Trust-stack demo · x402 + 0G + Filecoin

Verifiable AI for Gmail and Calendar, working end-to-end

Every calendar and Gmail write goes through a real x402 gate on Solana devnet. Every successful action produces an ed25519-signed receipt mirrored to two public storage networks (Filecoin and 0G testnet) plus published as a Merkle root on Solana, so a judge can verify the bytes against either mirror independently.

The flow

1
Agent proposes an action
An agent in chat emits a <tool_use> block, e.g. calendar.create with {summary, start, end, attendees}.
2
User approves in the modal
The approval modal shows tool, action, exact params, and the cost: $0.01 USDC on solana-devnet.
3
Server returns 402 Payment Required
Our /api/tools/calendar endpoint (wrapped in the x402Gate middleware) checks for X-Payment-Proof. Without it, the server creates a params-bound invoice and returns 402.
```
POST /api/tools/calendar → 402
{ invoice_reference, amount: 0.01, chain: solana-devnet,
  recipient, pay_endpoint, retry_header: "X-Payment-Proof" }
```
4
Client pays the invoice
Client POSTs to /api/tools/x402/pay with the invoice_reference. On devnet we simulate the on-chain transfer; the server marks the invoice paid and returns a tx_signature.
```
POST /api/tools/x402/pay → 200
{ status: "paid", tx_signature: "devnet_sim_..." }
```
5
Server validates proof, executes, signs receipt
Client retries with X-Payment-Proof header. Server validates (user + tool + action + params_hash + expiry + not consumed), calls Google, creates an ed25519-signed receipt, stores it, and marks the invoice consumed so it can't be replayed.
```
POST /api/tools/calendar
  X-Payment-Proof: inv_cal_... → 200
{ event, receipt: { receipt, signature, public_key } }
```

Request sequence

Calendar agent manifest

ERC-8004-style registration

Gmail agent manifest

ERC-8004-style registration

Receipt public key

ed25519 pubkey for verification

Signed receipts on Filecoin

Open /security to see each receipt's filecoin_cid link to a public IPFS gateway

Signed receipts on 0G Storage

Second public mirror. /api/og/storage/[rootHash] returns the JSON envelope with indexer endpoint and SDK verify steps

Agent ID on 0G AgenticID

ERC-7857 Intelligent NFT on Galileo Testnet. Reference contract: 0x2700F6A3...EF1F

Agent cards + memory on Arkiv

Network School Ethereum Hackathon entrant (AI theme). Public Braga testnet entities; /arkiv lists agent cards and shows the memory model

Try it yourself

1.Log in via Privy at /login
2.Go to /integrations and Connect Google Calendar & Gmail
3.Go to /chat
4.Type: Schedule a 30-min meeting tomorrow at 3 PM called "trust-stack demo"
5.Click Pay & Allow Once in the approval modal
6.Open the Network tab, observe 402, then /pay, then 200 with receipt
7.Go to /security and click Copy JSON on the new receipt
8.Verify the signature with the public key from /api/receipts/public-key
9.Click the filecoin: link on the receipt row to fetch the same bytes from a public IPFS gateway. Byte-compare to confirm we did not tamper with the row after signing.
10.Click the 0g: link on the same row. It lands on /api/og/storage/[rootHash], our public verifier passthrough. The JSON envelope documents the 0G testnet indexer endpoint and exact SDK call needed to pull the bytes a second time, from a network we do not control.
11.Open /agents/calendar.json. If og_agent_id is present, click its explorer_url to see the agent's ERC-7857 Intelligent NFT on 0G Galileo Testnet (chainscan-galileo.0g.ai). The on-chain IntelligentData[] array carries SHA-256 hashes of the agent's name, capabilities, system prompt, and model.

MagicBlock adapterActive

MagicBlock can settle receipts on an ephemeral rollup for faster finality than mainnet. Our adapter interface is shipped at lib/magicblock/adapter.ts and is feature-flagged behind NEXT_PUBLIC_MAGICBLOCK_ENABLED.

Honest status: Ephemeral Rollup routing enabled at https://devnet-us.magicblock.app. Receipts record executed_via: 'magicblock'. No receipt produced by this codebase claims executed_via: magicblock unless the stub is replaced with a real implementation AND the flag is set.

What you can verify

Receipt wasn't forged
ed25519-verify signature against canonical JSON of receipt using pubkey from /api/receipts/public-key.
Invoice is bound to the exact request
receipt.params_hash = SHA-256 of the canonical params. Replay against a different request = server rejects.
Agent manifest hasn't been tampered with
/agents/{calendar|gmail}.json contains a checksum = SHA-256 over its own content (minus the checksum field).
Payment actually happened
receipt.invoice_reference + receipt.payment_tx recorded server-side in tool_invoices + tool_receipts.
Receipt bytes are publicly archived on two networks
Every signed receipt is anchored to BOTH Filecoin (via Lighthouse) and 0G Storage testnet (via the Turbo indexer). Both links render next to each receipt on /security. Fetch the bytes from either network and byte-compare against /api/receipts. A single-provider outage cannot break verification.
Agent identity is on-chain
Each agent has an optional ERC-7857 Intelligent NFT minted into the 0G Foundation reference AgenticID contract on Galileo Testnet. The IntelligentData[] array carries SHA-256 hashes of name, description, capabilities, system prompt, and model. Recompute the hashes and verify against the chainscan record to detect drift.
Per-action consent (no blanket approvals)
Every execution stands alone. The approval modal has no "remember this agent" checkbox by design.

Start the demo

Full technical writeup available on request. Email operatoruplift@gmail.com.

Verifiable AI for Gmail and Calendar, working end-to-end