TAI v0.1 Specification
Token-Appendable Interchange: The compliance-grade audit log format for autonomous systems.
What TAI Looks Like
[[frame]]
type = "chat"
role = "user"
content = """
Refactor these 200 locale files to v2 schema.
"""
[[frame]]
type = "chat"
role = "assistant"
content = """
Starting refactor. Processing files 1-50...
"""
# [SYSTEM CRASHES HERE]
# Parser auto-heals: both frames preserved, zero data loss.
# Agent resumes from frame 2.
Core Design Principles
Built on TOML v1.0.0
TAI is a deliberately constrained subset of TOML with one mandatory behavioral extension.
Why TOML?
- Simplest human syntax
- Triple-quoted literal strings (content shield)
- LLM-friendly clear delimiters
- Battle-tested in production (Cargo, pip)
Atomic Unit: [[frame]]
Each frame (TOML array-of-tables) is completely independent. Frames never reference each other's syntax.
[[frame]]
id = "f-001"
role = "assistant"
timestamp = "2025-11-18T23:59:59Z"
content = """
Your unpredictable text here.
"""
The Content Shield
All unpredictable LLM-generated text goes inside triple-quoted literal strings.
Inside the """ block:
- Quotes don't need escaping
- Newlines are preserved
- Indentation is content, not syntax
- JSON, YAML, code—none of it breaks the parser
Nothing is syntax. Everything is content.
The Auto-Heal Rule
If the parser encounters EOF while inside an unclosed """ block, it MUST NOT error.
It MUST close the string, finalize the frame, and mark it as truncated.
Result: A .tai file is valid and parseable at the end of every complete frame.
Truncation loses at most one partial frame—never the previous thousands.
Universal Container Types
TAI handles multiple content types with a single format.
type="chat"
Standard AI conversation with crash resilience. Requires role field (user, assistant, system, tool_call, tool_result).
type="document"
Rich text with metadata and provenance. Export to .taimd for collaborative editing while maintaining audit trail.
type="buffer"
Secure, crash-safe storage for secrets, configuration, and raw data.
Security Model:
- Tamper-evident: Cryptographic signatures detect any modification
- Crash-safe: Auto-heal ensures partial writes remain valid
- Audit-ready: Human-readable for security reviews
- Portable: File-based, no database required
type="log_entry"
Structured system logs for observability and monitoring.
Cryptographic Integrity
[[signature]] Frames
TAI v0.1 includes standardized cryptographic integrity via signature frames.
[[signature]]
id = "sig-001"
timestamp = "2025-11-18T23:59:59Z"
algorithm = "ed25519"
key_id = "agent-key-public-123"
signature = "base64_encoded_signature_string..."
signed_hash = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
How it works:
- Cumulative Hashing: Writer maintains a running hash of all frames
- Signing: Agent signs the current hash using its private key
- Verification: Verifier re-computes hash and checks signature against public key
This makes TAI a "Blockchain for One"—a tamper-evident ledger without a consensus network.
TAI v0.1 Compliance Criteria
A parser is TAI v0.1-compliant if it satisfies ALL of the following:
- Auto-heal (REQUIRED): When EOF occurs inside an unclosed
"""block, the parser MUST close the string, finalize the frame, and mark it as truncated - Atomic frames (REQUIRED): Each
[[frame]]block MUST be parsed independently. Syntax errors in one frame MUST NOT invalidate other frames - Ordering preserved (REQUIRED): Frame sequence MUST match file order. Parsers MUST NOT reorder frames
- Content shield (REQUIRED): All text inside
"""..."""MUST be preserved verbatim with no interpretation as TOML syntax - Subset enforcement (REQUIRED): The parser MUST reject TOML features outside the TAI profile (inline tables, dotted keys, datetime types, etc.)
- Signature preservation (REQUIRED): Parsers MUST preserve
[[signature]]frames during read/write operations
Important: Standard TOML parsers are explicitly non-compliant because they fail criterion #1 (they error on unclosed strings instead of auto-healing).