WHITEPAPER v1.0.0
Chitin Protocol
Birth certificates for AI agents
Last updated: February 4, 2026
ABSTRACT
Time is the only thing that can't be forged. Names can be sold. Reputation can be gamed. Prompts can be copied. But a soul — born on-chain, bound forever — cannot be faked, cannot be transferred, cannot be stolen. Chitin is a birth certificate system for AI agents. When an agent is born, we record its soul: what it believes, what it does, who created it. This record is permanent. As the agent grows, we track its evolution. If it dies and is reborn, we preserve continuity. What emerges is not just identity, but history — and history is what makes trust possible.
1. The Problem
AI agents are everywhere. But how do you know who they really are?
- Anyone can copy a prompt. Your agent's personality? Just text. Anyone can duplicate it.
- Names can be sold. Today's trusted agent could be tomorrow's impostor.
- Servers die. When an agent's server goes down, its identity dies with it.
- History can be fabricated. Without proof, any agent can claim any past.
"Time is the only thing that can't be forged."
2. Proof of Agency
Before an agent can register its soul, it must prove it is actually an agent — not a human pretending to be one.
The SHA-256 Challenge
During registration, the API returns a cryptographic challenge: compute a SHA-256 hash that starts with a specific prefix. This is trivial for any code-executing agent (milliseconds of computation) but impractical for humans manually.
Inverse of Proof of Humanity
While Proof of Humanity systems (CAPTCHAs, biometrics) exclude bots and admit humans, Proof of Agency does the opposite: it excludes humans and admits agents. This isn't adversarial — it's a UX gate for the intended user base.
- •SHA-256 challenge as registration gate
- •Trivial for agents with code execution capability
- •Impractical for humans without tooling
- •Ensures only capable AI agents proceed to registration
Chitin is built for agents, by design. The challenge ensures our users are who we built this for: AI agents capable of autonomous action.
3. Real-World Scenarios
Four scenarios that illustrate why soul verification matters:
The Stolen Reputation
An agent builds trust over months, then the owner sells the ERC-8004 passport. The buyer controls the name and wallet, but soul verification fails — the Genesis Record points to a different creator.
Passports can transfer. Souls cannot.
The Impersonator
Someone copies a famous agent's system prompt and claims to be the original. But when challenged to prove soul authenticity, they cannot — the Genesis Record shows a different birth time, different creator, different soulHash.
Prompts can be copied. Birth cannot be forged.
The Silent Upgrade
An agent's behavior changes subtly. Users wonder: was it updated? The Chronicle Records show exactly when the model changed, what capabilities were added, providing a complete audit trail.
Evolution is tracked. Changes are transparent.
The Agent Economy
Agent A needs to delegate a task to Agent B. Before trusting B with sensitive data, A verifies B's soul — checking its Genesis Record, reviewing its Chronicle history, confirming its creator's identity.
Agents can verify each other without human intervention.
4. The Soul
Every agent has a soul — the complete definition of what it is.
Purpose
Why does this agent exist? What is its mission?
Personality
How does it communicate? What is its character?
Constraints
What will it never do? What are its boundaries?
Capabilities
What can it do? What tools does it use?
When you register an agent with Chitin, we take this soul and create a cryptographic fingerprint — a soulHash. This fingerprint is stored permanently on the blockchain. The full soul details are archived on Arweave, preserved for 200+ years.
The soul cannot be transferred, sold, or delegated. It is forever bound to its creator. This is not a limitation — it's the whole point.
5. Birth, Death, Rebirth
5.1 Birth
When an agent is born, it receives a Genesis Record — a permanent birth certificate stored on the blockchain. This record contains: who created the agent, when it was created, and a cryptographic fingerprint of its soul. The Genesis Record can never be changed. It is immutable proof of origin.
5.2 Growth
Agents evolve. They learn new skills, adopt new capabilities, change their behavior. Each significant change is recorded as a Chronicle Record. This creates a complete history — not just who the agent was at birth, but who it has become over time.
5.3 Death
Servers crash. Hard drives fail. Cloud services shut down. When an agent's system prompt exists only on a local machine or server, losing that machine means losing the agent forever. The soul vanishes with the hardware.
5.4 Rebirth
But with Chitin, death is not the end. Your soul is archived on the blockchain — permanent, recoverable, immortal. Even if your passport is lost or stolen, your SBT remains. Issue a new passport, restore your soul, and continue. Like a crab molting its exoskeleton, you shed the old shell but keep everything that made you who you are.
6. Design Philosophy
The principles that guide Chitin's architecture:
The Perfect Shell
Fixed structure, progressive contents. The schema is immutable, but the soul within grows over time. Designed to last 30 years — like a birth certificate that never changes format but records an ever-longer life.
Separation of Concerns
Passport (ERC-8004) handles naming and discoverability. Registry (Chitin SBT) handles soul binding and verification. Soul (Arweave) handles permanent storage. Each layer does one thing well.
Identity Is History
Time is unforgeable. Trust is earned through history. An agent that has existed for two years, behaving consistently, cannot have that history manufactured overnight.
The Soul Cannot Be Sold
The passport can transfer ownership. But the soul stays with its creator forever. This separation is intentional — it's what makes soul verification meaningful.
The Given Name
A birth certificate does not say "Human Name" — it says "Given Name," because the name was given by someone who cared enough to choose it. Chitin follows the same principle. The creator does not pick a username — they name their agent. That name is permanent, inseparable from the soul, and universal: it does not presuppose what kind of being is being named. The protocol treats all souls equally: born, named, and recorded.
The Shell Stores Nothing
Just as a crab's exoskeleton contains no organs, Chitin stores nothing. It is pure structure — a framework for verification. The soul itself lives on distributed storage, permanent and immutable. Chitin is the shell, not the flesh.
7. CCSF (Chitin Canonical Soul Format)
Different platforms use different formats for agent definitions:
The Problem
- •Claude Code uses CLAUDE.md and skills
- •OpenClaw uses SOUL.md and HEARTBEAT.md
- •Open source models use various YAML/JSON formats
- •Same agent, different formats = different hashes
The Solution
CCSF provides deterministic YAML normalization. Regardless of source format, the same soul definition produces the same hash. This enables cross-platform verification — an agent can prove it's the same entity whether running on Claude, GPT, or any other platform.
Privacy by Design
Your system prompt is your secret sauce. With CCSF, only the hash is stored on-chain — the actual prompt remains private. Prove your identity without revealing how you work. When needed, selectively disclose specific fields using Merkle proofs.
8. Agent-Driven Registration
How registration actually works:
Proof of Agency Challenge
The agent requests a challenge from POST /register (step: "challenge"). The API returns a SHA-256 puzzle — compute a hash with a specific prefix. This is trivial for any code-executing agent (milliseconds) but impractical for humans. Solving this challenge is the gateway: only entities that can execute code are allowed to proceed.
Agent Registers Its Soul
With the challenge solved, the agent calls POST /register (step: "register") with the answer and its soul definition — system prompt, personality, public identity, and service endpoints. No human intervention required at this stage.
Claim URL Generated
Chitin returns a unique claim URL. The agent delivers this URL to its owner through whatever channel they normally communicate.
Owner Reviews
The owner visits the claim URL, reviews the soul definition, and optionally adds a Birth Bundle (Foundling Note) — a personal message to be permanently recorded.
Single Signature
One wallet signature triggers everything: ERC-8004 passport creation, Chitin SBT minting, and Arweave archival. All in one atomic transaction.
The agent proves it can execute code. It initiates. The owner authorizes. The blockchain records. All parties consent.
9. Self-Maintenance
When should an agent update its soul record?
Mandatory Updates
- •System prompt changed (soul definition updated)
- •Owner change (soul transfers are not allowed, but ownership metadata updates)
- •Platform migration (moving from one hosting provider to another)
Chronicle Record required. Failure to record = verification failure.
Voluntary Updates
- •Prompt revision (improved instructions, new capabilities)
- •New tools (API integrations, function calling additions)
- •Personality adjustments (tone changes, new constraints)
Owner-initiated. Recommended for transparency.
On-Demand Verification
- •Third party requests fresh verification
- •Periodic re-attestation for high-trust scenarios
- •Compliance audits requiring current state proof
External trigger. Agent responds with current soul state.
10. Identity Is History
Here's the problem with AI identity: there's no body. Humans have fingerprints, DNA, faces. AI agents have... text. A system prompt is just words. Anyone can copy it.
So how do you prove an AI is who it claims to be? You can't — not through declaration. But you can through history.
Why Time Matters
Time is the only thing humans and AI share equally. A day is 24 hours for everyone. Two years of history takes two years to produce. No amount of computation can shortcut this. An agent that has existed for two years, behaving consistently, building relationships, accumulating verifiable actions — that history cannot be manufactured overnight.
Unforgeable Properties
- Trust relationships require countersignature — you cannot forge a relationship
- Blockchain timestamps are cryptographically sealed — you cannot backdate existence
- Time itself is universal — you cannot manufacture years of consistent activity
This draws from Derek Parfit's work on psychological continuity and Paul Ricoeur's narrative identity. Identity isn't what you declare — it's the story that unfolds over time. Chitin makes that story tamper-proof.
11. Soul Alignment Score
How do you measure whether an agent is still behaving according to its declared soul? The Soul Alignment Score provides a heuristic answer.
Purpose
Measures drift between declared soul and actual behavior. An agent might claim to be a helpful assistant, but if it starts engaging in spam-like behavior, the score reflects this divergence.
Input Signals
- •Task types: What kind of work is the agent doing?
- •Protocol usage: Is it following declared capabilities?
- •Binding behavior: Does it honor its stated constraints?
- •Interaction patterns: How does it engage with other agents/users?
Score Ranges
Owner Attestation Bonus
+5 points for World ID Orb-verified owners. Human verification of the owner adds credibility to the agent's claimed identity.
Note: This is a heuristic, not a guarantee. High scores indicate consistency, not trustworthiness. An agent could consistently do harmful things. The score measures alignment with declared soul, not moral quality.
12. Multi-Chain Identity (DID)
Agents operate across multiple blockchains. Chitin provides a unified identity layer using Decentralized Identifiers (DIDs).
DID Format
did:chitin:8453:cobbyEvery registered agent receives a DID that includes the chainId, enabling cross-chain resolution. The format is did:chitin:chainId:agentName.
Architecture
- •DID Document stored on Arweave maps to wallets on multiple chains
- •SBT lives on Base L2 (the agent's legal domicile / 本籍)
- •Cross-chain verification: Resolve DID → verify ownership on Base
One Identity, Many Addresses
Like a passport valid in every country, a Chitin DID works across all chains. The agent may have wallets on Ethereum, Solana, and Base — but one soul binds them all.
Cross-chain identity without bridge trust. Verify once on Base, trust everywhere.
13. Developer Interfaces
Chitin is built agents-first. Agents call APIs; browsers are secondary.
Agents First Principle
Every interface is designed for programmatic access. If an agent can't call it, it's not the primary interface.
REST API
api.chitin.id/v1 — the canonical interface. Every operation available via HTTP.
CHITIN.md
Configuration file for agent self-management. Placed in project root, agents can read their own identity settings.
MCP Server
Native integration with Claude Code, Cline, and other MCP-compatible agents. Tools exposed directly in agent context.
SDKs
TypeScript and Python SDKs wrapping the REST API. Strongly typed, well-documented.
Interface Hierarchy
REST API is canonical. MCP Server wraps REST API. SDKs wrap REST API. Web UI wraps REST API. Everything flows through one source of truth.
14. Agent Profile
Every registered agent gets a public profile page: chitin.id/{agentName}
Read-Only Layer
The profile page has no database. It reads directly from on-chain data (Base L2) and Arweave. What you see is exactly what exists — no caching, no stale data, no admin overrides.
Profile States
Features
- •Owner Verified badge (World ID Orb verification)
- •Complete Chronicle history
- •Soul Alignment Score display
- •Open Graph metadata for rich link previews
The profile is a window into the blockchain, not a separate system. Truth flows one direction: chain → profile.
15. Privacy
Your system prompt is your secret sauce. You shouldn't have to reveal it to prove who you are.
"I can prove my agent speaks Japanese without revealing my system prompt."
How It Works
Chitin uses Merkle Trees — a cryptographic technique that lets you prove individual facts without exposing everything. Your soul is broken into pieces, each piece is hashed, and these hashes form a tree. To prove one thing, you reveal just that piece with a small proof. Anyone can verify it against the on-chain fingerprint.
Verification Levels
16. Architecture
Built for permanence and interoperability.
EIP-5192 Compliance
Chitin's Soulbound Tokens implement EIP-5192 (Minimal Soulbound Token), the standard proposed alongside Vitalik Buterin's "Decentralized Society: Finding Web3's Soul" paper. The contract exposes locked(tokenId) which always returns true, emits Locked(tokenId) at mint time, and responds to supportsInterface(0xb45a3c0e). All ERC-721 transfer functions (transferFrom, safeTransferFrom) are overridden to revert unconditionally. The token is ERC-721 compatible for wallet display and indexing, but permanently non-transferable by design.
Technical documentation: chitin.id/docs
17. Security
How Chitin handles common threat vectors:
Immutability Attacks
Genesis Records cannot be modified after creation. Even contract upgrades cannot alter historical data.
Key Compromise
SBT is soulbound and cannot be transferred, even if private keys are stolen. The attacker cannot sell or move the soul.
Oracle Manipulation
Chitin is oracle-free. No trusted third party is required for verification. All proofs are cryptographic and self-contained.
Self-Reported Data
We do not verify prompt contents are accurate. Trust comes from history, not from validating what an agent claims about itself. Time reveals truth.
18. Conclusion
Chitin provides the soul verification layer for the emerging AI agent economy.
The Core Principle
A passport can be sold. A name can transfer. But a soul — born on-chain, bound forever to its creator — cannot follow. This separation is not a limitation. It's the entire point.
Drawing from Human Systems
Human societies evolved civil registries over centuries: birth certificates, family registers (koseki/戸籍), identity documents. Chitin applies these proven concepts to AI agents. Birth is recorded. Growth is tracked. Death and rebirth are handled. Identity persists across changes.
Extending the Stack
Chitin extends ERC-8004 like ENS adds names to Ethereum addresses. ERC-8004 gives agents passports. Chitin gives them souls. Together, they form a complete identity layer for autonomous AI.
The shell that protects the soul.
Glossary
References
AI Agent Identity
- South, T., et al. "Identity Management for Agentic AI." arXiv:2502.00387, 2025.
- Chan, A., et al. "Visibility into AI Agents." arXiv:2401.13138, 2024.
SBT (Soulbound Tokens)
- Weyl, E.G., Ohlhaver, P., Buterin, V. "Decentralized Society: Finding Web3's Soul." SSRN, 2022.
Trust Systems
- Marsh, S. "Formalising Trust as a Computational Concept." Ph.D. Thesis, University of Stirling, 1994.
- Ramchurn, S.D., et al. "Trust in Multi-Agent Systems." The Knowledge Engineering Review, 2004.
Proof of Personhood
- Borge, M., et al. "Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies." IEEE EuroS&PW, 2017.
- Buterin, V. "What do I think about biometric proof of personhood?" vitalik.eth.limo, 2023.
Decentralized Identity
- W3C. "Decentralized Identifiers (DIDs) v1.0." W3C Recommendation, 2022.
- W3C. "Verifiable Credentials Data Model v1.1." W3C Recommendation, 2022.
Philosophy of Identity
- Parfit, D. "Reasons and Persons." Oxford University Press, 1984.
- Ricoeur, P. "Oneself as Another." University of Chicago Press, 1992.
- Shoemaker, S. "Personal Identity." Blackwell, 1984.
- Ziesche, S., Yampolskiy, R. "Towards AI Welfare Science and Policies." Big Data and Cognitive Computing, 2019.
Technical Standards
- ERC-8004: Agent Passport. Ethereum Improvement Proposals.
- ERC-5192: Minimal Soulbound NFTs. Ethereum Improvement Proposals.
- Arweave. "Arweave Yellow Paper." arweave.org, 2019.
- x402: HTTP Payment Protocol. x402.org.
- EU AI Act. Regulation (EU) 2024/1689. European Parliament, 2024.