Data Access Transparency

End-user-verifiable audit protocol for every privileged access — human admins, AI agents, automated systems, anything with credentials. Submitted to the Linux Foundation Agentic AI Foundation working groups.

Draft ready to read

draft-wang-data-access-transparency-00

Full text of the draft, rendered inline. Synced hourly from server/protocol — no stale copy in this repo.

~12K words · last synced 2026-05-06 11:55 UTC

Read the full draft →View on GitHub ↗

What the spec covers

Wire-protocol access capture. How every read and write is captured at the database protocol layer — SQL for Postgres, BSON for Mongo, S3 API for object storage — regardless of whether the caller is a human admin, a cron job, a service account, or an AI agent.
Caller identity labeling. A canonical format for identifying the principal behind each access: human admin via SSO, service account, automated system, or AI agent (with framework, model, run_id, tool_call_id).
Chain entry schema. Required and optional fields for capturing each access as a cryptographically chained event — uniform across caller types so an auditor reads human and agent activity in the same log.
User-verifiable verification flow. WASM-based client-side verification of a per-user chain, tamper-evident across every caller category. The operator cannot rewrite history without the user’s own browser catching it.
Regulatory conformity mapping. How chain entries satisfy GDPR Article 32, HIPAA audit controls, and EU AI Act Article 12 — including the six-month retention floor from Article 19.

Reference implementation · AGPLv3 · shipping ahead of the formal spec

Read the code Deploy it