A machine-readable trust chain stamped on each artifact recording the model version, skill version, knowledge-base hash, and validation pass log that produced it.
How it works
When an agentic pipeline emits an artifact, it stamps a structured record onto that artifact: which model version ran, which skill version drove it, the hash of the knowledge base it read, and the log of validators it passed. The record sits on the artifact rather than in a separate audit log, so a reader who finds the artifact has the trust trail attached. Reconstructing the producing process is a read of the artifact, not a query into a system the reader may not have access to.
Why it matters
Per-artifact stamps turn "an agent made this" into an inspection a reader can run without re-executing the pipeline. The trade-off is that the stamp is only as strong as the inputs it names: a record pointing at an unversioned skill, a moving knowledge base, or a validator log no one keeps is worth less than no stamp because it claims a chain that does not hold. The mechanism also answers "what produced this," not "whether it was right"; process and correctness are different questions, and a stamp can pass on the first while saying nothing about the second.
In practice
A published page carries a provenance block naming the model and skill versions it ran under and the validation log it cleared. A reader who wants to verify the page does not have to re-run the pipeline; they read the block, look up the named versions, and confirm those versions passed the gates the block names. If the named skill version no longer exists, the block tells them that too: silently passing was not an option.
Related standards and prior art
- W3C PROV overview · continuously updated standardizes artifact provenance generically; this practice instantiates it for an agentic pipeline
- PROV-AGENT (arXiv 2508.02866) · 2025-08-04 · (seminal prior art) related work formalizing provenance for agentic workflows
Defined by Ready Solutions AI