APS-1 event envelope
Every ingested record is a versioned JSON object, canonicalized and signed with Ed25519 before POST. Field names below are required unless marked optional.
Core fields
| Field | Type | Required | Description |
|---|---|---|---|
schema_version | number | Yes | Always 1 for current APS draft |
event_id | string | Yes | Unique id, e.g. evt_… |
organization_id | uuid | Yes | Tenant scope |
trace_id | string | Yes | Groups related events in one workflow |
agent_id | string | Yes | Registered agent |
key_id | string | Yes | Signing key used |
emitted_at | ISO8601 | Yes | Agent clock at emission |
actor_type | enum | Yes | agent | human | system |
actor_principal | string | Yes | Service account or user label |
action_kind | enum | Yes | llm_invocation | policy_decision | tool_call | human_approval | result |
policy_decision | enum | Yes | allow | deny | allow_with_obligation | allow_retro_audit |
payload | object | Yes | Action-specific JSON — see Payload conventions |
tool_name | string | No | Stable tool id for policy matching |
parent_event_id | string | No | Links child steps in a trace |
policy_id | string | No | Set when policy engine attributed a rule |
sig_alg | string | Yes | ed25519 (after signing) |
sig_value_b64 | string | Yes | Base64 signature (after signing) |
action_kind usage
llm_invocation— model read/generate; putdata_touchedin payloadpolicy_decision— emitted by wrapFetch before tool executionresult— HTTP outcome after allowed tool callhuman_approval— console approval action
Minimal example (pre-signature)
json
{
"schema_version": 1,
"event_id": "evt_001",
"organization_id": "00000000-0000-0000-0000-000000000001",
"trace_id": "trc_001",
"agent_id": "agt_001",
"key_id": "key_001",
"emitted_at": "2026-05-21T12:00:00.000Z",
"actor_type": "agent",
"actor_principal": "worker-1",
"action_kind": "llm_invocation",
"policy_decision": "allow",
"tool_name": "openai.chat",
"payload": { "purpose": "summarize" }
}