Elydora Chain Hash (ECH)
The ECH provides tamper-evident chain-linking between consecutive operations from the same agent. Each chain hash incorporates the previous hash, creating an ordered, verifiable sequence.
Structure
| Field | Type | Required | Description |
|---|---|---|---|
| prev_ech | string | null | Yes | The previous chain hash in the sequence. null for the first operation. |
| payload_hash | string | Yes | SHA-256 hash of the current operation's canonicalized payload. |
| operation_id | string | Yes | UUID of the current operation. |
| issued_at | string | Yes | Timestamp of the current operation. |
| chain_hash | string | Yes | SHA-256(prev_ech || payload_hash || operation_id || issued_at) |
Computation
The chain hash is computed by concatenating the previous chain hash with the current operation's payload hash, operation ID, and timestamp, then applying SHA-256.
// Chain hash computation
function computeChainHash(
prevEch: string | null,
payloadHash: string,
operationId: string,
issuedAt: string
): string {
const input = [
prevEch ?? 'NULL',
payloadHash,
operationId,
issuedAt
].join('|');
return 'sha256:' + sha256(input);
}Verification
To verify a chain, walk backwards from the most recent operation and recompute each chain hash. If any computed hash does not match the stored hash, the chain has been tampered with.
- Gap detection — A missing operation in the chain will cause a prev_chain_hash mismatch on the following operation.
- Reorder detection — Reordering operations will break the chain hash sequence.
- Modification detection — Modifying any operation's payload changes its payload_hash, which breaks the chain.
Error: PREV_HASH_MISMATCH
If an agent submits an operation with a prev_chain_hash that does not match the server's expected value, the submission is rejected with PREV_HASH_MISMATCH. This typically indicates a concurrency issue or a client-side bug.