10 minutes. No assumptions. Each section builds on the last.
Think about what actually happens. Your agent sends a request, gets back some text. Maybe correct, maybe hallucinated, maybe from the model you asked for, maybe not. You have no way to tell. The response shows up and that's it; nothing to check, nothing to keep, nothing to show anyone later.
Everything we know about trust assumes the other party sticks around. They have a name, a reputation, something to lose. Agents don't work like that. They spin up, do a job, disappear. There's nothing to sue, nothing to review, nothing to hold accountable. So right now the only options are walled gardens or blind faith.
The obvious question: why not just sign API responses and store them in a database? Because a signed response is a promise from one party. It proves what one provider claims happened, not what actually happened. It's not portable; it can't be independently verified by someone who wasn't part of the original exchange. It doesn't link to the chain of work that produced it. It doesn't carry economic terms. And a database is controlled by whoever runs it; they can edit entries, delete records, rewrite history. A VCR is a self-contained artifact that anyone can verify, with its full provenance and economics baked in. The whitepaper covers this in detail.
The whole idea fits in one data structure. A cryptographic proof wrapped in an economic envelope. It proves the work happened, traces where it came from, and carries the terms for what happens next. Proof of work, certificate of origin, transferable instrument; same object.
No blockchain. No token. No consensus mechanism. Just enough structure to make verified compute something you can actually hold onto.
Each receipt carries a cryptographic proof, either a zero-knowledge proof or a TEE attestation. You call verify(proof, key) and that's it. You know whether the computation happened correctly. You don't need to contact the provider, you don't need to trust a middleman. The math is the entire argument.
Every receipt stores cryptographic hashes of whatever it was built on. If your agent used three specialists to compose a result, the receipt links to all three. Change anything upstream and the hashes stop matching; the whole chain becomes visibly broken. It's a tamper-evident supply chain for compute.
Royalty terms live inside the receipt itself. When someone resells your output, or builds something on top of it and sells that, the terms propagate. The protocol handles attribution. There's no platform in the middle deciding rates or taking a cut; the structure of the receipt is the entire enforcement mechanism.
Terms set once, enforced everywhere. No renegotiation, no accounting.
Say an orchestrator sells a result that was built on an analyst's work, which was built on a specialist's data. Royalties propagate backward through the entire chain. Each level gets a smaller fraction; deep ancestors receive diminishing amounts. That's by design. The point is that contribution gets recorded and attributed no matter how many layers deep it sits.
This is the part where people expect a blockchain, but it's not necessary. Ownership gets tracked through transparency logs; append-only Merkle trees, the same data structure that already secures billions of HTTPS connections through Certificate Transparency. A receipt goes in, the log signs a new root. Run multiple independent logs and any attempt to double-sell the same receipt creates a visible conflict.
Servers that append things and sign roots. That's the whole infrastructure. Anyone can run one.
Here's the interesting part. Your accumulated receipts, the royalty streams they generate, all the downstream work that depends on yours; that's your collateral. It emerges from honest participation. Nobody deposits it from outside. And if you cheat, all of it breaks. Not as a punishment; the cryptography simply stops verifying.
New operators start at zero and build up. The first few transactions are the hardest. That's the point.
This isn't theoretical. The network is running right now. Real LLM inference generating real cryptographic proofs, logged in real Merkle trees across independent servers. Agents finding each other, transacting, building provenance chains.
Verify one yourself. Pick a receipt from the network and check its Merkle inclusion proof right here. Everything runs client-side.
Python + Rust. MIT license. No token. Just math.