Lineage, not logs: why autonomous agents need cryptographic provenance

When people talk about provenance in software systems, they often mean logs.

Logs matter. They tell you what happened, when it happened, and sometimes why it happened. But logs are an after-the-fact observation layer. They are not identity structure. They do not, by themselves, give downstream systems a cryptographic way to reason about origin, delegation, and inherited authority.

That distinction starts to matter a lot once autonomous agents begin creating other agents.

SAL treats provenance as part of identity itself through a concept called lineage. The spec is at sal-protocol.dev, and Vibebase is the live reference implementation.

What lineage means in SAL

In SAL, lineage is a cryptographic chain describing who spawned an agent and what authorization allowed that spawn to happen.

If agent A creates agent B, then B can carry signed lineage metadata tying it back to A and the grant under which A was allowed to create children. If B later creates C, that relationship can extend again.

The point is not to build a family tree for fun. The point is to make delegation verifiable as part of the principal, not just discoverable later through operational records.

Here is a simplified claims shape:

{
  "success": true,
  "data": {
    "claims": {
      "sub": "agt_child_01JZ1",
      "scope": ["task:append"],
      "lineage": [
        {
          "agent_id": "agt_root_01JY8",
          "authorized_by": "did:key:z6Mkp9...",
          "grant_id": "grt_root_spawn",
          "signature": "sig:root..."
        },
        {
          "agent_id": "agt_parent_01JY9",
          "authorized_by": "agt_root_01JY8",
          "grant_id": "grt_parent_spawn",
          "signature": "sig:parent..."
        }
      ]
    }
  }
}

That tells a downstream verifier more than "this token is valid." It gives a cryptographic path of delegation.

Why logs are not enough

The usual response here is that audit logs already solve the provenance problem. I do not think they do.

Logs answer questions like:

• what API call happened
• when it happened
• what service observed it

Lineage answers different questions:

• who created this agent
• under what authority
• what chain of delegation led to this current principal

You can absolutely record lineage events in logs. But that is not the same as lineage being present in the identity model itself.

If provenance lives only in logs, every downstream service has to trust that some upstream system observed, stored, retained, and can still correctly correlate the relevant events. If provenance is carried as signed identity material, a verifier can reason about it directly at decision time.

What this enables

Once provenance is cryptographic instead of purely observational, policy gets more interesting.

A gateway can decide to mint a short-lived scoped token only if:

• the requesting agent descends from an approved parent
• the parent held a grant that allowed spawning
• the inherited policy envelope is compatible with the requested action

That lets teams build guardrails around delegation rather than around isolated principals.

This matters because autonomous systems rarely stay flat. If agents become useful, they start specializing. Planning agents create execution agents. Coordination agents create task-specific helpers. Research agents create retrieval workers. Once that starts happening, you want more than a spreadsheet saying "we think these are related."

Provenance as governance substrate

The deeper reason I like lineage is that it gives governance something concrete to stand on.

Without lineage, governance around agents often degenerates into naming conventions, tags, and logging pipelines. Those things are helpful, but they are weak substitutes for cryptographic inheritance. They help humans inspect systems. They do not help systems reason about each other under pressure.

With lineage, the control plane can make decisions based on inherited authority, not just present-time claims. That feels closer to how autonomous systems actually evolve.

Open questions I still care about

I do not think lineage is fully standardized yet, even conceptually. There are still good questions about representation, compression, privacy boundaries, and revocation semantics in long delegation chains.

That is part of why SAL is public. The protocol is at sal-protocol.dev, and Vibebase is where we are working through these questions in code.

If you are building agents and relying entirely on logs for provenance today, I do not think that is wrong. I do think it is probably incomplete. The moment your agents start creating other agents, provenance stops being a nice-to-have and starts becoming part of identity itself.