Trustbox-AI

THE PROBLEM
AI agents are becoming increasingly autonomous executing DeFi trades, managing wallets, auditing smart contracts, and taking actions with real financial consequences. Yet there is no on-chain standard for verifying the most basic questions any user should be able to ask:

What model is this agent actually running? Could it have been swapped after you approved it?
Who operates it, and are they accountable anywhere on-chain?
If it audited a contract, did a human actually review the findings or did AI output go straight to chain?
If it executed an intent, is there a tamper-proof record of exactly what instruction was authorised?

WHAT TRUSTBOX-AI BUILDS
TrustBox-AI is a decentralised trust infrastructure layer for AI agents. Every claim an agent makes about itself is verifiable on-chain. Every action it takes produces an immutable audit trail across Avalanche and Hedera. Six workflows cover the full lifecycle of AI agent trust:

Workflow What It Does Chain / Key Tech

• ZK Credit Score Proves score band on Hedera without revealing the raw number Hedera HCS + HTS NFT
• Contract Audit (HITL) AI analyses, human signs findings, then the chain anchors Avalanche + Hedera + IPFS
• Blind TEE Audit Code audited inside SGX enclave — source is never exposed Phala TEE + Avalanche
• Execute Intent NL → spec → user signs specHash → IntentVault → Chainlink Avalanche + Hedera + Chainlink
• Verify AI Agent ERC-8004 NFT binds model hash + capabilities on-chain Avalanche TrustRegistry
• Security Agent Scan Behavioural scan + AVAX stake locked on AgentMarketplace.sol Avalanche Marketplace

WHY IT MATTERS
The HITL audit workflow illustrates the core idea clearly. Groq's Llama 3.1 70B analyses a smart contract and returns structured findings severity, affected lines, remediation steps. But those findings are not anchored on-chain until a human auditor reviews them and signs the report hash via MetaMask. That signature is stored in AuditRegistry.sol. Anyone can verify: this specific report was approved by this specific human, before it was published. AI provides the speed. Humans provide the accountability. The chain provides the proof.

The same principle applies to intent execution. A user types natural language. Groq parses it into a structured JSON spec. The user signs the specHash not the raw text. This single design decision blocks an entire class of prompt injection attacks where a malicious instruction could be substituted after the user approves it. The ZK credit score extends privacy further: a Groth16 proof proves a score falls within a band (Poor / Fair / Good / Excellent) without the raw number ever leaving the browser.

[ ] FRONTEND
React 18 + TypeScript, deployed on Vercel. MetaMask integration via ethers.js v6 for EIP-191 wallet signatures. A canvas-based trust score visualisation animates through states — processing → anchoring → proved with per-action colour coding. Six entity types each open a context-aware results drawer that handles both automated and human-in-the-loop approval flows without separate pages or routes.

[ ] BACKEND
Express + TypeScript, deployed on Render. JWT authentication bound to wallet address via EIP-191 signature verification. Eleven REST API routes covering all six workflows plus history and auth. In-memory activity store with optional Supabase persistence all six workflows produce history entries even without a database configured. Rate limiting on every route via express-rate-limit.

[ ] SMART CONTRACTS — AVALANCHE FUJI

• TrustRegistry.sol (0x8A24ea199EAAbc8AAcb7cb92660FD20a2BA2552A)
  ERC-721 extension implementing the emerging ERC-8004 AI agent credential standard
  Mints non-transferable NFTs binding agent ID, model hash, capability hash, and operator address
• AuditRegistry.sol (0x62e2Ba19a38AcA58B829aEC3ED8Db9bfd89D5Fd3)
  Stores HITL audit records: Merkle root of findings, auditor signature, IPFS CID, and score
  On-chain proof that a specific human approved AI-generated findings before publication
• AgentMarketplace.sol (0x12d7ef9627d0F4c6C6e0EB85A4D6388cee5d91c2)
  Agent registration with AVAX stake, TEE job creation and dispatch, result verification
• IntentVault.sol (0xB9aE50f6989574504e6CA465283BaD9570944B67)
  Stores user-signed intent specs — Chainlink Automation triggers execution after spec hash verification

[ ] HEDERA

• 4 HCS topics for immutable audit trails: credit score, smart contract audit, intent execution, and agent verification
• HCS-10 standard compliance with a registered inbox (0.0.8127186) and outbox (0.0.8127187) topic pair
• TBCC HTS Non-Fungible Token collection ZK credit credential NFTs minted directly on Hedera
  Every workflow produces a Hedera sequence number and consensus timestamp, verifiable on HashScan

[ ] AI / GROQ
Llama 3.1 70B used for two distinct tasks via structured prompt engineering:
Contract audit: returns typed JSON with severity, title, detail, affected line, category, and remediation advice
Intent parsing: maps natural language to a {action, entity, params} JSON spec ready for on-chain submission
Graceful fallback to deterministic demo analysis when GROQ_API_KEY is absent — no workflow breaks

[ ] ZK PROOFS
CreditScore.circom compiled with circom + snarkjs using the Groth16 proving system over the BN128 curve
Proof generated entirely client-side in the browser the raw credit score is never transmitted to the backend
Backend verifies the Groth16 proof server-side against the verification key before anchoring to Hedera

[ ] Chainlink
Functions — GPT-4o NL intent parsing, DON-encrypted GPT-4o API key
Automation — triggers intent execution after HITL approval window
Price Feeds — ETH/USD (0x86d67c3D), AVAX/USD (0x5498BB86) for portfolio intents
CRE Workflow 1: trustbox-intent-lifecycle — IntentSubmitted → parse → HITL → execute → HCS
CRE Workflow 2: trustbox-audit-results — TEE job poll → attestation → AuditRegistry anchor
CRE Workflow 3: trustbox-agent-probe — cron 2h → TEE liveness probe → TrustRegistry.updateScore()
CRE Workflow 4: Cross-Chain Price Feed Verification (Cron every 15min)