Judgment Event Protocol

v1.0.1

Record and verify cryptographically signed, tamper-proof judgment, delegation, termination, and verification events for AI agent decision audits.

⭐ 0· 68·0 current·0 all-time

byJEP (Judgment Event Protocol)@schchit

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for schchit/judgment-event-protocol.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Judgment Event Protocol" (schchit/judgment-event-protocol) from ClawHub.
Skill page: https://clawhub.ai/schchit/judgment-event-protocol
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install judgment-event-protocol

ClawHub CLI

Package manager switcher

npx clawhub@latest install judgment-event-protocol

Security Scan

Capability signals

CryptoRequires walletRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name, description, and instructions all describe a minimal cryptographic event logging protocol and show how to use the 'jep-protocol' Python library to sign and verify events. Required binaries (python3, pip) listed in metadata are appropriate for the examples. Minor metadata mismatches exist (registry metadata/version vs _meta.json/version and owner fields), but these are administrative inconsistencies and do not change the skill's functional purpose.

✓

Instruction Scope

SKILL.md stays on scope: it instructs installing the 'jep-protocol' package and using its API to create/sign/verify JEP events. It explicitly warns against hardcoding private keys and recommends secure key management. The instructions do not direct the agent to read unrelated system files, access unrelated credentials, or transmit data to unknown endpoints beyond PyPI/GitHub links mentioned for the package.

ℹ

Install Mechanism

This is an instruction-only skill that tells the user to run 'pip install jep-protocol'. Using PyPI is expected for a Python library but carries typical risks: packages can execute arbitrary code during install. The SKILL.md points to a GitHub org and recommends verifying the package source and pinning versions, which is good practice. No download-from-untrusted-URL or obfuscated installer is present.

✓

Credentials

No environment variables, credentials, or config paths are required by the skill itself. The documented need for private/public keys is proportional to a signing/verification library and is explicitly called out as something that must be provided from a secure store. There are no unexplained or unrelated credential requests.

✓

Persistence & Privilege

The skill is not forced-always (always: false) and is user-invocable; model invocation is enabled (default) which is normal for skills. The skill does not request persistent system-wide privileges or modify other skills' configs. Note: if you allow the agent to run shell commands (e.g., to pip install), ensure it cannot access private keys or other secrets at runtime without explicit user approval.

Assessment

This skill appears to do what it says (a small Python library for signing/verifying judgment events). Before installing or allowing an agent to run it: (1) review the 'jep-protocol' PyPI package source (the linked GitHub repo) and pin to a reviewed version/hash; (2) install in an isolated environment (virtualenv or container) because pip packages can run code at install time; (3) keep private keys in a secure store (not in prompts or skill files) and only expose them to the runtime if you trust the agent and environment; (4) confirm that the registry metadata (owner/version) matches the package source if provenance matters; and (5) consider manual code review of the package if you will use it with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

accountabilityvk978sgrp4cpaqw746bbqw5e99984wt5nauditvk978sgrp4cpaqw746bbqw5e99984wt5ned25519vk978sgrp4cpaqw746bbqw5e99984wt5njepvk978sgrp4cpaqw746bbqw5e99984wt5njudgmentvk978sgrp4cpaqw746bbqw5e99984wt5nlatestvk978sgrp4cpaqw746bbqw5e99984wt5nprovenancevk978sgrp4cpaqw746bbqw5e99984wt5n

68downloads

0stars

2versions

Updated 1w ago

v1.0.1

MIT-0

name: judgment_event_protocol description: Cryptographic event logging for autonomous agents. Record tamper-proof judgment, delegation, termination, and verification events using the Judgment Event Protocol. Provides verifiable decision trails with JCS canonicalization and Ed25519 signatures. user-invocable: true tags:

jep
judgment
delegation
provenance
audit
accountability
jcs
ed25519 metadata: openclaw: requires: bins: [python3, pip]

Judgment Event Protocol (JEP)

You have a minimal, verifiable event logging system for AI agent decisions. Use it when you need to record judgments, delegate authority, terminate decision lifecycles, or verify existing events with cryptographic integrity.

Setup

pip install jep-protocol

Security Considerations

This skill handles cryptographic keys and external dependencies. Please observe the following practices to ensure safe usage:

🔑 Private Key Management: Private keys should never be hardcoded in agent prompts, source files, or shared in conversations. Always store keys using a secure key manager (e.g., environment variables, secret management services, HSMs, or hardware tokens). The code examples below assume private_key and public_key are securely loaded from such a source.
📦 Package Integrity: The jep-protocol PyPI package is open source. Verify its integrity by checking the source code at https://github.com/hjs-spec/jep. Consider pinning the package to a reviewed version hash in your dependency manager.
🧪 Environment Isolation: Before integrating the library into production systems or granting access to sensitive keys, test it in an isolated environment (e.g., a Python virtual environment or a container).

When to Use This Skill

When you need to record an agent's decision for future audit
When you delegate a task to another agent and need proof of handoff
When you terminate a decision process and want to seal the record
When you need to verify the integrity of an existing event chain
When building accountability trails for compliance or debugging

Core Verbs

JEP defines four immutable verbs:

Verb	Name	Purpose
`J`	Judge	Initiate a new decision or root audit event
`D`	Delegate	Transfer decision authority to another agent
`T`	Terminate	Close the decision lifecycle
`V`	Verify	Verify authenticity of an existing event

Event Structure (JSON Example)

A minimal JEP event before signing:

{
  "jep": "1",
  "verb": "J",
  "who": "did:example:agent-123",
  "when": 1742345678,
  "what": "sha256:e8878aa9a38f4d123456789abcdef01234",
  "nonce": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "aud": "https://platform.example.com",
  "ref": null
}

Core Operations

Record a Judgment Event (J)

from jep import JEPEvent, Verb

# Assumes private_key is loaded from a secure source
event = JEPEvent(
    verb=Verb.J,
    who="did:example:agent-123",
    what="sha256:hash-of-decision-content",
    aud="https://platform.example.com"
)
receipt = event.sign(private_key)
print(receipt.to_json())

Record a Delegation Event (D)

event = JEPEvent(
    verb=Verb.D,
    who="did:example:agent-123",
    what="sha256:hash-of-delegation-details",
    aud="https://platform.example.com",
    ref="hash-of-parent-event"  # Link to previous event
)

Record a Termination Event (T)

event = JEPEvent(
    verb=Verb.T,
    who="did:example:agent-123",
    what=None,
    aud="https://platform.example.com",
    ref="hash-of-decision-chain-head"
)

Record a Verification Event (V)

event = JEPEvent(
    verb=Verb.V,
    who="did:example:verifier-456",
    what=None,
    aud="https://platform.example.com",
    ref="hash-of-target-event"
)

Verify an Existing Receipt

from jep import verify_receipt

result = verify_receipt(
    receipt_json,
    public_key,
    expected_aud="https://platform.example.com"
)

if result.valid:
    print("Signature valid, chain intact")
else:
    print(f"Verification failed: {result.error}")
    # Possible error codes:
    # - INVALID_SIGNATURE: Signature doesn't match
    # - REPLAY_DETECTED: Nonce already seen
    # - EXPIRED: Timestamp outside allowed window
    # - BROKEN_CHAIN: Parent event hash mismatch
    # - INVALID_AUDIENCE: aud field doesn't match expected value

Optional Privacy Extensions

JEP supports modular extensions for privacy and compliance:

Extension	Purpose
`digest-only`	Anonymize actor identities with salted hashes
`multisig`	Require multiple signatures for distributed accountability
`ttl`	Auto-expire events for data retention compliance
`storage`	Decouple event storage from protocol for data sovereignty
`subject`	Explicitly reference decision subjects for traceability

Relationship to HJS and JAC

JEP is the foundational event format for the broader accountability stack:

Layer	Protocol	Purpose
Base	JEP	Tamper-proof event recording (this skill)
Responsibility	HJS	Human oversight and privacy protection
Causality	JAC	Cross-agent judgment chain tracking

JEP events serve as the immutable data layer that HJS and JAC build upon. All three protocols share the same JSON canonicalization (JCS/RFC 8785) and signature scheme (JWS/RFC 7515).

Comments

Loading comments...