Multi-agent provenance

When work passes between agents, record and verify the lineage.

In a pipeline of AI agents, the hard question after something goes wrong is which agent decided what, and on what basis? Phionyx records every decision and handoff as a signed, hash-chained envelope, so the whole multi-agent run is one replayable provenance chain — not a pile of opaque logs.

This is a research note on the runtime, not a product offering — Phionyx is not for sale yet. Profile involved: Evidence Runtime.

The workflow

  1. 1

    Agent A decides

    Agent A makes a decision (a claim, a tool call, a handoff). It is written as a signed envelope.

  2. 2

    Envelope signed + chained

    The envelope is hash-chained to the prior record — tamper at any link is detected on replay.

  3. 3

    Handoff to Agent B

    Work passes to Agent B. The handoff itself is a recorded event, carrying the lineage forward.

  4. 4

    Lineage recorded

    The chain now answers "who decided what, in what order, on what basis" — end to end, replayable by anyone.

What the provenance chain preserves

  • A cross-agent provenance chain
  • Handoff lineage (who passed what to whom)
  • A replayable record per agent decision
  • Tamper detection across the whole chain

What works today vs. the roadmap

Today: the provenance chain and handoff lineage are real, signed, and replayable. Tampering with any record is detected.

Roadmap: per-agent cryptographic attestation — each agent signing with its own key, so one agent cannot forge another's records — is not built yet. By default the producer field is self-asserted. We name this rather than imply isolation the system does not yet enforce.

The record format is the Evidence Runtime, emitted in AIREP — the neutral interchange format so a chain that crosses vendors still verifies.