diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index f6b1685..82151a7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -6,6 +6,8 @@ on: paths: - "docs/**" - "spec/**" + - "overrides/**" + - "robots.txt" - "mkdocs.yml" - "requirements-docs.txt" - "README.md" @@ -58,7 +60,7 @@ jobs: if [ -d spec ]; then cp -r spec $BUILD/spec; fi if [ -d examples ]; then cp -r examples $BUILD/examples; fi - for fname in README.md CHANGELOG.md CONTRIBUTING.md GOVERNANCE.md ROADMAP.md LIMITATIONS.md CNAME; do + for fname in README.md CHANGELOG.md CONTRIBUTING.md GOVERNANCE.md ROADMAP.md LIMITATIONS.md CNAME robots.txt; do if [ -f "$fname" ]; then cp "$fname" "$BUILD/$fname"; fi done diff --git a/docs/assets/og.png b/docs/assets/og.png new file mode 100644 index 0000000..6ecc6cb Binary files /dev/null and b/docs/assets/og.png differ diff --git a/docs/index.md b/docs/index.md index d2ea72f..4d4a1bc 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,9 +1,16 @@ +--- +description: TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for signed, hardware-attested AI agent governance records that any third party can verify without trusting the operator. +--- + # TRACE **Trust Runtime Attestation and Compliance Evidence** — an open specification for hardware-attested AI agent governance records. TRACE defines the format, anchoring protocol, and verification rules for cryptographically provable evidence that an AI agent ran under a specific policy, in a verified hardware environment, on classified data, invoking identified tools — bound into a single signed artifact rooted in silicon attestation. +!!! tip "TL;DR" + TRACE is an open standard for signed, hardware-attested records that prove how an AI agent actually ran: which model, in which verified hardware environment, under which policy, on what data class, and which tools it called. Anyone can verify a Trust Record without trusting the operator. Install the Python library with `pip install agentrust-trace`. + ---
@@ -71,3 +78,86 @@ record.verify(verifying_key) # raises on invalid ``` [Full API reference →](schema.md) · [Changelog →](../CHANGELOG.md) · [GitHub →](https://github.com/agentrust-io/trace-spec){ target=_blank } + +## Frequently asked questions + +### What is TRACE? + +TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools. + +### What does a TRACE Trust Record prove? + +A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger. + +### What standards is TRACE built on? + +TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability. + +### How do I create and verify a Trust Record? + +Install the Python library with `pip install agentrust-trace`, sign a record with `TrustRecord.sign(claims, signing_key)`, anchor it to a SCITT ledger with `record.anchor()`, and check it with `record.verify(verifying_key)`. + +### How does TRACE relate to AGT and cMCP? + +TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details. + +### What is the current status of TRACE? + +The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production. + + diff --git a/docs/quickstart.md b/docs/quickstart.md index 4d732e4..759a6b0 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -1,3 +1,7 @@ +--- +description: Install agentrust-trace and sign, anchor, and verify your first TRACE Trust Record in about five minutes. +--- + # Quickstart Get your first TRACE Trust Record in five minutes. diff --git a/docs/trust-levels.md b/docs/trust-levels.md index 43e8f98..7279a95 100644 --- a/docs/trust-levels.md +++ b/docs/trust-levels.md @@ -1,3 +1,7 @@ +--- +description: TRACE defines three trust levels, each adding a stronger guarantee about the origin and integrity of a trust record, from software signing to hardware attestation. +--- + # Trust Levels TRACE defines three trust levels. Each level adds a stronger guarantee about the origin and integrity of the trust record. Higher levels require additional infrastructure but enable stronger relying-party policies. diff --git a/mkdocs.yml b/mkdocs.yml index 412d75f..3356527 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -9,6 +9,7 @@ copyright: "© 2026 OPAQUE Systems — CC BY 4.0" exclude_docs: | .github/ + overrides/ node_modules/ src/ tests/ @@ -25,6 +26,7 @@ exclude_docs: | theme: name: material + custom_dir: overrides font: false logo: docs/assets/icon.svg favicon: docs/assets/icon.svg @@ -67,6 +69,33 @@ theme: plugins: - search: lang: en + - llmstxt: + full_output: llms-full.txt + markdown_description: >- + TRACE (Trust Runtime Attestation and Compliance Evidence) is an open + specification for hardware-attested AI agent governance records. A TRACE + Trust Record binds what model ran, in which verified hardware + environment, under which policy, on what data class, and which tools were + invoked into a single signed artifact rooted in silicon attestation, then + anchors it to a SCITT transparency ledger so a third party can verify it + without trusting the operator. It builds on RFC 9711 (CWT/EAT), RFC 9334 + (RATS), and SCITT, and ships a Python library, agentrust-trace, with a + conformance suite. + sections: + Getting started: + - docs/index.md + - docs/quickstart.md + - docs/trust-levels.md + - docs/verification.md + - docs/glossary.md + Specification: + - spec/trace-v0.1.md + - docs/schema.md + Integration: + - docs/integration/agt.md + - docs/integration/cmcp.md + Platforms: + - docs/platforms/index.md - minify: minify_html: true - mkdocstrings: diff --git a/overrides/main.html b/overrides/main.html new file mode 100644 index 0000000..43350d2 --- /dev/null +++ b/overrides/main.html @@ -0,0 +1,68 @@ +{% extends "base.html" %} + +{# + SEO and AEO head additions for the TRACE docs. + Adds OpenGraph and Twitter card meta plus JSON-LD structured data + (Organization, WebSite, SoftwareApplication) so search engines and + AI answer engines can describe and cite the specification accurately. + Material already emits the canonical link when site_url is set, so it + is not repeated here. +#} +{% block extrahead %} + {{ super() }} + + {% set page_title = page.title ~ " - " ~ config.site_name if page and page.title and not page.is_homepage else config.site_name %} + {% set page_desc = page.meta.description if page and page.meta and page.meta.description else config.site_description %} + {% set page_url = page.canonical_url if page and page.canonical_url else config.site_url %} + + + + + + + + + + + + + + + + +{% endblock %} diff --git a/requirements-docs.txt b/requirements-docs.txt index aaf040c..634b63b 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -1,6 +1,7 @@ mkdocs>=1.6 mkdocs-material>=9.5 mkdocs-minify-plugin>=0.8 +mkdocs-llmstxt>=0.5 pymdown-extensions>=10.7 mkdocstrings[python]>=0.25 griffe>=0.47 diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..5aefab6 --- /dev/null +++ b/robots.txt @@ -0,0 +1,35 @@ +# TRACE specification docs (https://trace.agentrust-io.com) +# Search engines and AI answer engines are welcome to crawl and cite these docs. + +User-agent: * +Allow: / + +# Explicitly welcome major AI and answer-engine crawlers. +User-agent: GPTBot +Allow: / + +User-agent: OAI-SearchBot +Allow: / + +User-agent: ChatGPT-User +Allow: / + +User-agent: ClaudeBot +Allow: / + +User-agent: Claude-Web +Allow: / + +User-agent: anthropic-ai +Allow: / + +User-agent: PerplexityBot +Allow: / + +User-agent: Google-Extended +Allow: / + +User-agent: CCBot +Allow: / + +Sitemap: https://trace.agentrust-io.com/sitemap.xml