TouchTips

TouchTips is a privacy-preserving health verification and event reservation app built for the modern party scene. Guests cryptographically prove a negative STI test result from their real CityMD medical provider using ZKTLS, without ever revealing raw health data to anyone. They deposit USDC to reserve their spot at an event, and an autonomous AI agent validates their proof and returns their deposit automatically. No screenshots. No paperwork. No trust required.

The Problem

Event hosts today ask guests to show paper test results or screenshots at the door. This exposes sensitive medical data, is trivial to fake, and impossible to audit after the fact. TouchTips replaces that entire workflow with zero-knowledge proofs, escrow-backed commitment, and an on-chain agent that makes cryptographically verifiable decisions.

How It Works

TouchTips has two interfaces: a React Native iOS app for guests, and a Next.js web app for hosts.

Guests open the app, sign in via email OTP, and tap Verify. The app launches CityMD's patient portal inside Vouch's ZKTLS proof engine, which cryptographically attests to the test result without exposing the underlying data. The proof is encrypted and stored in Neon DB. No raw medical information is ever shared with the host, the agent, or anyone else.

To join an event, guests enter an ENS name (such as touchtips.eth). The app reads event details directly from ENS text records on Sepolia: the event name, date, and required USDC deposit amount are all stored on-chain as text records. Guests tap Reserve Spot to deposit USDC into the Arc escrow contract via MetaMask. This deposit is their commitment: they are serious about attending, and it gets returned automatically once they are verified.

When ready, guests tap Submit to Agent. The AI agent running on Vercel Edge decodes their signed share link, verifies the HMAC-SHA256 signature, checks that the test is negative, and in a single parallel call: releases the USDC deposit by calling approveGuest() on the Arc contract, issues an ENS subname credential (such as 0xabc...def.touchtips.eth) on Sepolia, logs the decision to a Hedera HCS audit topic, and schedules a soulbound Hedera token to be delivered to the guest after the party ends. The host does not need to do anything. The entire flow is autonomous.

Hosts create events from the web app at touch-tips-web3.vercel.app/create-event. They connect MetaMask, choose a subdomain label (such as june13 under touchtips.eth), and the app calls register() on the ENS v2 PermissionedRegistry and writes three text records in four total on-chain transactions. After publishing, the host copies a shareable event URL and sends it to guests. Everything after that is automated.

ENS Integration

ENS is used in three distinct ways. First, the host stores event configuration directly in ENS text records: touchtips.event, touchtips.date, and touchtips.deposit. The event URL is the ENS name itself. No backend config, no database entry for the event. Second, after the agent validates a guest's proof, it autonomously issues an ENS subname on Sepolia using ENS v2 PermissionedRegistry.register(). This subname (wallet-address.touchtips.eth) carries two text records: touchtips.verified (the date of verification) and touchtips.event (the event it was issued for). It is a portable, on-chain identity credential readable in Rainbow, Etherscan, or any ENS-aware app. Third, the agent reads the host's ENS text records to understand event context before making approval decisions. ENS is the agent's source of truth for event identity.

The issuance runs off-chain via an agent rather than a smart contract because: (1) the proof is validated with a server-side HMAC secret that cannot be embedded in public contract bytecode, and (2) the escrow lives on Arc while ENS lives on Sepolia, so no single contract can atomically coordinate both chains. If the HMAC-based share links were replaced with on-chain vlayer ZK attestations, a Sepolia contract could call register() directly with no agent required. That is the natural next step as vlayer's proof infrastructure matures.

Arc Integration

PartyEscrow.sol is deployed on Arc Testnet (chain ID 5042002). USDC is the native stablecoin on Arc, so there is no bridging, no price risk, and no wrapped asset complexity. The contract exposes three functions: deposit() for guests to reserve their spot, approveGuest() called by the agent to return the deposit upon proof validation, and rejectGuest() for the host to return a deposit if a guest is denied for any other reason. The agent calls approveGuest() autonomously using a private key stored in the Vercel environment. No human host action is required at any point after event creation.

Hedera Integration

TouchTips uses three native Hedera services with no Solidity required. First, Hedera Consensus Service: every agent decision is submitted as a JSON message to HCS Topic 0.0.9221387. The message contains the decision, the proof ID, the guest wallet address, and the individual check results (signature valid, test negative, freshness). The host cannot alter or delete these records after the fact. Second, Hedera Token Service: a soulbound TTVRF (TouchTips Verified) token is created once per event via a setup endpoint. The token has a pause key, so the host can pause all transfers after distribution to make it truly non-transferable. Third, Hedera Schedule Service: when the agent approves a guest, it creates a scheduled token transfer set to execute at the end of the event day. The Hedera network executes this transfer automatically at that time. No cron job, no server, no manual trigger.

The complete autonomous flow triggered by a single agent call: validate the ZK proof, log the decision to Hedera HCS, call approveGuest() on Arc to return the USDC deposit, issue an ENS subname credential on Sepolia, and schedule the soulbound Hedera token for delivery after the party.