Skip to content

feat(trust): add TRACE-v0.2 runtime governance attestation type#6

Closed
imran-siddique wants to merge 6 commits into
ards-project:mainfrom
imran-siddique:feat/trace-governance-attestation
Closed

feat(trust): add TRACE-v0.2 runtime governance attestation type#6
imran-siddique wants to merge 6 commits into
ards-project:mainfrom
imran-siddique:feat/trace-governance-attestation

Conversation

@imran-siddique

@imran-siddique imran-siddique commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

Summary

This PR adds TRACE-v0.2 (Trust Runtime Attestation and Compliance Evidence) as a runtime governance attestation type in the ARD spec, alongside the existing compliance types (SOC2-Type2, HIPAA-Audit, SPIFFE-X509).

What TRACE is

TRACE is an open EAT-profile (RFC 9711) standard that produces a cryptographically signed record proving an AI agent ran under a specific policy, in a verified hardware environment (TEE: AMD SEV-SNP, Intel TDX, NVIDIA H100 CC), with an auditable tool-call transcript — all in one independently verifiable artifact anchored to silicon attestation.

Changes

  1. §5.2 Attestation ObjectTRACE-v0.2 added to the type field examples alongside SOC2-Type2 and HIPAA-Audit.

  2. §5.2.1 Runtime Governance Attestations (new section) — explains the distinction between compliance certifications and runtime governance attestations, with:

    • A complete TRACE-attested catalog entry example
    • A discovery filter showing trustManifest.attestations.type: ["TRACE-v0.2"]
    • Guidance on what the uri and digest fields point to for a TRACE record
    • Link to the live spec docs

  3. examples/agentrust-io-catalog.json — reference ai-catalog.json showing agentrust.io as a governed-agent federated ARD registry. Includes cMCP, Agent Manifest SDK, and TRACE Registry entries, each with SPIFFE-X509 + TRACE-v0.2 attestations.

Why it matters for ARDS

The trustManifest already handles what an agent claims about itself (SOC2, HIPAA). TRACE fills the gap for what an agent provably did at runtime — the session evidence, not the certification. These are complementary: a registry can expose both SOC2-Type2 (annual audit) and TRACE-v0.2 (per-session hardware proof) on the same entry.

The trustManifest.attestations.type filter is already designed to support this — ["TRACE-v0.2"] works today without any spec changes to the query model.

Alignment notes

  • TRACE subject field accepts both spiffe:// and did: URIs, matching the trustManifest.identity field
  • agentrust.io registers as urn:ai:agentrust.io:registry:governed-agents — a specialized federated registry returning only TRACE-attested entries
  • The TRACE spec targets AAIF / Linux Foundation for long-term stewardship

Happy to iterate on the section placement, wording, or scope. The goal is minimal: one new attestation type in the table, one new section in §5, one reference example.

🤖 Generated with Claude Code

@imran-siddique @claude
feat(trust): add TRACE-v0.2 runtime governance attestation type
d60a4df 
- Add TRACE-v0.2 to the attestation type field description in §5.2
- Add §5.2.1 Runtime Governance Attestations with TRACE spec, example
  entry, and discovery filter showing trustManifest.attestations.type
  filtering for hardware-verifiable governed agents
- Add examples/agentrust-io-catalog.json: reference ai-catalog.json
  showing agentrust.io as a governed-agent federated registry with
  cMCP, Agent Manifest, and TRACE Registry entries, each carrying
  TRACE-v0.2 and SPIFFE-X509 attestations

TRACE (Trust Runtime Attestation and Compliance Evidence) is an open
EAT-profile (RFC 9711) standard for AI agent governance records. Spec:
https://agentrust.io/trace — developed with AGT (microsoft/agent-
governance-toolkit, 4200+ stars) and launching at Confidential
Computing Summit June 23 2026.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This was referenced Jun 17, 2026
Merged
Open
imran-siddique added a commit to agentrust-io/examples that referenced this pull request Jun 17, 2026
@imran-siddique @claude
feat(ards): governed-agent federation example with TRACE-v0.2 (#30)
b525e4f 
Adds examples/ards/ showing how agentrust.io participates in the
Agentic Resource Discovery Specification (ARDS v0.9) as a specialized
governed-agent federated registry.

- ai-catalog.json: agentrust.io /.well-known/ai-catalog.json with
  cMCP, Agent Manifest SDK, and TRACE Registry entries, each carrying
  SPIFFE-X509 + TRACE-v0.2 attestations, plus the registry entry for
  ARD federation routing
- README.md: explains the TRACE-v0.2 attestation integration point,
  discovery filter pattern, and how registry federation works

Companion to ards-project/ard-spec#6 which adds TRACE-v0.2 as a
standard attestation type in the spec.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
imran-siddique and others added 2 commits June 17, 2026 15:39
@imran-siddique @claude
fix(trace): restore JSON examples + point spec link to live docs site
99519e0 
- Restore two JSON code blocks (catalog entry + filter example) that
  were dropped in the initial commit due to bash heredoc expansion
- Update spec link from https://agentrust.io/trace (not yet live) to
  https://agentrust-io.github.io/trace-spec/ (live now)
- Fix em-dash corruption in opening sentence

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mindpower
Merge branch 'main' into feat/trace-governance-attestation
cfd6ecd
@mindpower

mindpower commented Jun 20, 2026

Copy link
Copy Markdown
Collaborator

@imran-siddique Thanks for adding TRACE-v0.2 runtime governance attestation type and example! Could you please move your example file(s) into the conformance/examples/ directory? We recently added a GitHub Action that automatically validates all examples in that folder against the strict schema to ensure they are fully spec-compliant.

@mindpower

mindpower commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Please also update the agent resource identifier schema format from urn:ai to urn:air. (Related change: 8fff974). Thanks!

imran-siddique and others added 2 commits June 19, 2026 21:41
@imran-siddique
Merge branch 'main' into feat/trace-governance-attestation
e2e2cf7
@imran-siddique
fix: move example to conformance/examples and rename urn:ai to urn:air
3a26387 
Addresses mindpower's two review comments on PR ards-project#6:
- Move examples/agentrust-io-catalog.json to conformance/examples/ per spec layout
- Replace urn:ai: with urn:air: in all identifier fields (4 entries in catalog + spec example on line 390)

The urn:air NID satisfies RFC 8141 minimum 3-character requirement.

Signed-off-by: Imran Siddique <imran.siddique@opaque.co>
@imran-siddique

imran-siddique commented Jun 20, 2026

Copy link
Copy Markdown
Author

Done -- moved to conformance/examples/agentrust-io-catalog.json in commit 3a26387.

@imran-siddique

imran-siddique commented Jun 20, 2026

Copy link
Copy Markdown
Author

Done -- all urn:ai: identifiers updated to urn:air: in both the catalog JSON and the spec example block, commit 3a26387.

@rvguha

rvguha commented Jun 20, 2026 via email

Copy link
Copy Markdown
Contributor

@imran-siddique
fix(conformance): drop \$comment, add required mediaType to all attes…
bc2668d 
…tations

Schema validation (additionalProperties:false) rejects $comment at root.
Each attestation object requires type, uri, and mediaType per ai-catalog.schema.json.

Signed-off-by: Imran Siddique <imran.siddique@opaque.co>
rvguha
rvguha requested changes Jun 20, 2026
View reviewed changes

@rvguha rvguha left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes to the spec should be discussed in the issues first. This is a substantial change to the spec which cannot be accepted without requisite discussion.

@rvguha

rvguha commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Thanks for the detailed proposal. We're going to keep the core spec's attestation.type field open-ended rather than enumerate specific named schemes, so we'd prefer not to bless TRACE-v0.2 (or any single vendor/standard) directly in §5.2. The field already accommodates it as a value without normative spec changes. Closing for now — happy to revisit if there's broader ecosystem adoption.

@rvguha rvguha closed this Jun 20, 2026
@imran-siddique

imran-siddique commented Jun 20, 2026

Copy link
Copy Markdown
Author

@rvguha -- fair point, and noted. I've opened issue #7 to carry the spec-level discussion before anything lands: #7

The PR itself is now narrowed to: (1) the conformance example in conformance/examples/ with valid TRACE-v0.2 attestation entries, and (2) a single inline example block in spec/ard.md showing what the new attestation type looks like in practice. The question of whether TRACE-v0.2 gets a formal subsection (§5.2.1) or just a note is left to the issue discussion.

Happy to hold the PR open until there's consensus on #7, or to split off the spec/ard.md change into a follow-on PR that depends on that discussion. Let me know which you'd prefer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rvguha rvguha rvguha requested changes
@mindpower mindpower Awaiting requested review from mindpower mindpower is a code owner
@evalstate evalstate Awaiting requested review from evalstate evalstate is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@imran-siddique @mindpower @rvguha