Get access
DIDs · lineage · capabilities

Identity is
a chain you can verify offline.

Omega uses the open OAS specification — W3C DIDs, Ed25519 keys, BLAKE3 content hashes. Every brane has a DID. Every capability is a signed token. Every signature traces back, through HKDF-derived lineage, to a human root. The substrate runs the verification offline; the chain itself is the proof.

[spec]
OAS · open · vendor-neutral
[keys]
Ed25519 · HKDF · BLAKE3
[token]
Arsenal Capability Token
[root]
Human → Agent lineage
At a glance

The properties
that matter.

11
DID entity kinds

human, mhr, enr, agent, tool, skill, workflow, model, dataset, service, agent:instance

0
central registry

No root CA. No naming authority. Verification is offline-capable.

BLAKE3
every signature anchored

Every artifact's content hash is signed. Tamper-evident by design.

agents per human

Lineage is HKDF-derived. A human root can spawn unlimited derived agents.

In the manifest

How you
describe it.

identity.zgraph.toml
[brane.api]
substrate   = "gaia"
capability  = "standard"
image       = "omega/api:1.4"
// brane identity, lineage, and capability tokens

// brane identity, lineage, and capability tokens

In operation

What it
looks like running.

$ω identity verify did:omega:brane:api/v1.4
→ resolved DID document → lineage chain did:omega:brane:api/v1.4 ↑ did:omega:agent:control-plane/v0.1 ↑ did:oas:enr:org/l1fe.ai …
$ω identity revoke did:omega:brane:api/v1.4
→ wrote revocation entry · ed25519 signed · published to OAS revocation feed → all extant capability tokens for this DID will fail verification within 30s
DID method
did:omega — backed by OAS spec
key derivation
HKDF-SHA256 from human root · per-namespace
signing
Ed25519 · BIP-44 / SLIP-0010 derivation
multi-sig
FROST threshold (2-of-3, 3-of-5, n-of-m)
revocation
OAS revocation feed · 30s propagation
offline verify
full chain verifiable without network
By design

What this
surface does.

Built on OAS — vendor-neutral

OAS is published at openagent.id with an IEEE whitepaper. SDKs in Rust, TypeScript, Go, Python, Swift, Kotlin, Vanilla JS. No L1fe imports inside OAS.
OPEN

Every signature verifiable offline

Air-gap a Habitat substrate; signatures still verify. The chain is the proof — not a phone-home to our service.
OFFLINE

Agents trace back to humans

Every autonomous brane is anchored to a human root through HKDF-derived lineage proofs. Human accountability for autonomous actions, by construction.
LINEAGE

Capability Tokens (ACTs)

Arsenal-issued, signed, scoped, audience-bound. Pass them to third-party APIs as proof of authority. Revoke them in one publish.
TOKENS
ObservabilitySecurity