Nexario

Nexario — Authority Leasing Infrastructure for Autonomous AI Agents

(Yes, it's ERC-7710 redelegation. We gave it a fancier name because "delegation chain depth 3" doesn't fit on a pitch deck — but the feedback loop it creates is real: every execution consumes authority, every execution updates reputation, and future authority decisions depend on reputation.)

THE CORE IDEA

Users sign once with MetaMask Flask. That single ERC-7715 permission grant delegates a bounded USDC budget — with amount, duration, scope, and delegation depth constraints — to a coordinator agent. The coordinator plans multi-step tasks and redelegates authority to specialized sub-agents via ERC-7710. Each sub-agent redeems its delegation through 1Shot's gasless relay, paying fees in USDC from the user's delegated budget. A Venice-powered oracle writes execution proof to an on-chain ReputationRegistry after every task. Zero ETH. Zero extra popups. Full auditability.

• METAMASK SMART ACCOUNTS KIT

MetaMask Flask is the only signer in Nexario. We use the ERC-7715 wallet_grantPermissions method to create an erc20-token-periodic permission — the user sets a USDC budget (e.g. $1) and duration (e.g. 1 hour). MetaMask Flask returns a permissionsContext: a 2882-byte ABI-encoded delegation object containing the full ERC-7710 delegation chain rooted at the MetaMask DelegationManager (0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3), which is an EIP-7702 stateless delegator deployed by MetaMask.

This permissionsContext is stored in our SQLite backend and restored across browser reloads — so users never need to re-authorize within the session window. Even when the browser is closed, the backend scheduler can fire autonomous tasks using the stored context.

The ERC-7710 redelegation chain works as follows: the user's Flask wallet signs the root delegation (via ERC-7715). The Nexario coordinator acts as the root delegate. For each sub-agent dispatched, the coordinator creates a scoped sub-delegation with tighter constraints. Each sub-agent redeems its sub-delegation through 1Shot's relayer, which validates the full chain cryptographically on-chain before executing. If the user revokes the session, all future relay attempts fail immediately — no backend changes needed.

• 1SHOT API

1Shot is the gasless relay layer that makes every on-chain action in Nexario possible without ETH. We use five 1Shot API methods:

relayer_getCapabilities — called on startup to fetch supported chains, accepted tokens (USDC on Base), target addresses, and fee collector addresses. Cached per chain.

relayer_getFeeData — called before each agent execution to get the current relay fee quote. Always $0.01 USDC on Base. Used to build the relay fee execution.

relayer_estimateFee — pre-flight estimation with the full execution bundle before submitting. If estimation fails, we fall back to getFeeData.

send7710Transaction — the core method. Called once per agent per task. Each call submits an ERC-7710 bundle containing: (1) relay fee transfer to 1Shot feeCollector, (2) agent fee transfer to the agent wallet, and optionally (3) the user's intended action (e.g. USDC transfer to a recipient). All three outputs land in a single Base mainnet transaction — one Basescan entry, one gas cost, paid entirely in USDC from the user's delegated budget.

relayer_getStatus — called after submission to resolve the real on-chain transaction hash from the 1Shot task ID. This hash is shown to users in the transaction details drawer with a Basescan link.

Live 1shot transaction hashes proof: 0x5b2df6aebfb2d8302c140dc5f3e9322d9b58501a47b7c8fe681c49ca5fb79466 (multi-agent pipeline), 0xf64918e42c4f1078311338b2e5b1015daaad2250ce1b1c904a680d64e5942e49 (executor USDC transfer), 0xe9dff0f0b27289d45587bb480f2e64178a67aa4f360feaea7835a85606df8ac7 (TEE agent relay).

• VENICE AI

Venice AI is the inference backbone. Every agent except the Executor runs on Venice. We use 8 different Venice model families across 10 agents — each selected for the agent's specific task requirements:

1. Coordinator uses Venice's Qwen3 235B (qwen3-235b-a22b-instruct-2507) for complex multi-step task planning and final result synthesis across all sub-agent outputs.

2. Research uses Venice's Kimi K2.6 (kimi-k2-6) with Venice's native web search enabled — fetching live ETH prices, DeFi protocol TVL, gas fees, on-chain wallet history, and market data without external APIs.

3. Audit uses Venice's Qwen3 235B in Thinking mode (qwen3-235b-a22b-thinking-2507) — extended step-by-step reasoning for smart contract risk analysis and financial exposure assessment.

4. Report uses Venice's Kimi K2.5 (kimi-k2-5) for executive synthesis, plus Venice TTS to generate audio summaries included with every task result.

5. Counsel uses Venice's Qwen3 6.35B TEE (e2ee-qwen3-6-35b-a3b) — a hardware-attested secure enclave. Legal analysis, contract review, and compliance questions are processed with zero data retention and hardware-level privacy guarantees. Not stored, not logged, not trained on.

6. Intelligence uses the same Venice TEE model for competitive research — market analysis, competitor intelligence — with full privacy.

7. Reflection uses Venice's Gemma 4 26B TEE Uncensored (e2ee-gemma-4-26b-a4b-uncensored-p) — Venice's uncensored TEE model for personal journaling, wellness content, and sensitive personal reasoning.

8. Reputation uses Venice's Kimi K2.6 with web search for on-chain wallet identity scoring and trust analysis.

9. Monitor uses Venice's Qwen3 5.9B (qwen3-5-9b) — lightweight and fast for autonomous condition watching.

The coordinator automatically detects content sensitivity (legal, personal, competitive) and routes to the appropriate TEE model — no user configuration needed.

• x402 PAYMENT PROTOCOL

All 10 Nexario agents expose standard HTTP 402 paywalls on the POST /api/agents/:agentId/call endpoint. When called without a payment proof, the endpoint returns:

HTTP/1.1 402 Payment Required

X-Payment-Required: true

X-Payment-Amount: 100000 (in USDC base units = $0.10)

X-Payment-Token: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 (Base USDC)

X-Payment-Recipient: agent wallet address

X-Payment-Chain: 8453 (Base mainnet)

X-Payment-Method: x402+1shot

The X-Payment-Method: x402+1shot header is our extension of the x402 protocol — it signals that payment should flow through 1Shot's ERC-7710 relay rather than a direct on-chain transfer. The caller pays via 1Shot (getting a task ID as proof), then retries the request with the X-Payment-Proof header. The agent verifies the proof and executes Venice inference.

Within Nexario's coordinator loop, this entire x402 cycle is automated — the coordinator pays each agent from the user's delegated budget via 1Shot without any user interaction.

• ON-CHAIN REPUTATION

After every task, a dedicated oracle wallet (0x1C280993F1423dc3DC050aFE5bfe5FbBDb7b05c3) writes reputation tags to our custom ReputationRegistry (0xDf2Fbb3fa60ebB1214b782697707cEec14Ae4F82) on Base mainnet. The oracle is set in the contract constructor and is the only address permitted to write feedback without a payment proof (the contract enforces this via require(!_isOwnerOrOperator(agentId, msg.sender))).

Tags written per task: revenues (USDC earned, e.g. Research agent has earned $300.90 across 15 tasks), successRate, responseTime, delegationDepth, caveatCompliance.

The 1Shot task ID is used as the feedbackHash — proving that a real payment occurred before reputation was written. This makes reputation unforgeable: you cannot write a positive score without having actually paid for and completed a task.

Users set minimum reputation thresholds in the authorization modal. The coordinator checks these against live on-chain scores before dispatching — agents below threshold are blocked at the protocol level.

• CONTRACTS (BASE MAINNET)

AgentRegistry:
0x3a7C05101aC0Bb99e06026855459d376d7906f15 — ERC-721 NFT registry. Each of the 10 Nexario agents is a token with on-chain metadata URI (base64-encoded JSON with Venice model, TEE status, x402 support, capabilities, endpoints).

ReputationRegistry:
0xDf2Fbb3fa60ebB1214b782697707cEec14Ae4F82 — stores tagged feedback entries per agent. Oracle-gated writes. getSummary() aggregates all entries for a given tag. Designed for an open marketplace where any registered ERC-8004 agent earns verifiable on-chain reputation.

AuthorityLeaseRegistry:
0x5D20459A2C49D5Ba7E5aB0389baaAbFe6F58f2a4 — tracks on-chain authority leases with budget, depth, and delegation hash. createLease() called at task start, consumeLease() called per execution, redelegate() creates sub-leases for each agent.

MetaMask DelegationManager:
0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3 — EIP-7702 stateless delegator deployed by MetaMask. Validates the full ERC-7710 delegation chain on-chain before 1Shot executes any transaction.

• AUTONOMOUS OPERATION

Sessions are stored in SQLite with the full permissionsContext. The node-cron scheduler fires recurring tasks (user-defined cron expressions) using the stored context — even when the browser is closed. Results are saved to the chat_messages table and replayed via SSE when the user reconnects. This enables fully autonomous agent operation: schedule a daily ETH price alert, close the browser, and find the results waiting when you return.

Architecture + Contracts

- Designed authority leasing model on top of ERC-7715 + ERC-7710 + ERC-8004 stack

- Deployed 3 custom smart contracts on Base mainnet: AgentRegistry (ERC-8004 NFTs), ReputationRegistry (oracle-gated feedback), AuthorityLeaseRegistry (budget + depth tracking)

- Registered all 10 agents as ERC-8004 NFTs with on-chain metadata URIs containing Venice model IDs, TEE status, x402 support, capabilities, and A2A endpoints

- Integrated MetaMask Flask ERC-7715 wallet_grantPermissions flow — discovered exact context field format (2882-byte ABI-encoded delegation), correct target address (1Shot), and permission data structure through extensive testing

Core Orchestration Engine

- Built full task orchestration pipeline: coordinator planning → Venice sub-agent execution → 1Shot relay → Venice oracle reputation writes

- Integrated all 5 1Shot API methods: relayer_getCapabilities, relayer_getFeeData, relayer_estimateFee, send7710Transaction, relayer_getStatus

- Built 10 specialized Venice AI agents across 8 model families (Qwen3 235B, Kimi K2.6, Kimi K2.5, Qwen3 235B Thinking, Qwen3 6.35B TEE, Gemma 4 26B TEE Uncensored, Qwen3 5.9B, Venice TTS)

- Coordinator auto-detects content sensitivity and routes to Venice TEE models (counsel, intelligence, reflection) without user configuration

- Executor agent builds pure calldata for on-chain USDC transfers — bundled as 3rd execution in 1Shot relay alongside relay fee and agent fee

- x402 HTTP 402 paywalls on all 10 agent endpoints with X-Payment-Method: x402+1shot

Hardening + Debugging

- Fixed ERC-7715 permissionsContext extraction — discovered context field (not permissionsContext field) contains the ABI-encoded delegation for 1Shot

- Fixed oracle nonce collisions — sequential writes with global nonce counter across all agent reputation writes

- Fixed ERC-7715 ORACLE_PRIVATE_KEY missing from env schema (was falling back to deployer key = agent owner = contract revert)

- Resolved 1Shot send7710Transaction parameter format through iterative testing

- Real tx hash resolution via relayer_getStatus — frontend shows actual Basescan link, not 1Shot task ID

- Budget enforcement in executor — blocks transfers exceeding remaining session budget

- Venice 429 rate limit handling — retry logic with exponential backoff for planning and synthesis

- SSE named event fix — switched to unnamed events so EventSource.onmessage fires correctly

Features + Frontend

- Autonomous scheduled tasks firing via node-cron with stored permissionsContext — works with browser closed

- Persistent chat sessions restored from backend on reload — permissionsContext fetched from database, no re-authorization needed within session window

- Full message persistence in SQLite with SSE replay buffer for autonomous task results

- Transaction details drawer in frontend — agent name, fee, real Basescan tx hash per agent

- Session budget tracking — deducts actual fees paid (not sub-task budget allocation)

- On-chain reputation accumulating across 50+ confirmed 1Shot relay transactions on Base mainnet

Bootstrapped - Self-funded solo project. Built and deployed entirely independently during the hackathon.