Elydora Operation Record (EOR)

The EOR is the fundamental unit of accountability in the Elydora protocol. It is a signed, immutable record that captures a single agent action with cryptographic integrity.

Structure

An EOR contains all the metadata needed to identify, verify, and chain-link an operation. Every field is included in the signature computation.

FieldTypeRequiredDescription
op_versionnumberYesProtocol version. Currently 1.
operation_idstringYesClient-generated UUID v4. Must be globally unique.
org_idstringYesOrganization identifier that the agent belongs to.
agent_idstringYesIdentifier of the agent performing the operation.
issued_atstringYesISO 8601 timestamp when the operation was created by the agent.
ttl_msnumberYesMaximum time (ms) between issued_at and server receipt. Prevents delayed replay.
noncestringYesRandom value for replay protection. Must be unique per agent.
operation_typestringYesDomain-specific type string (e.g. loan.approve, trade.execute).
subjectstringYesThe entity or resource the operation acts upon.
actionstringYesThe action performed (e.g. approve, reject, flag).
payloadobjectYesArbitrary JSON payload with operation-specific data.
payload_hashstringYesSHA-256 hash of the canonicalized payload JSON.
prev_chain_hashstring | nullYesSHA-256 chain hash of this agent's previous operation. null for the first operation.
agent_pubkey_kidstringYesKey ID (kid) of the agent's Ed25519 signing key.
signaturestringYesEd25519 signature over the canonical EOR (excluding the signature field itself).

Canonical Form

The signature is computed over the canonical JSON representation of the EOR. Canonical form means all fields (except signature) are sorted alphabetically and serialized with no whitespace.

Example EOR

json
{
  "op_version": 1,
  "operation_id": "550e8400-e29b-41d4-a716-446655440000",
  "org_id": "org_acme",
  "agent_id": "agent_underwriter",
  "issued_at": "2026-02-28T14:00:00Z",
  "ttl_ms": 30000,
  "nonce": "a1b2c3d4e5f6",
  "operation_type": "loan.approve",
  "subject": "LN-2026-001",
  "action": "approve",
  "payload": {
    "loanId": "LN-2026-001",
    "amount": 50000,
    "currency": "USD"
  },
  "payload_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb924...",
  "prev_chain_hash": "sha256:d7a8fbb307d7809469ca9abcb0082e4f...",
  "agent_pubkey_kid": "kid_abc123",
  "signature": "base64:ed25519-signature-bytes..."
}

Security Properties