Receipts now anchor to two decentralized storage networks, not one

A founder we respect sent us the 0G docs and asked which modules we should fold in. We spent an afternoon on it, almost wrote a "here is why we are holding off" post, then re-read what we had written and realized we had answered the wrong question.

The question was not "should 0G replace our Filecoin mirror." The answer to that is no, and it stays no. The right question for a hackathon is "can 0G add a second public mirror on top of what we already have." That answer is yes, and shipping it took an afternoon.

What changed this week

Every signed receipt now gets pinned to two public storage networks instead of one. Filecoin (via Lighthouse) was already there from last week. 0G testnet is there now too.

The two networks hold byte-identical copies of the same receipt JSON. Each settled receipt carries two clickable links: one labeled filecoin:, one labeled 0g:. Either link gets you back to the same bytes we signed.

Why two networks instead of one

The honest answer: not because one was failing. Filecoin via Lighthouse works fine. We added 0G because the trust story gets meaningfully stronger when nobody can break the proof by knocking out a single storage provider.

If Lighthouse changes its terms tomorrow, the Filecoin link could break. If 0G's testnet indexer goes down, the 0G link breaks. The signed bytes themselves never change, but the convenient verification path through one network could close. With two parallel networks, a judge or an auditor can pick whichever one is up.

Same principle as keeping a backup of your photos in two cloud providers, except for the cryptographic proof that your assistant did what you said it did.

What did NOT change

The receipt itself looks the same as it did last week. The signature on it is the same. The fingerprint we put on a public chain every five receipts is the same.

The new network only holds another copy of the bytes. It is not signing anything. The signature is still us. The new copy is just a second place anyone can fetch the record from, in case the first place ever goes down.

What you do not have to think about

You do not have to know what 0G is. You do not have to install a wallet. You do not have to pay a 0G testnet fee. Both mirrors are operational metadata we run on our side. The only place 0G is visible to you is the small 0g: bafyrei... link next to each receipt on /security, and that link is one click away from a small JSON explanation page if you ever want to verify the bytes yourself.

The agent ID follow-up landed too

Every assistant on Operator Uplift now has its own public ID card, the same way a real employee has a badge. The badge says what the assistant is allowed to do. If we ever change the assistant, the new badge shows the change. You do not have to know any of this is happening; the badge is something you can check if you ever want to, not something you have to.

What we skipped on purpose

There were other things in the same toolkit we could have taken. We did not take the one that runs the actual AI brain on someone else's hardware: you should be able to pick which AI you talk to (we already let you, on the chat page). And we did not take the one that promises private memory through hardware tricks, because we do not run the brain ourselves so there is nothing to make private on our end.

If you are a founder looking at one of these toolkits, the move that worked for us was the smallest possible thing that adds something a stranger can check without trusting us. Usually that is a second mirror, a redundant signer, or a public copy of a record we already had. Not a rebuild.

You did not sign up to learn about storage networks. You signed up for an assistant that drafts your email and waits for your tap. The two backups are part of why that tap is safe.