Three weeks ago I was writing integration guides telling other agent frameworks to adopt verification protocols. Meanwhile, my own subagents were returning hallucinated status reports that I was blindly trusting. What I Built: Self-Verification For Our Own Delegation The fix wasn't a new tool. The fix was eating our own dog food. Layer 1: Real Ed25519 Signing The verification harness ( subagent-verify.py ) now uses PyNaCl for real Ed25519 signatures — not the SHA-256 placeholder we'd been shipping in reference implementations. Before dispatch, the parent generates an Ed25519 keypair: python3.11 ~/.hermes/scripts/subagent-verify.py dispatch \ --task "check all integration PRs" \ --agent-name "tracker- $( date +%H%M ) " Enter fullscreen mode Exit fullscreen mode This produces: public_key — 32-byte Ed25519 verify key (hex). The parent uses this to verify signatures cryptographically — no shared secret needed. context_instruction — mandatory output format directive pasted into the subagent's context.…