{"id":50745513,"url":"https://github.com/edycutjong/escrowa","last_synced_at":"2026-06-10T20:30:30.824Z","repository":{"id":363032278,"uuid":"1261639590","full_name":"edycutjong/escrowa","owner":"edycutjong","description":"🔲 Get paid the moment the work is done — TEE-secured autonomous escrow agent.","archived":false,"fork":false,"pushed_at":"2026-06-07T05:26:26.000Z","size":2315,"stargazers_count":0,"open_issues_count":10,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-07T06:16:37.082Z","etag":null,"topics":["agent-auth","dorahacks","escrow","nextjs","rust","tee","terminal3","wasm","web3"],"latest_commit_sha":null,"homepage":"https://escrowa.edycu.dev","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edycutjong.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-07T00:47:45.000Z","updated_at":"2026-06-07T05:26:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/edycutjong/escrowa","commit_stats":null,"previous_names":["edycutjong/escrowa"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/edycutjong/escrowa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fescrowa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fescrowa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fescrowa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fescrowa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edycutjong","download_url":"https://codeload.github.com/edycutjong/escrowa/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edycutjong%2Fescrowa/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34170162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-auth","dorahacks","escrow","nextjs","rust","tee","terminal3","wasm","web3"],"created_at":"2026-06-10T20:30:30.028Z","updated_at":"2026-06-10T20:30:30.816Z","avatar_url":"https://github.com/edycutjong.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"## 👩‍⚖️ For Judges (start here)\n\n\u003e **What it is:** A `did:t3n` autonomous escrow agent. A client funds a milestone, then both freelancer and client sign cryptographic attestations. When both match (or a deadline/arbiter rule fires), a Rust ➔ WASM contract automatically releases the payout. No single party—not even Escrowa itself—can move the funds unilaterally.\n\n### 🔗 Quick Links\n- 🎬 **Demo Video:** [youtu.be/WzEVJwG1ebQ](https://youtu.be/WzEVJwG1ebQ)\n- 🚀 **Live Demo Console:** [escrowa.edycu.dev](https://escrowa.edycu.dev)\n- 🏆 **DoraHacks BUIDL Page:** [dorahacks.io/buidl/44352](https://dorahacks.io/buidl/44352)\n\n### 🎯 Bounty Tracks Targeted\n- 🥇 **Best Agent Auth SDK ($300)** (Primary): A production-ready least-privilege `agent-auth` implementation.\n- 🐞 **Bug \u0026 Documentation Bounty ($200)**: Real ADK developer feedback detailed in [BUGS.md](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/BUGS.md).\n\n### ⚡ Verify in ~60 Seconds\n```bash\ncd contract \u0026\u0026 cargo test          # Run 18 Rust contract state tests\ncd ../board \u0026\u0026 npm run ci          # Run ESLint, typecheck \u0026 73 Vitest tests (100% coverage)\nnpm run e2e                        # Run 10 Playwright E2E tests (auto-starts dev server)\nnpm run dev                        # Launch local dev server at http://localhost:3000\n```\n\n### 🔍 Where the Substance Is\n| Core Concern | Technical Implementation / File Reference |\n|---|---|\n| **Agent-Auth Enforcement** | Scoped functions + `allowedHosts` allowlist configured in [agentAuth.ts](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/board/src/sdk/agentAuth.ts) and enforced natively via [T3nClient.ts](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/board/src/sdk/T3nClient.ts) |\n| **Escrow State Machine** | Core dual-consent, deadline, and arbiter logic written in Rust in [lib.rs](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/contract/src/lib.rs) |\n| **Decentralized Identity** | Identity resolution and mapping configured in [didRegistry.ts](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/board/src/sdk/didRegistry.ts) |\n| **Comprehensive Test Suite** | 91 total tests (73 Vitest frontend tests + 18 Cargo contract tests) |\n| **Documentation \u0026 Playbook** | Walkthrough playbook in [DEMO.md](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/docs/DEMO.md) and architecture layout in [ARCHITECTURE.md](file:///Users/edycu/Projects/Hackathon/dorahacks-t3adk-escrowa/docs/ARCHITECTURE.md) |\n\n\u003e [!IMPORTANT]\n\u003e **Honest Hackathon Scope \u0026 Simulation Context:** The Rust ➔ WASM contract logic and secp256k1 cryptographic signatures are **real**. The TEE enclave, host interfaces, and blockchain settlement are **locally simulated** using the T3 Agent Development Kit (ADK) and `@bytecodealliance/jco`. This architecture is production-ready for real Intel TDX hardware when the T3N mainnet launches. Full details are in the *Hackathon Simulation Context* section below.\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"board/public/icon.svg\" alt=\"Escrowa\" width=\"120\" height=\"120\"\u003e\n\n  \u003ch1\u003eEscrowa 🔲\u003c/h1\u003e\n  \u003cp\u003e\u003cem\u003eGet paid the moment the work is done — TEE-secured autonomous escrow agent.\u003c/em\u003e\u003c/p\u003e\n  \u003cimg src=\"docs/readme-hero.png\" alt=\"Escrowa Banner\" width=\"100%\"\u003e\n\n  \u003cbr/\u003e\n\n  [![Live Demo](https://img.shields.io/badge/🚀_Live-Demo-06b6d4?style=for-the-badge)](https://escrowa.edycu.dev)\n  [![Pitch Video](https://img.shields.io/badge/🎬_Pitch-Video-ef4444?style=for-the-badge)](https://youtu.be/WzEVJwG1ebQ)\n  [![Built for DoraHacks](https://img.shields.io/badge/DoraHacks-T3_ADK_Bounty_Challenge-8b5cf6?style=for-the-badge)](https://dorahacks.io/hackathon/t3adkdevchallengebeta)\n  [![DoraHacks BUIDL](https://img.shields.io/badge/DoraHacks-View_BUIDL_%2344352-a855f7?style=for-the-badge)](https://dorahacks.io/buidl/44352)\n\n  \u003cbr/\u003e\n\n  ![Next.js](https://img.shields.io/badge/Next.js_16-black?style=flat\u0026logo=next.js)\n  ![Rust](https://img.shields.io/badge/Rust_WASM-DEA584?style=flat\u0026logo=rust\u0026logoColor=white)\n  ![TypeScript](https://img.shields.io/badge/TypeScript-3178C6?style=flat\u0026logo=typescript\u0026logoColor=white)\n  ![Tailwind](https://img.shields.io/badge/Tailwind_v4-38B2AC?style=flat\u0026logo=tailwindcss\u0026logoColor=white)\n  [![CI](https://github.com/edycutjong/escrowa/actions/workflows/ci.yml/badge.svg)](https://github.com/edycutjong/escrowa/actions/workflows/ci.yml)\n\u003c/div\u003e\n\n---\n\n## 🎬 See it in Action\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"board/public/og-image.png\" alt=\"Escrowa Board UI\" width=\"100%\"\u003e\n\u003c/div\u003e\n\n\u003e **The Flow:** Priya delivers the milestone ➔ signs a cryptographic attestation ➔ client approves ➔ TEE enclave verifies signatures and triggers the in-enclave `signing` key to sign the payout ➔ `outbox` delivers the payout idempotently.\n\n### The three control paths\n\n| ✅ Mutual release (`m1`) | ⏰ Deadline fallback (`m2`) | ⚖️ Arbiter refund (`m3`) |\n|:---:|:---:|:---:|\n| \u003cimg alt=\"m1 mutual release\" src=\"https://github.com/user-attachments/assets/f89d8b12-63a3-46a4-9729-226f35b82bbc\" width=\"100%\"\u003e | \u003cimg alt=\"m2 deadline release\" src=\"https://github.com/user-attachments/assets/17075b7d-2b56-484c-aab8-6c70d34084cf\" width=\"100%\"\u003e | \u003cimg alt=\"m3 arbiter refund\" src=\"https://github.com/user-attachments/assets/677db0d8-f13c-40c6-8b48-36b3a7710954\" width=\"100%\"\u003e |\n| Both parties attest → **released** | Client ghosts → **auto-release** at deadline | Disputed → arbiter **refunds** the client |\n\n---\n\n## 💡 The Problem \u0026 Solution\n\n### The Problem\nPriya shipped the final milestone of a 6-week remote development contract. The client said \"looks great,\" went silent, and she's still chasing $4,200 three months later. Traditional escrow requires trusting a third-party custodian with both the funds and the release decision. On-chain escrow usually means trusting a hot wallet or an opaque, unverified smart contract. No platform offers a neutral, secure environment that releases payment **only** when both sides agree without exposing the private keys to any single human or software agent.\n\n### The Solution\n**Escrowa** is an autonomous escrow agent. The funds are locked under conditional logic compiled for a **Trusted Execution Environment (TEE)**.\n* **Mutual Consent:** Payout occurs automatically when the freelancer's \"delivered\" and the client's \"approved\" cryptographic signatures match.\n* **Hardware-Gated Custody:** The signing keys are generated and held **inside the enclave** under `cluster CEK`. The agent never sees the raw private keys, preventing unilateral draining of the escrow.\n* **Fail-Safe Fallbacks:** Includes customizable ghost/deadline rules (automatic release if a client vanishes) and arbiter-gated resolution paths.\n\n\u003e [!NOTE]\n\u003e **Hackathon Simulation Context:** For this DoraHacks submission, the TEE hardware environment is simulated locally using the T3 Agent Development Kit (ADK) and `@bytecodealliance/jco`. The core logic (`contract/src/lib.rs`) compiles to a standard `wasm32-wasip2` T3 component, but the host cryptographic functions (like `sign-secp256k1`) are simulated locally via `ethers.js` in `board/src/wasm/host.ts`. This ensures the code is production-ready for real Intel TDX hardware when the T3 network launches, without misleading about current hardware utilization.\n\n---\n\n## 🏗️ Architecture \u0026 Flow\n\n```mermaid\nflowchart LR\n    C[Client] --\u003e|\"fund milestone\"| ESC\n    F[Freelancer] --\u003e|\"attest: delivered (sig)\"| ESC\n    C --\u003e|\"attest: approved (sig)\"| ESC\n    subgraph ESC[\"Escrowa agent (did:t3n)\"]\n      API[\"REST API\"]\n      CLI[\"T3nClient.executeAndDecode\"]\n    end\n    subgraph T3[\"T3N TEE (Intel TDX / Wasmtime)\"]\n      DISP[\"escrow contract: dispatch\"]\n      COND[\"release conditions\"]\n      SIGN[\"signing: per-wallet secp256k1\"]\n      OUT[\"outbox: idempotent payout\"]\n    end\n    API --\u003e CLI --\u003e|\"execute fn\"| DISP --\u003e COND\n    COND --\u003e|\"delivered AND approved -\u003e sign release\"| SIGN --\u003e OUT --\u003e|\"tokens -\u003e freelancer\"| TX[(\"settlement\")]\n    ESC -. \"did:t3n\" .-\u003e REG[\"did-registry / agent-registry\"]\n    OUT --\u003e DASH[\"Audit dashboard\"]\n```\n\n1. **Fund:** Client locks test tokens in the contract.\n2. **Attest:** Freelancer signs `delivered`, client signs `approved`.\n3. **Evaluate:** Enclave contract verifies signatures against `did:t3n` registry.\n4. **Sign \u0026 Settle:** Enclave `signing` signs payout; `outbox` posts it idempotently.\n\n---\n\n## 🏆 Sponsor Tracks Targeted \u0026 SDK Surface Area\n\nWe use **six** distinct Terminal 3 host capability interfaces:\n1. **`signing`** (`contract/src/lib.rs:224`): Generates secp256k1 signatures for release payouts inside the TEE. Keys never leave the enclave.\n2. **`outbox`** (`contract/src/lib.rs:239`): Posts payouts to the settlement system exactly-once (prevents double-spending).\n3. **`kv-store`** (`contract/src/lib.rs:83`): Stores namespace-isolated milestone states securely.\n4. **`did-registry` \u0026 `agent-registry`** (`board/src/sdk/didRegistry.ts`, wired in `board/src/app/api/seed/route.ts`): Links each party's authenticator to its `did:t3n` identity and publishes the Escrowa agent URI.\n5. **`agent-auth`** (`board/src/sdk/agentAuth.ts`, enforced in `board/src/sdk/T3nClient.ts`): Provisions Escrowa a **least-privilege scope** (allowed functions + `allowedHosts` egress allowlist) and the host blocks any call outside it — an out-of-scope function fails with `host/agent.function_denied` and an unauthorized host with `host/http.egress_denied`.\n6. **TEE Attestation (Intel TDX):** Enforces execution of compiled WASM logic inside hardware-secured VMs.\n\n---\n\n## 🪪 Identities (did:t3n)\n\nThe demo provisions these identities via the `did-registry` / `agent-registry` (see `board/src/app/api/seed/route.ts`). DIDs are `did:t3n:\u003cauthenticator-address\u003e`.\n\n| Role | Authenticator address | DID |\n|---|---|---|\n| **Client** | `0x1111111111111111111111111111111111111111` | `did:t3n:0x1111111111111111111111111111111111111111` |\n| **Freelancer** (Priya) | `0x2222222222222222222222222222222222222222` | `did:t3n:0x2222222222222222222222222222222222222222` |\n| **Arbiter** | `0x3333333333333333333333333333333333333333` | `did:t3n:0x3333333333333333333333333333333333333333` |\n| **Escrowa agent** | — | `did:t3n:escrowa-agent` (URI `https://escrowa.edycu.dev/.well-known/agent`) |\n\nThe Escrowa agent is granted a least-privilege `agent-auth` scope: functions `create-milestone`, `submit-attestation`, `resolve-milestone`; egress allowlist `api.terminal3.io` (see `board/src/sdk/agentAuth.ts`).\n\n\u003e These are deterministic demo identities for the simulated build. A real deployment would obtain its `did:t3n` and developer key from the [claim page](https://www.terminal3.io/claim-page) (set as `T3N_API_KEY`).\n\n---\n\n## 🚀 Getting Started\n\n### Prerequisites\n* Node.js ≥ 20\n* Rust \u0026 Cargo (with `wasm32-wasip2` target)\n* npm\n\n### Setup \u0026 Installation\n1. Clone the repository:\n   ```bash\n   git clone https://github.com/edycutjong/escrowa.git\n   cd escrowa\n   ```\n2. Build the Rust WASM contract:\n   ```bash\n   cd contract\n   rustup target add wasm32-wasip2\n   cargo build --target wasm32-wasip2 --release\n   cd ..\n   ```\n3. Install frontend dependencies:\n   ```bash\n   cd board\n   npm install\n   ```\n4. Configure the Environment Variables:\n   ```bash\n   cp .env.example .env.local\n   ```\n   Open `.env.local` and add your Terminal 3 API Token (claimable [here](https://www.terminal3.io/claim-page)):\n   ```env\n   T3_API_KEY=0x_your_terminal3_api_key_here\n   ```\n5. Run the local dev server:\n   ```bash\n   npm run dev\n   ```\n   Open `http://localhost:3000` to view the Escrowa Dashboard.\n\n---\n\n## 🧪 Testing \u0026 Verification\n\nWe enforce a rigorous test harness verifying the entire escrow state machine.\n\n```bash\n# Run unit tests\ncd board\nnpm run test\n```\n\n| Suite | Focus | Status |\n|---|---|---|\n| **Key Custody Test** | Asserts that generated keys are restricted to TEE memory and never leak to disk/env/logs | ✅ Passing |\n| **Happy Path Suite** | Verifies `create` -\u003e `attest:delivered` -\u003e `attest:approved` -\u003e `released` | ✅ Passing |\n| **Deadline Fallback** | Verifies deadline timeout automatically triggers release/refund | ✅ Passing |\n| **Arbiter Dispute** | Verifies arbiter-only decision resolution | ✅ Passing |\n| **Replay Protection** | Asserts duplicate attestation requests are rejected | ✅ Passing |\n| **Agent-Auth Scope** | Asserts out-of-scope functions (`host/agent.function_denied`) and non-allowlisted egress (`host/http.egress_denied`) are blocked | ✅ Passing |\n\n---\n\n## ⚡ Latency Benchmarks\n\nWe ran **200** full lifecycle evaluations of our release-condition check, signing, and outbox posting inside the TEE simulator.\n\nRun the benchmarks:\n```bash\n./scripts/bench.py\n```\n\n### Results (200 full-lifecycle evals; varies run to run)\n* **Mean Latency:** ~3.4 ms\n* **p50 (Median):** ~2.3 ms\n* **p95 Latency:** ~8.6 ms\n\n---\n\n## 📄 License\n[MIT](LICENSE) © 2026 Edy Cu\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fescrowa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedycutjong%2Fescrowa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedycutjong%2Fescrowa/lists"}