Lineage is enforced cryptographically: every signing key is HKDF-derived from its parent, and every entry must be signed by a key whose chain terminates in an HMR.
Resolving lineage
reggie install agent/web-research
Verifies, in order:
- Entry signature against the publishing key.
- Publishing key against its ENR namespace record.
- ENR record against the MHR or HMR that issued it.
- MHR/HMR existence and non-revocation on Sigil.
Any failure returns a non-zero exit code with a precise error.
Lineage SQL
WITH RECURSIVE chain(did, parent, depth) AS (
SELECT did, parent, 0
FROM lineage
WHERE did = 'did:oas:l1fe:agent:web-research@3.4.0'
UNION ALL
SELECT l.did, l.parent, chain.depth + 1
FROM lineage l, chain
WHERE l.did = chain.parent
)
SELECT * FROM chain ORDER BY depth;
Why this matters
Without enforced lineage, a malicious publisher could:
- Pretend to be someone else (no.)
- Insert a "ghost" agent with no traceable origin (no.)
- Roll a key without leaving a trail (no.)
Lineage closes those holes. The chain may be long, but it always reaches a real person.