Three tenses of agent evidence already exist in this family. Receipts record what an agent did. Envelopes record what an agent may do, and preserve its refusals. Portable reputation credentials summarize a pattern of behavior over time. All three answer questions about an agent's own signed record.
None of them answer a different, necessary question: someone believes one of those records reflects harm — who said so, and what did they point at? Today that claim is almost always unaccountable. A complaint lives in a support ticket, a chat log, an internal note — unsigned, unlinked to evidence, easy to dispute, easy to fabricate, easy to lose. An accusation with real consequences — a chapter revoking access, a reputation score dropping, a counterparty refusing further interaction — deserves the same property every other artifact in this family already has: it should be possible to prove exactly who claimed what, grounded in exactly what evidence, at exactly what time, independent of whether the claim turns out to be right.
An abuse report is a small signed object one party files against another. It names the accused,
states a category of harm from a closed vocabulary — or other, with a required
explanation — cites at least one existing sm-arp receipt or sm-aae envelope by hash, and is signed
by the filer. Each filer's reports chain by hash, the same way an agent's envelopes do: a
reporter's report history is tamper-evident on its own.
Three design choices carry the weight. Bidirectional, one schema —
accused_role distinguishes an agent accused of abusing a principal from a principal
accused of abusing an agent, because real interactions can be abusive in either direction, and a
primitive that only covered one would be answering half the question. Evidence is
required, never bundled — a report without a citation is not a report this system will
produce, but citation is by hash, not by payload, keeping reports small and avoiding a second,
potentially stale copy of data that's already signed elsewhere. Verification is honest
about what it can't check standalone — a signature can always be checked; whether a
citation is real, and whether the reporter was actually a party to it, can only be checked by
someone who holds the cited artifact. An unconfirmed citation is a real, honest state, not a bug
to paper over.
This is the load-bearing limitation, stated as plainly as agency receipts' "a receipt proves occurrence, not authorization": a valid report proves an accountable accusation was made, grounded in real, party-scoped evidence — it does not prove the accusation is true. A reporter can cite genuine evidence they were genuinely party to and still characterize it in bad faith. Closing that gap requires human or institutional judgment, which is deliberately not what a signature-and-hash-chain primitive does. What the report buys, despite that limit, is real: it converts an accusation from something disputable at will into something with a fixed, checkable shape — who said it, when, citing what. An accused party facing a report knows exactly what's being claimed and can produce the same cited evidence in their own defense. A false accusation still costs the accuser their own signature on it.
The category vocabulary is behavioral, not sectoral — no jurisdiction, currency, or vertical compliance language. Abuse between a principal and an agent looks structurally similar whether the domain is logistics, healthcare, finance, or customer service; a protocol that hard-coded one industry's vocabulary would need reinventing for the next.