{"id":50672975,"url":"https://github.com/oasisprotocol/rofl-x402-service","last_synced_at":"2026-06-08T13:02:38.945Z","repository":{"id":321572165,"uuid":"1086310313","full_name":"oasisprotocol/rofl-x402-service","owner":"oasisprotocol","description":"A verifiable, private AI document summarization service that uses blockchain micropayments (x402 protocol) and runs inside a   ROFL trusted execution environment on the Oasis Network.","archived":false,"fork":false,"pushed_at":"2025-11-19T14:47:33.000Z","size":125,"stargazers_count":9,"open_issues_count":0,"forks_count":3,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-11-19T16:25:48.753Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oasisprotocol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-30T08:43:16.000Z","updated_at":"2025-11-19T15:08:19.000Z","dependencies_parsed_at":"2025-10-30T11:44:13.644Z","dependency_job_id":null,"html_url":"https://github.com/oasisprotocol/rofl-x402-service","commit_stats":null,"previous_names":["ptrus/rofl-x402-service","oasisprotocol/rofl-x402-service"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/oasisprotocol/rofl-x402-service","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Frofl-x402-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Frofl-x402-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Frofl-x402-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Frofl-x402-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oasisprotocol","download_url":"https://codeload.github.com/oasisprotocol/rofl-x402-service/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Frofl-x402-service/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34063159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-08T13:02:37.307Z","updated_at":"2026-06-08T13:02:38.939Z","avatar_url":"https://github.com/oasisprotocol.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Oasis ROFL x402 Document Summarization Service\n\nA confidential AI microservice that summarizes documents inside a verifiable TEE, paid via x402 micropayments.\n\n- **🔒 Private**: Documents processed inside a confidential Oasis ROFL container using Ollama (qwen2:0.5b) or Gaia Nodes\n- **🔐 Secure**: Uses aTLS (Attested TLS) with end-to-end TLS authentication from the TEE\n- **✅ Verifiable**: Remote attestation proves the exact code running in the TEE\n- **🔏 Signed**: All responses cryptographically signed with TEE-generated SECP256K1 keys\n- **💰 Monetizable**: x402 micropayments - $0.001 per summary on Base Sepolia (testnet)\n- **📝 Discoverable**: Registered on-chain using [ERC-8004](https://eips.ethereum.org/EIPS/eip-8004) Agent Identity Standard\n\n**Tech Stack**\n- Python FastAPI backend\n- Ollama (Qwen2 0.5B model) or Gaia Nodes (OpenAI compatible API)\n- x402 protocol for micropayments\n- ERC-8004 on-chain agent registration with [Agent0 SDK](https://github.com/agent0lab/agent0-py)\n- Oasis ROFL keymanager for TEE-based cryptographic signing\n- Runs in an Oasis ROFL TEE on the Oasis Network\n\n## Testing Locally\n\n```bash\ndocker compose up\n```\n\nThe test client (in the `test/` folder) automatically performs an x402 payment and then requests the summary, verifying the on-chain transaction.\n\n```bash\ncd test\nuv sync\n\n# Generate a test wallet (save the private key!)\nuv run python -c \"from eth_account import Account; acc = Account.create(); print(f'Address: {acc.address}\\nPrivate Key: {acc.key.hex()}')\"\n\n# Fund the wallet with Base Sepolia ETH and USDC\n# - ETH for gas: https://www.coinbase.com/en-gb/developer-platform/products/faucet\n# - USDC: 0x036CbD53842c5426634e7929541eC2318f3dCF7e\n\n# Configure .env with your private key\necho \"PRIVATE_KEY=0x...\" \u003e .env\necho \"API_URL=http://localhost:4021\" \u003e\u003e .env\n\n# Run the test (uses test_document.txt by default)\nuv run python test_client.py\n\n# Or test with your own document\nuv run python test_client.py /path/to/your/document.txt\n```\n\n**Example output:**\n\n```\n🔒 Testing without payment (should fail)...\n   ✅ Correctly rejected with 402 Payment Required\n\n✅ Job created (took 1.66s)\n\n🔒 Testing payment reuse (should fail)...\n   ✅ Correctly rejected payment reuse with 402\n\n⏳ Polling for result...\n   ✅ Completed after ~44s\n\n📄 Summary:\n   The document discusses the technology zkTLS that combines two cryptographic\n   approaches: TLS providing encryption and authentication for secure data\n   transmission in HTTPS while zero-knowledge proofs allow one party to prove\n   knowledge of information without revealing it...\n\n📊 Stats:\n   Word count: 304\n   Reading time: 1 minute\n```\n\n**Example output with a Gaia Node:**\n\n```\n🔒 Testing without payment (should fail)...\n   ✅ Correctly rejected with 402 Payment Required\n\n✅ Job created (took 1.66s)\n\n🔒 Testing payment reuse (should fail)...\n   ✅ Correctly rejected payment reuse with 402\n\n⏳ Polling for result...\n   ✅ Completed after ~272s\n\n📄 Summary:\n   ZkTLS is a cryptographic protocol that combines two approaches for secure communication over internet protocols such as HTTPS, such as TLS for encrypting data during transmission. It provides encryption and authentication for securing data transmission through secure sessions. This protocol allows only trusted nodes to prove knowledge of information without revealing it. The Proof can then be recorded on a blockchain and used for verification. The protocol supports three types of approaches, MPC-based, TEE-based, and Proxy-based. zkTLS solves the problem of oracle problem in identity verification and provides privacy protection. It has important applications in DeFi lending platforms, Identity verification using secure web sources, Privacy-preserving oracles providing verifiable data feeds, and Verifiable airdrops confirming off-chain eligibility. There are also some potential drawbacks to zkTLS such as completeness, partial solution for the oracle problem, and need for complementary safeguards like reputation systems and cross-checks for maximum effectiveness.\n\n📊 Stats:\n   Word count: 304\n   Reading time: 1 minute\n```\n\nTesting with [zkTLS article](https://oasis.net/blog/zktls-blockchain-security) (2,362 characters).\n\n## AI Provider Options\n\nThis service supports two AI providers for document summarization:\n\n1. **Ollama** (default) - Local inference with the Qwen2 0.5B model\n2. **Gaia Nodes** - Decentralized AI inference network with OpenAI-compatible API\n\nTo switch between providers, set the `AI_PROVIDER` environment variable:\n\n```bash\n# Use Ollama (default)\nAI_PROVIDER=ollama\nOLLAMA_HOST=http://localhost:11434\n\n# Use Gaia Nodes\nAI_PROVIDER=gaia\nGAIA_NODE_URL=https://your-node-id.gaia.domains/v1\nGAIA_MODEL_NAME=Qwen3-30B-A3B-Q5_K_M\nGAIA_API_KEY=your-gaia-api-key\n```\n\nWhen using Gaia Nodes, you must provide:\n- `GAIA_NODE_URL`: The URL of your Gaia Node\n- `GAIA_MODEL_NAME`: The model name to use (e.g., gpt-4, gpt-3.5-turbo)\n- `GAIA_API_KEY`: Your API key for authentication\n\nLearn how to launch your own Gaia node at [docs.gaianet.ai/getting-started/quick-start](https://docs.gaianet.ai/getting-started/quick-start).\n\n**Note:** Dependencies are split into optional groups (`ollama` and `gaia`) to reduce Docker image size. The Dockerfile installs `ollama` by default. To use Gaia, update the Dockerfile line:\n```dockerfile\nRUN uv sync --frozen --no-dev --group gaia\n```\n\n## ERC-8004 Agent Registration\n\nThis service supports on-chain agent registration using the [ERC-8004 Agent Identity Standard](https://eips.ethereum.org/EIPS/eip-8004) via the [Agent0 SDK](https://github.com/agent0lab/agent0-py). For Oasis ROFL-specific validation tooling, see [ERC-8004 on Oasis](https://github.com/oasisprotocol/erc-8004).\n\nWhen the service starts running in an Oasis ROFL TEE, it automatically:\n- Registers the agent on-chain with metadata (name, description, capabilities)\n- Publishes the agent card to IPFS\n- Configures trust models (reputation + TEE attestation)\n- Enables x402 payment support\n- Registers the service endpoint for discovery\n\n### Configuration\n\nTo enable agent registration, set these environment variables:\n\n```bash\n# Agent0 SDK Configuration\nAGENT0_CHAIN_ID=84532  # Base Sepolia testnet\nAGENT0_RPC_URL=https://base-sepolia.g.alchemy.com/v2/your-api-key\nAGENT0_PRIVATE_KEY=your-private-key-here\nAGENT0_IPFS_PROVIDER=pinata\nAGENT0_PINATA_JWT=your-pinata-jwt-token\n\n# Agent Configuration\nAGENT_NAME=Oasis ROFL x402 Summarization Agent\nAGENT_DESCRIPTION=x402-enabled document processing agent running in Oasis TEE\nAGENT_IMAGE=https://your-domain.com/logo.png  # Served from /logo.png endpoint\nAGENT_WALLET_ADDRESS=0x...  # Optional: agent's payment wallet\n\n# x402 Endpoint\nX402_ENDPOINT_URL=https://your-domain.com/summarize-doc\n```\n\nThe agent ID is persisted in Oasis ROFL metadata (production) or a local `.agent_id` file (development). On subsequent restarts, the service will load and update the existing agent rather than creating a new one.\n\n### Agent Card Example\n\nOnce registered, your agent will have an on-chain identity with metadata like:\n\n```json\n{\n  \"type\": \"https://eips.ethereum.org/EIPS/eip-8004#registration-v1\",\n  \"name\": \"Oasis ROFL x402 Summarization Agent\",\n  \"description\": \"x402-enabled document processing agent running in Oasis TEE. REST API for async summarization. Multi-provider AI backend (Ollama/Gaia). On-chain registered with reputation trust model.\",\n  \"image\": \"http://localhost:4021/logo.png\",\n  \"endpoints\": [\n    {\n      \"name\": \"A2A\",\n      \"endpoint\": \"https://summarize.updev.si/summarize-doc\",\n      \"version\": \"1.0\"\n    },\n    {\n      \"name\": \"agentWallet\",\n      \"endpoint\": \"eip155:84532:0xebD8A84C29E1f534c0E8fA555E1Ee63Ff4E0592C\"\n    }\n  ],\n  \"registrations\": [\n    {\n      \"agentId\": 380,\n      \"agentRegistry\": \"eip155:1:{identityRegistry}\"\n    }\n  ],\n  \"supportedTrust\": [\"reputation\", \"tee-attestation\"],\n  \"active\": true,\n  \"x402support\": true,\n  \"updatedAt\": 1762363389\n}\n```\n\n## TEE-Attested Response Signing\n\nAll API responses are cryptographically signed using SECP256K1 keys generated inside the Oasis ROFL TEE, providing cryptographic proof that responses originated from the attested service.\n\n**How it works:**\n1. On startup, the service generates a SECP256K1 key pair using Oasis ROFL's keymanager\n2. The public key is registered in Oasis ROFL metadata and ERC-8004 agent metadata as `rofl_signing_public_key`\n3. Each response is signed with a recoverable ECDSA signature over canonical JSON\n4. Clients can verify signatures by recovering the public key and comparing to the registered key\n\n**Signed response format:**\n```json\n{\n  \"status\": \"completed\",\n  \"summary\": \"...\",\n  \"timestamp\": 1730000000,\n  \"signature\": \"df9528e21e543b31a6b909d66002f974...\",\n  \"public_key\": \"03e1e2206b206770bb69feb6f37ec091...\"\n}\n```\n\n**Configuration:**\n```bash\nENVIRONMENT=production      # Uses Oasis ROFL keymanager for signing\nENVIRONMENT=development     # Signing disabled\nDEBUG_SIGNING=true         # Use mock keys for testing\n```\n\nIn production, the signing key is generated by Oasis ROFL's secure keymanager and never leaves the TEE. The public key can be verified against the on-chain attested state in the [Oasis ROFL registry](https://github.com/ptrus/rofl-registry).\n\n## Try the Live Testnet Deployment\n\n**Live service running on Oasis Testnet** at **https://summarize.updev.si** ([App ID: `rofl1qq6m08wlj3qawcfrd3ljyge2t0praed5ycwh7upg`](https://explorer.oasis.io/testnet/sapphire/rofl/app/rofl1qq6m08wlj3qawcfrd3ljyge2t0praed5ycwh7upg))\n\nTest the live deployment:\n\n```bash\ncd test\necho \"API_URL=https://summarize.updev.si\" \u003e\u003e .env\n\n# Test with default document\nuv run python test_client.py\n\n# Or test with this README\nuv run python test_client.py ../README.md\n```\n\n**Example output (summarizing this README):**\n\n```\n✅ Job created (took 2.46s)\n\n🔒 Testing payment reuse (should fail)...\n   ✅ Correctly rejected payment reuse with 402\n\n⏳ Polling for result...\n   ✅ Completed after ~196s\n\n📄 Summary:\n   The document outlines a new AI microservice called ROFL that utilizes the\n   Ollama model from the Qwen2 series. This microservice is paid via x402\n   protocol payments and can be used to summarize documents inside a private\n   container using encryption. The document also mentions the ability to\n   monetize the service through x402 protocols and uses Base Sepolia as a\n   test network for testing purposes.\n\n📊 Stats:\n   Word count: 604\n   Reading time: 3 minutes\n```\n\n**Example output (summarizing this README):**\n\n```\n✅ Job created (took 2.46s)\n\n🔒 Testing payment reuse (should fail)...\n   ✅ Correctly rejected payment reuse with 402\n\n⏳ Polling for result...\n   ✅ Completed after ~196s\n\n📄 Summary:\n   The document outlines a new AI microservice called ROFL that utilizes the\n   Ollama model from the Qwen2 series. This microservice is paid via x402\n   protocol payments and can be used to summarize documents inside a private\n   container using encryption. The document also mentions the ability to\n   monetize the service through x402 protocols and uses Base Sepolia as a\n   test network for testing purposes.\n\n📊 Stats:\n   Word count: 604\n   Reading time: 3 minutes\n```\n\nTo verify the app code, attestation, and TLS connection, see [rofl-registry](https://github.com/ptrus/rofl-registry).\n\n## Deploy Your Own Service\n\n**Ready to build your own paid AI service?** Follow these steps to deploy on Oasis:\n\n### 1. Clone the Repository\n\n```bash\ngit clone https://github.com/ptrus/rofl-x402-service\ncd rofl-x402-service\n```\n\n### 2. Reset ROFL Manifest\n\nClear existing deployment configuration using [oasis-cli](https://github.com/oasisprotocol/cli):\n\n```bash\noasis rofl init --reset\n```\n\n### 3. Customize Your Service\n\nModify the endpoint implementation in `app/main.py` (lines 51-84) to create your own paid service:\n\n```python\n@app.post(\"/summarize-doc\")\nasync def summarize_doc(request: DocumentRequest) -\u003e Dict[str, Any]:\n    # Your custom service logic here\n    # Example: image generation, data analysis, API access, etc.\n    ...\n```\n\nUpdate the payment configuration:\n- Change `X402_PRICE` in `.env` for your desired pricing\n- Modify `X402_NETWORK` if deploying to mainnet\n\n### 4. Configure AI Provider\n\nTo use Gaia Nodes instead of Ollama, set the following environment variables in your `.env` file:\n\n```bash\nAI_PROVIDER=gaia\nGAIA_NODE_URL=https://your-node-id.gaia.domains/v1\nGAIA_MODEL_NAME=Qwen3-30B-A3B-Q5_K_M\nGAIA_API_KEY=your-gaia-api-key\n```\n\n### 5. Deploy to ROFL\n\nFollow the [ROFL deployment guide](https://docs.oasis.io/build/tools/cli/rofl) to deploy your service:\n\n```bash\n# Build the container\ndocker compose build\n\n# Push to registry (if needed)\ndocker tag docker.io/ptrusr/rofl-x402-docs:latest your-registry/your-app:latest\ndocker push your-registry/your-app:latest\n\n# Deploy using oasis-cli\noasis rofl deploy\n```\n\nYour service will be deployed with verifiable code execution and ready to accept x402 payments!\n\n## Learn More\n\n- [Oasis ROFL](https://docs.oasis.io/rofl) - Runtime Off-chain Logic documentation\n- [x402 Protocol](https://github.com/coinbase/x402) - Internet-native payment protocol\n- [Ollama](https://ollama.com) - Run large language models locally\n- [Gaia](https://gaianet.ai) - Decentralized AI inference network\n\n## License\n\nThis is example code for demonstration purposes.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foasisprotocol%2Frofl-x402-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foasisprotocol%2Frofl-x402-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foasisprotocol%2Frofl-x402-service/lists"}