Internet-Draft Y. Wang Intended status: Informational HUMAN JUDGMENT SYSTEMS FOUNDATION LTD. Expires: 21 August 2026 21 February 2026 HJS: An Accountability Layer for AI Agents draft-wang-hjs-accountability-00 Abstract This document defines HJS (Human Judgment System), a standalone accountability layer for AI agents. HJS provides four primitives (Judgment/Delegation/Termination/Verification) for recording complete responsibility chains, and uses OTS (Open Timestamp) proofs anchored to the Bitcoin blockchain to create immutable, court- admissible evidence. While HJS can complement other protocols (e.g., AIIP) by providing the evidence they require, it is designed to be independent and usable with any AI agent communication framework. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 21 August 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Wang Expires 21 August 2026 [Page 1] Internet-Draft HJS Accountability Layer 21 February 2026 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. The Four Primitives . . . . . . . . . . . . . . . . . . . . . 3 3.1. Judgment . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Delegation . . . . . . . . . . . . . . . . . . . . . . . 4 3.3. Termination . . . . . . . . . . . . . . . . . . . . . . . 4 3.4. Verification . . . . . . . . . . . . . . . . . . . . . . 5 3.5. Responsibility Chain . . . . . . . . . . . . . . . . . . 5 4. OTS Evidence Chain . . . . . . . . . . . . . . . . . . . . . . 6 4.1. OTS Proof Overview . . . . . . . . . . . . . . . . . . . 6 4.2. Locking the Chain . . . . . . . . . . . . . . . . . . . . 6 5. Evidence Format . . . . . . . . . . . . . . . . . . . . . . . 7 5.1. Complete Evidence Structure . . . . . . . . . . . . . . 7 5.2. Verification Process . . . . . . . . . . . . . . . . . . 8 6. Relationship with Other Protocols . . . . . . . . . . . . . . 8 6.1. Complementing AIIP . . . . . . . . . . . . . . . . . . . 8 6.2. Independence . . . . . . . . . . . . . . . . . . . . . . 9 7. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Regulatory Compliance . . . . . . . . . . . . . . . . . . 9 7.2. Dispute Resolution . . . . . . . . . . . . . . . . . . . 10 7.3. Audit Trail . . . . . . . . . . . . . . . . . . . . . . . 10 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 10. Normative References . . . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction As AI agents become increasingly autonomous, the need for a comprehensive accountability layer becomes critical. Current protocols focus on how agents communicate and execute tasks, but they do not address the fundamental question: who is responsible for what, and how can it be proven? This document defines HJS (Human Judgment System), a standalone accountability layer for AI agents that provides: 1. Four primitives (Judgment, Delegation, Termination, Verification) for recording complete responsibility chains. These capture not just what happened, but why it happened, who was involved, and how it was verified. Wang Expires 21 August 2026 [Page 2] Internet-Draft HJS Accountability Layer 21 February 2026 2. OTS evidence chain that anchors cryptographic hashes of the primitives to the Bitcoin blockchain, creating immutable, court- admissible evidence. 3. Complete evidence locking that binds all components together into a verifiable package. HJS is designed to be independent - it does not require any specific communication protocol and can be used with any AI agent framework. It can also complement existing protocols (such as AIIP [draft-sogomonian-aiip-architecture-03]) by providing the accountability layer they lack. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. The Four Primitives HJS defines four primitives that together form a complete responsibility chain for any AI agent action. 3.1. Judgment The Judgment primitive records the basis on which an AI agent made its decision. This includes: o Input data (or cryptographic commitment to input) o Model identifier and version o Parameters and configuration o Reasoning path (optional) Example: { "judgment": { "input_commitment": "base64url(sha256(input))", "model_id": "gpt-4-2026-02", "parameters": { "temperature": 0.7, "max_tokens": 500 } } } Wang Expires 21 August 2026 [Page 3] Internet-Draft HJS Accountability Layer 21 February 2026 3.2. Delegation The Delegation primitive records the chain of responsibility from the original requester to the executing agent: o Delegator identifier o Agent identifier o Delegation time o Scope and constraints Example: { "delegation": { "from": "aiip://user.phone", "to": "aiip://agent.service", "time": 1734149100000, "scope": "make_call", "constraints": { "max_duration": 30000 } } } 3.3. Termination The Termination primitive records the final outcome of the task: o Status (success/failure/abort) o Reason (if failure) o Output commitment o Duration Example: { "termination": { "status": "success", "output_commitment": "base64url(sha256(output))", "duration_ms": 2345 } } Wang Expires 21 August 2026 [Page 4] Internet-Draft HJS Accountability Layer 21 February 2026 3.4. Verification The Verification primitive records how the result was verified: o Verifier identifier o Verification method o Verification time o Result Example: { "verification": { "verifier": "aiip://audit.service", "method": "ots_verify", "time": 1734149110000, "result": "valid" } } 3.5. Responsibility Chain The four primitives, when combined, form a complete responsibility chain that answers: o Why was this done? (Judgment) o Who requested it? (Delegation) o What happened? (Termination) o How was it verified? (Verification) Implementations MUST include all four primitives to form a complete chain. Each primitive MAY be hashed individually to allow selective disclosure while maintaining chain integrity. 4. OTS Evidence Chain While the four primitives provide structure for accountability, they must be made immutable and verifiable to serve as evidence. HJS uses OTS (Open Timestamp) proofs anchored to the Bitcoin blockchain for this purpose. 4.1. OTS Proof Overview OTS proofs work as follows: 1. Compute SHA-256 hash of the data to be proven 2. Submit the hash to the Bitcoin network via Open Timestamp 3. A Bitcoin transaction includes the hash, creating an immutable timestamp 4. Generate an OTS proof file for verification Wang Expires 21 August 2026 [Page 5] Internet-Draft HJS Accountability Layer 21 February 2026 Key properties: o Decentralized: No trusted third party required o Immutable: Once anchored, cannot be altered o Publicly verifiable: Anyone can verify with Bitcoin data o Court-admissible: Recognized in multiple jurisdictions 4.2. Locking the Chain HJS does not simply prove individual primitives - it locks the entire responsibility chain together: 1. Hash each primitive individually (allowing selective disclosure) 2. Combine the four hashes into a chain hash 3. Generate an OTS proof of the chain hash 4. The OTS proof becomes the evidence lock that binds all components together This ensures that: o Any tampering with any primitive breaks the chain o Partial disclosure is possible without breaking trust o The entire chain has a single, verifiable timestamp 5. Evidence Format 5.1. Complete Evidence Structure The complete HJS evidence package includes: { "hjs": { "version": "1.0", "primitives": { "judgment": { ... }, "delegation": { ... }, "termination": { ... }, "verification": { ... } }, "hashes": { "judgment_hash": "base64url(sha256(judgment))", "delegation_hash": "base64url(sha256(delegation))", "termination_hash": "base64url(sha256(termination))", "verification_hash": "base64url(sha256(verification))", "chain_hash": "base64url(sha256(judgment_hash + delegation_hash + termination_hash + verification_hash))" }, "evidence": { "ots_proof": "base64url(ots-proof-data)", "bitcoin_txid": "txid", "timestamp": 1734149123000 } } } Wang Expires 21 August 2026 [Page 6] Internet-Draft HJS Accountability Layer 21 February 2026 5.2. Verification Process To verify an HJS evidence package: 1. Verify the OTS proof using standard OTS tools 2. Confirm the OTS proof matches the chain_hash 3. Recompute each primitive's hash and verify against stored hashes 4. Optionally, verify individual primitives without accessing others 5. Check that the chain_hash matches recomputed combination This process can be performed by anyone with access to Bitcoin blockchain data, without requiring access to the original AI system. 6. Relationship with Other Protocols 6.1. Complementing AIIP The AIIP architecture [draft-sogomonian-aiip-architecture-03] defines execution receipts and requires attestation evidence. HJS naturally complements AIIP by providing exactly what AIIP requires but does not specify: | AIIP Requirement | HJS Solution | |---------------------------|---------------------------------------| | Attestation evidence | OTS proofs anchored to Bitcoin | | Execution receipt | Can be extended with HJS primitives | | Auditability | Complete responsibility chain | | External anchoring | Bitcoin blockchain | However, HJS is not a subset or extension of AIIP. It is a complete, standalone accountability layer that can: o Be used with AIIP by embedding HJS evidence in AIIP receipts o Be used with any other communication protocol o Be used entirely independently for logging and audit purposes 6.2. Independence HJS makes no assumptions about: o How agents communicate (HTTP, AIIP, custom protocols) o What AI models are used o Where execution happens (cloud, edge, TEE) o Which jurisdiction applies It provides a jurisdiction-agnostic, protocol-independent accountability layer that can be added to any AI system. Wang Expires 21 August 2026 [Page 7] Internet-Draft HJS Accountability Layer 21 February 2026 7. Use Cases 7.1. Regulatory Compliance Organizations subject to regulations (finance, healthcare, EU AI Act) can use HJS to demonstrate compliance by maintaining verifiable records of AI agent decisions, including: o What data was used (Judgment) o Who authorized the action (Delegation) o What happened (Termination) o How it was verified (Verification) o Immutable proof of all of the above (OTS evidence) 7.2. Dispute Resolution When disputes arise about AI agent actions, HJS provides: o Cryptographic proof of what happened o Court-admissible evidence recognized in multiple jurisdictions o Ability to verify without accessing the original AI system 7.3. Audit Trail HJS creates a complete, immutable audit trail for AI agent operations, enabling: o Internal audits o Third-party audits o Regulatory examinations o Forensic analysis 8. Security Considerations The security of HJS evidence depends on: o Bitcoin blockchain: As of this writing, Bitcoin has never been successfully reorganized to alter confirmed transactions, providing strong assurance of immutability. o Hash functions: Implementations MUST use SHA-256 or stronger hash functions. o Key management: If signing is used (e.g., for verifier identity), implementations MUST follow best practices for key security. o Selective disclosure: The ability to verify individual primitive hashes without revealing their content enables privacy-preserving audits. Wang Expires 21 August 2026 [Page 8] Internet-Draft HJS Accountability Layer 21 February 2026 9. IANA Considerations This document has no IANA actions. 10. Normative References [draft-sogomonian-aiip-architecture-03] Sogomonian, A., "Artificial Intelligence Internet Protocol (AIIP) Architecture", Work in Progress, draft-sogomonian-aiip-architecture-03, December 2025. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [opentimestamp] Open Timestamp Protocol, "Open Timestamp Protocol Specification", , 2016. [hjs-github] Wang, Y., "HJS Protocol Implementation", MIT License, . Author's Address Yuqiang Wang HUMAN JUDGMENT SYSTEMS FOUNDATION LTD. Email: signal@humanjudgment.org GitHub: https://github.com/schchit