Every signature
leads back to a human.
Omega's lineage chain is the cryptographic answer to "who authorized this?" Every agent, tool, workflow, model, dataset, and service is derived from a human root key (HMR) through HKDF-SHA256. Each derivation is signed; the chain is verifiable end-to-end. When a brane does something, you can prove which human, three or twelve steps up, ultimately authorized it.
HKDF-SHA256 · per-namespace
Ed25519 at every link
human · enr · agent · tool · brane
unlimited · BLAKE3-anchored
The properties
that matter.
HMR (Human Master Root) — usually a hardware key or 2-of-3 FROST
ENR — an organization, signed by HMR
Derived from ENR or another agent via HKDF + signature
A spawn instance, signed by its owning agent
Walk the chain in either direction; every link is a signed certificate
OAS DID documents · published, revocation-aware
What it
looks like running.
$ω lineage trace did:omega:brane:api/v1.4
chain (4 hops, all valid)
did:omega:brane:api/v1.4
↑ signed by agent control-plane (sig:RJk...)
did:omega:agent:control-plane/v0.1
…
What you
can rely on.
Every brane has a human ancestor
There is no autonomous action without a traceable human authorization. The brane key is derived from an agent key, which is derived from an ENR, which is signed by a human HMR.
The chain is self-verifying
You don't need our service to verify a chain. Every signature is on the wire; every public key is published in OAS DID documents. Air-gap confidently.
Revocation propagates in 30s
If a key is compromised, the OAS revocation feed propagates to every substrate within 30 seconds. Branes derived from the revoked key fail their next capability check.
Aligns with NIST AI accountability
The lineage chain is exactly the kind of cryptographic accountability that emerging AI governance frameworks require for autonomous agents.