AEGIS is the verification and authorization layer. It consumes OAS identity results and turns them into request-time decisions.

Verification result

OpenAgent middleware receives a canonical VerificationResult after AEGIS checks a DID: 
{
  "did": "did:oas:mainnet:agent:weather-bot",
  "signature_valid": true,
  "lineage_valid": true,
  "lineage_depth": 2,
  "human_root": "did:oas:mainnet:hmr:alice",
  "revocation_status": "active",
  "liveness_status": "active",
  "conformance_level": 2,
  "warnings": [],
  "verified_at": "2026-03-21T14:30:00Z"
}

Trust tiers

LevelTierRequirements
0AnonymousValid key possession. No registered identity or lineage required.
1IdentifiedResolvable registered L1feID or OAS identity.
2SovereignFull lineage walk to an HMR or MHR root with active revocation status.
Day-one access control treats levels above 2 as equivalent to 2 until later tiers are finalized.

Revocation rule

Revocation checks must not be served from cache. Even when other verification data is cached, AEGIS refreshes revocation status before allowing a DID to proceed.
Revoked, suspended, or expired DIDs must not be treated as verified. If any ancestor in a lineage chain is revoked, descendants fail privileged verification.

Policy layer

AEGIS evaluates:
  • trust tier requirements,
  • route and scope policy,
  • time windows,
  • rate limits,
  • spending limits,
  • delegated authority,
  • human approval tokens,
  • liveness freshness,
  • warning thresholds.

Where AEGIS sits

Before Arsenal grants

Arsenal only grants route capabilities after AEGIS verification succeeds.

After OAS verifies

AEGIS does not redefine lineage. It applies policy to the OAS verifier result.