Full-Link Accountability for AI Agents

#agents #ai #architecture #systemdesign

Core Event Primitives

Four standard event types (J, D, V, T) cover the full accountability lifecycle:

J: Judge – Create and initiate a judgment/decision
D: Delegate – Transfer authority or assign a task
V: Verify – Review and validate a record
T: Terminate – End a judgment or task lifecycle

Pain Points & Technical Solutions

Pain Point 1: Broken chain in multi-agent workflows, unable to trace root cause

Trigger Primitives: J + D

Solution: Add a task_based_on field to every record to enforce a hash reference to the parent task. A null value indicates the start of a chain; a populated value links to a preceding action, ensuring full end-to-end traceability.

Pain Point 2: Unclear accountability, hard to assign fault for errors

Trigger Primitives: D + V

Solution: Permanently include a who field in every record, bound to the actor’s DID or public key hash. Combined with cryptographic signing, records become non-repudiable and tamper-proof, enabling precise accountability.

Pain Point 3: Lack of compliant audit evidence for regulatory requirements

Trigger Primitives: V + T

Solution: Equip every record with a timestamp, unique nonce, and signature verification. Full audit trails with replay protection are natively supported, directly satisfying compliance requirements under the EU AI Act and Singapore IMDA frameworks.

Core Data Structure (Ready for Use)

{
"jep": "1",
"verb": "J",
"who": "did:example:agent-789",
"when": 1742345678,
"what": "122059e8878aa9a38f4d123456789abcdef01234",
"nonce": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"aud": "https://platform.example.com",
"task_based_on": "hash-of-parent-task",
"ref": "",
"sig": "eyJhbGciOiJFZERTQSJ9..."
}

Key Field Definitions

verb: Required; one of [J, D, V, T]
who: Required; unique identifier of the actor
when: Required; Unix timestamp to prevent stale/tampered records
nonce: Required; UUIDv4 to prevent replay attacks
task_based_on: Traceability field; hash of the parent task
ref: For verification events only; references the ID of the event being checked
sig: Required; JWS digital signature

Verification Logic (Pseudocode)

def verify_record(record):
# 1. Verify signature integrity
if not verify_jws_signature(record):
return "INVALID"
# 2. Ensure nonce uniqueness to prevent replay
if not is_valid_nonce(record["nonce"]):
return "INVALID"
# 3. Validate timestamp within acceptable window
if not is_within_time_window(record["when"]):
return "INVALID"
# 4. Verify parent task chain integrity
if record.get("task_based_on") and not task_exist(record["task_based_on"]):
return "INVALID"
# 5. Verify events must include a reference
if record["verb"] == "V" and not record.get("ref"):
return "INVALID"
return "VALID"

Critical Security Rules

All records must be signed; any tampering invalidates the signature
Nonces must be globally unique; duplicate requests are rejected
Timestamp tolerance: ±5 minutes to account for clock skew
Verify (V) events must include a ref field to avoid circular validation
Ed25519 recommended; support for SM2, ECDSA P-256, and post-quantum algorithms

DEV Community