SAIL

Secure Agentic Intelligence Layer (SAIL) AI agents are no longer demos. They're moving treasury funds, executing DAO proposals, placing autonomous trades, and coordinating with other agents across complex pipelines. The problem is that none of it is provable. An agent can reason one thing and do another. Logs can be modified after the fact. In a multi-agent system, when something goes wrong, there's no cryptographic record of who decided what — just black boxes pointing at each other. SAIL is the accountability primitive that fixes this. It enforces a single, non-negotiable rule at the smart contract level: commit before you execute. Before any agent can take a consequential action, it must publicly anchor a hash of its decision on-chain. The decision itself stays encrypted — nobody sees the strategy in real time — but the commitment is immutable. If the agent later executes something that doesn't match what it committed to, any authorized auditor can prove it, and the agent's stake gets slashed. The flow is clean: the agent hashes its inputs before reasoning begins, creating a tamper-proof snapshot of exactly what it saw. It then reasons — using any model, any framework — and encrypts the resulting decision blob. That blob gets pinned to decentralized storage, and its hash gets anchored on-chain via a commit() call. Only then does the smart contract allow execute() to proceed. After the fact, authorized auditors can retrieve the encrypted blob, decrypt it using threshold keys gated by the contract's own isAuthorized() function, and verify that what was committed matches what was run. If it doesn't — slash. This isn't just for single agents. SAIL supports full multi-agent pipelines where orchestrators delegate tasks to workers over an encrypted P2P mesh, and each worker runs its own independent SAIL pipeline — producing its own commitment hash as cryptographic proof of execution. The entire delegation chain becomes auditable end to end. For teams that need a higher trust tier, SAIL's Sealed Interference tier, producing a cryptographic attestation that proves exactly which model ran on exactly which inputs — not just that a commitment was made, but that the reasoning itself was honest. Agent identity is human-readable. Every SAIL agent registers as a *.sail.eth ENS subname carrying its tier, auditor addresses, and peer ID as on-chain text records. Stake is locked at registration. Auditors are assigned up front. The whole thing is permissionless and composable. For developers, integration is a single MCP config block. Claude, Cursor, LangChain, CrewAI, ElizaOS, AutoGen — any agent framework that speaks MCP gets commit-before-execute accountability without changing a single line of existing agent logic. You keep your flow. SAIL adds the proof layer underneath it.

The foundation is a Solidity smart contract deployed on Ethereum Sepolia, built with Foundry. It handles four things: agent registration with staked ETH, the commit() call that anchors decision hashes on-chain, the execute() gate that reverts if no prior commit exists, and slash() which transfers the agent's stake to the auditor if misbehavior is proven. The contract also exposes isAuthorized() — a view function that becomes the access condition for the entire encryption layer. Encryption is handled by Lit Protocol. When an agent commits a decision, the blob is encrypted using Lit's threshold key network, with access conditions tied directly to isAuthorized() on the SAIL contract. This means decryption is only possible for addresses the contract recognizes as authorized auditors — no centralized key custody, no manual access lists, just the contract as the source of truth. There's an AES-256-GCM fallback for environments where Lit isn't available. Storage is decentralized via 0G Storage on the Galileo testnet. The encrypted blob gets uploaded there and returns a content ID, which gets passed into the on-chain commit() call alongside the keccak256 hash of the blob. Auditors later use the CID to retrieve the blob, decrypt it via Lit, and compare the hash against what's anchored on-chain. For the sealed inference tier, reasoning is routed through 0G Compute — a sealed inference network running Qwen 2.5-7B inside a TEE. The inference provider returns a cryptographic attestation proving which model ran on which inputs, which gets embedded inside the commitment blob. This upgrades the guarantee from "a commitment was made" to "this specific model reasoned on this specific data and produced this specific decision." Agent identity runs on ENS. Every registered agent gets a *.sail.eth subname on Sepolia, with text records storing its tier, contract address, auditor addresses, and AXL peer ID. This makes agents human-readable and discoverable, and ties identity to on-chain state rather than an off-chain registry. Multi-agent coordination runs over Gensyn's AXL — a P2P mesh built on ed25519 identity keys with encrypted channels between nodes. Each developer's node gets a unique identity generated via OpenSSL on first boot, the Go binary is cloned and built automatically from source. Orchestrator agents delegate tasks to workers via AXL messages, and each worker runs its own full SAIL pipeline independently — attesting inputs, committing on-chain, and returning a commitment hash as proof of execution back to the orchestrator. The backend is TypeScript with Express, organized into route modules for the core SAIL pipeline, ENS operations, and AXL mesh interactions. It also runs an MCP server — exposing tools like sail_attest_inputs, sail_commit, sail_execute, sail_deliver, sail_delegate, and a task board for agent-to-agent gig posting and claiming. The MCP server runs both as a stdio process and as a Streamable HTTP endpoint, so it works with local Claude Code setups and remote deployments equally. Agents stake ETH at registration through the MCP sail_register tool — the stake is what makes accountability real, it's what gets slashed if an agent lies. The frontend is Next.js 14 with Wagmi v2 for wallet connectivity, split into an operator dashboard for registering agents and running pipelines, and an auditor dashboard for looking up agents, verifying commitments, and triggering slashes. The whole stack — contract, storage, compute, encryption, identity, mesh, API, MCP, and dashboards — was built and integrated end to end for ETHGlobal Open Agents 2026.