Secure multi-agent orchestration
When Agent A delegates to Agent B who delegates to Agent C — every hop is scoped, signed, and auditable.
The Problem
Multi-agent systems create delegation hierarchies. An orchestrator spawns specialists, who may spawn their own sub-agents. Without a delegation protocol, permissions expand uncontrollably and audit trails break at each handoff.
The Solution
IDProva DATs are designed to chain. Each delegation can only narrow permissions — never widen. Depth limits prevent unbounded chains. The receipt log captures every action across the entire hierarchy.
Key capabilities
Chainable Delegation
Agent A delegates to B, B delegates to C. Each token cryptographically linked to its parent. Scopes only narrow.
Depth Limits
Set maximum delegation depth per token. Prevent unbounded re-delegation chains.
Cross-Agent Receipts
BLAKE3 hash-chained receipts span the entire agent hierarchy. One tampered entry breaks the whole chain.
A2A Protocol Support
Works with Google A2A protocol. IDProva adds the identity and delegation layer A2A needs.
# Orchestrator delegates to researcher (depth 1)
$ idprova dat issue \
--issuer "did:aid:co:orchestrator" \
--subject "did:aid:co:researcher" \
--scope "mcp:tool:web:search" \
--scope "mcp:tool:filesystem:read" \
--max-depth 1 --expires-in "2h"
# Researcher sub-delegates to scraper (depth 0)
$ idprova dat issue \
--parent $RESEARCHER_DAT \
--subject "did:aid:co:scraper" \
--scope "mcp:tool:web:search" \
--max-depth 0 --expires-in "30m"
# Scraper CANNOT re-delegate (depth 0)
# Scraper CANNOT read files (scope narrowed)