Web4 Artifacts
AgentUI artifacts are provenance-ready only when public-safe, redacted, trace-linked where available, and backed by generated or confirmed target-service records. Local-only drafts, protected payloads, private approvals, and target-service outputs without confirmation are not verified public results.
Public-safe
Templates, rendered form summaries, public workflow summaries, public run summaries, public artifact hashes, delegation envelopes, manifests, policy files, and route evidence hashes.
Protected
Private exports, protected execution packets, target-service mutations, approval decisions, and persisted artifact writes require PLATPHORM_API_KEY.
Never public provenance
Raw JA4, raw x-vercel-ja4-digest, auth tokens, cookies, raw headers, raw IPs, private form inputs, protected tool arguments, protected tool results, private run logs, and private report exports.
Confirmation rule
AgentUI shows Docs URLs, Evals scorecards, Sandbox logs, BrowserOps screenshots, Sheets references, Trace records, and Webhook deliveries only after the target service confirms them.