Why OpenChainGraph — Prior Art, Positioning & Why Now

01 · Prior art

What already exists — and why OCG isn't it

The resemblance to existing systems is real and worth naming. Each row is a genuine influence; the last column is the honest distinction.

Ingredient	Where it already exists	Why OpenChainGraph ≠ it
Hash-anchored provenance DAG, recompute-to-verify	in-toto / SLSA (software builds); Git's content-addressed object model	OCG applies the same pattern to financial decision artifacts, not software build artifacts.
"Chained verifiable computations" as a framework	Academic — Trusted Compute Units (2025); non-repudiable provenance for clinical decision support (2020)	Those are TEE / hardware-attestation or healthcare — not deterministic-recompute, not fintech, not browser-native.
Lineage DAG (node / job / run / dataset)	OpenLineage (Airflow, Spark, dbt; LF standard)	Lineage tracks data movement for observability — not recomputable decision receipts with an execution hash.
Signed receipts / mandates, cross-vendor via agents	AP2 (W3C Verifiable-Credential mandates, signed; A2A hops)	AP2 is payments authorization and key-trust (signed). OCG is computation-trust — recompute the hash, no key, no signer required.
Verifiable-AI / cryptographic provenance	Chainlink, Lagrange, 0G, C2PA Content Credentials	Blockchain / ZK or media-watermarking — not browser-deterministic fintech decisions.

None of these is wrong to compare against. OpenChainGraph deliberately borrows the in-toto/SLSA pattern and the W3C PROV / SLSA buildType vocabulary — see the integration guides linked in the footer.

02 · What's actually new

The combination none of them do

The novelty isn't any single ingredient — it's that OpenChainGraph is the only thing that does all five at once:

Deterministic recompute, not signatures. Trust comes from re-running the kernel and getting the byte-identical hash — no key, no consensus, no trusted party. (You can add an optional signature; you never need one.)
Fintech decision artifacts. The unit isn't a build or a dataset — it's a compliance/risk/payments decision, with its inputs and outputs.
Runs in the browser. WebCrypto SHA-256 means the whole thing computes and verifies client-side: zero network, zero PII, no backend to trust.
Agent-callable over MCP. Every node is discoverable and invocable by an AI agent as a tool — not just a human page.
Cross-vendor chains. Artifacts cite each other by hash across organizational boundaries, so a multi-party workflow's entire provenance recomputes end-to-end.

Search the field for any one of these and you'll find mature work. Search for the intersection and — as of 2026 — you find OpenChainGraph. That's a genuine first-mover position. It is not a new cryptographic primitive, and we don't claim it is.

03 · Why now

The pieces only converged in the last ~18 months

The honest reason no one built this earlier: until recently you couldn't. The enabling parts sat in separate silos and the agent layer that ties them together didn't exist.

2023–2025in-toto / SLSA go mainstream. Software-supply-chain provenance becomes a baseline control (NIST SSDF, executive orders) — the pattern is now well-understood and borrowable.
Nov 2024 → Dec 2025MCP arrives and standardizes. The Model Context Protocol (Anthropic, Nov 2024) is donated to the Linux Foundation (Dec 2025); ~10k servers and ~97M monthly SDK downloads by 2026. This is the agent-callable substrate — barely 18 months old.
Sept 2025Agentic-payment + cross-vendor trust standards land. Google's AP2 (60+ partners), A2A, and x402 make "agents transact across vendor boundaries and need verifiable outputs" a live problem for the first time.
Always-on by 2024Browser WebCrypto. Deterministic SHA-256 in every browser is what makes "compute and verify client-side, zero backend, zero PII" practical — no server to trust or operate.
2026The RegTech demand shift. Supervisors move from accepting attestations to demanding demonstrable evidence and defensible, credible controls — the buyer-side reason to anchor every decision to a recomputable hash.

Before this convergence there was no protocol to call the nodes, no cross-vendor agent-trust standard to chain across, and provenance wasn't a mainstream expectation. The ingredients existed; nobody had a reason — or the connective tissue — to fuse them for fintech decisions until agents needed verifiable tool outputs.

04 · Caveats

Where we're being straight with you

A positioning page that only lists strengths isn't credible. Here's the other side.

First-mover, not an unassailable moat. This is a synthesis of public, borrowable parts. Incumbents attacking adjacent verifiability — Google (AP2), Chainlink, C2PA — have far more resources and could move into this space. The defensibility is execution, coverage, and standard-shaping, not a patent or a network effect.

Demand is still emerging. Agent-verifiable decision provenance is a 2025–2026 narrative. The regulatory pull ("show demonstrable evidence") is real and growing, but the buyer who requires a recomputable decision hash today is early-adopter, not mainstream.

Computation-trust has limits. Recompute-to-verify proves "this output follows from these inputs by this logic." It does not prove the inputs were true or that a human acted on the result. Where you need non-repudiation against a known identity, you add the optional signature — and accept the key-custody burden that comes with it.

The vocabulary is bespoke. The terms are borrowed but the mapping is ours, and one piece collides with MCP's own usage (next section). New users have a small glossary to learn.

05 · Terminology

The vocabulary — and one honest collision

The individual words — node, kernel, artifact, chain, DAG, pipeline — are used everywhere in data engineering, ML, and supply-chain security. What's specific to OpenChainGraph is the coherent mapping:

Tool — the human-facing browser page. One self-contained HTML file, runs client-side, zero network/PII.
Node — that capability's agent-callable identity in the graph (a chaingraph.json entry: tool_id + mcp_name + inputs + emits a hash-anchored artifact).
Kernel — the deterministic function behind a node (compute(inputs)→output + the canonical execution_hash). Pure; anyone re-runs it and gets the same hash.
Artifact — the JSON receipt a node emits (inputs + output + hash + parent links).
Chain (ChainGraph) — nodes wired into a DAG, each artifact's hash feeding the next as a parent_hash.
OCG — the open standard (envelope, hash rule, provenance model, MCP binding). MCP — the doorway agents use to discover, call, and verify.

tool = the app · node = the API surface · kernel = the function · artifact = the receipt · chain = the pipeline · OCG = the spec · MCP = the doorway

The honest collision: in MCP, the agent-callable thing is itself called a "tool." OpenChainGraph re-layers that — it calls the human page a "tool" and the agent surface a "node." MCP-native developers may expect "tool" to mean the callable. It's a deliberate distinction (human vs. machine face of the same capability), but it's bespoke, and worth knowing if you live in MCP's vocabulary.

Why OpenChainGraph — and why now

What already exists — and why OCG isn't it

The combination none of them do

The pieces only converged in the last ~18 months

Where we're being straight with you

The vocabulary — and one honest collision

References