Audit replay
Audit replay is the act of reconstructing an authorisation from its Passport capsule, with no daemon, no DB, and no network — only the agent’s published Ed25519 pubkey. It is the single most important demonstration SBO3L makes.
The replay flow
- Receive a capsule. A JSON file (~10-15 KB), typically downloaded from the agent’s published proof URL or shared by a counterparty.
- Look up the signing pubkey. Resolve the agent’s ENS name (e.g.
sbo3lagent.eth) and read thesbo3l:pubkeytext record. (Or read the capsule’s embeddedagent_pubkeyfield — the strict verifier confirms they match.) - Run the strict verifier.
sbo3l passport verify --strict --path capsule.json. Six checks fire (see capsule v2). - Inspect the embedded snapshot. The capsule carries the full
policy_snapshotandaudit_segment. Open it in any JSON viewer. - Compare against your expectations. Was the request shape acceptable? Was the budget appropriate? Did the right policy fire? All visible without running the daemon.
What the replay tells you
Verbatim, no interpretation:
| Question | Where in the capsule |
|---|---|
| Who acted? | agent_id + agent_pubkey |
| What did they request? | request (full APRP envelope) |
| When? | request expiry, audit event ts_unix_ms |
| Under what policy? | policy_snapshot (the policy at decision time) |
| What did the policy decide? | policy_receipt.decision |
| If allow, what executed? | execution_ref + executor_evidence |
| What audit events linked the decision? | audit_segment (chain slice from request to decision) |
| Was anything tampered? | strict verifier rc — 0 means no tamper, 2 means yes |
Anything outside this list is not in the capsule. SBO3L does not promise to tell you the agent’s intent, the human operator behind the agent, or the off-chain context. It tells you exactly what was authorised and that the authorisation is intact.
Replay against the published example
curl -sO https://sbo3l-marketing.vercel.app/wasm/sample-capsule.jsonsbo3l passport verify --strict --path sample-capsule.json# Expected: capsule OK · 6 strict checks passed · rc=0For an in-browser replay, paste the capsule into /proof — the WASM-compiled verifier runs the same 6 checks client-side, no upload.
Replay vs anchoring
Replay is offline-verifiable against a pubkey you already trust. Anchoring is the orthogonal concept: writing a capsule’s hash onto a public ledger (EAS attestation, ENS text record, optionally on-chain) so that “I trust this pubkey” itself becomes verifiable against a chain history.
SBO3L Phase 2 ships replay; anchoring is Phase 3 (mock_anchor_ref field is clearly labelled “mock anchoring, NOT onchain” today). Replay is the load-bearing claim; anchoring is the optional public-recordkeeping layer on top.
See also
- Self-contained capsule v2 — what the verifier reads.
passport verifyCLI — every flag and exit code.- WASM verifier on /proof — in-browser replay UX.