Preview documentation. Full concept deep-dives land with the v0.2.0 docs release. The summaries below are canonical.
The four primitives
DID — Decentralized Identifier
DID — Decentralized Identifier
Every entity gets a
did:oas:<namespace>:<kind>:<identifier>. The identifier is a multibase-encoded Ed25519 public key. DIDs are cryptographically verifiable without a network call.Lineage Proof
Lineage Proof
A
AgentLineageProof2025 is an Ed25519-signed statement binding a child DID to its parent. Every agent’s lineage chain terminates at a human root.Agent Capability Token (ACT)
Agent Capability Token (ACT)
Short-lived, scoped credentials issued by the Arsenal broker. Replaces raw API keys in agent workflows. Format:
service:resource:action.Skills Policy
Skills Policy
Governance rules for skill invocation. YAML-authored, rate-limited, hash-chain audited, optionally requires human consent.
The three layers
| Layer | Purpose | Home |
|---|---|---|
| OAS | Create and resolve identity | /oas/overview |
| Arsenal | Issue and proxy credentials | /arsenal/overview |
| AEGIS | Verify and authorize | /aegis/overview |