@techreport{sato-soos-idp-03,
    number =    {draft-sato-soos-idp-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-sato-soos-idp/03/},
    author =    {Tom Sato},
    title =     {{The Intent Declaration Primitive (IDP) for Agentic AI Systems}},
    pagetotal = 39,
    year =      2026,
    month =     may,
    day =       23,
    abstract =  {AI agents operating in automated workflows take actions without any normative mechanism for expressing why those actions are being taken. Access tokens declare what an agent is permitted to do; no existing standard declares what the agent believes it is doing, on what reasoning basis, and with what level of confidence, at the moment of action. This document defines the Intent Declaration Primitive (IDP): a structured per-transition declaration submitted by an AI agent to the Governing Enforcement Component (GEC) at each action step of an execution loop. The IDP is committed to a tamper-evident Event Log before the action executes, enabling post-hoc review of agent reasoning, richer authorization policy evaluation, and enriched denial responses that guide agent behaviour. The IDP also provides the technical basis for compliance with EU AI Act Article 12 logging requirements for high-risk AI systems. This document adds the IDP Commitment Verification mechanism, by which the GEC verifies at each state transition that the agent's actual action matches its declared intent. This document also adds the RETRY\_CONTINUATION reasoning basis type and the prior\_denial\_count Cedar context attribute, which together address computational inefficiency arising from uninformed agent retry loops. This document further defines, in Section 5.6, the schemas of the outcome Event Log entries (STATE\_TRANSITIONED, CEDAR\_DENY\_RECORDED, and ACTION\_RESULT\_RECORDED) that record the result of each governed transition, completing the pre-action/post- action audit pair that gives the IDP its full auditability property. This document renames the Governing Kernel role to Governing Enforcement Component (GEC) to accommodate application-layer, isolated-process, and kernel-level implementations under a common conformance model. A Conformance Levels section (Section 9) defines three implementation profiles (Application, Isolated, and Kernel) with graduated non-suppressibility guarantees. A data\_residency field is added to the IDP structure (Section 4.1) governing analytics tier eligibility. Section 3.5 states the Event Log as Operational Intelligence design intent.},
}