Technical specification

Attestation Envelope for agent governance

A global, domain-agnostic format for recording pre-execution policy decisions and post-execution outcomes in a signed, tamper-evident envelope—so enterprises can prove what agents were allowed to do and what they actually did.

View specification on GitHub Implementation guide

Built for platform engineering, security, GRC, and audit teams implementing governed AI operations.

Schema · JSON Schema draft-07 Current release · 1.0.0 Payload spec_id · aurelianaegis.envelope.v1 License · Apache 2.0

Canonical schema ID: https://aurelianaegis.io/schema/attestation-envelope.json

Open spec Cryptographically verifiable Enterprise audit-ready Cross-platform interoperable

Why this matters

Move from policy intent to verifiable runtime evidence. The envelope model records authorization and execution outcomes as signed, machine-parseable records that fit existing enterprise controls.

Prove pre-authorization

Record an admissibility_token before execution with policy decision, validity window, and PEP signer requirements.

Prove runtime outcome

Record an execution_receipt with final status, structured blocking reason, and linkage to the originating admissibility event.

Prove tamper evidence

Verify signatures over RFC 8785 canonical payloads and optionally enforce append-only chain integrity with sequence_number and previous_event_hash.

Artifact model

The current specification defines two primary artifact types. Pick the path that matches your enforcement architecture; production systems typically emit both a token and a receipt per governed action.

Pre-execution

Admissibility token

PEP · policy decision

Role: Authorize a specific capability call before it runs.
Signer: enforcement (PEP) required.
Pairing: Execution receipts reference admissibility_event_id.
Validity: valid_from / valid_until + nonce.

Post-execution

Execution receipt

Outcome · chain · audit

Role: Record what executed, final status, and enforcement metadata.
Signer: enforcement, control_plane, or detection (e.g. shadow AI).
Outcome: Structured blocking_reason for deny/escalate paths.
Chain: Optional sequence_number + previous_event_hash.

Implement the artifact pair

Use both token and receipt for end-to-end governance evidence in production pipelines.

Integration quickstart View example payloads

Adoption path

A practical path from schema-first validation to production ingestion in enterprise governance pipelines.

Validate schema

Use schema validation to catch malformed payloads and enforce required fields before ingestion.

Schema reference

Verify signatures

Apply RFC 8785 signing and verifier rules from the normative signing specification.

Signing protocol

Emit token + receipt

Produce admissibility and execution artifacts as a paired governance evidence stream.

Example payloads

Ingest in SIEM / GRC

Route attestation events to operations, compliance, and observability workflows.

Integration guide

Start with the implementation guide

Choose the path matching your stack: schema-only validator, full verifier, gateway enforcement, or no-code controls.

Implementation guide Conformance model

Conformance & interoperability evidence

Validate implementation quality using repository checks, conformance classes, and cryptographic interoperability vectors.

Schema + constraints

Run the baseline schema and constraint checks for current and release snapshots.

Validation commands

Signature vectors

Use Ed25519 and ECDSA vectors to verify canonicalization and signature behavior.

Interoperability vectors

Conformance classes

Align product claims to C1 signer, C2 verifier, and C3 schema-only validator behavior.

Conformance definition

Chain integrity

Apply deletion and reordering detection for high-assurance audit evidence streams.

Chain protocol

Specification & resources

The normative artifacts, examples, and test vectors live in the open-source repository. This site is an overview; GitHub remains the source of truth for the schema and protocol text.

Browse repository on GitHub

JSON Schema

Machine-readable schema for validation, codegen, and CI gates (spec_id aurelianaegis.envelope.v1).

View schema file

Examples

Admissibility token, execution receipt, multi-agent, and shadow-AI fixtures.

Open examples folder

Interoperability vectors

Signed canonicalization fixtures (Ed25519, ECDSA P-256 / P-384).

View test vectors

Normative docs

Signing, chain integrity, integration, vocabulary, and regulatory mapping.

Repository README

Guides

Consolidated specification, pipeline integration, and operational enforcement patterns—all on GitHub.

Specification

Consolidated spec: normative references (schema, signing, chain), conformance classes, and annex index.

Read SPECIFICATION.md

Integration

SIEM, GRC, observability, transport, and replay considerations for production pipelines.

Read INTEGRATION.md

Implementation guide

Role-based implementation tracks for developers, verifiers, and platform security teams.

Read IMPLEMENTATION-GUIDE.md

Agent platforms

Universal PEP pattern for LangGraph, CrewAI, AutoGen, Semantic Kernel, Strands/AgentCore, MCP, and related runtimes.

Universal enforcement guide

No-code / low-code

Central PEP, n8n, gateways, managed agents, shadow detection, and rollout patterns for low-code stacks.

No-code / low-code guide

Deep links

Start consuming today

Clone the repo, run validators, and wire receipts into SIEM, GRC, and observability workflows.

Open repository Browse all docs

Ready to implement?

Start from the README and validation scripts in the repo, then wire your enforcement layer to emit admissibility tokens and execution receipts into your existing SIEM and GRC pipelines.

Open the GitHub project