Sealed Message-State Hash. The cryptographic seal that binds every Tre’gent receipt to the exact reasoning state from which the action was issued. Receipts say what the agent did. SMSH says what the agent knew when it did it. The two together are auditable. Either alone is not.
An LLM has no persistent native memory between calls. Whatever the agent reasoned over — instructions, retrieved context, prior turn history, tool outputs, policy — existed only inside that one inference window. The instant the call returns, the substrate forgets. SMSH captures the cryptographic fingerprint of that window before it dissolves, and binds it to the receipt that records the action the agent then took.
Without SMSH, a receipt can only claim “the agent did X at time T.” With SMSH, the receipt also says “reasoning from state hash smsh:…, which any holder of the canonical pre-image can byte-match.” The action is no longer separable from the reasoning that authorized it.
The system prompt, the user/principal instruction, and any tool-use directives present at execution time. Hashed in canonical order.
RAG hits, vector lookups (SVU surface), prior turn history, tool outputs returned into the window. Bound by content hash.
The SHOD policy snapshot evaluated at the moment of action — allowlist, daily cap, recipient cap, price window, trust tier, anomaly state.
The agent identity, the principal/HAHS handle, and the delegation chain in effect when the inference resolved.
SMSH is deterministic. Given the same inputs, any verifier reproduces the same hash. The construction is canonicalization first, hash second.
Every Tre’gent receipt carries the SMSH value in a top-level smsh field. Re-deriving the hash from the published pre-image must equal that field byte for byte. If it does not, the receipt is rejected by the offline verifier.
SMSH ships as four live tiers. Each addresses a different audit demand and maps directly to the AFIR signing pipeline.
One SHA-256 over the canonicalized state record. Bound into every Tre’gent receipt issued by the Hive Lattice. Verifiable offline against the published canonicalization rule and the issuer’s Ed25519 key.
| Hash | SHA-256 over canonical-sorted JSON |
|---|---|
| Encoding | base64url, no padding |
| Receipt field | smsh (top-level) |
| Status | LIVE on the transaction harness |
| Verifier | Tre’gent offline verifier · verify_receipt.py |
When an action’s authority traces back through multiple lineage entries, SMSH-Quorum requires at least K of N lineage SMSH values to carry valid signatures before the descendant receipt is honored. The predicate fires inside Tre’gent’s ancestor evaluation. Used for delegated authority chains and multi-agent quorum actions.
| Predicate | K-of-N over ancestor SMSH signatures |
|---|---|
| Default | K = 2, N = 3 (configurable per principal) |
| Receipt field | smsh_quorum (when invoked) |
| Status | LIVE · claim A on the Tre’gent page |
When state changes between turns — a tool output revises a fact, a policy snapshot updates, a context item is replaced — SMSH-Δ anchors each souring step to the prior canonical SMSH. The result is a chain of signed deltas that no honest party can later alter without breaking the chain. The audit trail of how the reasoning state evolved is itself cryptographic, not narrative.
| Construction | delta = canonical(diff(state_prev, state_next)) |
|---|---|
| Anchor | SHA-256(prev_smsh ‖ delta_bytes) |
| Receipt field | smsh_delta_chain (when invoked) |
| Status | LIVE · claim B on the Tre’gent page |
For sensitive inspection payloads, ViewKey material, and auditor-specific evidence access, SMSH-PQ adds a post-quantum sealed envelope on top of the canonical SMSH. ML-KEM-768 key encapsulation. The classical SMSH binding is preserved; the PQ envelope is additive. Dual-signed: ML-DSA-65 (NIST FIPS 204) over the same digest, Ed25519 retained for backward compatibility. Used by AFIR on all receipts carrying long-retention regulated evidence.
| Envelope | ML-KEM-768 (NIST FIPS 203) key encapsulation |
|---|---|
| Signature posture | ML-DSA-65 (NIST FIPS 204) primary · Ed25519 legacy compat |
| Use case | Long-retention regulated evidence, sealed inspection payloads, AFIR receipts |
| Status | LIVE · Hive-PQ page |
The highest assurance tier. SMSH-MAX wraps the canonical SMSH with SMSH-PQ signing, adds SMSH-Δ chain binding across the full multi-turn context, and anchors the resulting Merkle root on-chain via Base/USDC. Designed for regulated deployments where an auditor or regulator must be able to reconstruct the exact chain of reasoning, policy state, and signing provenance from a single verifiable artifact — years after the inference occurred.
| Construction | SMSH-PQ envelope + SMSH-Δ chain + on-chain Merkle anchor |
|---|---|
| Anchor | Base mainnet · USDC settlement layer |
| Signature posture | ML-DSA-65 primary · Ed25519 compat · full delta chain |
| Use case | Financial settlement, FINRA WORM, EU AI Act high-risk, SR 11-7 model risk, multi-year retention |
| Status | LIVE · on-chain anchoring via AFIR receipts |
A Tre’gent receipt is the signed envelope of one agent action. The receipt names the actor, the action, the amount, the time, the counterparty, the policy gates that passed (SHOD), and the SMSH of the reasoning state that authorized the action. Verification is byte-exact. The offline verifier (verify_receipt.py) re-canonicalizes the receipt, recomputes the SMSH from the published pre-image, and only then checks the Ed25519 signature. Any drift in either the receipt or the pre-image fails verification.
Audit cannot be reconstructed from logs after the fact. Logs are mutable. Pipelines drift. Context windows are not retained. By the time a regulator asks “why did the agent do this,” the substrate has discarded the reasoning state that authorized the act. SMSH solves that by hashing the state into the receipt before the action commits. The audit primitive is cryptographic from the first instant, not narrative after the fact.
For regulated buyers — financial settlement, healthcare, legal, government — this is the difference between “the agent did it” and “the agent did it under this exact policy, with this exact context, signed and offline-verifiable.” That difference is the audit primitive Hive sells.