Whitewall OS

[The Problem: The Need for a "Whitewall"]
As AI agents become autonomous, businesses and protocols will start to face a massive liability risk. Providing high-leverage APIs or resources to anonymous "Rogue AI" agents will become dangerous. Resource providers also need a "Whitewall"—a defensive layer that enforces strict accountability and financial liability. However, validating an agent's real-world human identity (KYC) or creditworthiness typically leaks highly sensitive personal data on-chain.
[The Solution: CRE as the Master Orchestrator]
Whitewall OS solves this by using Chainlink CRE as the master orchestrator to build a trustless identity and access control framework on top of the ERC-8004 Agent Registry.

1. CRE Workflows (The Brain): We deployed multiple event-driven CRE workflows that listen to the blockchain and orchestrate the verification lifecycle asynchronously.
2. Privacy via External TEE & Confidential HTTP: When an agent requests credit verification, it involves highly sensitive bank data (Plaid). Since this computation requires a secure environment, we built a standalone TEE (SGX) to compute the score and generate a hardware attestation quote. The CRE workflow then takes this result (Score + Quote) and trustlessly delivers it on-chain.
3. Chainlink ACE (The Whitewall): The CRE workflow formats and delivers a signed report to our Chainlink ACE consumer. The TieredPolicy contract parses the TEE quote, verifies the MRENCLAVE and World ID (ZK Proofs), and makes the final on-chain access decision.
4. x402 Payment Gateway: Finally, authorized agents settle their resource usage via an autonomous x402 (EIP-3009) payment gateway.

Whitewall OS is built entirely around the capabilities of the Chainlink CRE:

• Chainlink CRE & DON: The core engine. We wrote robust Go-based CRE workflows (access, kyc, credit) that bridge off-chain TEE attestations and API data to on-chain smart contracts.
• External TEE for Complex Compute: Since calculating credit scores required complex environments, we built a dedicated TEE enclave. CRE acts as the secure bridge between this TEE and the blockchain.
• x402 Auth Gateway: To properly enforce HTTP 402 status codes for autonomous machine payments, we deployed a custom Go-based reverse proxy gateway.
• Chainlink ACE: Used to enforce complex, multi-tiered on-chain policies (PolicyEngine, TieredPolicy).
• Identity & Payments: Integrated World ID IDKit for sybil resistance and x402 for agent-to-machine payments.