Multi-Agent Workflows

Hide the intermediate steps between agents

Prove the result was produced on an authorized delegation chain

Bind every multi-agent delegation step as a ZK proof. The final output carries a verifiable trace back to the original principal.

AI orchestration platforms · MCP-enabled tool ecosystems · Regulated industries with audit requirements 6 min read

live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist

01 · WHO IT'S FOR

Who this is for.

An orchestrator calls sub-agents. Sub-agents reach external tools via MCP. When something goes wrong in that chain — wrong decision, data leak, unexpected access — are you still piecing together "who authorized whom for what" from logs and agent memory?

AI platform and product leads rolling out multi-agent orchestration
Engineering leads building tool ecosystems on MCP servers and A2A protocols
AI governance leads in regulated industries (finance, healthcare, public sector) where the agent chain has to be auditable

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma

Hand over the original

workflow:: order-fulfillment
agents:: [A-001-intake, A-002-process, A-003-ship]
log:: per-agent action logs…
attestation:: ? (chain legitimacy unknown)

↓ all of it goes to the AI / outside

With Lemma

Hand over just the facts

agent:: did:lemma:agent-A-003-ship
delegatedBy:: did:lemma:agent-A-002 → A-001 → root-org
role:: shipping_agent
chain:: [intake-proof, process-proof, ship-proof]
scope:: workflow://order-fulfillment/*
validUntil:: 2026-12-31
ZK verified:: ✓ VALID

↓ only the necessary facts to the AI

At each delegation step in a multi-agent workflow, Lemma generates a ZK proof that binds delegator, delegatee, scope, and timestamp. Proofs are anchored on-chain; each agent operation carries the delegation proof downstream. Tools and APIs verify the cryptographic authority of the caller, not the agent's self-attestation, before responding.

The final output carries a complete proof chain — from the original principal, through every re-delegation node, down to each tool result. When something goes wrong, you don't reconstruct it from logs; each step's authority and data access is already a cryptographic fact you can reference directly.

Where the delegation-proof layer fits into your current agent orchestration and MCP integration is what we map out in a first conversation.

See the technical details ↗

03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method	Pass without exposing	Independent verification	Tamper-proof
Access control only	△	✗	✗
Masking / anonymization	△	✗	✗
Encryption only	✓	✗	✗
Lemma (ZK proof)the only one with all 3	✓	✓	✓

04 · HOW IT WORKS

How it works

Tell us how your orchestrator and sub-agents are wired today, and where MCP-based tools enter the picture. We'll explore together whether Lemma's delegation-proof layer could fit. No agent implementation or tool spec details required.

05 · RELATED

Related Use Cases

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Agent Authority in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →