused design discussion for an Embodied AI Evidence Profile in cMCP/TRACE.
This builds on #301, where external_execution_evidence landed as an optional AuditEntry field for binding an independent issuer's signed assertion to a call. That first iteration established the right trust boundary: response_payload_hash remains "what the gateway forwarded", while external_execution_evidence is "what an independent authority attested".
The next question is whether cMCP/TRACE should define a small profile for embodied-agent workflows that composes that primitive with governance decision context, controller handoff metadata, and optional downstream receipts.
Why this matters
Embodied-agent workflows introduce a gap between:
- the governance decision that allows or denies a physical-action request,
- the tool or controller handoff that follows that decision, and
- any downstream receipt that claims what an external controller, monitor, or safety authority decided.
A governance layer can decide whether a physical-action request should be allowed, but it does not by itself prove what was sent to a controller, which policy/context was used, or how later receipts should be bound back to the original decision.
This proposal is intentionally scoped to evidence binding, not physical safety, hardware attestation, real-time control, or proof of physical completion.
Related work
The distinction I am trying to preserve is:
- AGT / governance layer: decides whether a physical-action request should proceed under policy.
- cMCP / TRACE evidence layer: binds the request, decision context, handoff, and optional external receipts into an auditable chain.
Possible profile shape
A first profile could define how an embodied action trace binds fields such as:
action_digestpolicy_versiongovernance_decisionapproval_contextcontroller_targethandoff_timestampexternal_execution_evidencereceipt_digestreceipt_typeevidence_limitations
The goal would be to define the minimum useful evidence shape for verification without implying that cMCP observed physical execution or certified safety behavior.
Open questions
- Should this be a standalone TRACE profile, or an extension/profile of the existing
external_execution_evidence field?
- What fields are minimally required for useful embodied-action verification?
- How should the profile represent missing, partial, stale, or untrusted downstream receipts?
- Should verifier behavior be specified here, or should this issue define only the evidence shape and leave verifier rules to a follow-up?
- Should controller/tool identity be linked through Agent Manifest identity binding when available?
- How should this profile avoid duplicating or overloading
response_payload_hash?
Non-goals
If maintainers think this direction fits the project, I am happy to draft a first profile sketch and keep it scoped to evidence semantics, verification boundaries, and compatibility with the existing audit model.
Context
I would like to propose a focused design discussion for an Embodied AI Evidence Profile in cMCP/TRACE.
This builds on #301, where
external_execution_evidencelanded as an optionalAuditEntryfield for binding an independent issuer's signed assertion to a call. That first iteration established the right trust boundary:response_payload_hashremains "what the gateway forwarded", whileexternal_execution_evidenceis "what an independent authority attested".The next question is whether cMCP/TRACE should define a small profile for embodied-agent workflows that composes that primitive with governance decision context, controller handoff metadata, and optional downstream receipts.
Why this matters
Embodied-agent workflows introduce a gap between:
A governance layer can decide whether a physical-action request should be allowed, but it does not by itself prove what was sent to a controller, which policy/context was used, or how later receipts should be bound back to the original decision.
This proposal is intentionally scoped to evidence binding, not physical safety, hardware attestation, real-time control, or proof of physical completion.
Related work
external_execution_evidencebinding primitive for independent controller evidence.The distinction I am trying to preserve is:
Possible profile shape
A first profile could define how an embodied action trace binds fields such as:
action_digestpolicy_versiongovernance_decisionapproval_contextcontroller_targethandoff_timestampexternal_execution_evidencereceipt_digestreceipt_typeevidence_limitationsThe goal would be to define the minimum useful evidence shape for verification without implying that cMCP observed physical execution or certified safety behavior.
Open questions
external_execution_evidencefield?response_payload_hash?Non-goals
If maintainers think this direction fits the project, I am happy to draft a first profile sketch and keep it scoped to evidence semantics, verification boundaries, and compatibility with the existing audit model.