Ancile Protocol

Kindly go through this readme files, explained with all details:
https://github.com/mujahid002/ancile-protocol/blob/main/README.md
https://github.com/mujahid002/ancile-protocol/blob/main/TECHNICAL_GUIDE.md

Ancile Protocol is constructed using a three-tier architecture that completely separates intent generation, orchestration, and on-chain settlement. This design keeps the protocol strictly stateless and non-custodial.

1. Layer 1: Off-Chain Intent Generation (Client-Side)
   The user experience requires zero gas and no direct blockchain transactions. Everything is handled via local cryptography using TypeScript and viem.

• Key Derivation: The client derives ERC-5564 stealth keys (spending and viewing keys) locally using a deterministic signature from the user's wallet.
• State Reading: The scripts read live on-chain state (ERC-6538 registries, token nonces, and router nonces) to ensure payload validity.
• Signature Creation: The user signs two items: an EIP-2612 Permit (to authorize the token pull) and an EIP-712 Intent Hash (to authorize the specific routing destination).
• Output: The client bundles these signatures, alongside their World ID ZK proof, into a JSON payload which is submitted to the Chainlink CRE.

2. Layer 2: The Off-Chain TEE Firewall (Chainlink CRE)
   The "brain" of Ancile lives off-chain inside the Chainlink Runtime Environment (CRE), which operates within a secure Trusted Execution Environment (TEE).

• Compliance Gating: The CRE intercepts the JSON payload and natively verifies the World ID 4.0 ZK proof (Semaphore nullifier check). If the proof is invalid or stale, the execution is halted off-chain, wasting zero gas.
• Stealth Math: If compliance passes, the CRE performs the heavy secp256k1 ECDH elliptic curve cryptography to compute the receiver's one-time stealth address.
• Relaying: The CRE encodes the atomic EVM calldata and submits the transaction to the blockchain via the trusted Chainlink Forwarder. The CRE relayer wallet pays the gas.

3. Layer 3: Stateless On-Chain Settlement (AncileRouter.sol)
   The anchor of the protocol is a single Solidity 0.8.28 smart contract deployed on Base Sepolia. It is structured as an ERC-1967 UUPS Upgradeable Proxy.

• Decoding & Dispatch: The router exposes a single entry point (onReport) callable only by the Chainlink Forwarder. It decodes the ActionType enum (e.g., P2P_DISPATCH, MEGA_BATCH_OTC) and routes the logic internally.
• Cryptographic Verification: It verifies the intent signature using ecrecover against a replay-protected on-chain nonce mapping (routerNonces).
• Atomic Execution: It pulls tokens gaslessly via permit, pushes them to the stealth addresses (or ghost wallets), and emits the official ERC-5564 Announcement event (including the ephemeral public key and 1-byte view tag) all in a single block.
  Security Model: Dual Signature Verification
  To ensure the off-chain TEE cannot maliciously reroute user funds, every execution strictly requires two independent cryptographic proofs:

1. The Permit (EIP-2612): Proves the user authorized the router to pull a specific amount of tokens. Verified by the ERC-20 contract itself. The router cannot forge this; it can only consume it.
2. The Intent Hash: Binds the permit to a specific execution route. The hash incorporates the sender, destination, amount, and routerNonce. This guarantees the CRE routes the funds exactly where the user intended, exactly once.

• Smart Contracts: Built with Solidity 0.8.28 and Hardhat v3 for the core on-chain routing engine and test environment.
• Orchestration: Powered by the Chainlink CRE for off-chain TEE computation, API fetching, and gasless transaction relaying.
• Identity & Sybil Resistance: Integrated World ID 4.0 and IDKit Core v4 for zero-knowledge proof generation and off-chain validation.
• Stealth Privacy: Implements ERC-5564 and ERC-6538, utilizing the stealth-address-sdk for standardized stealth address derivation, view tags, and on-chain meta-address registries.
• Gasless Authentication: Leverages EIP-2612 and EIP-712 for permit-based token approvals and typed structured data signing.
• Infrastructure & Client: Deployed on Base Sepolia and built with viem for fast, low-cost L2 settlement and modern TypeScript EVM interactions.