Identity Lifecycle

AIdenID identities follow a strict lifecycle: create → activate → use → expire → squash.

Lifecycle states

| State | Description | Transitions |

|-------|-------------|-------------|

| **Created** | Identity provisioned, email address assigned | → Activated |

| **Activated** | Ready to receive emails and extract OTPs | → Used, Expired |

| **Used** | OTP extracted or action URL consumed | → Expired |

| **Expired** | TTL exceeded, no longer receiving emails | → Squashed |

| **Squashed** | Permanently deleted with tombstone record | Terminal |

CLI commands

```bash

# Provision (dry-run)

sl ai provision-email --tags "test" --ttl 3600

# Provision (live)

sl ai provision-email --tags "test" --ttl 3600 --execute

# List active identities

sl ai identity list

# Check identity status

sl ai identity show <identity-id>

# Wait for OTP extraction

sl ai identity wait-for-otp <identity-id> --timeout 60

# Get latest extraction

sl ai identity latest <identity-id>

# Revoke identity

sl ai identity revoke <identity-id>

```

Child identities

Create identity hierarchies for complex testing scenarios:

```bash

# Create child identity under a parent

sl ai identity create-child --parent <parent-id> --tags "child-test"

# View lineage

sl ai identity lineage <identity-id>

# Revoke all children

sl ai identity revoke-children <parent-id>

```

Security

• All identities are ephemeral — no permanent email accounts
• OTP extraction uses regex-first → LLM fallback with circuit breaker
• Raw email blobs are archived and deleted on squash
• Identity lineage is tracked for compliance audit trail

Structured Answers