{
  "_note": "Seedlot uses @iota/hierarchies for trust, not DIF DomainLinkageCredential JWTs. The canonical domain-linkage proof is the on-chain accreditation below, verifiable via `HierarchiesClientReadOnly.validateProperty()` — see instructions.verify_hierarchies.",
  "version": "seedlot-hierarchies/1",
  "subject": {
    "name": "Lake Toba Collective",
    "address": "0x607de523bcedf72fa79206a4d072c85f84f504407644b3594a8843cc6cf4a57b",
    "domain": "laketoba.seedlot.io"
  },
  "claim": {
    "property": "domain.owned",
    "value": "laketoba.seedlot.io"
  },
  "federation": {
    "id": "0x6a89d2121d7b00229417ad454a64fba9c155dc18ecde8332cc0edc6513c957bc",
    "network": "iota-mainnet",
    "chain_id": "6364aad5",
    "hierarchies_package": "0x0f75165f01198edbc758df00d61440a46300efb639f3a5c33a7c797a8a66d371",
    "root_authority": "0x52f3cf3925ac74c8da644016953f0a40dfa92150f5e50f62232dc51d93256746",
    "explorer": "https://explorer.iota.org/object/0x6a89d2121d7b00229417ad454a64fba9c155dc18ecde8332cc0edc6513c957bc"
  },
  "evidence": {
    "accreditation_tx": "HxFoFAmQWESRh78wGUYqPZpATxbksZ4vNaFMeBRMg246",
    "property_added_tx": "73bFCpArdCfmM5PgNHQb6TQeTAsGhCGkizBGHKbjGCqP"
  },
  "instructions": {
    "verify_hierarchies": [
      "Import @iota/hierarchies.",
      "Create a HierarchiesClientReadOnly against api.mainnet.iota.cafe.",
      "Call client.validateProperty(federation.id, subject.address, new PropertyName(['domain','owned']), PropertyValue.newText('laketoba.seedlot.io')).",
      "A return value of true means the Seedlot root authority has on-chain-accredited the Lake Toba Collective to attest ownership of this exact domain."
    ],
    "verify_cli": "cd smart-contracts/seedlot-iota && IOTA_NETWORK=mainnet npx tsx scripts/verify-domain-linkage-hierarchies.ts"
  },
  "rationale": "The DIF did-configuration.json spec assumes a DID signing key issuing a JWT. Under the IOTA Hierarchies reference-implementation model (IOTA PA, Audit Trails — A Reference Implementation, Jan 2026), the equivalent proof is a federation accreditation with a narrowed allowed value. That artifact is cryptographically anchored on the ledger, continuously revocable by the root authority, and verifiable with a single read call — so we use it directly instead of layering a DIF JWT on top."
}
