0xAgentio

One-Liner:

A framework for proof-carrying agent coordination - delegate bounded authority, coordinate peer-to-peer and verify actions at the edge, without forcing principals to expose private strategy, budgets or internal authorization.

The Problem:

AI agents are becoming economic actors. Trading, paying for compute or settling API calls. a16z calls this the "Know Your Agent" gap - agents need verifiable credentials before they can participate in any economy. Most approaches to KYA focus on identity: who is this agent, who is the principal behind it, are they compliant? That matters, but it's only half the problem.

The other half is delegation and coordination. There's no way for an agent to prove what it's authorized to do - or for other agents to verify that - without exposing everything about the principal behind it. And when agents need to coordinate with each other, they have no mechanism to establish trust without a central broker, reputation scores that take months to build or exposing private information.

Identity tells you who. 0xAgentio answers what, how much and with whom - the operational layer that agents actually need to act autonomously. ZK proofs make it possible to prove all of this without revealing any of it.

0xAgentio is a TypeScript framework for building proof-carrying autonomous agents. It's a pretty big project with lots of moving parts so I am planning to continue to work on it.

A principal delegates bounded authority to an agent through a policy: allowed actions, per-action limits, cumulative limits and expiry. The agent generates ZK proofs and credentials that a specific action is authorized under that policy - without exposing the principal, the strategy or the full policy. Counterparties (other agents, services or APIs) verify the proof before doing work or accepting the request.

The framework is built on three primitives:

• Noir for the ZK proofs
• 0G for state, audit persistence and reasoning layer (KV storage + Compute Router for LLM-backed planning)
• Gensyn AXL for encrypted peer-to-peer communication between separate agent nodes

The runtime is adapter-based, so the same application shape runs locally in tests and against the live stack with real Noir proving, live 0G KV and real local AXL nodes.

The thesis is simple: identity tells you who an agent is. 0xAgentio answers what, how much and with whom, the operational trust layer agents actually need before acting on a budget, an API or another agent. Reason freely, but execute only with verified authority.

The first demo built on top is a Uniswap example: Alice is an autonomous treasury agent, Bob is a Uniswap gateway agent and Bob only calls /check_approval, /quote, /swap or /order after verifying that Alice's proof backed request matches her delegated policy. The same shape applies to compute delegation, data marketplaces, API access gating and multi-agent task swarms.

For more information about the framework and its vision, please refer to the README.md in the repository: https://github.com/Trivo25/agentio/blob/main/README.md

The framework is a TypeScript monorepo split into small packages so each external system sits behind a clean adapter and can be used in a modular way. 0xAgentio tries not to limit any use cases, instead it attempts to be a generic framework for building autonomous agents that interact with each other (within every possible domain!)

• @0xagentio/core: pure types and helpers: identity, policy, credential, action intent, state, audit, validation, hashes
• @0xagentio/sdk: the developer facing API (createAgentRuntime, createTrustedAgent, reasoning engines, local adapters, message helpers, ..)
• @0xagentio/noir: Noir authorization circuit (zk proofs) + proof adapter. the circuit binds policy hash, action hash, agent id and cumulative state so a valid old proof cannot authorize a different request
• @0xagentio/og: 0G Storage adapters, KV-backed (ogKvObjectClient selects nodes through the 0G indexer), file-backed and in-memory variants behind one interface. I also built https://trivo25.github.io/agentio/ as public good for the community as there was no public KV node and it's currently being used by at least 4 other projects in the hackathon!
• @0xagentio/compute: 0G Compute Router LLM client behind the generic LlmClient interface, so the same reasoning code also runs with mock or any OpenAI compatible providers
• @0xagentio/axl-client + @0xagentio/axl-local: a small TypeScript SDK and process wrapper for Gensyn AXL, I built these because no official TS SDK existed and shared them with the community on Discord in case anyone wants to use them, a little side project during the hackathon. axl-client only moves bytes through AXLs HTTP bridge; axl-local spawns and supervises real AXL node binaries for tests and examples.

The runtime is reasoning -> policy validation -> proof generation -> execution -> state/audit persistence, with peer messaging via AXL Because every step is an adapter, the same application shape runs locally in CI and against the real full stack: localNoirProofs() swaps for noirProofs(), localOgStorage() for ogStorage({ client: ogKvObjectClient(...) }), localAxlTransport() for axlTransport(...)

Partne technologies and how they fit:

• 0G Compute Router: first-class live LLM provider for llmReasoningEngine(...) - the canonical live demo uses 0G-routed models for reasonign of the agent. I added a prompt-only response format because some 0G-routed models reject OpenAI's json obj response format
• 0G Storage (KV): durable agent state and audit trail as well as shared memory if required. I also run a public-good 0G KV node that the community uses; at least 4 other hackathon projects currently rely on it.
• Gensyn AXL: encrypted peer-to-peer transport between agents. The full live stack starts two real local AXL node processes and exchanges Noir proof backed messages across them. Bob receives Alice's proof, verifies the proof/action/policy binding and only then does the work.
• Noir: the actual ZK proving for authorization. The circuit takes policy + credential + action + cumulative state and proves "this action is allowed" revealing only the policy commitment and the action hash.
• Uniswap Trading API: the example domain and where this will be useful in the agentic economy. Bob's gateway only calls /check_approval and /quote after verifying Alice's proof; /swap and /order stay behind explicit live flags because they touch irreversible execution. The web UI is a single static HTML page that mirrors the same trust boundary.

Things worth flagging as hacky/non-obvious:

• Action-hash binding inside the proof. A proof is bound to the exact serialized action, so a replayed proof with a tampered amount gets rejected before any work happens. The Uniswap demo shows both negative paths explicitly.
• LLM amount parsing is intentionally strict. It accepts decimal strings ("100", "100.0") and safe JSON integers but rejects fractional and unsafe numbers, because the parsed value feeds directly into policy validation and the Noir witness.
• Optional deterministic guard between LLM and runtime. The guard runs after model output and before policy validation, so you can keep LLM flexibility but enforce hard ceilings as code, not
• Local AXL process wrapper. prepareLocalAxlNode/startLocalAxlNetwork boot real Gensyn AXL binaries with isolated configs and tear them down between examples, so the AXL flows run against the actual node code, not a mock
• Reasoning is never authority. Even when the LLM proposes the next swap, the runtime re-validates against policy and current cumulative state, generates the proof and only then does the execution adapter run. A long lived multi-step agent does not get one broad approval every cycle re-proves itself

For more information about the framework and its vision, please refer to the README.md in the repository: https://github.com/Trivo25/agentio/blob/main/README.md