AI executes. Humans authorize. Machines verify.
Try the Live Demo - Verify your humanity with World ID
English | ζ₯ζ¬θͺ
Proof of Human Intent is a protocol that creates cryptographically verifiable proof that a real human approved critical software actions.
βWho approved this?β βThe AI did.β This protocol ends that conversation.
World ID (ZK Proof) Γ Git Signing Γ Transparency Log
= Verifiable Human Approval
2024: GitHub Copilot writes code
2025: AI Agents create PRs autonomously
2026: AI Agents deploy to production β We're heading here
Question: Can you PROVE a human approved it?
| Traditional | AI Era |
|---|---|
| Human writes code | AI writes code |
| Human reviews | AI reviews |
| Human merges | ??? |
Humans are shifting from "implementers" to "approvers."
But there's no way to cryptographically verify that a humanβnot an AIβactually approved an action.
PoHI answers three questions:
| Question | Technology | Proof |
|---|---|---|
| Who? | PoP Providers | Unique human verification |
| What? | Git + DID | Specific commit approved |
| When? | SCITT Log | Immutable timestamp |
| Provider | Verification Type | Sybil Resistance | Status |
|---|---|---|---|
| World ID | ZK proof (Orb/Device) | High | β Tested |
| Gitcoin Passport | Web3 identity score | Medium | β Tested |
| BrightID | Social graph verification | Medium | β Implemented |
| Civic | Gateway Pass | Medium | β Implemented |
| Proof of Humanity | Kleros registry | High | β Implemented |
| Holonym | ZK identity (Gov ID/ePassport) | High | β Implemented |
| Idena | AI-resistant CAPTCHA | High | β Implemented |
| Coinbase Verifications | KYC attestation (EAS) | High | β Implemented |
| Humanity Protocol | Palm biometric | High | β Implemented |
π Provider Documentation - Configuration, usage examples, and integration guides for each provider.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Proof of Human Intent β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β VERIFY βββββΆβ BIND βββββΆβ RECORD β β
β β "Human?" β β "What?" β β "Proof" β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β β β β
β βΌ βΌ βΌ β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β PoP β β Git+DID β β SCITT β β
β β Provider β β Signing β β Log β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
sequenceDiagram
participant AI as π€ AI Agent
participant GH as π GitHub
participant Human as π€ Human
participant PoHI as π PoHI
participant WorldID as ποΈ World ID
AI->>GH: Create PR
GH->>Human: Review request
Human->>PoHI: Request approval
PoHI->>Human: Show World ID QR
Human->>WorldID: Scan (World App)
WorldID-->>PoHI: ZK Proof (signal=commit SHA)
PoHI->>GH: Status: Verified Human β
GH->>AI: Merge enabled
- Node.js 18+
- World ID App (Download)
- GitHub repository
# Core library (chain-neutral, zero dependencies)
npm install pohi-core
# EVM utilities (for on-chain recording)
npm install pohi-evm
# SDK (full client for World Chain)
npm install pohi-sdk
# CLI tool
npm install -g pohi-cliimport { createAttestation, computeSignal, validateAttestation } from 'pohi-core';
// Create an attestation
const attestation = createAttestation(
// Subject: what is being approved
{
repository: 'owner/repo',
commit_sha: 'abc123...',
action: 'DEPLOY',
description: 'Production deployment v2.0'
},
// Proof: evidence of human verification
{
method: 'world_id',
verification_level: 'orb',
nullifier_hash: '0x...',
signal: computeSignal('owner/repo', 'abc123...')
}
);
// Validate structure and hash integrity
const result = validateAttestation(attestation);
console.log(result.valid); // true# Request human approval for a commit
pohi request --repo owner/repo --commit abc123
# Verify an existing attestation
pohi verify --repo owner/repo --commit abc123# .github/workflows/human-approval.yml
name: Require Human Approval
on:
pull_request:
types: [labeled]
jobs:
verify:
if: github.event.label.name == 'ready-to-merge'
runs-on: ubuntu-latest
steps:
- uses: pohi-protocol/action@v1
with:
world-id-app: ${{ secrets.WORLD_ID_APP_ID }}
required-level: orb| Package | Description | Status |
|---|---|---|
pohi-core |
Core types & validation (zero deps) | β v0.1.0 |
pohi-evm |
EVM utilities (keccak256, encodePacked) | β v0.1.0 |
pohi-sdk |
World Chain client | β v0.1.0 |
pohi-cli |
Command-line tool | β v0.1.0 |
pohi-action |
GitHub Action | β v0.1.0 |
pohi-gitlab-ci |
GitLab CI Component | β v0.1.0 |
pohi-bitbucket-pipe |
Bitbucket Pipe | β v0.1.0 |
pohi-contracts |
Solidity contracts (Foundry) | β v0.1.0 |
pohi-demo |
Next.js + World ID demo | β Live |
"Proof of Human Intent: Cryptographically Verifiable Human Approval for AI-Driven Software Development"
- π IACR ePrint: Submitted (pending review)
- π arXiv: Planned (after ePrint publication)
- π Source:
paper/
@misc{pohi2026,
title={Proof of Human Intent: Cryptographically Verifiable Human Approval for AI-Driven Software Development},
author={Ikko Eltociear Ashimine},
year={2026},
howpublished={IACR Cryptology ePrint Archive}
}On-chain attestation recording is optional and currently in development.
| Network | Status | Contract Address |
|---|---|---|
| World Chain Mainnet | π§ Coming Soon | TBD |
| World Chain Sepolia | β Deployed | 0xe3aF97c1Eb0c1Bfa872059270a947e8A10FFD9d1 |
Note: PoHI works without on-chain recording. The core protocol uses off-chain attestations that can be independently verified. On-chain recording adds an additional immutable transparency layer.
PoHI has undergone an initial self-review focusing on:
- Replay attacks: Mitigated by binding attestations to specific commit SHAs
- Impersonation risks: Prevented by World ID's ZK proof of personhood
- CI/CD workflow integrity: Isolated verification in ephemeral containers
For full security documentation, see SECURITY.md.
| Attack | Mitigation |
|---|---|
| Sybil (fake identities) | World ID nullifier hash |
| Replay (reuse proof) | Commit SHA in signal |
| Tampering | Merkle tree proofs |
| Impersonation | ZK proof of personhood |
- World ID Orb correctly identifies unique humans
- Transparency log is append-only
- Cryptographic primitives are secure
- Architecture design
- Paper draft (Abstract)
- Core library implementation
- EVM utilities package
- SDK for World Chain
- CLI tool
- GitHub Action
- GitLab CI Component
- Bitbucket Pipe
- Smart contracts (Foundry)
- Demo application (Next.js + World ID)
- npm publish (v0.1.0)
- Live demo deployment
- Security self-review (see SECURITY.md)
- IACR ePrint submission
- arXiv cross-posting
- External audit
- v1.0 release
| Technology | Purpose | Link |
|---|---|---|
| World ID | Proof of personhood | docs.world.org |
| IETF SCITT | Supply chain transparency | datatracker.ietf.org |
| Sigstore | Keyless code signing | sigstore.dev |
| W3C DID | Decentralized identifiers | w3.org |
| W3C VC | Verifiable credentials | w3.org |
We have submitted our academic paper on PoHI to IACR ePrint (pending review). Cross-posting to arXiv is planned after ePrint publication.
Seeking arXiv Endorsement: If you have endorsement capability in cs.CR (Cryptography and Security) or cs.SE (Software Engineering), we would appreciate your support for future arXiv submission. Please open an issue or contact us directly.
- Click the button above, or open in VS Code with Dev Containers extension
- Wait for container to build (includes Node.js 20, Foundry, Playwright)
- Run
npm run dev -w pohi-demoto start the demo app
# Clone repository
git clone https://github.com/pohi-protocol/pohi.git
cd pohi
# Install dependencies
npm install
# Build all packages
npm run build
# Run tests
npm test
# Start demo app
npm run dev -w pohi-demoContributions are welcome! This project is in early stages.
- β Star this repo to show support
- π Open issues for discussion
- π§ PRs welcome after v0.1 release
See CHANGELOG.md for version history and release notes.
Web3 is not for speculation. It's infrastructure for preserving human intent and accountability.
As AI takes over implementation, humans become approvers. PoHI ensures that approval is real, verifiable, and permanent.
Proof of Human Intent (PoHI) is published as prior art.
This repository and associated publications define the original concept and reference implementation of PoHI. The intent is to enable open research, standardization, and interoperable implementations of cryptographically verifiable human intent in AI-driven systems.
See NOTICE for full attribution and prior art declaration.
An implementation may describe itself as "PoHI-compatible" if it satisfies the following conditions:
"PoHI-compatible" refers to systems or implementations that align with the Proof of Human Intent (PoHI) protocol as defined in this repository and associated publications.
PoHI-compatible implementations are expected to:
- Follow the core concept of cryptographically verifiable human intent
- Preserve the distinction between human approval and automated actions
- Support verifiable provenance of intent (e.g., signatures, logs, or proofs)
- Avoid treating PoHI as a mechanism for identity disclosure or KYC
Implementations claiming PoHI compatibility are expected to reference this repository as the original definition and prior art of PoHI, and clearly document any deviations from the reference implementation.
PoHI compatibility does not require strict conformance to a single implementation. PoHI is designed as an open protocol concept, and compatible implementations may vary in architecture or cryptographic primitives, provided the core intent model remains intact.
"PoHI-compatible" is a descriptive term, not a trademark. Use of this term does not imply endorsement or affiliation with the PoHI authors.
Projects are encouraged to describe their implementation as "PoHI-compatible" rather than redefining the PoHI concept independently.
For detailed compatibility levels (Core / Extended / Advanced), see docs/pohi-compatibility.md.
Proof of Human Intent
Your approval, cryptographically preserved for the future.