Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ on:
paths:
- "docs/**"
- "spec/**"
- "overrides/**"
- "robots.txt"
- "mkdocs.yml"
- "requirements-docs.txt"
- "README.md"
Expand Down Expand Up @@ -58,7 +60,7 @@ jobs:
if [ -d spec ]; then cp -r spec $BUILD/spec; fi
if [ -d examples ]; then cp -r examples $BUILD/examples; fi

for fname in README.md CHANGELOG.md CONTRIBUTING.md GOVERNANCE.md ROADMAP.md LIMITATIONS.md CNAME; do
for fname in README.md CHANGELOG.md CONTRIBUTING.md GOVERNANCE.md ROADMAP.md LIMITATIONS.md CNAME robots.txt; do
if [ -f "$fname" ]; then cp "$fname" "$BUILD/$fname"; fi
done

Expand Down
Binary file added docs/assets/og.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
90 changes: 90 additions & 0 deletions docs/index.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
---
description: TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for signed, hardware-attested AI agent governance records that any third party can verify without trusting the operator.
---

# TRACE

**Trust Runtime Attestation and Compliance Evidence** — an open specification for hardware-attested AI agent governance records.

TRACE defines the format, anchoring protocol, and verification rules for cryptographically provable evidence that an AI agent ran under a specific policy, in a verified hardware environment, on classified data, invoking identified tools — bound into a single signed artifact rooted in silicon attestation.

!!! tip "TL;DR"
TRACE is an open standard for signed, hardware-attested records that prove how an AI agent actually ran: which model, in which verified hardware environment, under which policy, on what data class, and which tools it called. Anyone can verify a Trust Record without trusting the operator. Install the Python library with `pip install agentrust-trace`.

---

<div class="grid cards" markdown>
Expand Down Expand Up @@ -71,3 +78,86 @@ record.verify(verifying_key) # raises on invalid
```

[Full API reference →](schema.md) · [Changelog →](../CHANGELOG.md) · [GitHub →](https://github.com/agentrust-io/trace-spec){ target=_blank }

## Frequently asked questions

### What is TRACE?

TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools.

### What does a TRACE Trust Record prove?

A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger.

### What standards is TRACE built on?

TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability.

### How do I create and verify a Trust Record?

Install the Python library with `pip install agentrust-trace`, sign a record with `TrustRecord.sign(claims, signing_key)`, anchor it to a SCITT ledger with `record.anchor()`, and check it with `record.verify(verifying_key)`.

### How does TRACE relate to AGT and cMCP?

TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details.

### What is the current status of TRACE?

The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production.

<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [
{
"@type": "Question",
"name": "What is TRACE?",
"acceptedAnswer": {
"@type": "Answer",
"text": "TRACE (Trust Runtime Attestation and Compliance Evidence) is an open specification for hardware-attested AI agent governance records. It defines the record format, the anchoring protocol, and the verification rules for cryptographic evidence that an AI agent ran under a specific policy, in a verified hardware environment, on a given data class, invoking identified tools."
}
},
{
"@type": "Question",
"name": "What does a TRACE Trust Record prove?",
"acceptedAnswer": {
"@type": "Answer",
"text": "A single signed Trust Record answers, in a form any third party can verify without trusting the operator: what model ran, where it ran, under which policy, what data class it touched, which tools were called, and whether the record is independently anchored to a SCITT transparency ledger."
}
},
{
"@type": "Question",
"name": "What standards is TRACE built on?",
"acceptedAnswer": {
"@type": "Answer",
"text": "TRACE builds on open IETF and IRTF standards: RFC 9711 (CBOR Web Token / EAT) for the claim envelope, RFC 9334 (RATS) for the attester, verifier, and relying-party roles, and the SCITT draft for transparency-ledger anchoring. It is designed for CoSAI WS4 interoperability."
}
},
{
"@type": "Question",
"name": "How do I create and verify a Trust Record?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Install the Python library with pip install agentrust-trace, sign a record with TrustRecord.sign(claims, signing_key), anchor it to a SCITT ledger with record.anchor(), and check it with record.verify(verifying_key)."
}
},
{
"@type": "Question",
"name": "How does TRACE relate to AGT and cMCP?",
"acceptedAnswer": {
"@type": "Answer",
"text": "TRACE is the evidence format. AGT and cMCP produce and consume Trust Records, so you can connect them into an end-to-end agent governance pipeline. See the integration guides for details."
}
},
{
"@type": "Question",
"name": "What is the current status of TRACE?",
"acceptedAnswer": {
"@type": "Answer",
"text": "The current specification is TRACE v0.1, published with a conformance test suite. See the Limitations page for scope boundaries before relying on it in production."
}
}
]
}
</script>
4 changes: 4 additions & 0 deletions docs/quickstart.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
---
description: Install agentrust-trace and sign, anchor, and verify your first TRACE Trust Record in about five minutes.
---

# Quickstart

Get your first TRACE Trust Record in five minutes.
Expand Down
4 changes: 4 additions & 0 deletions docs/trust-levels.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
---
description: TRACE defines three trust levels, each adding a stronger guarantee about the origin and integrity of a trust record, from software signing to hardware attestation.
---

# Trust Levels

TRACE defines three trust levels. Each level adds a stronger guarantee about the origin and integrity of the trust record. Higher levels require additional infrastructure but enable stronger relying-party policies.
Expand Down
29 changes: 29 additions & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ copyright: "© 2026 OPAQUE Systems — CC BY 4.0"

exclude_docs: |
.github/
overrides/
node_modules/
src/
tests/
Expand All @@ -25,6 +26,7 @@ exclude_docs: |

theme:
name: material
custom_dir: overrides
font: false
logo: docs/assets/icon.svg
favicon: docs/assets/icon.svg
Expand Down Expand Up @@ -67,6 +69,33 @@ theme:
plugins:
- search:
lang: en
- llmstxt:
full_output: llms-full.txt
markdown_description: >-
TRACE (Trust Runtime Attestation and Compliance Evidence) is an open
specification for hardware-attested AI agent governance records. A TRACE
Trust Record binds what model ran, in which verified hardware
environment, under which policy, on what data class, and which tools were
invoked into a single signed artifact rooted in silicon attestation, then
anchors it to a SCITT transparency ledger so a third party can verify it
without trusting the operator. It builds on RFC 9711 (CWT/EAT), RFC 9334
(RATS), and SCITT, and ships a Python library, agentrust-trace, with a
conformance suite.
sections:
Getting started:
- docs/index.md
- docs/quickstart.md
- docs/trust-levels.md
- docs/verification.md
- docs/glossary.md
Specification:
- spec/trace-v0.1.md
- docs/schema.md
Integration:
- docs/integration/agt.md
- docs/integration/cmcp.md
Platforms:
- docs/platforms/index.md
- minify:
minify_html: true
- mkdocstrings:
Expand Down
68 changes: 68 additions & 0 deletions overrides/main.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{% extends "base.html" %}

{#
SEO and AEO head additions for the TRACE docs.
Adds OpenGraph and Twitter card meta plus JSON-LD structured data
(Organization, WebSite, SoftwareApplication) so search engines and
AI answer engines can describe and cite the specification accurately.
Material already emits the canonical link when site_url is set, so it
is not repeated here.
#}
{% block extrahead %}
{{ super() }}

{% set page_title = page.title ~ " - " ~ config.site_name if page and page.title and not page.is_homepage else config.site_name %}
{% set page_desc = page.meta.description if page and page.meta and page.meta.description else config.site_description %}
{% set page_url = page.canonical_url if page and page.canonical_url else config.site_url %}

<meta property="og:type" content="website">
<meta property="og:site_name" content="{{ config.site_name }}">
<meta property="og:title" content="{{ page_title }}">
<meta property="og:description" content="{{ page_desc }}">
<meta property="og:url" content="{{ page_url }}">
<meta property="og:image" content="https://trace.agentrust-io.com/docs/assets/og.png">
<meta property="og:image:width" content="1200">
<meta property="og:image:height" content="630">
<meta property="og:image:alt" content="TRACE: an AgenTrust open standard">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:title" content="{{ page_title }}">
<meta name="twitter:description" content="{{ page_desc }}">
<meta name="twitter:image" content="https://trace.agentrust-io.com/docs/assets/og.png">

<script type="application/ld+json">
{
"@context": "https://schema.org",
"@graph": [
{
"@type": "Organization",
"@id": "https://agentrust-io.com/#organization",
"name": "AgenTrust",
"url": "https://agentrust-io.com",
"sameAs": [
"https://github.com/agentrust-io"
]
},
{
"@type": "WebSite",
"@id": "{{ config.site_url }}#website",
"url": "{{ config.site_url }}",
"name": "{{ config.site_name }}",
"description": "{{ config.site_description }}",
"publisher": { "@id": "https://agentrust-io.com/#organization" }
},
{
"@type": "SoftwareApplication",
"name": "TRACE",
"alternateName": "Trust Runtime Attestation and Compliance Evidence",
"applicationCategory": "DeveloperApplication",
"operatingSystem": "Cross-platform",
"url": "{{ config.site_url }}",
"downloadUrl": "https://pypi.org/project/agentrust-trace/",
"codeRepository": "https://github.com/agentrust-io/trace-spec",
"description": "{{ config.site_description }}",
"offers": { "@type": "Offer", "price": "0", "priceCurrency": "USD" }
}
]
}
</script>
{% endblock %}
1 change: 1 addition & 0 deletions requirements-docs.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
mkdocs>=1.6
mkdocs-material>=9.5
mkdocs-minify-plugin>=0.8
mkdocs-llmstxt>=0.5
pymdown-extensions>=10.7
mkdocstrings[python]>=0.25
griffe>=0.47
35 changes: 35 additions & 0 deletions robots.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# TRACE specification docs (https://trace.agentrust-io.com)
# Search engines and AI answer engines are welcome to crawl and cite these docs.

User-agent: *
Allow: /

# Explicitly welcome major AI and answer-engine crawlers.
User-agent: GPTBot
Allow: /

User-agent: OAI-SearchBot
Allow: /

User-agent: ChatGPT-User
Allow: /

User-agent: ClaudeBot
Allow: /

User-agent: Claude-Web
Allow: /

User-agent: anthropic-ai
Allow: /

User-agent: PerplexityBot
Allow: /

User-agent: Google-Extended
Allow: /

User-agent: CCBot
Allow: /

Sitemap: https://trace.agentrust-io.com/sitemap.xml
Loading