Proof-Carrying Agent Actions: Model-Agnostic Runtime Governance for Heterogeneous Agent Systems

Researchers propose Proof-Carrying Agent Actions (PCAA), a runtime-neutral governance framework that standardizes how autonomous agents log, authorize, and verify high-risk operations across heterogeneous systems. By replacing vendor-specific session records with portable action certificates, PCAA enables consistent governance and auditability regardless of whether agents operate through local tools, APIs, or managed platforms.

The paper addresses a critical infrastructure gap in multi-agent systems: governance fragmentation. As AI agents proliferate across different execution environments—from local machine learning frameworks to cloud-hosted platforms—organizations lack a unified way to track authorization and approval for sensitive actions. A single high-risk operation like data export may manifest as a shell command, API call, or platform transition depending on the runtime, making compliance auditing and accountability nearly impossible at scale.

PCAA solves this by introducing a standardized "action certificate" that captures five governance checkpoints: pre-action admissibility checks, action initiation, assumption documentation, approval records, and outcome closure. The framework binds these checkpoints to portable envelopes, runtime receipts, and replay-ready proofs, decoupling governance logic from vendor implementations. Critically, the model extends beyond simple binary approval status by including externality-aware metadata (destination visibility, account provenance) and explicit enforceability classes that describe approval semantics more precisely.

For the AI infrastructure ecosystem, PCAA represents progress toward enterprise-grade agent governance without vendor lock-in. Organizations deploying agents across multiple platforms can now enforce consistent policies and generate auditable records that survive runtime changes. The reference implementation testing across four runtime families demonstrates practical viability without sacrificing "route quality"—meaning agents maintain performance while under governance constraints. This matters for regulated industries (finance, healthcare) considering agent deployment, as it provides the auditability frameworks require. The work also signals growing maturity in agent systems, where governance is becoming as important as capability.

• →PCAA introduces portable action certificates that standardize agent governance across heterogeneous runtimes, eliminating vendor-specific compliance fragmentation.
• →The framework captures five distinct governance checkpoints with explicit enforceability classes rather than binary approval states, enabling more sophisticated authorization policies.
• →Testing across four runtime families shows PCAA maintains agent performance while preserving auditability and replay capability for post-execution verification.
• →Externality-aware metadata binding (destination visibility, account provenance) extends governance beyond action logging to include contextual risk factors.
• →The runtime-neutral design positions governance as infrastructure-agnostic, supporting enterprise adoption of agent systems without technological lock-in.