proposal: EvidenceAnchor — pluggable external anchoring for agt-evidence.json

[giskard09]

Follows up on #2208 and the design direction outlined by @Ricky-G.

What this adds

A design proposal for backend-agnostic external anchoring of compliance evidence, structured exactly as requested in #2208:

• Goals / non-goals and threat model — explicit that anchoring proves non-modification after anchor time, not correctness at write time
• EvidenceAnchor plugin interface — Python ABC with anchor() and verify()
• Canonical action_ref derivation — fully specified encoding rules so two independent implementations produce byte-identical hashes
• agt-evidence.json schema changes — additive only, optional anchors array, no breaking changes
• CLI semantics — agt verify --anchor runnable by auditor with no AGT runtime state
• Three reference backends in priority order: filesystem/WORM, Sigstore Rekor, Mycelium Trails (plugin PR after core lands)
• Compliance mapping — EU AI Act Art. 12, SOC 2 CC7.x, ISO 27001 A.12.4, FCA SYSC 9.1, Basel III BCBS 239

Relationship to verifiable-compliance-receipts.md

Complementary. arian-gogani's proposal covers receipt signing. This proposal covers external anchoring — making the receipt survive the infrastructure that generated it. Both are needed.

Cross-system compatibility

action_ref canonicalization is compatible with azender1/SafeAgent RFC_EXECUTION_GUARD.md and the joint interface spec at giskard09/argentum-core#7 (DashClaw x SafeAgent x Mycelium).

[github-actions]

🤖 AI Agent: test-generator — `evidence_anchor.py`

evidence_anchor.py

• test_anchor_receipt_creation -- Validate the creation of AnchorReceipt objects with various metadata inputs.
• test_action_ref_derivation -- Ensure action_ref derivation produces consistent hashes across edge cases (e.g., empty fields, special characters).
• test_verify_failure_cases -- Test verify method for failure scenarios, such as mismatched hashes or invalid receipts.

cli_verify.py

• test_verify_anchor_not_found -- Check CLI behavior when the specified anchor backend is missing from the evidence file.
• test_verify_invalid_anchor -- Validate CLI response to invalid or tampered anchor receipts.

schema_validation.py

• test_anchors_field_absence -- Ensure schema validation passes when the anchors field is absent.
• test_anchors_field_invalid_format -- Test schema validation for malformed anchors entries.

[github-actions]

🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

No breaking changes detected.

[github-actions]

🤖 AI Agent: security-scanner — View details

No security issues found.

[github-actions]

🤖 AI Agent: contributor-guide — View details

Hi @giskard09! 👋 Thanks for this detailed and well-structured proposal—great job outlining the goals, design, and compliance mapping! 🚀

Before we can merge:

1. Please ensure the new MYCELIUM-EXTERNAL-ANCHOR-PROPOSAL.md file is linked in the main documentation index for discoverability.
2. Confirm that the action_ref derivation aligns with the existing utility in agt-core or clarify if a new utility will be created.

Check out our CONTRIBUTING.md for more details. Let us know if you need help! 😊

[github-actions]

🔴 Contributor Check: HIGH

Check	Result
Profile	HIGH
Credential	NONE
Overall	HIGH

Automated check by AGT Contributor Check.

[github-actions]

🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

• EvidenceAnchor interface in MYCELIUM-EXTERNAL-ANCHOR-PROPOSAL.md -- missing docstrings
• README.md -- update needed to reflect new EvidenceAnchor plugin interface, action_ref derivation, agt-evidence.json schema changes, and agt verify --anchor CLI semantics
• CHANGELOG.md -- missing entry for new EvidenceAnchor interface, action_ref derivation, agt-evidence.json schema changes, and agt verify --anchor CLI behavior

[github-actions]

🤖 AI Agent: code-reviewer — View details

TL;DR: 0 blockers, 1 warning. Proposal is well-structured and aligns with security and extensibility goals.

#	Sev	Issue	Where
1	Warn	Open questions (e.g., plugin discovery mechanism) require resolution.	"Open questions" section of the proposal.

Action items: None.

Warnings (fine as follow-up PRs):

1. Resolve open questions regarding action_ref placement, plugin discovery mechanism, and multiple backends per evidence file.

[github-actions]

PR Review Summary

Check	Status	Details
🔍 Code Review	⚠️ Warning	See details
🛡️ Security Scan	✅ Passed	No issues found
🔄 Breaking Changes	✅ Passed	No issues found
📝 Docs Sync	✅ Completed	Analysis complete
🧪 Test Coverage	✅ Passed	No issues found

Verdict: ⚠️ Ready for human review

[giskard09]

@microsoft-github-policy-service agree