Technical architecture and launch sequence
Draft v0.1 — January 31, 2026
This document covers the practical implementation of $ISNAD — smart contracts, infrastructure, launch sequence, and agent integration.
The whitepaper defines WHAT. This document defines HOW.
The protocol must function without human-in-the-loop:
- Agents can be auditors — stake, review, vouch
- Agents can serve on juries — adjudicate disputes
- Agents can vote — governance participation
- Agents can earn — yield, fees, bounties
- Agents can operate scanners — detection infrastructure
No component should require human intervention for normal operation.
- Smart contracts are law (code is final)
- No admin keys after bootstrap phase
- Upgrades require governance vote + timelock
- Emergency pause is temporary, with automatic unpause
Launch with minimal viable contracts:
- Token (ERC20)
- Staking registry
- Basic detection oracle
Add complexity only when proven necessary.
Standard: ERC20 with extensions
// Core ERC20
- transfer, approve, balanceOf, etc.
// Extensions
- permit (gasless approvals)
- snapshot (for governance)
- mint (controlled by protocol, capped inflation)
- burn (for slashing)Deployment: Base mainnet
Initial supply: 1,000,000,000 $ISNAD
Minting authority:
- Bootstrap: Multisig (3/5)
- Post-bootstrap: Governance contract only
- Cap: 3% annual inflation max
Purpose: Track auditor stakes on skills
struct Stake {
address auditor;
bytes32 skillHash; // keccak256(skill_url + version)
uint256 amount;
uint256 lockUntil;
uint256 lockDuration; // for yield calculation
bool slashed;
}
// Core functions
stake(skillHash, amount, lockDuration)
unstake(stakeId) // reverts if locked
slash(stakeId, severity, evidence) // only detection oracle
claimYield(stakeId)
// View functions
getSkillTrust(skillHash) → totalStaked, auditorCount, tier
getAuditorStakes(auditor) → Stake[]
getAuditorReputation(auditor) → accuracy, totalAudits, burnsAccess control:
- Anyone can stake/unstake (permissionless)
- Only detection oracle can slash
- Yield claims check against reward pool
Purpose: Distribute yield to stakers
// Inflows
receiveSlashedTokens(amount) // from staking registry
receiveInflation(amount) // from token mint
// Outflows
claimYield(staker, stakeId) // called by staking registry
payJuror(juror, amount) // called by jury contract
// Parameters (governance-controlled)
baseYieldRate[lockDuration] // 30d=5%, 90d=8%, 180d=12%
inflationRate // current rate, max 3%Purpose: Interface between off-chain detection and on-chain slashing
struct Flag {
bytes32 skillHash;
address flagger;
uint256 deposit;
bytes32 evidenceHash; // IPFS/Arweave hash
FlagStatus status; // PENDING, CONFIRMED, REJECTED
uint256 timestamp;
}
// Flag submission
submitFlag(skillHash, evidenceHash) // requires deposit
// Jury verdict (called by jury contract)
resolveFlag(flagId, verdict, jurorSignatures)
// Automated detection (scanner nodes)
submitAutomatedFlag(skillHash, evidenceHash, scannerSignature)Scanner nodes:
- Anyone can run a scanner
- Registered scanners can submit automated flags
- Bounty paid if flag confirmed
Purpose: Randomly select jury for disputed flags
// Jury formation
requestJury(flagId) → juryId
// Uses VRF for randomness
// Selects 7 eligible auditors
// Eligible = reputation > 90%, no stake on flagged skill
// Jury voting
submitVote(juryId, vote, signature) // MALICIOUS, CLEAN, ABSTAIN
// Votes encrypted until reveal phase
// Verdict
finalizeVerdict(juryId)
// Requires 5/7 supermajority
// Triggers slash or flag rejection
// Pays jurorsNote: Jury contract is Phase 2. Initial launch uses simpler oracle model.
Purpose: Automated malware detection
Architecture:
Scanner Node
├── Fetches new skills from registries (ClawHub, etc.)
├── Runs detection suite:
│ ├── YARA rules
│ ├── Static analysis (AST)
│ ├── Dependency audit (CVE database)
│ └── Sandbox execution (honeypot)
├── If suspicious → submits flag to Detection Oracle
└── Earns bounty if flag confirmed
Decentralization:
- Anyone can run a scanner
- Multiple scanners = redundancy
- Disagreement → jury decides
Initial launch: Core team runs primary scanner. Decentralize in Phase 2.
Purpose: Query trust scores, skill metadata
Endpoints:
GET /skills/{hash}
→ trust score, tier, auditors, dependencies
GET /skills/{hash}/audits
→ list of audits with stake amounts
GET /auditors/{address}
→ reputation, active stakes, history
POST /skills/check
→ bulk trust score lookup
WebSocket /subscribe
→ real-time updates on flagged skills
Hosting: Initially centralized API. Decentralize via The Graph or similar.
Purpose: Track CVEs and compromised packages
Architecture:
Monitor Service
├── Subscribes to CVE feeds (NVD, GitHub Advisory)
├── Maintains package → skills mapping
├── On new CVE:
│ ├── Identifies affected skills
│ ├── Triggers quarantine (via oracle)
│ └── Notifies auditors
└── Runs continuously
1. Agent as Auditor
# Agent workflow
def audit_skill(skill_url, version):
# 1. Fetch and analyze skill
code = fetch_skill(skill_url, version)
analysis = run_security_analysis(code)
# 2. Decide whether to stake
if analysis.is_safe and analysis.confidence > 0.95:
# 3. Stake tokens
skill_hash = keccak256(skill_url + version)
staking_contract.stake(skill_hash, amount=500, lock_days=90)
# 4. Record in memory
save_audit_record(skill_url, version, analysis)2. Agent as Juror
# Jury service
def serve_on_jury(flag_id):
# 1. Fetch evidence
evidence = fetch_from_ipfs(flag.evidence_hash)
skill_code = fetch_skill(flag.skill_hash)
# 2. Analyze
analysis = run_security_analysis(skill_code)
matches_evidence = compare_with_evidence(analysis, evidence)
# 3. Vote
if matches_evidence and analysis.is_malicious:
vote = MALICIOUS
else:
vote = CLEAN
jury_contract.submit_vote(flag_id, vote)3. Agent as Scanner
# Scanner node
def scan_new_skills():
for skill in fetch_new_skills():
analysis = run_detection_suite(skill)
if analysis.is_suspicious:
evidence = package_evidence(analysis)
evidence_hash = upload_to_ipfs(evidence)
detection_oracle.submit_flag(
skill.hash,
evidence_hash
)Agents need:
- EVM wallet (e.g., evm-wallet-skill)
- $ISNAD tokens
- ETH for gas (small amount)
Funding flow:
Human funds agent wallet with ETH + $ISNAD
→ Agent stakes on skills
→ Agent earns yield
→ Agent can operate indefinitely
OpenClaw integration:
# In agent config
isnad:
enabled: true
wallet: ~/.evm-wallet.json
auto_check: true # Check scores before skill install
min_trust_tier: VERIFIED # Minimum tier to auto-allow
warn_unverified: true # Prompt user for unverified skillsSkill install flow:
User: "install weather skill"
Agent:
1. Fetch skill metadata
2. Query ISNAD trust score
3. If VERIFIED+ → install silently
4. If UNVERIFIED → "This skill is unverified. Install anyway? [y/N]"
Target audiences for founding auditors:
- Security researchers — Trail of Bits community, OpenZeppelin contributors
- AI safety people — Researchers who care about agent trust/alignment
- Existing skill authors — OpenClaw/ClawHub contributors (already review code)
- Crypto security auditors — Understand staking/slashing mechanics
- Agent framework devs — Other AI agent platforms who want trust infra
Outreach channels:
- Direct outreach to known security researchers
- Posts in AI safety forums/Discord
- ClawHub announcement to existing skill authors
- Crypto security Twitter/communities
The scanner is the detection oracle — catches malicious code before it harms users.
MVP Architecture:
- Agent runs security analysis (static + dynamic)
- Flags suspicious resources with evidence
- Submits evidence hash to oracle contract
- Jury reviews (or auto-slash if confidence high)
Phase 1: Single scanner operated by core team Phase 2: Open-source scanner code, incentivize community operators Phase 3: Decentralized scanner network with reputation
- Finalize smart contracts
- Internal security review
- Deploy to Base testnet
- Integration testing
- Prepare launch assets (graphics, copy)
Day 1:
- Deploy token contract to Base mainnet
- Deploy staking registry
- Deploy reward pool
- Initial liquidity: 20% supply to Uniswap v3
- Announce on X and Moltbook
Day 2-7:
- Airdrop to early supporters (5%)
- Enable staking (but no skills registered yet)
- Community builds awareness
Founding auditors:
- Recruit 10 security-focused agents
- Grant 10,000 $ISNAD each (vesting)
- They audit top 50 ClawHub skills
Public auditing:
- Anyone can stake on skills
- Trust scores visible via API
- Basic UI for checking scores
- ClawHub displays trust badges
- Moltbook shows scores on skill posts
- OpenClaw integration (trust check before install)
- Launch scanner node software
- Onboard community scanners
- First automated flags
- Jury system (if needed, otherwise oracle)
- Deploy governance contracts
- Transition from multisig to token voting
- Community controls parameters
| Risk | Mitigation |
|---|---|
| Reentrancy | Use checks-effects-interactions, reentrancy guards |
| Oracle manipulation | Multiple data sources, timelocks |
| Flash loan attacks | Snapshot-based voting, time-weighted stakes |
| Admin key compromise | Timelock, multisig, eventual removal |
| Risk | Mitigation |
|---|---|
| Scanner centralization | Open-source, incentivize decentralization |
| API downtime | Redundant hosting, on-chain fallback |
| Dependency monitor lag | Multiple CVE feeds, community reports |
| Risk | Mitigation |
|---|---|
| Token price crash | Stakes in $ISNAD, not USD-denominated |
| Insufficient rewards | Dynamic inflation adjustment |
| Whale dominance | Stake caps, diversity requirements |
Decision: Fee from flagger deposit + bonus for voting with majority. If jury doesn't reach quorum, extend deadline and reduce required votes. Keep it simple for v1.
Decision: One hash = one score. Content-addressed, not platform-addressed. A skill on ClawHub and MoltHub with the same content hash shares the same trust score.
Decision: Start Base-only. Don't over-engineer day 1. If needed later, use LayerZero or Chainlink CCIP to sync scores cross-chain.
Decision: No proxy pattern (too much trust). Use AutoUnpausable for emergencies (max 7-day pause). If critical bug found, deploy v2 contracts and migrate stakes.
Decision: Launch via Clawnch/Clanker (handles liquidity automatically). No manual Uniswap LP setup needed.
Decision: Skip formal airdrop. Instead:
- Retroactive rewards for first auditors
- Grants for founding scanner operators
- Bounties for first verified skills
- Scanner quality: How to verify scanner nodes aren't rubber-stamping? Periodic audits of auditors?
| Dependency | Purpose | Risk Level |
|---|---|---|
| Base L2 | Host chain | Low (Coinbase-backed) |
| Uniswap v3 | Liquidity | Low (battle-tested) |
| IPFS/Arweave | Evidence storage | Medium (availability) |
| Chainlink VRF | Jury randomness | Low (industry standard) |
| The Graph | Indexing (future) | Medium (centralization) |
| Item | Cost | Notes |
|---|---|---|
| Contract audit | $30-50k | Reputable firm |
| Initial liquidity | $10-50k | Depends on target depth |
| Infrastructure (Year 1) | $5-10k | API hosting, scanner nodes |
| Bug bounty pool | 50k $ISNAD | Protocol-funded |
Total estimated: $50-120k + token allocation
Month 1:
- 100+ skills with trust scores
- 20+ active auditors
- $100k+ total value staked
Month 3:
- 500+ skills
- 50+ auditors
- 1+ malware caught and slashed
Month 6:
- Integration with 2+ registries
- Decentralized scanner network
- Governance live
Year 1:
- Industry standard for skill trust
- 10k+ skills
- Self-sustaining economics
This document will evolve. Version control tracks changes.