@techreport{noa-scitt-ai-agent-receipt-00, number = {draft-noa-scitt-ai-agent-receipt-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-noa-scitt-ai-agent-receipt/00/}, author = {Tora Toraman}, title = {{A SCITT Profile for AI-Agent Action Receipts}}, pagetotal = 9, year = 2026, month = jun, day = 23, abstract = {This document profiles the IETF SCITT (Supply Chain Integrity, Transparency, and Trust) architecture for *AI-agent action receipts*: tamper-evident, signed, offline-verifiable records of what an autonomous agent did, for which principal, under which policy, with what verdict. Each receipt is a COSE\_Sign1 Signed Statement (RFC 9052) over a canonical (RFC 8785 / JCS) payload, hash-chained for ordering, and registrable in any SCITT Transparency Service to obtain non-equivocation and tail-truncation properties a self-signed chain cannot provide alone. The profile makes a deliberately NARROW, checkable claim — "this is a tamper-evident, signature-verifiable record of the action, principal, policy identity, and recorded verdict" — and explicitly does NOT claim that the agent was correct, safe, or wise, that the recorded inputs were true or complete, or that any real-world outcome followed. A deterministic offline policy-REPLAY capability (re-deriving the verdict from the recorded inputs) is named here as a non-goal of this revision and is left to a separate companion profile.}, }