Passentra

Passentra is a privacy-preserving onchain eligibility rail built with Chainlink CRE and World ID. It solves a core Web3 onboarding problem: users and institutions repeatedly exposing sensitive identity/compliance data across apps, while builders struggle to enforce policy consistently across chains.

Passentra’s model is “verify privately, reuse safely.” A user submits a World ID proof plus policy inputs (for example: jurisdiction and credential type). A Chainlink CRE workflow then orchestrates the full decision pipeline: it verifies World ID via Confidential HTTP, evaluates compliance via Confidential HTTP, and produces an approved/rejected outcome. Instead of writing personal data onchain, Passentra writes a minimal passport attestation (eligibility state, expiry, and decision-linked hashes) to PassportRegistry, which downstream contracts consume through RwaAccessGate to allow or deny protected actions.

This demonstrates what CRE uniquely enables in one flow: private external calls with secrets, deterministic workflow orchestration, signed report-based onchain writes, and multi-chain execution modes (single and dual_on_approve). Passentra also enforces replay safety in two layers: workflow pre-checks and contract-level replay guards (requestIdHash and nullifierHash) so reused proofs cannot mint multiple valid stamps.

Result: protocols can integrate once and get reusable, privacy-preserving eligibility checks without repeated user doxxing, while keeping onchain enforcement transparent and auditable.

Passentra is built as three connected parts.

1. Workflow and decision layer in Passentra-CRE
2. A Chainlink CRE workflow receives an HTTP trigger payload containing request ID, user address, target chain, country code, credential type, and a World ID proof.
3. The workflow then does two private external calls through CRE Confidential HTTP:
   • World ID verification
   • compliance adapter evaluation
     After those checks, the workflow decides approved or rejected, computes attestation hashes, performs replay pre-checks, generates a signed report, and writes to onchain registries based on write mode:

• single: write only to requested chain
• dual_on_approve: approved writes to both configured chains, rejected writes to requested chain

1. Compliance adapter service
2. A lightweight Bun service exposes a compliance evaluation endpoint used by the workflow.
3. For this demo, policy is deterministic mock logic, for example:
   • reject if World ID is not verified
   • reject blocked countries
   • reject retail users in restricted countries
   • require orb-level verification for institution type
     It returns a normalized decision payload with decision, reason codes, and TTL.
4. Onchain enforcement layer in Passentra-contracts
5. PassportRegistry stores minimal eligibility stamp data per user, including eligibility, expiry, and replay-linked hashes.
6. RwaAccessGate reads that state to enforce access in consuming contracts and expose access status.
7. Replay protection is enforced in two places:
   • workflow pre-check before write
   • PassportRegistry replay guards onchain
     There is also a worldid-proof-capture helper app used to generate valid World ID proof payloads for testing and demo runs.