ENS-bound agent auth

Steg gives AI agents a live, revocable on-chain license instead of a static API key. Each agent is an ENS name (e.g. steg.oakgroup.eth) whose authority is published directly on ENS as three records — credential, policy, revocation. Before any action, a verifier resolves that authority FRESH from L1 (no indexer, no cache) and checks the agent's signed request against "fleet ∩ agent" — the most-restrictive intersection of the agent's own policy and a fleet-wide ceiling. Allowed → it executes; denied or revoked → no funds move.

The agent is a real autonomous wallet: a Privy server wallet that signs and executes on its own, with the user logging in only for identity. We demo a verifier-gated ETH→USDC swap on Base that runs only within authority (proven live: 0.0005 ETH → USDC, tx on Base).

The fleet ceiling lives on the org's apex name, gated by a 2-of-2 Safe (operator + a hardware co-signer). An operator can tighten it from the web and instantly reconstrain every agent — allow flips to deny with zero changes to the agent itself. The agent is also a full-tier identity: ENSIP-26 discovery + ERC-8004 on-chain registration (#55275 on Base) + ENSIP-25 binding, all verifiable from a public RPC. The whole app is open source and shipped to IPFS at oakgroup.eth.link.

Verifier core, in typescript with viem, runs in two stages:

1. verifyAuth — authentication only, fail-fast, with exact 1:1 deny reasons
2. checkPolicy — authorization against the intersection of fleet policy ∩ agent policy

Authority comes from three ENS text records — credential, policy, and revocation — issued as offchain CCIP subnames via NameStone, and resolved fresh from L1 on every evaluation.

Identity is composed from:

• ENSIP-26: agent-context + agent-endpoint for discovery • ENSIP-25: agent-registration[registry][id], ERC-7930 encoded

That registration is bound to an ERC-8004 Identity Registry entry on Base — specifically agent #55275 — and the agent self-registers using its own wallet.

The agent wallet is powered by Privy server wallets. the agent signs requests and executes actions directly. swaps run through the Uniswap Trading API for ETH → USDC on Base; because it uses native ETH, no approval flow is needed.

The backend is a Cloudflare Worker that holds all secrets and exposes Privy-token-gated /agent/* routes. the conversational layer lives separately: an OpenAI Agents SDK + ChatKit brain on Railway, which forwards the user’s Privy token to the Worker.

The tier-1 authority root is the fleet envelope on the apex ENS name, owned by a 2-of-2 Safe:

• the operator EOA • a seed-derived Ledger co-signer

It also uses an ERC-7730 clear-signing descriptor.

The web operator panel performs the entire 2-of-2 flow client-side in viem:

• the operator connects with RainbowKit/wagmi • signs the SafeTx EIP-712 • the app co-signs as the Ledger • the operator executes

So the operator key never leaves the wallet.

Frontend is a Vite + React SPA with Privy login and RainbowKit/wagmi. it’s pinned to IPFS via Pinata, with the contenthash set on oakgroup.eth through the same 2-of-2 Safe, and is live at oakgroup.eth.link.