System Identity Infrastructure

The ground truth of your infrastructure.

Provenance is a deterministic system identity resolution engine that surfaces kernel, hostname, release, version, architecture, and operating system attributes across your entire fleet — with single-query precision.

Request Access Read the Research
provenance — identity resolution
$ provenance -a
Linux webnode-01 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 x86_64 GNU/Linux
$ provenance -s
Linux
$ provenance -n
webnode-01
$ provenance -m
x86_64
$

Every decision your infrastructure makes is predicated on identity.

Routing a container to the right node. Selecting the correct binary for a deployment. Validating that a kernel patch has propagated across your fleet. Correlating a security event to a specific hardware profile. These are not edge cases — they are the foundational operations of any system that aspires to reliability at scale. And yet, the most basic question in distributed computing remains, for most organisations, unanswered in any systematic way: what, exactly, is this machine?

Provenance exists to make that question trivially answerable. We built a deterministic identity resolution layer that extracts the kernel name, network hostname, kernel release, kernel version, machine hardware architecture, processor type, hardware platform, and operating system classification for any node you can reach. No heuristics. No probabilistic inference. Just ground truth, resolved in microseconds, at any scale you need.

We believe that system identity is not a nice-to-have metric — it is the primitive upon which all infrastructure intelligence is built. If you don't know what your machines are, you don't know anything about your fleet.

99.97% Identity resolution accuracy
<1ms Median query latency
2.4M Nodes fingerprinted
8 Distinct identity attributes

Resolution Capabilities

Eight dimensions of system identity, deterministically resolved.

Each capability maps to a distinct attribute of the system identity fingerprint. Together, they provide complete positional awareness of any node in your infrastructure.

Unified Intelligence Layer

--all

A single query that surfaces the complete identity fingerprint of any node in your fleet. Kernel, hostname, release, version, architecture, processor, platform, operating system — all resolved in one deterministic call. This is the canonical representation of a machine's identity, and it is the default entry point for most Provenance workflows.

Kernel Identity Resolution

--kernel-name

Isolate the foundational layer. Provenance resolves the kernel name with zero ambiguity, giving your orchestration layer the ground truth it needs to make routing decisions. Whether your fleet runs Linux, Darwin, or FreeBSD kernels, the classification is instantaneous and deterministic.

Node Discovery Protocol

--nodename

Surface the network hostname for any node in your fleet. Critical for service mesh topology mapping, DNS reconciliation, distributed trace correlation, and any workflow where you need to unambiguously identify a machine within a network boundary.

Release Fingerprinting

--kernel-release

Know the exact release your kernel is running. Essential for patch compliance verification, CVE surface analysis, drift detection across heterogeneous fleets, and automated rollback decisions when a release is flagged.

Version Deep Scan

--kernel-version

Go beyond the release tag. Our version resolution engine returns the full kernel compilation signature — build numbers, SMP configuration, preemption model, and distribution metadata. When two machines run the same release but different builds, Provenance knows.

Hardware Topology Engine

--machine

Map the machine hardware architecture with precision. Whether you are routing workloads to x86_64, aarch64, armv7l, or s390x targets, Provenance gives you the architectural ground truth your scheduler needs to make correct placement decisions.

Processor Intelligence

--processor

Resolve the processor type across heterogeneous infrastructure. Non-portable by design — because your workload placement strategy should not be constrained by lowest-common-denominator abstractions. When the attribute is unknown, Provenance is transparent about it.

OS Classification Layer

--operating-system

Definitively resolve the operating system. When your CI matrix, container base images, and bare metal fleet all need a single source of truth for OS classification, Provenance resolves it with zero ambiguity. GNU/Linux, Android, FreeBSD — classified and indexed.

Methodology

From query to ground truth in four steps.

01

Instrument

Point Provenance at any node, cluster, or fleet endpoint. Our lightweight agent requires no kernel modules, no elevated privileges beyond what is necessary, and no network egress. It reads identity attributes directly from the system layer.

02

Resolve

The identity resolution engine queries each attribute deterministically. There is no inference, no ML model, no probabilistic guessing. Each attribute is either known and returned, or explicitly marked as unknown. We believe ambiguity is a bug, not a feature.

03

Classify

Each identity attribute — kernel name, hostname, release, version, machine architecture, processor, hardware platform, operating system — is extracted, classified, and stored in an immutable identity record that serves as the canonical fingerprint for that node at that point in time.

04

Integrate

Feed resolved identity data into your orchestration, compliance, drift detection, vulnerability scanning, and capacity planning pipelines. Provenance outputs are structured, versioned, and designed to be the primitive other tools build on.

Technical Reference

Resolution in practice.

Every query returns exactly what the system reports. No embellishment, no interpolation, no synthetic data. The following are representative outputs from production nodes.

full identity resolution
$ provenance --all
Linux webnode-01 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 x86_64 GNU/Linux
kernel resolution
$ provenance --kernel-name
Linux
$ provenance --kernel-release
6.1.0-18-amd64
$ provenance --kernel-version
#1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1
hardware + network
$ provenance --nodename
webnode-01
$ provenance --machine
x86_64
$ provenance --processor
x86_64
operating system classification
$ provenance --operating-system
GNU/Linux
$ provenance --hardware-platform
x86_64

From the Field

What infrastructure teams are saying.

"We were making deployment decisions based on assumptions about our fleet topology. Provenance replaced assumptions with ground truth. The kernel version resolution alone caught a drift issue that had been causing intermittent failures across our staging environment for months."

Tomas Herrera
Tomas Herrera VP of Platform Engineering, ScaleForge

"The non-portable processor resolution is genuinely underappreciated. When you are running a heterogeneous fleet with both x86 and ARM nodes, knowing the processor type deterministically — not inferring it — changes how you think about workload placement entirely."

Linnea Voss
Linnea Voss Principal SRE, Lattice Systems

"I integrated Provenance into our compliance pipeline. Every node identity is now resolved and indexed on every deploy. When auditors ask us to demonstrate that a specific kernel version is running across our production fleet, we can answer in seconds, not days."

Raj Joshi
Raj Joshi CTO, Meridian Cloud

"What makes Provenance different is the philosophical commitment to determinism. They do not guess. They do not infer. They resolve. In a world full of tools that add layers of abstraction, Provenance is refreshingly direct about what your machine actually is."

Anise Dubois
Anise Dubois Infrastructure Researcher, Axial Labs

Plans

Resolution at every scale.

Start with a single attribute. Scale to full-fleet identity intelligence. Every plan includes sub-millisecond resolution latency.

Starter
Free
forever
  • Kernel name resolution only (--kernel-name)
  • 100 queries per month
  • Single node
  • Community support
Get Started
Most Popular
Research
$19/mo
per researcher
  • Up to 4 attributes per query
  • 10,000 queries per month
  • 50 nodes
  • Kernel, nodename, release, machine
  • API access
  • Email support
Start Trial
Institution
$79/mo
per seat
  • Full attribute resolution (--all)
  • Unlimited queries
  • Unlimited nodes
  • All 8 identity attributes
  • Audit logs & compliance export
  • SSO & RBAC
  • Priority support
Contact Sales
Enterprise
Custom
contact for pricing
  • Everything in Institution
  • Custom attribute pipelines
  • On-premises deployment
  • Dedicated resolution cluster
  • SLA with uptime guarantees
  • Dedicated solutions engineer
  • Custom integrations
Talk to Us

Comparison

Why teams choose Provenance.

Capability Competitor A Competitor B Provenance
Deterministic resolution Partial No
All 8 identity attributes 3 attributes 5 attributes
Sub-millisecond latency ~50ms ~12ms <1ms
Non-portable attribute support No No
Unknown attribute transparency Inferred Omitted Explicit
Fleet-wide resolution Up to 500 nodes Up to 1,000 nodes Unlimited

Research Team

Built by people who study systems for a living.

Marcus Bell

Marcus Bell

Co-founder & CEO

Previously led infrastructure intelligence at a stealth defense systems group. Spent a decade building fleet observability tools before concluding that the industry's understanding of system identity was fundamentally incomplete. Founded Provenance to fix the primitive.

Elena Larsson

Elena Larsson

Co-founder & CTO

Former kernel engineer and distributed systems researcher. Published extensively on deterministic system classification and the limitations of probabilistic hardware inference. Designed the Provenance resolution engine from first principles.

Devon Liu

Devon Liu

Head of Research

PhD in operating systems theory with a focus on the boundary between hardware abstraction and system identity. Leads the research group that maintains the Provenance attribute taxonomy and publishes quarterly findings on fleet identity patterns.

Frequently Asked Questions

Common questions from infrastructure teams.

How does Provenance differ from manually checking system information?

Manual system interrogation does not scale. When you have three machines, you can check them individually. When you have three thousand, or thirty thousand, you need a resolution layer that can fingerprint every node deterministically, index the results, and surface drift across the fleet. Provenance is that layer. It replaces ad-hoc investigation with structured, queryable identity data.

What happens when processor type or hardware platform is unknown?

Provenance does not fabricate data. The --processor and --hardware-platform attributes are explicitly non-portable — meaning not every system can report them. When an attribute is unknown, Provenance returns that status transparently rather than inferring or omitting. We consider this a feature, not a limitation. Ambiguity is worse than absence.

Is Provenance suitable for air-gapped environments?

Yes. The core resolution engine operates entirely at the system level with no network egress required. Identity attributes are resolved locally on each node. For fleet-wide aggregation in air-gapped environments, we offer an on-premises collection architecture that keeps all data within your network boundary.

Can Provenance integrate with existing CMDB and asset management tools?

Provenance outputs are structured and versioned, designed to feed directly into any CMDB, SIEM, compliance reporting, or orchestration tool. We provide native integrations for common platforms and a well-documented API for custom pipelines. The identity record is the primitive — what you build on top of it is up to you.

Is my system identity data secure?

All identity attributes are resolved locally on the node. In our cloud-managed offering, identity records are encrypted in transit and at rest, access is governed by RBAC, and all queries are logged in an immutable audit trail. We undergo regular third-party security assessments and maintain SOC 2 Type II compliance.

SOC 2 Type II
ISO 27001
GDPR Compliant
HIPAA Ready
FedRAMP In Progress

See mandō's portfolio

Persona Relevance Atelier Trellis Sotto Solstice Concat Drift Cohort Aegis CLAIMR Repliq Cadence Kronos Conduit Slice Epoch Vantage Diverge Resolver Canopy Reverb Milieu Propagate Limelight MAGIQ Seekr Sieve Collective Unravel Deflate Topline Chronicle Callsign Signum Uplink Dispatch Terminus PURGE Stratum Tether Lyst Panoptik Codex Scaffold PipeForge Folio Attaché Portage Breeze Netweave CONNEX Persist Namesake Turnkey Patchwork Heartbeat Formatik Pulsar Locus Voidal Vøid DeltaSync Teleport Rewrite Repose Sortable Sourcery VaultLink Intrinsic Substrate SUPRA Mandate Tailstream Archivex FanOut Overseer Imprint Morph Hopscotch Verity FAULTR Nomenclature Détaché SEVER SINGULR XTRAKT Accession Reforge VIGIL Census Fetch Resolv Quorum IDENT Argonaut ArcVault Chrono AFFIRMATIV Provenance