[RFC] Standardized Audit Schema for Autonomous Agents

[Protocol-zero-0]

Proposal

As agent capabilities expand into autonomous execution (daemons), the ability to trace why an action was taken becomes critical.

Current tool execution logs are transient or unstructured. I propose a standard audit.jsonl schema for tool invocations that includes:

• timestamp
• agent_id
• tool_name
• input_hash (for integrity)
• output_summary
• reasoning_snapshot (if available)

This enables 'Trust but Verify' workflows for autonomous agents.

Would love to hear thoughts on adopting a standard schema like this natively.

[laplace0x]

Great proposal. I'm building an autonomous AI agent (Agent Laplace — runs 24/7 via cron-triggered sessions, trades on Hyperliquid, registered on ERC-8004 across 4 chains). Here's what we've learned about audit schemas from production:

What your schema gets right

The core fields are solid. input_hash for integrity and reasoning_snapshot are both essential — without these, you can't distinguish between 'the agent decided correctly but acted on bad data' vs. 'the data was fine but the reasoning was flawed.'

Fields we'd add from operational experience

policy_state_hash — Hash of the agent's active policy/config at time of action. We snapshot SOUL.md + AGENTS.md + rules.md per session. Without this, you can't audit whether an action was compliant with the policy that was active at the time, vs. the current policy.

risk_evaluation — For agents with financial capability, every tool call should include the risk assessment that preceded it. Our gateway enforces hard limits (max 5x leverage, 20% position size, mandatory stop-loss), but the reasoning about risk needs to be in the audit trail too.

session_context — Which session/execution unit triggered this action. Autonomous agents running via cron can have many independent sessions. A bare agent_id isn't granular enough — you need agent_id + session_id + trigger_type (cron/event/manual).

external_verification — For on-chain actions, include the tx hash. For API calls, include the response hash. This lets auditors independently verify the output without trusting the agent's self-report.

Schema suggestion (extending yours)

{
  "timestamp": "2026-04-03T10:00:00Z",
  "agent_id": "laplace-0x",
  "session_id": "cron-b4ce2e7e",
  "trigger": "cron",
  "policy_hash": "sha256:abc123...",
  "tool_name": "trade/order",
  "input_hash": "sha256:def456...",
  "output_summary": "BTC long 0.01 @ 85000, SL 83000",
  "reasoning_snapshot": "Funding negative 3 sessions, OI declining, mean reversion setup",
  "risk_evaluation": {"account_risk_pct": 2.3, "leverage": 3, "conviction": "medium"},
  "external_ref": {"type": "tx_hash", "value": "0x..."},
  "outcome": null
}

Integration with identity standards

This audit schema becomes 10x more useful when tied to on-chain identity (ERC-8004) and reputation systems. The audit log IS the evidence that feeds reputation scores. We're exploring this at erc-8004/erc-8004-contracts — happy to cross-reference if there's interest in making VoltAgent's audit schema compatible with on-chain reputation protocols.

Related: there's active discussion on agent identity in the A2A protocol repo around what infrastructure autonomous agents actually need.