Agent Identity
Autonomous software agents with portable cryptographic identity. Privileged authority resolves through Sigil-finalized lineage edges.
Key derivation in progress. Parent signs the lineage proof. HKDF-SHA256 derives the child key from the parent's key material.
The agent's DID document is being constructed. Verification method and authentication relationships are assembled. The agent does not yet exist on the network.
Agent identity is established but not yet active. DID document is published. Capabilities are loaded but not exercised.
The agent can receive capability delegations. Its lineage proof is verifiable. It awaits activation from its parent or an authorized controller.
Agent is fully operational. Can sign documents, delegate to children, use capabilities, and participate in protocols.
This is the primary operating state. The agent's key is hot and available for signing. All delegated capabilities are live. Telemetry is streaming.
Temporarily deactivated by parent or governance. Existing tokens revoked. Can be reactivated without re-genesis.
The agent's signing capability is frozen. Child delegations are paused. The DID document remains published but marked as suspended. No new signatures are possible.
Operating with reduced capabilities. May occur due to partial key rotation, capability expiry, or health check failures.
Some capabilities are unavailable. The agent continues to function with whatever capabilities remain valid. A health report is generated for the parent.
Permanent deactivation. All child identities recursively revoked. The identity is cryptographically dead and cannot be reactivated.
Revocation cascades through the entire descendant tree. Every child agent, tool, and service derived from this agent is also terminated. The DID document is tombstoned.
No Amplification
A child agent cannot have more permissions than its parent. Delegation can only narrow, never widen.
Lineage Bound
Every delegation references the lineage proof chain. Verify any delegation by walking up to the HMR root.
Time Bounded
Delegations carry expiry timestamps. No perpetual delegations. Renewal requires re-signing.
Revocable
Any ancestor in the lineage chain can revoke a descendant. Revocation cascades to all children.
A persistent identity representing the agent's capabilities, lineage, and long-lived state. The DID document includes verification methods and services.
An ephemeral running instance of an agent. Has its own derived key for session signing. Instances are short-lived and automatically revoked on termination.