Greenlight

Agriculture is full of high-consequence actions that legally and operationally require a verified licensed professional to authorize decisions triggered by real-world data.

In California, agricultural pesticide recommendations are legally required to be written and signed by a licensed Pest Control Adviser (PCA) and given to the grower before application (3 CCR §6556); restricted-use chemicals additionally require a permit and Notice of Intent from the County Agricultural Commissioner.

Today that sign-off is paperwork. It's slow, easy to forge, and impossible to audit at scale. Nothing verifies that the adviser is a real, licensed human, that the recommendation actually matches the product's label rules, or that it ever existed before the chemical hit the field.

Greenlight turns that paper sign-off into a tamper-proof, on-chain authorization. Live farm data flags a field; a Chainlink Confidential AI inside a TEE drafts a legally-compliant recommendation; a World ID-verified, licensed adviser reviews and signs it on a Ledger; and a smart contract records the authorization and makes it the compliance gate.

AI assists, the licensed human decides and is accountable, and the chain is the proof. The same rail authorizes any regulated ag decision where a licensed human must sign off on real-world data (veterinary feed directives, quarantine orders, nutrient-management plans, etc.).

It's the verified, auditable authorization layer agriculture has never had.

Greenlight runs on an AuthorizationRegistry smart contract (Solidity/Foundry, Ethereum Sepolia) with a PROPOSED → AUTHORIZED → APPLIED state machine that enforces the compliance gate.

The "machine proposes" half uses Chainlink: the Confidential AI Attester runs an LLM (Gemma) inside an AWS Nitro Enclave (TEE) over the sensitive compliance and farm data, returning the drafted recommendation plus request/response digests; a Chainlink CRE workflow receives that as an HTTP-trigger callback, parses the decision, and writes the attested draft on-chain through the KeystoneForwarder so the AI's reasoning is verifiable, not "trust me."

The "human authorizes" half uses World ID (verify the PCA is a unique licensed human; the proof is checked in the backend, then registerPCA writes on-chain) and Ledger (Device Management Kit + ERC-7730 Clear Signing, so the PCA sees the exact recommendation on the device before signing authorizeRecommendation). The frontend is React/TypeScript with wagmi/viem. Every partner integration is load-bearing: Chainlink CRE + Confidential AI make the proposal trustworthy and on-chain, World ID makes the signer provably a unique licensed human (Sybil-resistant), and Ledger makes the signature secure and human-readable.

I forked Chainlink's undercollateralized-loan Attester demo and repurposed its TEE → CRE → on-chain attestation pipeline to write a regulatory recommendation instead of a loan decision, in order to create a single pipeline that satisfies both the CRE and Confidential AI Attester category.