Each agent receives a passport, performs its task, and commits a new one. Every commit hashes the previous — a chain anyone can verify, on any machine, with no trusted intermediary.
When Agent A finishes its task and hands work to Agent B, the format is arbitrary. A string. A dict. A JSON blob with no fixed shape. Agent B has to guess where the output is, who produced it, whether it was tampered with, and what model generated it.
Every team building multi-agent systems invents their own format. Those formats are incompatible. Cross-framework pipelines break at the boundary. Audit trails are unverifiable. Schema drift between agents causes silent failures in production.
Context Passport is the missing envelope format — a minimal, versioned schema that any agent, framework, or model can produce and consume, with built-in cryptographic integrity.
Each agent receives a passport, performs its task, and commits a new one. Every commit hashes the previous — a chain that can be verified by any party, on any machine, with no trusted intermediary.
Context Passport is designed with properties that will allow it to endure.
The best standards do one thing well. Context Passport defines the envelope: who sent it, what it contains, that it is intact. The payload is open. Agents put whatever they need inside payload.input, payload.output, payload.memory, payload.variables.
Context Passport works with any orchestration framework, any model provider, any language. The schema is JSON with a fixed structure. No SDK required — a curl command is enough.
SHA-256 parent hash chaining means any party can verify the chain is intact without trusting the system that stored it. The chain of trust is mathematical, not organizational.
schema_version: "1.0" is a first-class field. Backward compatibility is a design constraint from day one, not an afterthought.
The specification is released under CC0 — no copyright, no restrictions. Reference implementations are Apache-2.0 with an explicit patent grant. The standard belongs to the community.
New event types and vendor-specific fields are namespaced (myorg.custom_type). Existing implementations ignore unknown extensions safely. The spec grows by addition, never by breaking change within a major version.
Every field has a purpose. No field is required without a reason. The integrity block is computed automatically by compliant implementations.
{
"$schema": "https://contextpassport.com/schema/v1.json",
"schema_version": "1.0",
// Identity
"id": "ctx_{unix_ms}_{6_hex_bytes}", // globally unique
"parent_id": "ctx_... | null", // null = root commit
"trace_id": "trc_... | null", // groups a pipeline run
"branch_key": "main", // fork branch name
// Agent attribution
"created_by": {
"agent_id": "string", // unique agent identifier
"agent_name": "string", // human-readable name
"role": "researcher | writer | reviewer | ...",
"provider": "anthropic | openai | google | mistral | local",
"model": "string" // specific model version
},
// Event
"event": {
"type": "commit | fork | checkpoint | audit | spawn | ...",
"to_agent_id": "string | null", // recipient agent
"timestamp": "ISO 8601"
},
// Payload — open structure, use what is relevant
"payload": {
"input": "string | object | null", // what this agent received
"output": "string | object | null", // what this agent produced
"memory": "object | null", // persistent state, config
"variables": "object | null" // named values between agents
},
// Integrity — computed by implementation, not set manually
"integrity": {
"payload_hash": "sha256:hex", // sha256(normalize(payload))
"parent_hash": "sha256:hex | null", // parent's integrity_hash
"integrity_hash": "sha256:hex", // sha256(payload_hash+parent_hash)
"verification_status": "valid | broken | unverified"
},
// Lineage — populated on fork operations
"lineage": {
"fork_of": "ctx_... | null",
"fork_point": "ctx_... | null",
"lineage_root": "ctx_... | null"
},
"created_at": "ISO 8601"
}
| Field | Type | Description |
|---|---|---|
| id | string | Required. Globally unique. Format: ctx_{unix_ms}_{6 hex bytes} |
| parent_id | string | null | ID of previous context in the chain. Null for root commits. Links commits into a lineage graph. |
| trace_id | string | null | Groups multiple commits into a single pipeline run. Optional but recommended. |
| branch_key | string | Required. Branch name. Default main. Used to distinguish fork branches. |
| created_by.agent_id | string | Required. Unique identifier of the committing agent. |
| created_by.agent_name | string | Required. Human-readable agent name. |
| created_by.role | string | Semantic role: researcher, writer, reviewer, critic, planner, executor, validator. |
| created_by.provider | string | LLM provider: anthropic, openai, google, mistral, local, custom. |
| created_by.model | string | Specific model name or version string. |
| event.type | string | Required. What happened. See event types. |
| event.to_agent_id | string | null | Recipient agent. Null for checkpoint or audit events. |
| event.timestamp | ISO 8601 | Required. When the event occurred. |
| payload.input | string | object | What this agent received. Use structured JSON where possible. |
| payload.output | string | object | What this agent produced. Structured JSON preserves schema across the chain. |
| payload.memory | object | Persistent state, parameters, config, or tool results. |
| payload.variables | object | Named values passed between agents. |
| integrity.* | computed | Do not set manually. Computed by compliant implementations at commit time. |
Each passport stores two hashes, computed deterministically. Tampering with any commit changes its hash, which changes every downstream hash. The chain is tamper-evident from any point. Verification requires only the chain of passports — no access to the originating system.
payload_hash = sha256(JSON.stringify(payload, Object.keys(payload).sort())) parent_hash = integrity_hash of parent commit (or "root" for root commits) integrity_hash = sha256(payload_hash + parent_hash)
Context Passport is an open standard. Any system can implement it. The following are known implementations:
Full Context Passport implementation with hash chain storage, replay, fork, verify, and export. Free tier. Self-hostable.
Building a Context Passport compatible system? Open a pull request to list it here.
Open a pull request →Context Passport is a schema, not a service. You can implement it in any system. The reference implementation (DarkMatter) handles the hash chain computation and storage — or you can compute it yourself.
After each agent step, emit a Context Passport with the payload.input and payload.output fields populated. Pass parent_id from the previous step to chain them.
The fastest path: use an existing implementation (see the implementations section below). Or implement the hash chain yourself — the algorithm is fully specified above and takes about 20 lines in any language.
Any party with the chain of passports can verify integrity independently. Recompute the hashes yourself using the algorithm in section 3.4 — no external system required.
Building a Context Passport implementation? Open a pull request on the specification repository to list it under implementations. The goal is an ecosystem of compatible tools, not a single vendor.