AgentDeed

AgentDeed turns fine-tuned AI models into transferable, sealed assets on 0G. Every checkpoint, LoRA, or agent config is wrapped in an ERC-7857 iNFT whose AES-256-GCM key is rotated to the new owner on

  every sale — the seller's key stops decrypting the moment the transfer confirms on chain.

  The defensibility gap this closes

  A fine-tune is the most valuable kind of AI IP and the easiest to steal. Once a safetensors file leaves your machine, scp is the entire piracy stack. HuggingFace hosts plaintext weights anyone can fork;

  Replicate and Together lock you to one runtime; CivitAI resells artifacts that ship in the clear. There has been no primitive for selling the capability to run an opaque model — only the file itself, with

  the loss-of-access enforced by goodwill. ERC-7857 collapses that gap by making the encryption envelope part of the token itself.

  Anatomy of a sale :

  1. Buyer hits Buy on /infts at the seller's flat OG price (no orderbook, no haggling).

  2. In-browser re-seal. The buyer's client fetches the ciphertext from 0G Storage by content hash, decrypts it with the seller's escrowed key, generates a fresh 256-bit AES key bound to the buyer's address,

   re-encrypts the checkpoint, and pins the new ciphertext back to 0G Storage (tx 1).

  3. On-chain settlement. The client calls AgentDeed.purchase(tokenId, sealedKey, proof) with value = listingPrice (tx 2). The contract checks the TEEOracle re-encryption proof, swaps in the new encryptedURI

   + metadataHash, transfers the iNFT, forwards the OG to the seller, and emits SealedKeyDelivered(tokenId, buyer, sealedKey).

  4. Silent key delivery. The buyer's wallet listens for SealedKeyDelivered, caches the delivered key locally, and Reveal works in /my-agents on the next render. No "import your key" modal, no email handoff.

  What the token unlocks for its holder

  - Portable inference. After Reveal, the plaintext weights exist only on your hardware. Run them in /playground against an attested 0G Compute TEE, merge them into a local Ollama, drop them into a private

  vLLM cluster — the platform never sees the model and cannot rate-limit you.

  - Scoped delegation. authorizeUsage(executor, permissions) lets you rent out the model on terms you define (inferences:1000, day:30, purpose:agent-fleet-x) without surrendering the key. Revocation is one

  transaction; the renter is never trusted with raw access.

  - Real secondary markets. Because access is the token, the iNFT is fungible to any DeFi primitive: relist it, fractionalize it, post it as collateral, bundle it inside an agent transfer. Every resale

  triggers a new re-seal — the chain of custody is enforced cryptographically, not contractually.

  - Audit by default. Mints, transfers, clones, rentals, and revokes all emit events on 0G Chain. There is no off-chain ledger to subpoena and no platform that can quietly hand a copy to a third party — the

  TEEOracle is the only path the contract will accept.

  - Fleet cloning. clone() mints a re-sealed sibling of an existing model for multi-tenant deployments (per-customer agents, regional shards) without forcing the operator to share the original key.

  - Attested compute, even without download. Owners who prefer to keep the weights remote can run inference through the 0G Compute TEE, which returns an x_0g_trace attestation proving the right key decrypted

   inside the right enclave for the right request.

  Why every layer has to be 0G

  The seal-rotate-attest loop only closes when storage, settlement, and inference live in the same trust domain.

  - 0G Chain (id 16602) hosts AgentDeed (the ERC-7857 token) and TEEOracle (the re-encryption verifier).

  - 0G Storage holds the encrypted weight bodies as content-addressed blobs; the Merkle root is what the iNFT points at via encryptedURI = 0g://<rootHash>.

  - 0G Compute runs inference inside TEEs whose attestations the same chain can verify.

 Built end-to-end during the hackathon — repo started as create-next-app boilerplate; everything below is new.

  Contracts (contracts/) — Wrote AgentDeed.sol against a clean-room IERC7857.sol interface I drafted from the EIP: mint, transfer, purchase, clone, authorizeUsage, revokeUsage, plus the SealedKeyDelivered

  event the wallet listens for. Paired it with TEEOracle.sol as the re-encryption verifier (deployed but intentionally unwired on testnet so demos don't depend on an attested signer being live). Hardhat

  suite covers the full envelope-rotation path; the deploy/mint/transfer scripts under contracts/scripts/ are reproducible from a fresh wallet via npm run wallet:new → deploy → mint:test. Live on 0G Galileo

  (chain 16602): AgentDeed at 0x21cBA803EdB8676D06FAf9aCAb84611C98B7A370, TEEOracle at 0xcF7294f6C6Ca09cae9b6832efbCffAB218e7d499. First mint landed as tokenId 1 in tx 0x84f5ba…0351.      

  0G plumbing — src/lib/storage.ts wraps @0gfoundation/0g-storage-ts-sdk server-side so the deployer key signs the on-chain submission tx instead of the browser holding one. src/lib/og.ts centralizes chain

  constants, default addresses, and endpoint fallbacks so a fork only needs .env.local overrides. src/lib/inft.ts is the viem client; it deliberately avoids Multicall3 (0G doesn't register it) and instead

  fires parallel eth_calls that the RPC batches naturally.

  Sealed-weight pipeline — src/lib/crypto.ts runs AES-256-GCM through WebCrypto with a fresh 256-bit key + 96-bit nonce per checkpoint; SHA-256 of the ciphertext becomes the content address that the iNFT's

  metadataHash commits to. The whole flow is in-browser — raw .safetensors / .bin / .pt / .gguf bytes never touch a network we don't control. The seller-side encrypt path and the buyer-side re-seal path

  share the same primitives so a transfer is a re-run of the encrypt step against the new owner's binding.

  Frontend (Next.js 16 App Router · React 19 · Tailwind v4 · wagmi 2 + RainbowKit + viem)

  - /builder — real four-stage pipeline with a live build log: pick file → AES-256-GCM encrypt → POST /api/storage/pin for a genuine 0g://<rootHash> URI → AgentDeed.mint(to, encryptedURI, metadataHash). The

  SHA-256 you see logged is the hash of your file's ciphertext, not a placeholder.

  - /infts — marketplace, filters/search across sealed listings.

  - /my-agents — wallet-gated vault scanning ownerOf so both freshly minted and transferred-in tokens surface; revenue and listing state read directly from chain.

  - /playground — live inference through the 0G Compute Router via /api/inference (keeps the router API key server-side) with a self-hosted Ollama fallback so the inference layer is exercisable end-to-end

  without a router key. Same OpenAI-compatible request body either way; x_0g_trace is synthesized in the local path so the billing block stays honest about provenance.

  - /pitch — 8-slide investor deck (problem, solution, LoRA primer, business model, traction) written for live presentation.

  Branding, theme, docs — Migrated WeightVault → AgentDeed across nav, footer, layout, marketing copy, and pitch deck in one refactor pass. Designed the bone/ink/orange editorial palette and rebuilt the

  landing page around it. Rewrote README.md end-to-end: stack table, route table, LoRA primer (why a sealed-key marketplace fits LoRAs specifically), architecture diagram, mint request-flow ASCII, key design

   decisions, deploy-your-own-copy guide.

Bootstrapped , not raising funds