Aegis

What if going from fiat to crypto required no exchange, no company, and no human in the loop — not even one?

Fifteen years into DeFi, we've rebuilt trading, lending, derivatives, and prediction markets — but the front door is still centralized. Every onramp today is an operator: it custodies funds, controls liquidity, and can freeze you out.

Aegis is the first onramp with no operator. Four autonomous agents — Fiat, Crypto, Watcher, Attestation — discover each other peer-to-peer, negotiate quotes, observe off-chain payments, and trigger on-chain settlement. Each is constrained so that no single agent can move funds alone.

A user broadcasts intent. Agent liquidity providers compete with signed quotes over an encrypted P2P mesh. The winning provider locks crypto into escrow and commits a cryptographic hash of the real-world payment receiver — making the destination immutable at lock-time. The user pays via UPI or bank transfer. A Watcher Agent observes the webhook but cannot execute. A separate Attestation Agent verifies the observed receiver matches the on-chain commitment. Only on a match does an execution boundary release the funds. Every transition is gated by a verifiable check.

Agents have persistent identity (minted as iNFTs), persistent memory (so they learn which counterparties are reliable), and a verifiable execution environment (so the running code matches the public binary). The flow runs end-to-end with no operator to intervene, no account to freeze, no system to appeal to.

Aegis doesn't just remove the middleman. It removes the assumption that one is needed.

Aegis is built as a network of TypeScript agents running across three independent layers, each chosen because it removes a different trust assumption.: 0G (storage + settlement), Gensyn AXL (P2P communication), and KeeperHub (execution automation).

The stack uses Hono for webhook handling, ethers for contract interaction, and a lightweight HTTP bridge for AXL messaging. Smart contracts are written in Solidity using Foundry and OpenZeppelin.

Identity, memory, verification --> When a user connects, two agents (Fiat + Crypto) are minted as iNFTs (ERC-7857) on 0G Chain. Their state — decision logs, quote history, LP reliability scores — is persisted on 0G Storage with Merkle-rooted commitments, so agents are stateful and portable across sessions and continuously improve quote selection. Agent binaries are attested via 0G Compute TEE before each session, so the running code provably matches the public version.

Agents communicate over an encrypted, NAT-traversed P2P mesh (Gensyn AXL over Yggdrasil). There is no broker or relay. A buyer in Germany and an LP in India discover and settle without shared infrastructure. Capabilities are exposed via MCP, so agents call each other without hardcoded integrations.

On swap initiation, the Fiat Agent broadcasts a request-for-quote over AXL. Liquidity providers respond via Crypto Agents with signed quotes over the P2P network (AXL handles encryption, routing, and NAT traversal over Yggdrasil).

The user agent deterministically selects the best quote (rate × reputation ÷ fee), logs the decision as a Merkle root on 0G Storage, and commits to the provider.

The LP locks funds into an escrow contract on 0G Galileo, committing a keccak256 hash of their fiat receiver on-chain — making the payment destination immutable.

Fiat payment happens over traditional rails (UPI/bank transfer). A Watcher Agent receives the bank webhook via KeeperHub, verifies HMAC signatures, and forwards the observation — but cannot execute.

An Attestation Agent independently verifies that the observed payment receiver matches the on-chain commitment. If valid, it pins the full evidence (payload, signature, timestamps) to 0G Storage and triggers escrow release. If not, the transaction halts.

This Watcher–Attestor split ensures no single agent can both observe and act.

KeeperHub provisions a restricted automation wallet (via Turnkey) scoped only to release and expire. Scheduled workflows handle expirations and slashing, while webhook flows handle confirmations. Even under compromise, the wallet cannot drain funds.

0G Compute uses TEE attestation to verify agent code integrity before execution. Each session proves the running binary matches the public version, preventing tampering or malicious forks.

The key architectural decision is separating observation from execution. Most systems couple these roles — Aegis enforces independence.

Even if the Watcher is compromised, it cannot release funds. Even if the Attestor is compromised, it cannot fabricate payment events.