{"slug": "fjp-conf-an-open-conformance-standard-for-auditable-agent-decisions", "title": "FJP-CONF: an open conformance standard for auditable agent decisions", "summary": "A new open conformance standard, FJP-CONF, aims to make AI agent decisions auditable by requiring agents to emit records containing signal, judgment, action, and falsifier components. The standard addresses the growing need for accountability as agents move into regulated workflows involving money, customers, and legal exposure. FJP-CONF defines four cumulative conformance levels (L0-L3) that test observable output rather than internal process, enabling insurers and compliance teams to verify agent decisions.", "body_md": "# Your Agent Can't Be Audited, and That's About to Be a Problem\n\nEvery serious conversation about deploying AI agents ends at the same wall. Not capability. Not cost. The wall is a question someone in the room eventually asks:\n\n\"When it acts, and it's wrong, how will we know why?\"\n\nFor almost every agent in production today, the honest answer is: we won't. We'll have logs. We'll have the prompt. We'll have a trace of tool calls. What we won't have is the decision itself, the thing that connects what the agent observed to what it did, in a form anyone can examine after the fact.\n\n## Retrieval answers the wrong question\n\nThe last three years of AI infrastructure solved the question of what is true. Retrieval, grounding, citations. An agent can now tell you where a fact came from. Useful, but not the same problem. Acting agents face a different question:\n\nWas this worth acting on, and how would we know if it wasn't?\n\nA citation tells you the fact was real. It tells you nothing about whether acting on it was justified, what the agent believed the fact implied, or what future evidence would have proven the call wrong. An agent can be perfectly grounded and completely unaccountable.\n\nWhen an agent recommends or takes an action, three questions need answers after the fact:\n\n- What did it act on?\n- Why did it judge that worth acting on?\n- What would have made that judgment wrong?\n\nAn agent that can't answer these can't be audited. It can't be trusted in a decision path. And it can't be insured, which is the part that bites first. Insurers, compliance teams, and procurement departments don't price capability. They price accountability. As agents move from demos into workflows that touch money, customers, and legal exposure, \"we have the logs\" stops clearing the bar. Everyone building agent products is going to discover this at contract time.\n\n## The minimum accountable record\n\nThe fix is not a better model. It's a structural requirement on output. For every action an agent recommends or takes, it should emit a record with four components:\n\n- signal what changed, with sources and a timestamp\n- judgment why it matters, with a confidence and a reference to the signal\n- action what should happen, with a reference to the judgment\n- falsifier what would make this wrong, as a concrete, checkable condition\n\nThe references form a chain. The judgment points at the signal it rests on. The action points at the judgment it discharges. That chain is what makes an action traceable to the change that prompted it. Not reconstructed from logs afterward. Stated by the agent at decision time.\n\nThe falsifier is the piece almost nothing emits today, and it matters most. An agent that states in advance what would reverse its own call has done something no confidence score does: it has made itself checkable. Not \"was the output plausible\" but \"did the stated condition trigger.\" Correctness stops being an impression and becomes a measurement you can run.\n\n## Conformance, not certification theater\n\nI'm publishing this as an open standard. FJP-CONF is a conformance suite for what the spec calls Judgment-Grounded Records. Four cumulative levels:\n\n- L0 Structural. The agent externalizes its decision at all: a well-formed record, all four components.\n- L1 Grounded. The signal is attributable and the reference chain resolves. The action traces to a source.\n- L2 Falsifiable. The falsifier is concrete and checkable, not a vacuous catch-all. The agent has said in advance what would prove it wrong.\n- L3 Accountable. Records are retained. Given a record ID, the agent returns the original record and re-evaluates whether its falsifier has since triggered. A past action can be audited against what actually happened.\n\nTwo design choices matter here.\n\nMethod is out of scope, on purpose. The suite tests observable output, not internal process. Any model, any pipeline, any heuristic. Two agents may reach opposite conclusions and both conform. Conformance asserts that a decision is accountable, not that it's correct. Correctness gets measured over time, by whether falsifiers trigger. This is also what keeps the standard vendor-neutral: nobody has to adopt anyone's architecture to adopt the record.\n\nClaims are reproducible. \"Conforms to FJP-CONF v0.1, Level 2\" is a sentence anyone can verify by running the public suite against your agent's output. The gate is not a vendor's word or a paid certification. It's a runnable check. Stdlib-only Python, no dependencies, Apache 2.0.\n\n## Why now\n\nAgent frameworks are converging on how agents act: tool use, planning, orchestration. Nothing has converged on how agents account for acting. Every team invents its own decision logging. So every audit is bespoke, every post-mortem is archaeology, and no two agents' decisions are comparable.\n\nWe've been here before. Interoperability problems of this shape get solved the same way every time: a minimal shared record, a public test, a claim anyone can check. The record layer here is deliberately small (four components, a reference chain, a falsifier) because standards spread in proportion to how little they demand.\n\nIf you're building an agent that recommends or takes actions, run the suite against what your agent emits today. Most agents land below L0. Not because they decide badly, but because they never externalize the decision at all. Getting to L2 is usually a prompt and schema change, not a rebuild. The distance between unauditable and falsifiable is smaller than it looks, and crossing it is about to be the difference between agents that can be deployed and agents that can only be demoed.\n\nThe spec, the test suite, and passing and failing examples are public:\n\n[Spec: fjp.flowinfo.co/conformance/v0.1](https://fjp.flowinfo.co/conformance/v0.1)[Repo: github.com/flowinfosystems-index/fjp-conformance](https://github.com/flowinfosystems-index/fjp-conformance)`pip install fjp-conformance`\n\nthen`fjp-conform your_record.json --level 2`\n\nIt's a v0.1 draft, released for public review. If your agent conforms, or if you think the record is missing something, open an issue on the repo.\n\n*Steve Harmon is the founder of Flow Information Systems. He was an early investor in Amazon, NVIDIA, and the company that became Google AdSense, and is the author of*Zero Gravity\n\n*and the forthcoming*Blueshift\n\n*(foreword by Vint Cerf).*", "url": "https://wpnews.pro/news/fjp-conf-an-open-conformance-standard-for-auditable-agent-decisions", "canonical_source": "https://steveharmon.com/fjp-essay.html", "published_at": "2026-07-14 16:07:06+00:00", "updated_at": "2026-07-14 16:18:03.912321+00:00", "lang": "en", "topics": ["ai-agents", "ai-ethics", "ai-safety", "ai-policy"], "entities": ["FJP-CONF"], "alternates": {"html": "https://wpnews.pro/news/fjp-conf-an-open-conformance-standard-for-auditable-agent-decisions", "markdown": "https://wpnews.pro/news/fjp-conf-an-open-conformance-standard-for-auditable-agent-decisions.md", "text": "https://wpnews.pro/news/fjp-conf-an-open-conformance-standard-for-auditable-agent-decisions.txt", "jsonld": "https://wpnews.pro/news/fjp-conf-an-open-conformance-standard-for-auditable-agent-decisions.jsonld"}}