Built for issuers who answer to regulators.
Five things we got opinionated about — and why each one is load-bearing for a real-world deployment.
Drop-in AnonCreds VDR.
Credo agents work unmodified. anoncreds-rs untouched. Schemas, credential definitions, and per-credential status all on-chain — issuers and verifiers point the existing AnonCreds VDR interface at Kanon and ship.
Organizations, not just keys.
Issuers have a real lifecycle on-chain: registered → approved → suspended → reactivated. Suspending an org instantly stops it issuing or revoking. Identity with a chain of custody, not just a public-key fingerprint.
Unlinkability is optional, not mandatory.
Most credentials (drivers' license, KYC, employment) don't actually need unlinkable revocation — the verifier already knows who you are out-of-band. Mode A skips the SNARK entirely. Mode B adds Groth16 for the use cases that genuinely need it.
Honest about what's on-chain.
Credentials themselves never touch the chain. Only schemas, credential definitions, organization records, and per-credential status hashes. Holders keep their data; the chain just publishes the rules.
Governance ships with the protocol.
RBAC on every privileged call. Pausable for incident response. Timelocked governance and upgrades. Indexed events on every state change. The audit trail is in the chain, not in a vendor's database.
Runs on any EVM.
Solidity 0.8.24, Cancun target. Reference deployment is Besu 26.5, but the same bytecode runs on Ethereum mainnet, Arbitrum, Optimism, Polygon zkEVM, Base, and private permissioned EVM rollups. Standard Hardhat / OpenZeppelin / foundry tooling.