Private eligibility firewall on 0G. Workers prove eligibility for free legal help without disclosing name, HKID, employer. Subpoenas reach only a 15-min timestamp bucket. Live on Aristotle mainnet.
## The asymmetry
Migrant workers in Hong Kong make up ~5% of the population. The services that exist to help them — legal aid clinics,
shelters, public hospitals — all require identifying information at intake. Name, HKID, employer, visa status. Those are
exactly the fields an abusive employer can later subpoena, or that a trafficker can use to find a worker who sought help. The
status quo asks the most vulnerable people in the system to choose between getting help and being safe.
## What Compass changes
Compass eliminates the disclosure. A vulnerable worker carries an encrypted SD-JWT verifiable credential in her browser vault.
A sealed inference receipt-signer running inside a Phala dstack TDX trusted execution environment evaluates an eligibility
policy against selectively-disclosed claims. The result lands on 0G Chain as a ReceiptIssued event whose fields are
non-identifying — only a 15-minute timestamp bucket, a policy ID, a nullifier, and a cryptographic commitment to the agent's
on-chain identity.
A subpoena reaches the timestamp bucket and the commitment. Nothing else exists to be disclosed.
## How it's built
Compass runs end-to-end on 0G:
- 0G Chain (Aristotle mainnet 16661 + Galileo testnet 16602) — AgentRegistry holds a soulbound INFT bound to the user's
EOA. CompassHub atomically consumes a single-use grant and issues a receipt in one transaction; nullifier-replay and
receipt-id-replay protection both enforced on-chain.
- 0G Storage — the user's SD-JWT VC ciphertext (AES-256-GCM with a non-extractable WebCrypto key in IndexedDB) is uploaded
to 0G Storage; the Merkle root is committed to AgentRegistry.encryptedURI. The decryption key never enters the chain.
- 0G TeeML / Phala dstack TDX — the receipt-signer derives a deterministic secp256k1 key sealed to its attested image via
dstack.getKey('compass-receipt-signer'). Each receipt is bound to a per-receipt RA quote whose report_data commits to
(signer, image, receiptId), defeating archived-quote replay across deployments.
## Honest limits
We are explicit about what Compass does NOT do. Coercion: an abusive employer who can see the worker's screen at disclosure
can still read the plaintext SD-JWT VC before encryption. Coarse buckets: 15-minute windows are not full k-anonymity against
statistical re-identification in edge cases. SD-JWT VC draft churn: the implementation pins to draft-15; we'll roll forward as
the standard finalises. Full list at docs/honest-limits.md.
## What's verifiable today
- 40 Hardhat unit tests + property-based invariants pass.
- 103 receipt-signer vitest tests pass.
- Slither 0.11.5 with 101 detectors: 0 security findings.
- Codex GPT-5.5 adversarial pre-submission review caught + fixed 1 BLOCKER before mainnet deploy.
- 5 prior security audits (Codex x3, Slither, ultrareview, OWASP API).
- Playwright E2E suite scaffolded across the user journey.
Don't trust the maintainer — re-derive the cryptographic chain yourself with `enclave/src/verify-receipt.ts --bundle
<receipt.json>`.
## Try it
- Live frontend: https://app-psi-pied.vercel.app
- Subpoena scene: https://app-psi-pied.vercel.app/clinic/subpoena
- Public audit log: https://app-psi-pied.vercel.app/audit
- 3D audit visualization: https://app-psi-pied.vercel.app/audit-graph.html
- Repo: https://github.com/StephenSook/Compass-OG-
- Demo video: https://www.youtube.com/watch?v=vg5WZHmlzZI
Built solo by Stephen Sookra for the 0G APAC Hackathon Track 5 (Privacy & Sovereign Infrastructure).
Built end-to-end during the 0G APAC hackathon window (project kickoff 2026-05-02; submission 2026-05-16).
Phase A — credential vault + agent identity (May 2-3)
Browser-side AES-256-GCM encryption with non-extractable WebCrypto keys in IndexedDB. SD-JWT VC draft-15 selective disclosure.
Soulbound minimal INFT on AgentRegistry binding the user's EOA to their encrypted vault URI on 0G Storage.
Phase B — TEE receipt-signer (May 4-5)
Express service running inside a Phala dstack TDX CVM. Deterministic secp256k1 key derivation via
dstack.getKey('compass-receipt-signer'). Per-receipt RA quote with `report_data = sha256(signer || composeHash ||
receiptId)` — defeats archived-quote replay across deployments. ADR-003 documents the binding rationale.
Phase C — atomic on-chain consume + issue (May 5-6)
CompassHub.consumeGrantAndIssueReceipt() consumes a single-use grant and emits ReceiptIssued in one transaction.
Nullifier-replay + receipt-id-replay protection enforced on-chain. 40 Hardhat unit tests + property-based invariants pass.
Phase D — subpoena scene + audit log (May 7-8)
/clinic/subpoena page renders what a clinic could actually disclose under PDPO §57 — only the 15-min timestamp bucket and the
receipt commitment exist. /audit page lists every on-chain receipt with no identifying fields. /audit-graph.html renders the
audit log as a 3D force-graph.
Phase E — Aristotle mainnet deploy (May 10)
AgentRegistry at 0xf1FAaBef1d00Db1a15b7637Dc0d8526449D06Bf9 and CompassHub at 0xe42fd4F0a3197126fEeF5e6AAfC5Fb8848bBC58b on 0G
Aristotle mainnet (chainId 16661). 3 demo policies (HELP / Bethune / HK FDH Hospital) registered on-chain.
Phase F — demo + submission (May 11-16)
Three-minute demo video at https://www.youtube.com/watch?v=vg5WZHmlzZI. Mermaid C4Context architecture diagram. 3 ADRs
(MADR-lite) covering platform / credential / quote-binding decisions. Multi-agent audit landed CRITICAL Privy SSR fix + Docker
dependabot + network-copy corrections. Final-week X cadence locked.
Verifiability ledger (what shipped, what's testable):
- 40 Hardhat unit tests + property-based invariants ✓
- 103 receipt-signer vitest tests ✓
- Slither 0.11.5 (101 detectors): 0 security findings ✓
- Codex GPT-5.5 adversarial review: 1 BLOCKER caught + fixed pre-mainnet
- 5 prior security audits (Codex x3, Slither, ultrareview, OWASP API)
- Playwright E2E suite scaffolded across user journey
- Verifiable independence: enclave/src/verify-receipt.ts --bundle <receipt.json> lets anyone re-derive the cryptographic
chain offline.
Non-code surfaces shipped: README ToC + Mermaid C4 architecture diagram · 3 ADRs (MADR-lite: platform / credential /
quote-binding) · whitepaper PDF · press kit · 6 NGO outreach drafts (HELP, Bethune, Mission, Open Society, Luminate, Jockey
Club) · DoraHacks + Devpost cross-listing drafts.
Not actively fundraising. Solo hackathon build.
Open post-deadline to:
- Ecosystem grants (0G Foundation, Ethereum Foundation Privacy & Scaling Explorations, Phala Network ecosystem fund)
- NGO partnerships in the HK migrant-worker space (Bethune House, HELP for Domestic Workers, Mission for Migrant Workers, Open
Society Foundations)
- v0.6 roadmap funding: native-speaker localization review (Filipino, Bahasa Indonesia, Bahasa Malaysia, Cantonese),
browser-side 0G Storage upload v2, Mythril symbolic-execution audit pass
6 cold-outreach drafts queued at docs/outreach/ ready to send after May 16.