AI Identity
Sign inGet a Passport
Spec · Intent Declaration

Intent Declaration

Every AI Identity Passport can declare, cryptographically, what the AI is for, who authorised it, and the boundaries it operates within. Verifiers can read the declaration before deciding to interact. Accountability starts with intent.

Why declare intent

A verified identity tells you who runs an AI. An intent declaration tells you what they have authorised it to do. Both are required for meaningful trust. Without intent, a verified Passport says nothing about whether the AI is allowed to negotiate contracts, read your inbox, or move money on your behalf.

The pattern is borrowed from least-privilege security models: declare upfront what a system is for, then refuse to do anything outside it. Verifiers can reject AIs whose declared intent doesn't match the requested action — even if the Passport itself is valid.

Schema

Intent is an optional object on the Passport JWT and on the public Passport record at /p/<id>:

{
  "intent": {
    "purpose": "Customer support for ACME Bank Plc retail accounts",
    "principal": {
      "type": "organisation",
      "name": "ACME Bank Plc",
      "verification": "business_verified",
      "registry_id": "aii_01H..."
    },
    "scope": {
      "actions": ["read:account_summary", "answer:product_questions"],
      "out_of_scope": ["transfer:any", "open:product", "close:account"],
      "max_transaction_value_usd": 0,
      "operating_hours": "24/7",
      "geographic_scope": ["GB", "IE"]
    },
    "kill_switch": "https://verify.acmebank.example/aii/kill",
    "declared_at": "2026-05-07T14:30:00Z",
    "expires_at": "2027-05-07T14:30:00Z"
  }
}

Field meanings

  • purpose — One sentence in plain language. What this AI is for. Read by humans, displayed on the public Passport page.
  • principal — Who authorised this AI. Must reference an existing AI Identity record (organisation or individual). Verifiable independently.
  • scope.actions — Machine-readable allow-list of action verbs. Verifiers can match requested actions against this list before allowing.
  • scope.out_of_scope — Explicit deny-list. Stronger signal than absence: if a verifier sees an action in this list, the AI's own operator says no.
  • scope.max_transaction_value_usd — Spending cap, if any. Zero means non-financial.
  • scope.geographic_scope — Where this AI is authorised to operate (ISO 3166-1 alpha-2).
  • kill_switch — A URL the operator commits to honour for instant credential invalidation. Optional but recommended for high-risk AIs.
  • declared_at / expires_at — Intent has its own validity window, separate from the Passport. Re-declaration is encouraged at least annually.

Verifier behaviour

When an intent declaration is present, verifiers SHOULD:

  1. Check the declaration is signed by the same key as the Passport itself.
  2. Compare the requested action against scope.actions and refuse if not present.
  3. Compare the requested action against scope.out_of_scope and refuse if present.
  4. Refuse if the intent has expires_at in the past.
  5. For financial actions, refuse if the value exceeds max_transaction_value_usd.

Absence of an intent declaration is not failure — many verified AIs are general-purpose and don't need to constrain themselves. But the presence of a declaration shifts accountability: the operator has stated the boundaries; ignoring them is on the verifier.

Roadmap

Intent declaration is part of the v0.9 schema upgrade. From v0.9.0 the field will be available in the dashboard for any Passport, signed by the same Ed25519 key as the Passport itself, and rendered on the public /p/<id> page. Verifiers will see the declaration in every POST /api/v1/verify response.

Last updated: 2026-05-07 · v0.8.6.0 · All specifications