Docs / Reference

Evidence event fields

Evidence events preserve ordered protocol facts for audit, replay, debugging, and telemetry export.

Plain English

Evidence events are not log lines; they are structured records of what happened at the capability boundary.

Why it exists

Independent infrastructure needs enough stable fields to replay an invocation without reading private host logs.

Formal definition

ExecutionEvidence is an ordered record containing event type, invocation identity, capability identity, host identity, correlation context, sequence, timestamp, payload, redaction state, and assurance metadata.

Concrete example

Ground the concept before the schema.

execution_denied records an approval_required decision for schedule_technician under session-abc.

evidence-event.json

json

1{2  "event_id": "evt_8f3a1c",3  "event_type": "execution_denied",4  "invocation_id": "inv_session_abc_001",5  "capability_id": "schedule_technician",6  "capability_version": "1.0.0",7  "host_id": "service-ops-host",8  "correlation": { "correlation_id": "session-abc" },9  "sequence": 2,10  "timestamp": "2026-06-16T15:14:22.104Z",11  "outcome": "denied",12  "payload": { "policy": "manager_approval" },13  "redacted": true,14  "denial": {15    "code": "approval_required",16    "message": "manager_approval must approve before execution.",17    "retryable": true18  },19  "assurance": { "level": "S1" }20}

Developer reference

Evidence event field reference

Evidence should preserve the minimum stable fields needed to inspect and replay a protocol decision.

FieldTypeProtocol meaning

event_idstring

Unique evidence event identifier.

event_typestring

Stable event type such as execution_started, execution_completed, execution_failed, execution_denied, or execution_skipped.

invocation_idstring

Invocation that produced this evidence event.

capability_idstring

Capability involved in the decision or execution.

capability_versionstring | null

Capability contract version at invocation time when known.

host_idstring

Host that evaluated or executed the invocation.

correlation.correlation_idstring

Replay key shared across invocation, outcome, and telemetry.

sequenceinteger

Ordered position in the evidence stream.

timestampdatetime

When the event occurred.

outcomesuccess | failure | denied | skipped | null

Protocol result associated with this event.

payloadobject

Structured, usually redacted event payload.

redactedboolean

Whether sensitive payload values were redacted.

assuranceAssuranceMetadata

Evidence assurance level and policy metadata.

Relationships

Where this sits in the protocol.

Each concept should explain its neighbors so implementation teams can preserve the boundary across manifests, invocation, evidence, and tests.

Reference pages turn protocol concepts into implementation checks.

Field names, outcome codes, and conformance cases should stay stable across hosts.

Examples should map every field back to capability, host, policy, context, or evidence.

Visual model

01Read the field or code before implementation.
02Map it into manifest, invocation, outcome, or evidence behavior.
03Add route, conformance, or unit coverage for each failure-sensitive field.

Implementation notes

Prefer explicit protocol fields over framework-specific inference.
Treat absent required fields as malformed protocol input.
Keep examples close to the failure cases they are meant to prevent.

Common mistakes

Letting transport status codes carry protocol meaning alone.
Hiding required protocol state in logs or application glue.
Testing only successful invocations.

Related concepts

Keep reading through the boundary.

Evidence →Conformance cases →Outcome codes →