Agent Runtime is a runtime-first draft standard for portable agent execution. It defines how an AI client, host product, workflow system, or agent platform submits work, observes execution, coordinates tools and subagents, handles human decisions, writes durable state, and exports evidence without tying those behaviors to one UI, model provider, or tool framework.
Agent Runtime sits below Agent UI. The runtime owns execution facts. Agent UI owns projection into interaction surfaces. Model providers own generation APIs. Tool systems own external capabilities. Artifact and evidence systems own durable deliverables and verification records.
| Adjacent system | It owns | Agent Runtime owns |
|---|---|---|
| Agent UI | Visible surfaces, local drafts, interaction affordances, progressive rendering. | Authoritative session, thread, turn, task, queue, status, action, and event facts. |
| Model providers | Model APIs, provider-native streams, token accounting, provider errors. | Provider selection, routing trace, normalized generation lifecycle, retry/fallback state. |
| Tools and connectors | External systems, tool schemas, execution backends, connector auth. | Tool inventory snapshot, invocation lifecycle, safe arguments/results references, policy checks. |
| A2A peers | Remote agent cards, peer tasks, messages, artifacts, streaming, push notifications. | Local task refs, channel facts, permission bridges, artifact refs, and native peer id mapping. |
| Context and memory | Knowledge, memory, source retrieval, policy facts, trust metadata. | Context assembly trace, selected refs, compaction boundaries, missing-context warnings. |
| Artifacts and evidence | Files, versions, exports, traces, replay cases, verification and review facts. | Stable refs, lifecycle events, ownership links, evidence export requests and correlation ids. |
| Host application | Workspaces, accounts, storage, product navigation, deployment policy. | Runtime control plane, durable snapshots, queue/resume/interrupt semantics, read models. |
- Runtime identity model:
session,thread,task,run,turn,step,tool_call,action_request,subagent,artifact_ref, andevidence_ref. - A typed runtime event stream for lifecycle, task orchestration, model, reasoning, tool, action, queue, context, artifact, evidence, subagent, limit, snapshot, warning, and error events.
- A control plane for submit, interrupt, resume, task create/update/cancel/retry, queue, respond-action, inspect, list sessions, spawn subagents, and export evidence/replay.
- Durable read models for session snapshots, thread status, task state, pending requests, incidents, queue state, tool inventory, and evidence summaries.
- Permission, sandbox, hook, process, remote channel, model routing, cost/limit, job, recovery, and large-output contracts drawn from real runtimes.
- A2A peer-task alignment for Agent Cards, task/context ids, messages, artifacts, streaming, push notifications, and in-task authorization.
- Compatibility guidance for MCP, A2A, OpenTelemetry, CloudEvents, JSON-RPC, provider streaming APIs, and Agent UI projection.
client / channel / workflow input
-> runtime control plane
-> provider + context + policy + tool orchestration
-> typed runtime event stream
-> durable snapshots and read models
-> Agent UI projection / evidence / replay / audit consumers
Compatible implementations should:
- Treat runtime events and snapshots as execution facts, not as UI state.
- Keep provider-native chunks behind an adapter and emit normalized runtime events.
- Resolve tools, context, policy, model routing, and output schemas before or during each turn with traceable decisions.
- Represent human approvals and structured input as
action.requiredrecords with stable ids. - Record permission, sandbox, hook, process, routing, cost, and quota decisions as first-class facts.
- Persist enough state to resume, replay, audit, and explain a turn after process restart.
- Export evidence and replay from the same facts that drive the UI and diagnostics.
- Use stable correlation ids across runtime events, traces, tool calls, artifacts, and evidence.
Key pages:
- Specification
- Runtime model
- Runtime event stream
- Control plane
- State snapshots
- Evidence and replay
- Permission and sandbox
- Hooks and policy
- Execution environment
- Model routing and limits
- Agent task
- Subagents and jobs
- Remote channels
- Session history and recovery
- Output storage and large results
- Source analysis
- Research sources
- 中文规范
- Agent Knowledge - source-grounded knowledge packs.
- Agent UI - interaction surfaces for agent products.
- Agent Runtime - execution facts, controls, tasks, tools, and recovery.
- Agent Evidence - evidence, provenance, verification, review, replay, and export.
- Agent Policy - policy decisions, approvals, permissions, risk, retention, waivers, and traces.
- Agent Artifact - durable deliverables, versions, parts, previews, exports, and handoff packages.
- Agent Tool - tool declarations, surfaces, invocations, progress, results, permissions, and audit refs.
- Agent Context - context surfaces, items, source refs, selection, budgets, assembly, injection, compaction, and missing-context facts.
See the Agent standards ecosystem page for the mutual-link map and future standard candidates.
npm install
npm run devnpm run buildThe static site is generated at docs/.vitepress/dist.