I build an agent firewall, and the question I keep hitting is not "did it block the attack." It is "how would anyone else know what my agent did, without taking my word for it." Most tools answer that with "we keep tamper-proof logs" and stop. That phrase claims the strongest property that still requires trusting whoever holds the signing key. So I wrote down a way to grade the gap, as an open standard, and shipped it with a checker so nobody has to trust me about it either.

What AEL grades

Agent Evidence Levels (AEL) grades a record of what an AI agent did by one question: how much of it can an outside party verify, and how much omission can they detect, without trusting the vendor or the operator? It runs AEL-0 through AEL-4, and it ships with a runnable reference checker and a conformance corpus, so a grade is something you demonstrate, not something you assert.

The levels

AEL-0, authentic and ordered. Records are signed and hash-linked. Modification and interior deletion are detectable. Tail truncation and outright fabrication are not, because one keyholder produced everything.