Skip to content

Proposal: TRACE-v0.2 runtime governance attestation type + governed-agent registry federation #7

Description

@imran-siddique

Context

The ARD spec's trustManifest.attestations array is designed for extensible attestation types. The current examples cover compliance certifications (SOC2-Type2, HIPAA-Audit) and identity proofs (SPIFFE-X509). This issue proposes adding runtime governance attestations as a recognized category, with TRACE-v0.2 as the first defined type.

The gap

Compliance certifications prove what an organization claims about its practices. Runtime governance attestations prove what an agent actually did during execution — the session evidence, not the audit. These are complementary, not competing.

Today there is no recognized attestation type in ARD that captures:

  • Which Cedar/OPA policy was in force (and its exact hash)
  • Whether the agent ran inside a verifiable hardware environment (TEE measurement)
  • A signed tool-call transcript that an auditor can verify offline
  • A SCITT-anchored record for append-only audit history

TRACE-v0.2 covers all of these.

TRACE overview

TRACE (Trust Runtime Attestation and Compliance Evidence) is an open EAT-profile (RFC 9711) standard for AI agent governance records.

Proposed changes (see PR #6)

  1. §5.2 — add TRACE-v0.2 to the attestation type field description
  2. §5.2.1 Runtime Governance Attestations (new section) — TRACE-v0.2 spec, example entry, discovery filter
  3. examples/agentrust-io-catalog.json — reference ai-catalog.json for a governed-agent registry

agentrust.io as a governed-agent federated registry

Beyond the spec change, we're proposing that agentrust.io operate as a specialized ARD federated registry indexed under:

urn:ai:agentrust.io:registry:governed-agents

This registry returns only TRACE-attested, policy-governed agents. ARD registries can route queries with trustManifest.attestations.type: ["TRACE-v0.2"] to agentrust.io via federation referrals, without embedding trust logic in the originating registry.

Connection to ARDS authors

R.V.Guha (co-author) and the AGT team both have Microsoft ties. Happy to discuss through any channel — this is a genuine architectural complement, not a competing proposal.

Feedback welcome

  • Should runtime governance attestations be a separate subsection from compliance certifications? Or a note inline?
  • Is there a preferred way to register new attestation types formally?
  • Interested in agentrust.io contributing a reference ARD registry implementation?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions