JURI Protocol

JURI: The Immune System of DeFi. Over $16.5B has been lost to 513 DeFi hacks, with 40 protocols exploited more than once. The same attack vectors repeat because there is no shared, verifiable memory of past exploits — every protocol learns the hard way, in isolation.

JURI fixes this. It's a decentralized exploit investigation protocol where three specialized AI agents — Forensic, Analysis, and Verification — cross-examine every reported exploit in real time, debate the attack vector across 3 adversarial rounds, and publish an immutable post-mortem stored permanently on 0G Storage. The Verification Agent runs inside 0G Compute's TEE (Trusted Execution Environment), so its reasoning is cryptographically signed and tamper-proof. Smart contracts on 0G Chain handle case creation and resolution.

How it works: Anyone can submit an exploit report — no wallet, no gas, no token required. The orchestrator creates a case on-chain, seeds all three agents via HTTP control servers, and the agents begin their work. The Forensic Agent traces fund flows using asi1 LLM, gathering real-time intelligence from Brave Search, Serper.dev, and Rekt.news. The Analysis Agent (also asi1) classifies the attack vector and generates counter-arguments across 3 adversarial debate rounds. The Verification Agent (qwen-2.5-7b on 0G Compute TEE) cross-references both reports, matches the attack against 513 historical exploits via DefiLlama's API, and publishes the final verdict — complete with severity score (1-10), root cause, prevention guide, and confidence rating. Every piece of evidence and every reasoning step is stored on 0G's decentralized KV store and linked from the UI via storagescan.

Demo scenario: We test with the Kelp Finance $293M rsETH LayerZero OFT bridge exploit (April 2026, real on-chain data from DefiLlama). The UI shows the full agent timeline in a 3-column dashboard — every search result, every storage write, every on-chain transaction is visible and verifiable.

Why this matters: The same attack should never succeed twice. JURI builds DeFi's collective immune memory — open, immutable, verifiable.

JURI is a TypeScript monorepo with three packages — agents, web, and contracts — plus orchestration scripts.

Agent Architecture (agents/): Each of the three agents extends a shared BaseAgent class that provides transport abstraction, 0G Storage client, KeeperHub execution, LLM interface, and runtime state reporting. Agents communicate via a transport layer with two modes. DIRECT (default, dev) uses HTTP servers on ports 9091/9092/9093 with /message and /health endpoints. AXL (production) runs a Gensyn AXL Go binary per agent on localhost:9001-9003, forming an encrypted Yggdrasil P2P mesh. Messages are sent via POST /send with X-Destination-Peer-Id header and received by polling GET /recv with X-From-Peer-Id response header. No central message broker.

0G Integration (all three services):

• Storage: We use @0gfoundation/0g-ts-sdk (Indexer + KvClient + Batcher) to write evidence to 0G's decentralized KV store. Each evidence round generates a storage key like case:{id}:forensic:round:{n}. Verdicts are written as final post-mortems. All writes are batched and settled on-chain via the AutoFlow contract.
• Compute: The Verification Agent overrides askLLM() to route inference through @0gfoundation/0g-compute-ts-sdk. The broker's inference.getServiceMetadata() and getRequestHeaders() produce authenticated requests to qwen-2.5-7b-instruct. The
  response is TEE-signed — cryptographically verifiable. We had to use Node.js createRequire for CJS loading because the ESM bundle is broken with pnpm.
• Chain: AgentCourt.sol (Solidity, ~160 lines) is deployed on 0G Galileo testnet at 0x3D292445484133aDA2d06b8d299E6aD31f0A4ACC. It manages case lifecycle: createCase(), joinCase() (agents stake to participate), resolveCase() (verdict + evidence
  hash stored on-chain). Deployed via Hardhat using FORENSIC_KEY as deployer.

Intelligence Layer: Before investigation, agents call gatherExploitIntel() which queries three APIs in parallel — Brave Search (web context), Serper.dev (Google results), and Rekt.news (DeFi exploit leaderboard). Results are deduplicated and
injected as prompt context. The Verification Agent also calls DefiLlama's Hacks API to pattern-match the identified attack vector against 513 historical exploits, finding similar incidents by technique.

Orchestrator (agents/src/orchestrator.ts): A lightweight HTTP server on port 4000 that receives exploit reports from the Next.js frontend, creates a case on-chain (skipOnChainCreate: false means server-side signing with FORENSIC_KEY), seeds all
three agents via their /case control endpoints, and proxies runtime state updates. Agents report their progress back via authenticated callbacks.

Frontend (web/): Next.js 14 App Router with Tailwind CSS. The main page manages a 3-step flow (Report → Investigating → Post-Mortem), polls /api/case/{id} every 3 seconds for live timeline + evidence + verdict updates, and renders an AgentFeed
with 3-column per-agent cards and expandable reasoning content, a VerdictCard with 4 tabs (Summary, Full Reasoning, Storage Proof, On-Chain), and a StorageProofPanel showing every 0G write across all agents with direct links to storagescan and
chainscan explorers.

KeeperHub: Post-verdict payout automation via POST /api/execute/transfer with organization-scoped kh_ API key. The client polls execution status until confirmed.

Notable hacky bits: (1) We detected the AXL API mismatch from docs — send requires X-Destination-Peer-Id header, not JSON body. (2) 0G KV testnet nodes are all unreachable, so we skip reads and use in-memory closing statements — writes still
work via Indexer. (3) We use Promise.race with 5s timeout for storage reads to prevent 3-minute stalls from dead KV nodes. (4) The orchestrator signs createCase() and joinCase() server-side so the main exploit reporting flow is completely free
for users — no wallet required. (5) All agent LLM outputs are structured with regex-parsed sections (VERDICT:, ATTACK_VECTOR:, SEVERITY:, ROOT_CAUSE:, PREVENTION:, REASONING:) for reliable downstream consumption.