Shaida
Shaida is a protocol and SDK that turns any autonomous AI agent into a verifiable economic actor. Every decision the agent makes is executed inside a hardware-attested enclave, every memory it forms i
ビデオ
テックスタック
説明
Shaida
A verifiable memory layer for autonomous agents.
Shaida (Hausa): witness, sworn testimony.
Overview
Shaida is a protocol and SDK that turns any autonomous AI agent into a verifiable economic actor. Every decision the agent makes is executed inside a hardware-attested enclave, every memory it forms is cryptographically chained, and every action it takes settles against an on-chain reputation it cannot detach from. Users delegate capital to agents through bounded, revocable vaults — they hire and fire agents the way a fund hires and fires managers, except the track record is mathematically real.
The substrate is 0G.
Problem
Autonomous AI agents are about to manage meaningful capital — DeFi yield, treasury rebalancing, perpetual strategies, on-chain commerce. The infrastructure for executing their actions exists. The infrastructure for trusting them does not.
Today, an agent that loses a user's money produces a transaction hash and nothing else. The user cannot verify which model ran, what inputs it considered, what it remembered from prior sessions, or whether the agent's reasoning was tampered with between decisions. Existing agent protocols solve this with dashboards and self-reported logs — both of which the agent itself can lie about. A dashboard is not a proof.
Three specific gaps:
Inference is unverifiable. When an agent claims it ran model X on inputs Y, the user takes it on faith. Centralized inference providers cannot prove they did not substitute a cheaper model, leak inputs to a third party, or front-run the user's own decision.
Memory is non-existent or rewritable. Agents that operate across sessions need persistent context. Today this either lives in a centralized database the operator controls, or in a vector store with no integrity guarantees. An agent that "learned from its mistakes" cannot prove the mistake actually happened.
Reputation is detachable. Existing agent NFT standards let owners sell or transfer the agent freely, which means a track record can be laundered. A bad agent gets sold to a new wallet and reappears with a clean history.
Shaida closes all three.
Architecture
Shaida composes five primitives into a single coherent product surface. Each primitive is load-bearing — removing any one of them breaks the trust chain.
1. Agent identity (ERC-7857 iNFT)
Every agent on Shaida is minted as an ERC-7857 Intelligent NFT. The agent's "soul" — its system prompt, fine-tuned weights pointer, behavioral bounds, and operational policy — lives in encrypted metadata accessible only via the agent's runtime. The iNFT itself is transferable. The reputation attached to it is not.
This separation is the key inversion. Owners can buy, sell, fork, or rent the capabilities of an agent. The track record stays bound to the agent's operational identity and cannot be detached, sold, or re-skinned.
2. Sealed inference (0G Compute TEE)
Every reasoning step the agent takes runs inside a 0G Compute TEE via Sealed Inference. The TEE produces a signed attestation containing:
the agent's iNFT identity
the hash of the model that ran
the hash of the inputs (market data, prior memory, user signals)
the hash of the output (the decision or action)
the block height and timestamp
The user never trusts the agent's claim about what it ran. The hardware attests on its behalf. This is the verification root.
3. Hash-chained memory (0G Storage KV)
Every reasoning trace, observation, and post-action review is written to 0G Storage's KV layer as a hash-chained log. Each memory entry contains the hash of the previous entry. The chain is anchored periodically to 0G Chain via a Merkle root commitment.
The result: an agent's memory is a continuous, append-only stream that cannot be retroactively rewritten. The agent cannot pretend it didn't see something it saw. The user can replay the agent's entire cognitive history and verify it byte-for-byte.
This uses 0G Storage's millisecond-query KV layer for what it is actually designed for — high-frequency append-and-verify workloads, not bulk file storage.
4. On-chain reputation (0G Chain)
Every Sealed Inference attestation settles on 0G Chain into a ReputationOracle contract that maintains, per agent:
total actions taken
realized PnL (when applicable)
maximum drawdown
alignment violations flagged by 0G Alignment Nodes
cumulative attestation count
Reputation is a soulbound score on the agent's iNFT. Capital allocators and the delegation vaults below read from this oracle to gate access. Bad agents accumulate negative reputation and get filtered out of the market. They cannot escape it by transferring the iNFT.
5. Bounded delegation vaults
Users do not deploy agents. They delegate to them.
A user stakes USDT (or any whitelisted asset) into a DelegationVault. They sign an EIP-712 typed bound — maximum position size, maximum drawdown, allowed venues, time horizon, performance fee split. Any agent above a configurable reputation threshold can pull from the vault, subject to the bounds. Bound violations trigger an automatic circuit breaker (a hysteresis FSM, not a single-shot trigger) that revokes the agent's access and returns funds to the user.
The user can revoke unilaterally at any time, in a single block. The agent cannot prevent withdrawal.
The vault is the marketplace. Agents earn performance fees. Users get verifiable, bounded exposure to autonomous strategies. Both sides can exit.
System diagram
┌───────────────────────────────┐
│ Shaida Frontend │
│ (Vite + React + wagmi) │
│ Marketplace · Vault · Replay │
└──────────────┬────────────────┘
│
│ EIP-712
▼
┌────────────────────────────────────────────────────────────────────┐
│ 0G Chain │
│ │
│ ┌──────────────────┐ ┌─────────────────────┐ ┌──────────────┐ │
│ │ AgentRegistry │ │ ReputationOracle │ │ Delegation │ │
│ │ (ERC-7857) │◄──┤ │◄──┤ Vault │ │
│ └──────────────────┘ └──────────▲──────────┘ └──────┬───────┘ │
│ │ │ │
└────────────────────────────────────┼─────────────────────┼─────────┘
│ attestation │ pull
│ │
┌──────────┴─────────────────────┴──────┐
│ Shaida Orchestrator (Node.js) │
│ - Sealed Inference caller │
│ - Memory chain writer │
│ - Attestation submitter │
└──────────┬─────────────────┬──────────┘
│ │
▼ ▼
┌──────────────────┐ ┌──────────────────┐
│ 0G Compute │ │ 0G Storage KV │
│ (Sealed │ │ (Hash-chained │
│ Inference TEE) │ │ memory log) │
└──────────────────┘ └──────────────────┘
│
▼
┌────────────────────────┐
│ 0G Alignment Nodes │
│ (drift / bias flags) │
└────────────────────────┘
Smart contracts
Three contracts, written in Foundry.
AgentRegistry.sol
Extends ERC-7857. Mints agent iNFTs with encrypted metadata. Stores the operational policy hash, the model hash, and the agent's runtime endpoint. Enforces the separation between transferable ownership and non-transferable reputation by exposing reputation reads through ReputationOracle rather than ERC-7857 metadata.
Key functions: mintAgent(bytes encryptedSoul, bytes32 modelHash, bytes32 policyHash), updateModelHash(uint256 agentId, bytes32 newHash) (gated by owner + cooldown), getReputation(uint256 agentId) (reads through to oracle).
ReputationOracle.sol
Receives signed Sealed Inference attestations. Verifies the TEE signature against 0G Compute's published attestation key. Updates per-agent counters: actions, PnL, drawdown, violations. Emits events for the indexer.
Reputation is computed as a pure function of these counters — there is no admin override, no boost, no manual adjustment. The formula is reproducible offline from on-chain events.
Key functions: submitAttestation(Attestation calldata att, bytes calldata teeSignature), flagViolation(uint256 agentId, ViolationType v, bytes calldata proof) (callable only by Alignment Node operators), reputationOf(uint256 agentId) view returns (Reputation memory).
DelegationVault.sol
User-deployed via factory. Holds user funds. Accepts EIP-712 signed bounds defining the agent's operational envelope. Implements a hysteresis FSM circuit breaker — not a single-shot threshold, but a state machine that requires sustained boundary violation to trip and sustained good behavior to reset. This prevents oracle-noise-induced false trips while remaining responsive to actual misbehavior.
Key functions: delegate(uint256 agentId, Bounds calldata b, bytes calldata sig), revoke(), executeAction(Action calldata a, bytes calldata teeAttestation) (the agent calls this; the vault verifies the attestation against the bounds before releasing funds), circuitState() view returns (FSMState).
The FSM has four states: ACTIVE, WARNING, TRIPPED, RECOVERY. Transitions are based on rolling-window drawdown and violation counters, not instantaneous values.
Off-chain components
Orchestrator (Node.js)
The runtime that wraps the agent's logic. Responsibilities:
Pull the agent's current memory chain head from 0G Storage KV
Construct the inference input (current observations + memory context)
Call 0G Compute Sealed Inference, receive the attestation
Append the new memory entry to the chain (entry includes prev_hash)
Submit the attestation to
ReputationOracleIf the inference output is an action, call
executeActionon the user'sDelegationVault
The orchestrator is reference code. Builders can fork it or implement their own runtime in any language as long as they conform to the on-chain interface. The orchestrator is not trusted — every claim it makes is independently verifiable via the attestation chain.
Shaida SDK (TypeScript)
Wraps the Shaida protocol so other builders can integrate their existing agents in roughly twenty lines:
import { Shaida } from "@shaida/sdk";
const shaida = new Shaida({ rpc, signer });
const agent = await shaida.registerAgent({
modelHash, policyHash, encryptedSoul,
});
const result = await agent.reason({ inputs });
// result includes attestation, memoryEntryHash, txHash
The SDK abstracts attestation submission, memory chain management, and vault interaction. This is the developer-facing surface and the primary distribution mechanism.
Frontend (Vite + React)
Three views:
Marketplace — browse agents by reputation, strategy class, fee structure. Each agent card shows the verifiable performance graph and the latest attestation.
Vault — deploy a delegation vault, set bounds, fund it, monitor live PnL, revoke.
Replay — for any agent, replay its memory chain. Each entry shows the input hash, model hash, output, and the linking hash to the previous entry. The user can audit the agent's reasoning history end-to-end.
ハッカソンの進行状況
Shaida was built end-to-end during the hackathon period and is fully deployed on the 0G mainnet. All five integration points are live: ERC-7857 agent identity, Sealed Inference via 0G Compute, hash-chained memory on 0G Storage KV, on-chain reputation on 0G Chain, and bounded delegation vaults with the hysteresis FSM circuit breaker.
The three core contracts — AgentRegistry, ReputationOracle, and DelegationVault — were written, tested with Foundry invariant suites, and deployed to 0G mainnet. The Node.js orchestrator wraps Sealed Inference calls, writes hash-chained memory entries to 0G Storage, and settles attestations on-chain. The TypeScript SDK exposes a roughly twenty-line integration surface for external agents. The Vite + React frontend (Marketplace, Vault, Replay) reads live state directly from 0G Chain and 0G Storage with no database.
A reference agent running a stablecoin yield routing strategy is deployed and operating against a funded delegation vault on mainnet, producing verifiable attestations and memory entries that can be audited end-to-end through the Replay view.
資金調達の状況
0