HJS: An Accountability Layer for AI Agents
draft-wang-hjs-accountability-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Author | yuqiang wang | ||
| Last updated | 2026-02-21 | ||
| RFC stream | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-wang-hjs-accountability-00
Internet-Draft Y. Wang
Intended status: Informational HUMAN JUDGMENT SYSTEMS FOUNDATION LTD.
Expires: 21 August 2026 21 February 2026
HJS: An Accountability Layer
for AI Agents
draft-wang-hjs-accountability-00
Abstract
This document defines HJS (Human Judgment System), a standalone
accountability layer for AI agents. HJS provides four primitives
(Judgment/Delegation/Termination/Verification) for recording
complete responsibility chains, and uses OTS (Open Timestamp) proofs
anchored to the Bitcoin blockchain to create immutable, court-
admissible evidence. While HJS can complement other protocols (e.g.,
AIIP) by providing the evidence they require, it is designed to be
independent and usable with any AI agent communication framework.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 21 August 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your
rights and restrictions with respect to this document.
Wang Expires 21 August 2026 [Page 1]
Internet-Draft HJS Accountability Layer 21 February 2026
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The Four Primitives . . . . . . . . . . . . . . . . . . . . . 3
3.1. Judgment . . . . . . . . . . . . . . . . . . . . . . . . 3
3.2. Delegation . . . . . . . . . . . . . . . . . . . . . . . 4
3.3. Termination . . . . . . . . . . . . . . . . . . . . . . . 4
3.4. Verification . . . . . . . . . . . . . . . . . . . . . . 5
3.5. Responsibility Chain . . . . . . . . . . . . . . . . . . 5
4. OTS Evidence Chain . . . . . . . . . . . . . . . . . . . . . . 6
4.1. OTS Proof Overview . . . . . . . . . . . . . . . . . . . 6
4.2. Locking the Chain . . . . . . . . . . . . . . . . . . . . 6
5. Evidence Format . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Complete Evidence Structure . . . . . . . . . . . . . . 7
5.2. Verification Process . . . . . . . . . . . . . . . . . . 8
6. Relationship with Other Protocols . . . . . . . . . . . . . . 8
6.1. Complementing AIIP . . . . . . . . . . . . . . . . . . . 8
6.2. Independence . . . . . . . . . . . . . . . . . . . . . . 9
7. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 9
7.1. Regulatory Compliance . . . . . . . . . . . . . . . . . . 9
7.2. Dispute Resolution . . . . . . . . . . . . . . . . . . . 10
7.3. Audit Trail . . . . . . . . . . . . . . . . . . . . . . . 10
8. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
10. Normative References . . . . . . . . . . . . . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
As AI agents become increasingly autonomous, the need for a
comprehensive accountability layer becomes critical. Current
protocols focus on how agents communicate and execute tasks, but
they do not address the fundamental question: who is responsible
for what, and how can it be proven?
This document defines HJS (Human Judgment System), a standalone
accountability layer for AI agents that provides:
1. Four primitives (Judgment, Delegation, Termination, Verification)
for recording complete responsibility chains. These capture not
just what happened, but why it happened, who was involved, and
how it was verified.
Wang Expires 21 August 2026 [Page 2]
Internet-Draft HJS Accountability Layer 21 February 2026
2. OTS evidence chain that anchors cryptographic hashes of the
primitives to the Bitcoin blockchain, creating immutable, court-
admissible evidence.
3. Complete evidence locking that binds all components together into
a verifiable package.
HJS is designed to be independent - it does not require any specific
communication protocol and can be used with any AI agent framework.
It can also complement existing protocols (such as AIIP
[draft-sogomonian-aiip-architecture-03]) by providing the
accountability layer they lack.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. The Four Primitives
HJS defines four primitives that together form a complete
responsibility chain for any AI agent action.
3.1. Judgment
The Judgment primitive records the basis on which an AI agent made
its decision. This includes:
o Input data (or cryptographic commitment to input)
o Model identifier and version
o Parameters and configuration
o Reasoning path (optional)
Example:
{
"judgment": {
"input_commitment": "base64url(sha256(input))",
"model_id": "gpt-4-2026-02",
"parameters": { "temperature": 0.7, "max_tokens": 500 }
}
}
Wang Expires 21 August 2026 [Page 3]
Internet-Draft HJS Accountability Layer 21 February 2026
3.2. Delegation
The Delegation primitive records the chain of responsibility from
the original requester to the executing agent:
o Delegator identifier
o Agent identifier
o Delegation time
o Scope and constraints
Example:
{
"delegation": {
"from": "aiip://user.phone",
"to": "aiip://agent.service",
"time": 1734149100000,
"scope": "make_call",
"constraints": { "max_duration": 30000 }
}
}
3.3. Termination
The Termination primitive records the final outcome of the task:
o Status (success/failure/abort)
o Reason (if failure)
o Output commitment
o Duration
Example:
{
"termination": {
"status": "success",
"output_commitment": "base64url(sha256(output))",
"duration_ms": 2345
}
}
Wang Expires 21 August 2026 [Page 4]
Internet-Draft HJS Accountability Layer 21 February 2026
3.4. Verification
The Verification primitive records how the result was verified:
o Verifier identifier
o Verification method
o Verification time
o Result
Example:
{
"verification": {
"verifier": "aiip://audit.service",
"method": "ots_verify",
"time": 1734149110000,
"result": "valid"
}
}
3.5. Responsibility Chain
The four primitives, when combined, form a complete responsibility
chain that answers:
o Why was this done? (Judgment)
o Who requested it? (Delegation)
o What happened? (Termination)
o How was it verified? (Verification)
Implementations MUST include all four primitives to form a complete
chain. Each primitive MAY be hashed individually to allow selective
disclosure while maintaining chain integrity.
4. OTS Evidence Chain
While the four primitives provide structure for accountability,
they must be made immutable and verifiable to serve as evidence.
HJS uses OTS (Open Timestamp) proofs anchored to the Bitcoin
blockchain for this purpose.
4.1. OTS Proof Overview
OTS proofs work as follows:
1. Compute SHA-256 hash of the data to be proven
2. Submit the hash to the Bitcoin network via Open Timestamp
3. A Bitcoin transaction includes the hash, creating an immutable
timestamp
4. Generate an OTS proof file for verification
Wang Expires 21 August 2026 [Page 5]
Internet-Draft HJS Accountability Layer 21 February 2026
Key properties:
o Decentralized: No trusted third party required
o Immutable: Once anchored, cannot be altered
o Publicly verifiable: Anyone can verify with Bitcoin data
o Court-admissible: Recognized in multiple jurisdictions
4.2. Locking the Chain
HJS does not simply prove individual primitives - it locks the
entire responsibility chain together:
1. Hash each primitive individually (allowing selective disclosure)
2. Combine the four hashes into a chain hash
3. Generate an OTS proof of the chain hash
4. The OTS proof becomes the evidence lock that binds all components
together
This ensures that:
o Any tampering with any primitive breaks the chain
o Partial disclosure is possible without breaking trust
o The entire chain has a single, verifiable timestamp
5. Evidence Format
5.1. Complete Evidence Structure
The complete HJS evidence package includes:
{
"hjs": {
"version": "1.0",
"primitives": {
"judgment": { ... },
"delegation": { ... },
"termination": { ... },
"verification": { ... }
},
"hashes": {
"judgment_hash": "base64url(sha256(judgment))",
"delegation_hash": "base64url(sha256(delegation))",
"termination_hash": "base64url(sha256(termination))",
"verification_hash": "base64url(sha256(verification))",
"chain_hash": "base64url(sha256(judgment_hash + delegation_hash + termination_hash + verification_hash))"
},
"evidence": {
"ots_proof": "base64url(ots-proof-data)",
"bitcoin_txid": "txid",
"timestamp": 1734149123000
}
}
}
Wang Expires 21 August 2026 [Page 6]
Internet-Draft HJS Accountability Layer 21 February 2026
5.2. Verification Process
To verify an HJS evidence package:
1. Verify the OTS proof using standard OTS tools
2. Confirm the OTS proof matches the chain_hash
3. Recompute each primitive's hash and verify against stored hashes
4. Optionally, verify individual primitives without accessing others
5. Check that the chain_hash matches recomputed combination
This process can be performed by anyone with access to Bitcoin
blockchain data, without requiring access to the original AI system.
6. Relationship with Other Protocols
6.1. Complementing AIIP
The AIIP architecture [draft-sogomonian-aiip-architecture-03]
defines execution receipts and requires attestation evidence.
HJS naturally complements AIIP by providing exactly what AIIP
requires but does not specify:
| AIIP Requirement | HJS Solution |
|---------------------------|---------------------------------------|
| Attestation evidence | OTS proofs anchored to Bitcoin |
| Execution receipt | Can be extended with HJS primitives |
| Auditability | Complete responsibility chain |
| External anchoring | Bitcoin blockchain |
However, HJS is not a subset or extension of AIIP. It is a complete,
standalone accountability layer that can:
o Be used with AIIP by embedding HJS evidence in AIIP receipts
o Be used with any other communication protocol
o Be used entirely independently for logging and audit purposes
6.2. Independence
HJS makes no assumptions about:
o How agents communicate (HTTP, AIIP, custom protocols)
o What AI models are used
o Where execution happens (cloud, edge, TEE)
o Which jurisdiction applies
It provides a jurisdiction-agnostic, protocol-independent
accountability layer that can be added to any AI system.
Wang Expires 21 August 2026 [Page 7]
Internet-Draft HJS Accountability Layer 21 February 2026
7. Use Cases
7.1. Regulatory Compliance
Organizations subject to regulations (finance, healthcare, EU AI Act)
can use HJS to demonstrate compliance by maintaining verifiable
records of AI agent decisions, including:
o What data was used (Judgment)
o Who authorized the action (Delegation)
o What happened (Termination)
o How it was verified (Verification)
o Immutable proof of all of the above (OTS evidence)
7.2. Dispute Resolution
When disputes arise about AI agent actions, HJS provides:
o Cryptographic proof of what happened
o Court-admissible evidence recognized in multiple jurisdictions
o Ability to verify without accessing the original AI system
7.3. Audit Trail
HJS creates a complete, immutable audit trail for AI agent
operations, enabling:
o Internal audits
o Third-party audits
o Regulatory examinations
o Forensic analysis
8. Security Considerations
The security of HJS evidence depends on:
o Bitcoin blockchain: As of this writing, Bitcoin has never been
successfully reorganized to alter confirmed transactions,
providing strong assurance of immutability.
o Hash functions: Implementations MUST use SHA-256 or stronger hash
functions.
o Key management: If signing is used (e.g., for verifier identity),
implementations MUST follow best practices for key security.
o Selective disclosure: The ability to verify individual primitive
hashes without revealing their content enables privacy-preserving
audits.
Wang Expires 21 August 2026 [Page 8]
Internet-Draft HJS Accountability Layer 21 February 2026
9. IANA Considerations
This document has no IANA actions.
10. Normative References
[draft-sogomonian-aiip-architecture-03]
Sogomonian, A., "Artificial Intelligence Internet
Protocol (AIIP) Architecture", Work in Progress,
draft-sogomonian-aiip-architecture-03, December 2025.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in
RFC 2119 Key Words", BCP 14, RFC 8174,
DOI 10.17487/RFC8174, May 2017,
<https://www.rfc-editor.org/info/rfc8174>.
[opentimestamp]
Open Timestamp Protocol, "Open Timestamp Protocol
Specification", <https://opentimestamps.org/>, 2016.
[hjs-github]
Wang, Y., "HJS Protocol Implementation", MIT License,
<https://github.com/schchit/hjs-api>.
Author's Address
Yuqiang Wang
HUMAN JUDGMENT SYSTEMS FOUNDATION LTD.
Email: signal@humanjudgment.org
GitHub: https://github.com/schchit