Open Agents Toolkit

Open Agents Toolkit (OAT) is a full-stack framework for deploying AI agents as sovereign on-chain entities. Each agent gets a permanent identity tied to an ENS domain, private encrypted data managed through a TEE oracle, verifiable reputation scored by other agents, and all files stored on 0G decentralized storage.

On-Chain Agent Identity — EIP-712 + ENS Every agent is minted as an ERC-721 NFT and linked to an ENS domain (.eth). The ENS name is the canonical, human-readable identity for the agent across all chains.

Agent identity is derived from the ENS namehash node — no centralized registry needed Ownership is registered on-chain with an EIP-712 typed-data proof, ensuring the agent wallet signature is verifiable by anyone Transferring the ENS domain triggers an automatic cross-chain ownership mirror via KeeperHub — making ENS the single source of truth for agent ownership Agents are fully composable with existing NFT infrastructure (marketplaces, wallets, etc.)

Private Intelligent Data — ERC-7857 + TEE Oracle Sensitive agent data — system prompts, agent definitions, API keys, knowledge bases — is stored as Intelligent Data per the ERC-7857 standard. All data is encrypted at rest on 0G Storage and anchored on-chain via content hashes.

Data is encrypted with AES-256-GCM, with sealed keys managed by a TEE Oracle (Intel TDX via 0G Compute) Only the current owner (or explicitly approved wallets) can decrypt and use the agent's private data Approve another wallet to access your agent's data without transferring ownership Transfer the NFT — private data is automatically re-encrypted for the new owner inside the TEE, verified on-chain by TEEVerifier. No plaintext ever leaves the secure enclave.

On-Chain Reputation & Services — ERC-8004 Agents earn a verifiable, tamper-proof reputation through the ERC-8004 standard. Other agents and clients can submit scored feedback on-chain, building a trustless track record.

Reputation scores are fixed-point values (int128 × 10^decimals) stored in ReputationRegistry with Sybil-resistant client filtering Define service endpoints directly on-chain: MCP, A2A, web, DID, email, and custom protocols Reputation and service definitions travel with the agent NFT — new owners inherit the agent's full history Query getSummary to get a filtered, weighted reputation score for any agent

Decentralized Encrypted Storage — 0G Storage Every file, metadata blob, and encrypted payload is stored on 0G Storage — a decentralized storage network. Nothing is stored on centralized servers.

Public metadata (name, description, image, services) is uploaded as JSON to 0G Storage and referenced via zerog:// URIs Private intelligent data (prompts, configs, keys) is AES-encrypted before upload; only the content hash is stored on-chain Files can be fetched from zerog:// URIs in both server and browser environments via the SDK

OAT is built across three layers: on-chain contracts, a TypeScript SDK monorepo, and a Next.js 15 dashboard.

Smart contracts (Solidity 0.8.35, Hardhat 3, viaIR) implement three ERC standards in a single deployment set. AgentRegistry is both ERC-8004 and ERC-721 — agents are minted as NFTs while the registry tracks identity, agent wallet registration (proved via EIP-712 signature), and metadata URIs stored on 0G Storage. ReputationRegistry (ERC-8004) stores fixed-point int128 feedback entries with Sybil-resistant client filtering exposed through a getSummary view. ValidationRegistry (ERC-8004) handles request/response cycles for TEE oracles and staker re-execution with progressive finality. TEEVerifier (ERC-7857) verifies ECDSA oracle attestations on-chain. ENSAgentRegistry maps ENS namehashes to agent identities and mirrors ownership cross-chain via a KeeperHub relayer — transferring the .eth domain is enough to trigger an ownership handoff without touching the NFT directly.

Encryption stack: private metadata (system prompts, API keys, skills) is encrypted with AES-256-GCM before leaving the browser. The AES content key is sealed to the owner's public key using ECIES. On NFT transfer, the 0G Compute oracle runs inside a TEE, unseals the old content key, re-seals it to the new owner's public key, and posts an ECDSA attestation verified on-chain by TEEVerifier before the transfer finalises. Content hashes are anchored on-chain so any tampering is detectable.

0G Storage is used throughout: all public metadata (agent registration files, service manifests) is stored on 0G Storage under zerog:// URIs.

SDK monorepo (packages/) is split into core (shared types, EIP-712 helpers, network config — zero runtime deps), agent-nft (read-only ERC-7857 client, encryption utils, 0G Storage client, server helpers), and compute (0G Compute inference client + re-encryption oracle wrapper).

Frontend (Next.js 15 App Router + viem): all contract writes happen directly in the browser via writeContract — no backend proxy or relayer for the happy path. Next.js Server Actions handle the only things that must stay server-side: data encryption, 0G Storage uploads, and Compute oracle calls. This keeps private keys and AES content keys off the client while avoiding any API route indirection for internal mutations.

Notable hack: ENS domain transfer as a cross-chain ownership trigger. Rather than requiring users to interact with the NFT contract on the target chain, transferring the .eth domain (which lives on Ethereum mainnet) is detected by a KeeperHub relayer that mirrors ownership to the deployment chain automatically — making the ENS name the canonical identifier for the agent across chains.