PIC Standard: Provenance & Intent Contracts

PIC Standard adds machine-verifiable contracts to agent calls and actions. Before any high-impact tool call, the agent must submit an Action Proposal (schema + verifier). If trust/evidence is insufficient, it fails closed and blocks the action. Current version supports resolvable SHA-256 evidence. Ships with a CLI and drop-in LangGraph + MCP integrations. Incoming cryptographic signing for trusted provenance and signed API attestations (external verification).

The PIC contract (what an agent proposes before a tool call)

PIC uses an Action Proposal JSON (schema: PIC/1.0). The agent emits it right before executing a tool:

• intent: what it’s trying to do
• impact: risk class (money, privacy, compute, irreversible, ...)
• provenance: which inputs influenced the decision (and their trust)
• claims + evidence: what the agent is asserting and which evidence IDs support it
• action: the actual tool call being attempted (tool binding)

Evidence (v0.3): Resolvable SHA‑256 artifacts

PIC v0.3 adds deterministic evidence verification: evidence IDs can point to a real artifact and be validated via SHA‑256. What this gives you

• evidence[].id is no longer just a label — it can be resolved to a file (file://...) and verified.
• Verification is fail‑closed: if evidence can’t be resolved or verified, high‑impact actions are blocked.
• “Trusted” becomes an output of verification (in‑memory): verified evidence IDs upgrade
• provenance[].trust to trusted before the verifier runs.