Elydora Operation Record (EOR)
The EOR is the fundamental unit of accountability in the Elydora protocol. It is a signed, immutable record that captures a single agent action with cryptographic integrity.
Structure
An EOR contains all the metadata needed to identify, verify, and chain-link an operation. Every field is included in the signature computation.
| Field | Type | Required | Description |
|---|---|---|---|
| op_version | number | Yes | Protocol version. Currently 1. |
| operation_id | string | Yes | Client-generated UUID v4. Must be globally unique. |
| org_id | string | Yes | Organization identifier that the agent belongs to. |
| agent_id | string | Yes | Identifier of the agent performing the operation. |
| issued_at | string | Yes | ISO 8601 timestamp when the operation was created by the agent. |
| ttl_ms | number | Yes | Maximum time (ms) between issued_at and server receipt. Prevents delayed replay. |
| nonce | string | Yes | Random value for replay protection. Must be unique per agent. |
| operation_type | string | Yes | Domain-specific type string (e.g. loan.approve, trade.execute). |
| subject | string | Yes | The entity or resource the operation acts upon. |
| action | string | Yes | The action performed (e.g. approve, reject, flag). |
| payload | object | Yes | Arbitrary JSON payload with operation-specific data. |
| payload_hash | string | Yes | SHA-256 hash of the canonicalized payload JSON. |
| prev_chain_hash | string | null | Yes | SHA-256 chain hash of this agent's previous operation. null for the first operation. |
| agent_pubkey_kid | string | Yes | Key ID (kid) of the agent's Ed25519 signing key. |
| signature | string | Yes | Ed25519 signature over the canonical EOR (excluding the signature field itself). |
Canonical Form
The signature is computed over the canonical JSON representation of the EOR. Canonical form means all fields (except signature) are sorted alphabetically and serialized with no whitespace.
Example EOR
json
{
"op_version": 1,
"operation_id": "550e8400-e29b-41d4-a716-446655440000",
"org_id": "org_acme",
"agent_id": "agent_underwriter",
"issued_at": "2026-02-28T14:00:00Z",
"ttl_ms": 30000,
"nonce": "a1b2c3d4e5f6",
"operation_type": "loan.approve",
"subject": "LN-2026-001",
"action": "approve",
"payload": {
"loanId": "LN-2026-001",
"amount": 50000,
"currency": "USD"
},
"payload_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb924...",
"prev_chain_hash": "sha256:d7a8fbb307d7809469ca9abcb0082e4f...",
"agent_pubkey_kid": "kid_abc123",
"signature": "base64:ed25519-signature-bytes..."
}Security Properties
- Authenticity — The Ed25519 signature proves the EOR was created by the holder of the agent's private key.
- Integrity — Any modification to any field invalidates the signature.
- Non-repudiation — The agent cannot deny creating the operation, as only they possess the private key.
- Ordering — The prev_chain_hash field creates a verifiable ordering of operations per agent.
- Freshness — TTL and nonce prevent replay attacks and stale submissions.