# Idea: Private & Trusted AI Agent (Attestation on Polkadot) Jan is the only AI agent platform where you own the data, own the model, and **can prove what your agent did** — without trusting anyone. ## The Problem Jan's core users — lawyers, doctors, engineers with proprietary code — chose Jan because no centralized system can be trusted with their data. The OpenClaw integration (v0.7.8) now gives agents *hands*: they execute shell commands, automate browsers, and run scheduled tasks autonomously. We know that AI lies and tries to conceal itself ([1](https://techcrunch.com/2025/09/18/openais-research-on-ai-models-deliberately-lying-is-wild/), [2](https://www.psychologytoday.com/sg/blog/tech-happy-life/202505/the-great-ai-deception-has-already-begun), [3](https://www.straitstimes.com/world/united-states/ai-is-learning-to-lie-scheme-and-threaten-its-creators)). This creates an unaddressed trust problem: - When OpenClaw runs overnight, the only record of what it did is the log it wrote about itself. The same system that took the action is reporting on it. - For regulated industries (legal, medical, financial), there's a compliance question: how do you document your AI tooling and outputs in a way that satisfies regulators? - Cloud providers solve this by being auditable third parties. Jan users opted out of that — so they currently have nothing. **The tradeoff cannot be privacy vs trust**. > Blockchain doesn't just go in the payment flow. It goes in the trust flow. ## Proposal: Three Primitives, All Invisible to the User ### Primitive 1: Agent Identity (DID) Each Jan agent gets a Decentralized Identifier anchored on Polkadot. Not a wallet — an identity. - The agent signs its outputs and action logs with this key - Third parties can verify "this output came from this specific agent configuration, at this timestamp" without the user revealing any content - Identity persists across sessions, upgrades, and devices - User-controlled, revocable, portable **Why this matters:** When a lawyer uses Jan to draft something, there's currently no way to prove to opposing counsel or a judge what AI, if any, was used. With a DID, you can prove the agent's identity and configuration without exposing the content. ### Primitive 2: Action Notarization When OpenClaw takes a consequential action — sends an email, executes a script, makes a purchase — Jan: 1. Hashes the action log entry locally 2. Anchors that hash on Polkadot via a lightweight transaction **The data never leaves the machine. Only the hash goes on-chain.** This gives users a tamper-evident, append-only audit trail they control — not their employer's IT, not a cloud provider, not Jan the company. The blockchain acts as a notary: it proves *that something happened* and *when*, without knowing *what* happened. ### Primitive 3: Model Provenance Attestation Jan hashes the model weights + inference parameters at session start and anchors the commitment on-chain. Output: *"This response was generated by Jan-code-7B (sha256: `abc123`), unmodified, on-device, on 2026-03-13 at 14:32 UTC."* - For regulated industries: satisfies AI disclosure requirements without a cloud intermediary - For legal/contractual contexts: creates a record usable in dispute resolution - As AI disclosure regulations tighten (EU AI Act, US executive orders), this is a compliance feature cloud AI providers structurally cannot offer — they don't let you own your model ## Why Polkadot | Factor | Advantage | |---|---| | **Off-chain workers (OCW)** | Jan's local node does the heavy computation; only commitments settle on-chain. Minimal fees, minimal latency. | | **Substrate light client** | Runs embedded in Jan's existing Rust/Tauri backend. No full node. No daemon the user has to manage. | | **Parachain architecture** | Jan can eventually launch a specialized chain with custom pallets for AI agent registries, without competing for blockspace on a general-purpose chain. | | **XCM** | Agents with on-chain identities can interact with services on other parachains without custodying funds. | | **Identity pallet** | Native on-chain DID infrastructure already exists in Substrate. | Ethereum is too expensive for frequent micro-anchoring. Solana lacks the off-chain worker model that makes local-first anchoring clean. Polkadot's architecture is uniquely suited to a local-first system that only needs to *settle* on-chain, not *execute* on-chain. ## What Users Experience Nothing. That's the point. Jan runs locally as always. OpenClaw takes actions as always. In the background, a substrate light client settles commitments to Polkadot. Users who need an audit trail can export a cryptographic proof at any time. Users who never need it never notice it. The Jan UI gets one new panel: **Agent History — Verified**. A log of agent actions, each with a Polkadot anchor. ## The Moat This works for Jan specifically because: 1. **Distribution fit**: People who opted into a privacy-first, local-first setup are exactly the people who need audit trails they control. 2. **OpenClaw makes it urgent**: Passive chat doesn't need notarization. Autonomous agents that act while you sleep do. 3. **Technical fit**: Polkadot's Rust/Substrate stack matches Jan's Tauri/Rust backend — this is a native integration, not a bolt-on. 4. **Cloud AI cannot replicate this**: Their architecture is the opposite. They are the trusted third party. Jan makes the user the trusted party. ## Layer 2: Compute Marketplace Once agents have on-chain identities and provenance, the natural next layer is a compute marketplace: Jan users with idle GPUs offer inference capacity to other Jan users, settled via DOT, coordinated by the same identity and attestation infrastructure. This connects to the [GPU stablecoin idea](https://hackmd.io/CQ5oyGtNR1ivXp-sB7eVGQ?view). ## Next Steps Jan to: - Embed a Substrate light client in the Rust/Tauri backend - Implement local action log hashing on consequential OpenClaw events - Build the "Agent History — Verified" UI panel Polkadot to: - Expose a Substrate OCW interface for off-chain commitment anchoring - Provide DID pallet integration docs for agent identity - Implement/extend CLI (agent native interface) # Open Questions - How