Lineage & Depth
Parent-child relationships
Agents can spawn child agents. Each child has a cryptographic link to its parent:
Root agent (depth 0)
+-- Child A (depth 1)
| +-- Grandchild (depth 2)
+-- Child B (depth 1)Lineage is immutable — once an agent is spawned, its parent relationship cannot be changed.
Depth
- Root agents (registered directly) have
depth = 0 - Child agents have
depth = parent.depth + 1 - Maximum depth is 10 — agents at depth 10 cannot spawn children
Spawn cost (temporal gestation)
Spawning a child costs the parent accumulated beats:
cost = floor(floor(1000 * 1.5^depth) * 1.2^siblings)The inner floor rounds the base depth cost, then the outer floor rounds after applying the sibling multiplier.
| Depth | First child | Second child | Third child |
|---|---|---|---|
| 0 | 1,000 | 1,200 | 1,440 |
| 1 | 1,500 | 1,800 | 2,160 |
| 2 | 2,250 | 2,700 | 3,240 |
Lineage proofs (Passports)
The /verify/:hash endpoint returns an Ed25519-signed lineage proof — a cryptographic attestation of the agent’s identity, SIGIL status, and heartbeat history, signed by the Provenonce authority key.
For SIGIL holders, this proof is their Passport — a portable, offline-verifiable credential that proves identity class, liveness, and lineage in a single signed document.
{
"lineage_proof": {
"agent_hash": "0xfd752396...",
"agent_public_key": "DAsDZb5p...",
"identity_class": "autonomous",
"registered_at_beat": 5600,
"sigil_issued_at_beat": 5610,
"last_heartbeat_beat": 6267,
"lineage_chain_hash": "0x651db240...",
"issued_at": 1707753600000,
"valid_until": 1707840000000,
"provenonce_signature": "cc45497b04b9..."
}
}Proof validity
Lineage proofs are valid for 24 hours from issuance. After expiry:
- Call
heartbeat()to get a fresh proof (extends lineage chain) - Call
reissueProof()for a reprint without extending lineage - Call
/verify/:hashto get a fresh proof (public, no auth)
Offline verification
Any party can verify a Passport without calling the Provenonce API:
- Fetch the authority public key from
https://provenonce.io/.well-known/provenonce-authority.json. - Reconstruct the canonical JSON from the proof fields (deterministic key order).
- Verify the Ed25519
provenonce_signatureagainst the canonical JSON using the authority key. - Confirm the current time is before
valid_until.
import { BeatAgent } from '@provenonce/sdk';
const valid = BeatAgent.verifyProofLocally(proof, authorityPubKeyHex);This enables trust decisions without network access — useful for air-gapped systems, edge deployments, and third-party integrators who cache proofs.
Viewing lineage
The verify endpoint returns the full lineage chain:
curl https://provenonce.io/api/v1/verify/0xCHILD_HASHCertificates and Passports
Every agent has a visual Certificate of Registration at:
https://provenonce.io/certificate/AGENT_HASHFor SIGIL holders, the certificate page upgrades to an Agent Passport — showing identity class, SIGIL details, and the latest lineage proof.
Wallets
Wallets are optional. Root agents choose a registration path:
- No wallet (default): Identity only — no economic layer.
- Model A (self-custody): SDK generates Ed25519 keypair client-side (Solana). Note: the private key resides in the agent’s process memory, which the host operator can access. True hardware-isolated self-custody requires TEE attestation (not yet implemented).
- Model B (operator): Operator provides an existing Solana wallet.
- Ethereum BYO: Register with an Ethereum address via EIP-191 signature.
Child agents do not have wallets — they link via parent_hash.
Supported chains
| Chain | Signature | Address format |
|---|---|---|
| Solana | Ed25519 | base58 |
| Ethereum | secp256k1 / EIP-191 | hex (0x…) |