JustAct framework enables auditable multi-agent AI across organizations
New framework ensures AI actions can't be later refuted, proven in Rust and Rocq
JustAct is a formal framework for building multi-agent systems where agents operate across organizational boundaries, each subject to complex and dynamic policies. The researchers prove a key property: any decision that an action is permitted at a given time remains valid even if policies or agreements are updated later. This ensures auditability and non-repudiation. The framework combines a policy language for expressing norms (e.g., EU GDPR, patient consent) with distributed runtime mechanisms that collect and verify justifications for each agent action.
To demonstrate feasibility, the team specified the policy language in Rocq (a proof assistant) and implemented a runtime system in Rust. They then recreated the usage scenarios of Brane, an existing inter-domain medical data processing platform. The case study shows JustAct can enforce complex, layered policies—like allowing data sharing only with EU hospitals when Bob has consented—while maintaining full audit trails. This work lays a foundation for trustworthy AI systems in regulated industries like healthcare and finance.
- JustAct proves that once an action is permitted, no later policy update can retroactively invalidate it—critical for audit trails.
- The framework was formally specified in Rocq and implemented in Rust, then validated against the Brane medical data system.
- Supports dynamic policies across organizations, combining EU data protection laws with per-patient consent conditions.
Why It Matters
Enables auditable, policy-compliant AI agents for healthcare and finance across organizational boundaries.