GenGuard

GenGuard — Decentralized Governance and Safety Layer for Autonomous AI Agents AI agents are no longer just answering questions. They are posting messages, changing permissions, querying databases, and executing code autonomously — with no checkpoint, no approval, and no audit trail. The Meta incident in March 2026 proved the cost: one unchecked agent action exposed sensitive data to hundreds of engineers for two hours. Every existing safety tool is centralized — one server, one point of failure, and one conflict of interest. The same company selling you the agent is running the safety layer. GenGuard fixes this. Before any AI agent takes a sensitive action, it broadcasts its intent to three independent guardian nodes over Gensyn AXL — peer to peer, encrypted, no central server, no single point of failure. Each guardian resolves the agent's ENS identity, reads its role and permissions from ENS text records, evaluates the action independently using 0G Compute TEE-backed inference, and votes APPROVE or BLOCK over AXL. Majority blocks — action is stopped and engineer is notified. Majority approves — action executes. One HTTP POST is the only change to your existing agent code. AXL is not decoration here. Remove it and the guardian network collapses back into a centralized firewall with one server you have to trust. AXL is what makes the safety guarantee genuinely decentralized — three independent nodes, three independent paths, no center to attack. Every intent, every guardian verdict, and every outcome is written to 0G Storage as an immutable blob and anchored to 0G Chain with a merkle root hash. Agent policies are stored in 0G KV Store and queried by guardians at runtime. ENS names are attached to every audit entry so any auditor can see exactly who acted, what they tried to do, and what the guardians decided — human readable, tamper proof, and replayable forever. Contracts are deployed live on 0G Galileo testnet (Chain ID 16602): GuardMeshRegistry at 0x0bfB6f131A99D5aaA3071618FFBD5bb3ea87C619, GuardMeshAudit at 0x522748669646A1a099474cd7f98060968A80E812, and GuardMeshRegistryENS at 0x0925e20438AF659048643Ce747aEe38A7b916E54. The CLI is published at npmjs.com/package/guardmesh-cli. The Meta incident would have been caught at step one. Forum post was a denied action. Two guardians would have blocked it before it ever reached the forum. Two hours of data exposure becomes a blocked entry in a permanent audit log. Tech stack: Gensyn AXL · 0G Galileo · 0G Storage · 0G KV Store · 0G Compute · ENS · Solidity · Node.js · Next.js

We built GenGuard as a full-stack decentralized system with four layers: web control plane, on-chain policy contracts, distributed guardian runtime, and immutable storage/audit. The frontend is a Next.js dashboard where users connect wallet, register agents, configure role scope/actions, and trigger governed analysis. The backend APIs handle policy registration flow and intent fan-out. On registration, the app performs a deterministic pipeline: (1) write agent policy to GuardMeshRegistryENS on 0G, (2) sync policy to 0G KV, and (3) register/link ENS identity for .eth agents. This ensures identity + authorization + storage are aligned.

Guardian nodes run as independent processes and communicate through Gensyn AXL peer-to-peer channels. Each node loads policy from KV/on-chain, resolves ENS identity, executes permission/content checks, and returns signed verdict payloads. A consensus engine computes final action outcome (execute, block, or hard_stop_incident) and emits operator instructions. We then anchor decision metadata on GuardMeshAudit and persist decision bundles in 0G Storage for forensic replay. In demo, we show all three guardians running in parallel with ENS-linked identities and verifiable transaction hashes in console. To make adoption easy, we packaged reusable components and SDK-style logic as an npm package so teams can integrate governance-by-consensus into existing agent workflows without redesigning their entire stack.