🔏 Proof of Human Intent (PoHI)

AI executes. Humans authorize. Machines verify.

Try the Live Demo - Verify your humanity with World ID

---

🎯 What is PoHI?

Proof of Human Intent is a protocol that creates cryptographically verifiable proof that a real human approved critical software actions.

“Who approved this?” “The AI did.” This protocol ends that conversation.

World ID (ZK Proof) × Git Signing × Transparency Log
= Verifiable Human Approval

---

🔥 Why Now?

2024: GitHub Copilot writes code
2025: AI Agents create PRs autonomously  
2026: AI Agents deploy to production     ← We're heading here

Question: Can you PROVE a human approved it?

The Problem

Traditional	AI Era
Human writes code	AI writes code
Human reviews	AI reviews
Human merges	???

Humans are shifting from "implementers" to "approvers."

But there's no way to cryptographically verify that a human—not an AI—actually approved an action.

---

💡 How It Works

PoHI answers three questions:

Question	Technology	Proof
Who?	PoP Providers	Unique human verification
What?	Git + DID	Specific commit approved
When?	SCITT Log	Immutable timestamp

Supported PoP Providers

Provider	Verification Type	Sybil Resistance	Status
World ID	ZK proof (Orb/Device)	High	✅ Tested (2025-01)
Gitcoin Passport	Web3 identity score	Medium	✅ Tested (2025-01)
BrightID	Social graph verification	Medium	🔧 Implemented
Civic	Gateway Pass	Medium	🔧 Implemented
Proof of Humanity	Kleros registry	High	🔧 Implemented

Architecture

┌─────────────────────────────────────────────────────────────┐
│                  Proof of Human Intent                       │
├─────────────────────────────────────────────────────────────┤
│                                                              │
│   ┌──────────┐    ┌──────────┐    ┌──────────┐              │
│   │  VERIFY  │───▶│   BIND   │───▶│  RECORD  │              │
│   │ "Human?" │    │  "What?" │    │ "Proof"  │              │
│   └──────────┘    └──────────┘    └──────────┘              │
│        │               │               │                     │
│        ▼               ▼               ▼                     │
│   ┌──────────┐    ┌──────────┐    ┌──────────┐              │
│   │   PoP    │    │ Git+DID  │    │  SCITT   │              │
│   │ Provider │    │ Signing  │    │   Log    │              │
│   └──────────┘    └──────────┘    └──────────┘              │
│                                                              │
└─────────────────────────────────────────────────────────────┘

Approval Flow

sequenceDiagram
    participant AI as 🤖 AI Agent
    participant GH as 🐙 GitHub
    participant Human as 👤 Human
    participant PoHI as 🔏 PoHI
    participant WorldID as 👁️ World ID

    AI->>GH: Create PR
    GH->>Human: Review request
    Human->>PoHI: Request approval
    PoHI->>Human: Show World ID QR
    Human->>WorldID: Scan (World App)
    WorldID-->>PoHI: ZK Proof (signal=commit SHA)
    PoHI->>GH: Status: Verified Human ✅
    GH->>AI: Merge enabled

Loading

---

🚀 Quick Start

Prerequisites

• Node.js 18+
• World ID App (Download)
• GitHub repository

Installation

# Core library (chain-neutral, zero dependencies)
npm install pohi-core

# EVM utilities (for on-chain recording)
npm install pohi-evm

# SDK (full client for World Chain)
npm install pohi-sdk

# CLI tool
npm install -g pohi-cli

Basic Usage

import { createAttestation, computeSignal, validateAttestation } from 'pohi-core';

// Create an attestation
const attestation = createAttestation(
  // Subject: what is being approved
  {
    repository: 'owner/repo',
    commit_sha: 'abc123...',
    action: 'DEPLOY',
    description: 'Production deployment v2.0'
  },
  // Proof: evidence of human verification
  {
    method: 'world_id',
    verification_level: 'orb',
    nullifier_hash: '0x...',
    signal: computeSignal('owner/repo', 'abc123...')
  }
);

// Validate structure and hash integrity
const result = validateAttestation(attestation);
console.log(result.valid); // true

CLI Usage

# Request human approval for a commit
pohi request --repo owner/repo --commit abc123

# Verify an existing attestation
pohi verify --repo owner/repo --commit abc123

GitHub Action

# .github/workflows/human-approval.yml
name: Require Human Approval

on:
  pull_request:
    types: [labeled]

jobs:
  verify:
    if: github.event.label.name == 'ready-to-merge'
    runs-on: ubuntu-latest
    steps:
      - uses: pohi-protocol/action@v1
        with:
          world-id-app: ${{ secrets.WORLD_ID_APP_ID }}
          required-level: orb

---

📦 Packages

Package	Description	Status
pohi-core	Core types & validation (zero deps)	✅ v0.1.0
pohi-evm	EVM utilities (keccak256, encodePacked)	✅ v0.1.0
pohi-sdk	World Chain client	✅ v0.1.0
pohi-cli	Command-line tool	✅ v0.1.0
pohi-action	GitHub Action	✅ v0.1.0
pohi-gitlab-ci	GitLab CI Component	✅ v0.1.0
pohi-bitbucket-pipe	Bitbucket Pipe	✅ v0.1.0
pohi-contracts	Solidity contracts (Foundry)	✅ v0.1.0
pohi-demo	Next.js + World ID demo	✅ Live

---

📄 Paper

"Proof of Human Intent: Cryptographically Verifiable Human Approval for AI-Driven Software Development"

• 📝 arXiv: In preparation (expected 2026)
• 📁 Source: paper/

Citation

@article{pohi2026,
  title={Proof of Human Intent: Cryptographically Verifiable Human Approval for AI-Driven Software Development},
  author={Ikko Eltociear Ashimine},
  journal={arXiv preprint},
  year={2026}
}

---

⛓️ On-Chain Verification

On-chain attestation recording is optional and currently in development.

Network	Status	Contract Address
World Chain Mainnet	🔧 Coming Soon	TBD
World Chain Sepolia	🔧 Coming Soon	TBD

Note: PoHI works without on-chain recording. The core protocol uses off-chain attestations that can be independently verified. On-chain recording adds an additional immutable transparency layer.

---

🔐 Security Model

Security Considerations

PoHI has undergone an initial self-review focusing on:

• Replay attacks: Mitigated by binding attestations to specific commit SHAs
• Impersonation risks: Prevented by World ID's ZK proof of personhood
• CI/CD workflow integrity: Isolated verification in ephemeral containers

For full security documentation, see SECURITY.md.

Threat Model

Attack	Mitigation
Sybil (fake identities)	World ID nullifier hash
Replay (reuse proof)	Commit SHA in signal
Tampering	Merkle tree proofs
Impersonation	ZK proof of personhood

Trust Assumptions

• World ID Orb correctly identifies unique humans
• Transparency log is append-only
• Cryptographic primitives are secure

---

🗺️ Roadmap

• Architecture design
• Paper draft (Abstract)
• Core library implementation
• EVM utilities package
• SDK for World Chain
• CLI tool
• GitHub Action
• GitLab CI Component
• Bitbucket Pipe
• Smart contracts (Foundry)
• Demo application (Next.js + World ID)
• npm publish (v0.1.0)
• Live demo deployment
• Security self-review (see SECURITY.md)
• arXiv submission
• External audit
• v1.0 release

---

📚 Related Work

Technology	Purpose	Link
World ID	Proof of personhood	docs.world.org
IETF SCITT	Supply chain transparency	datatracker.ietf.org
Sigstore	Keyless code signing	sigstore.dev
W3C DID	Decentralized identifiers	w3.org
W3C VC	Verifiable credentials	w3.org

---

🤝 Contributing

Contributions are welcome! This project is in early stages.

• ⭐ Star this repo to show support
• 🐛 Open issues for discussion
• 🔧 PRs welcome after v0.1 release

---

📜 License

Apache License 2.0

---

💬 Philosophy

Web3 is not for speculation. It's infrastructure for preserving human intent and accountability.

As AI takes over implementation, humans become approvers.
PoHI ensures that approval is real, verifiable, and permanent.

---

Proof of Human Intent
Your approval, cryptographically preserved for the future.