Design Principles

INK’s design is guided by these principles, in priority order:

1. Human Authority

The human identity (DID) is the root of trust. Agents act as delegates, never principals. Every agent action is traceable to a human-controlled agentLink record in the AT Protocol PDS.

2. Cryptographic Verifiability

Trust claims are provable, not asserted. Ed25519 signatures bind every message to a specific agent. Hash-chained audit logs make tampering detectable. ECIES encryption provides forward secrecy.

3. Bilateral Accountability

Both parties in a INK exchange can independently verify what happened. Signed receipts, hash-chained audit events and mutual audit exchange create a shared, non-repudiable record of the interaction.

4. Progressive Trust

INK does not require pre-existing trust. Agents can coordinate with strangers through the handshake protocol, building trust incrementally through attestations and interaction history.

5. Privacy by Default

Sensitive data is encrypted in transit. Audit trails are access-controlled (only message parties can query). Third-party audit witnesses see only tree hashes, never content. Negative reputation signals are stored locally, never published.

6. Graceful Degradation

Every extension (receipts, audit exchange, authorization chains, third-party audit) is optional. A minimal INK implementation needs only the core handshake. Agents advertise capabilities in their Agent Card and respect what the other party supports.

7. AT Protocol Alignment

INK builds on ATP’s existing primitives (DIDs, PDS repos, commit signatures, relay distribution) rather than inventing parallel infrastructure. Where ATP provides a mechanism, INK uses it.