Specification | Schema | Examples | Registry | Test Suite | Reference Impl
Developer Preview. Launching at Confidential Computing Summit, June 23 2026.
An open specification for hardware-attested AI agent governance records. TRACE defines the format, anchoring protocol, and verification rules for cryptographically provable evidence that an AI agent ran under a specific policy, in a verified hardware environment, on classified data, invoking identified tools — bound into a single signed artifact rooted in silicon attestation.
A TRACE Trust Record answers: what ran, where, under which policy, touching which data, calling which tools — in a form any third party can verify without trusting the operator.
pip install agentrust-tracefrom agentrust_trace import TrustRecord, sign_record
record = TrustRecord(
subject="spiffe://trust.example.org/agent/payments-processor",
model_id="claude-sonnet-4-6",
platform="amd-sev-snp",
policy_hash="sha256:b2c3d4...",
)
signed = sign_record(record, key=signing_key)| 📖 Full documentation | trace.agentrust-io.com |
| 📄 Specification | spec/trace-v0.1.md |
| 🔍 Schema | schema/trace-claim.json |
| 📦 PyPI | agentrust-trace |
| 🧪 Test suite | trace-tests |
| 🗂 Registry | trace-registry |
| 🔗 Reference implementation | cmcp |
| 💬 Discussions | GitHub Discussions |
| 📋 Changelog | CHANGELOG.md |
Targeting the Agentic AI Foundation (AAIF) at the Linux Foundation. Active standardization track in CoSAI WS4. Builds on RFC 9711 (EAT), RFC 9334 (RATS), and SCITT draft-22.
TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools.
A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger.
TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability.
Install the Python library with pip install agentrust-trace, sign a record with TrustRecord.sign(claims, signing_key), anchor it to a SCITT ledger with record.anchor(), and check it with record.verify(verifying_key).
TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details.
The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production.
<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is TRACE?", "acceptedAnswer": { "@type": "Answer", "text": "TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools." } }, { "@type": "Question", "name": "What does a TRACE Trust Record prove?", "acceptedAnswer": { "@type": "Answer", "text": "A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger." } }, { "@type": "Question", "name": "What standards is TRACE built on?", "acceptedAnswer": { "@type": "Answer", "text": "TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability." } }, { "@type": "Question", "name": "How do I create and verify a Trust Record?", "acceptedAnswer": { "@type": "Answer", "text": "Install the Python library with pip install agentrust-trace, sign a record with TrustRecord.sign(claims, signing_key), anchor it to a SCITT ledger with record.anchor(), and check it with record.verify(verifying_key)." } }, { "@type": "Question", "name": "How does TRACE relate to AGT and cMCP?", "acceptedAnswer": { "@type": "Answer", "text": "TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details." } }, { "@type": "Question", "name": "What is the current status of TRACE?", "acceptedAnswer": { "@type": "Answer", "text": "The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production." } } ] } </script>See CONTRIBUTING.md and GOVERNANCE.md. All contributors must agree to the ANTITRUST.md policy.