Verifiable Intent

The Verifiable Intent specification provides a robust framework for delegation design through its three-layer delegation chain. This architecture creates a tamper-evident audit trail by linking the Principal (the human user), the Agent (the AI), and the Counterparty (the merchant) through a series of cryptographically signed credentials. The Principal issues a Layer 1 (L1) credential delegating authority to the Agent, who then generates a Layer 2 (L2) credential for a specific transaction, disclosing only necessary information. The Counterparty can cryptographically verify the entire chain back to the original human intent, ensuring the agent is acting within its mandate while preserving privacy.

Central to the framework is a sophisticated constraint architecture that makes delegation enforceable at the protocol level. The specification includes eight distinct constraint types that allow a Principal to define the precise boundaries of an agent's authority. These include constraints like `approval_threshold`, which can enforce a maximum transaction value before requiring human intervention, and `scope_restriction`, which can limit an agent to purchasing only from specific merchant categories. This transforms the design of agentic experiences from creating UI patterns that suggest limits to authoring cryptographic structures that enforce them; the payment infrastructure itself makes it impossible for the agent to break the rules.

Verifiable Intent formalises five fundamental shifts from traditional to agentic commerce, moving the ecosystem from a model of implied trust to one of cryptographic proof. In traditional e-commerce, authorisation is implied by card presence or 3D-Secure verification. With Verifiable Intent, it is confirmed by cryptographic proof of delegation. Where dispute resolution previously relied on lengthy chargeback investigations, it can now be streamlined through a tamper-evident audit trail. This transition provides the technical and legal foundation for accountability, answering the critical question: did the human actually authorise this transaction? Without this provable link, commerce executed by autonomous agents would be commercially and legally unviable.

For practitioners of Agentic Experience Design (AXD), Verifiable Intent is a foundational design material that makes abstract principles of trust and delegation concrete and implementable. The immediate consequence is that delegation is now designable at the protocol level. The eight constraint types provide a formal vocabulary for expressing user intent in machine-verifiable terms, shifting the design challenge from merely visualising an agent’s capabilities to authoring the cryptographic mandates that govern its actions. This new infrastructure also provides a powerful mechanism for trust architecture, particularly its transparency layer. The cryptographic audit trail allows designers to build interfaces that offer users verifiable proof that their agents are acting within defined constraints, moving beyond simple reporting to providing immutable evidence of authorised behaviour.

Furthermore, by embedding escalation triggers like approval thresholds directly into the payment protocol, designers can create architecturally enforced boundaries for human-agent interaction. An agent exceeding its spending limit is no longer a software exception but a cryptographically failed transaction, ensuring the human remains in control at critical moments. The publication of Verifiable Intent clarifies the precise role of the AXD practitioner. The specification successfully addresses authorisation and auditing, but it does not solve challenges like assessing agent competence or managing dynamic authority. These gaps define the design space: the AXD professional’s role is to build the trust experiences - the dynamic, contextual, and relational aspects of agentic systems - that sit on top of the powerful trust *infrastructure* that Verifiable Intent now provides.