Clerky

This project delivers an on-chain native authentication and authorization layer for AI agents acting for users or organizations. Owners create policy claims on-chain, sign EIP-712 intents, and receive scoped JWT session keys backed by ZK proofs. An MCP gateway enforces these scopes and logs every authorized action, giving revocable, auditable AI execution tied directly to smart accounts.

Built a scoped-auth layer for AI agents where Ethereum smart accounts are the root identity. We deployed a Permissions Registry contract (Solidity, Sepolia) to store on-chain claims and constraints. The dashboard (Next.js/React + wagmi/viem) lets users register agents, grant/revoke scopes, and inspect audit trails. For each claim, the user signs an EIP-712 IssuanceIntent; our Issuer service (Node/TypeScript, Express) verifies that signature against current registry state, derives a claims snapshot, and calls vlayer to generate a ZK proof that the JWT claims match the on-chain policy at a specific block. We then co-sign a short-lived JWT using the platform key plus the user EIP-712 signature as evidence of intent. An MCP Gateway (Node/TS) validates JWTs, enforces scopes/limits, and routes requests to ABI-backed tools, OpenAI functions, or any MCP server. Allowed actions execute via Coinbase Developer Platform Smart Wallets (ERC-4337 UserOps + CDP bundler/paymaster), giving AA without running infra. Every request is logged off-chain with jti/clientId and correlated to on-chain events for full, revocable visibility.