How Oris works

Eight checks.
One signed proof.

Every agent payment runs through eight signed checks before any rail moves money. Eight layers, one bundle, every byte audited.

Status
Locked 2026-05-19
Owner
Fluxa Ventures
Authoritative
Base mainnet
Live layers
L1 → L8
Bundle
v2 · SDK 0.4
L1Identity L2Policy L3Veris L4Proof L5Revocation L6Verifier L7Audit L8Adoption
L1
Phase 9 · Locked

Who the agent is

Six contracts on Base name every agent and the company that backs it. Same answer on every rail. No identity drift.

Contracts

  • OrisAgentRegistryroot
  • OrisAgentKYAResolverCCIP-Read
  • OrisCrossChainIndexEAS UID
  • OrisReverseRegistraraddr → node
  • OrisNamespaceManagertenant tree
  • OrisAnchorRegistrymerkle anchor

Properties

  • Authoritative chainBase mainnet
  • Cross-chain mirrorCCIP-Read + LZ
  • Identity modeldid:ethr
  • Anchor cadence24h + event
L2
Locked schema

Your rules, enforced.

Caps, allowlists, blocked categories, approval thresholds. Your policy signed into every bundle. No agent moves outside the lines you set.

On-chain

  • OrisPolicyRegistryversioned
  • Per-tenant Merkle rootbundle-embedded
  • Policy version signingMPC issuer

Off-chain runtime

  • policy_engine.py<10ms eval
  • Rust portHFT path
  • Policy DSLJSON Schema
  • Circuit compile targetFaz B
L3
Phase 10 · Step 1
Production · CT 110

Sanctions cleared. 4.4 ms.

Live sanctions verdict, risk tier, and behaviour score, signed by a registered ring and stamped onto every bundle in milliseconds.

Hot-path budget

  • SISMEMBER sanctions set~0.1ms
  • HGETALL risk hash~0.2ms
  • Assemble proto~0.05ms
  • Vault Transit BLS sign5–10ms
  • p50 total7ms
  • p99 total12ms

Deployed signer · CT 110

// BLS12-377 G1 compressed · 48 bytes
pubkey_b64 = "Tsgh1UPqIdgKjSfnWJOasXSB
              r8vtfsKfU6nMVirn2t8J
              BbqlIA249BOK4w1Oxn0B"

issued   = 2026-05-19
endpoint = 10.10.10.110:50051
test_did = did:ethr:8453:0xababab…
latency  = 4.4ms  // vs 15ms p99 budget
L4
ZK boundary · most volatile

One bundle. Tamper-proof.

A single signed payload carries every check. Same shape today and tomorrow. Swap the proof type without breaking a single rail.

Faz A · live

  • Master Ed25519 · 24h fresh0x01
  • Recursive per-tx sigreplay-proof
  • zkVM opt-in privacySP1 / Risc0

Faz B · partner-led

  • Halo2 recursive circuit0x03
  • SP1 zkVM0x02
  • 96-byte on-chain pointerhash + sig
L5
Aggressive push

Bad agents stop fast.

OFAC and fraud hits land on chain within seconds. Drift and anomaly flags follow within the hour. A stale list denies payment by default.

Tree structure

  • Tier 1 · immediateOFAC + fraud
  • Tier 2 · behaviouralanomaly
  • HashPoseidon
  • Cross-chain mirrorLayerZero / Hyperlane

SLAs

  • Tier 1 end-to-end< 30s
  • Tier 2 end-to-end< 1h
  • Stale-root watchtower24h deny-default
L6
Open reference impl

One check. Every rail.

The same verifier on Base, Solana, Stripe, and Visa. Drop it in. Host it yourself. Either way, one answer.

On-chain

  • Solidity IComplianceVerifierBase · Eth · Arb · Op
  • Anchor program (Rust)Solana

Off-chain

  • HTTP Verifier-as-a-ServiceStripe · Visa · AWS · x402
  • Self-host Dockertrustless
  • Pluggable proof_type0x01 / 0x02 / 0x03
L7
Regulator-facing

Regulator ready, always.

Every bundle anchored on Base. Full disclosure sealed for the regulator alone. SAR drafts ready for FinCEN, OCC, MAS, and EU AMLD.

Disclosure surfaces

  • Sealed envelopethreshold-enc
  • Regulator portalmulti-jurisdiction
  • SAR auto-draftFinCEN-shape
  • Alert subscriptionwebhook + stream

Data availability

  • Celestiawarm
  • Arweavecold
  • IPFS-Filecoinredundant
  • Anchor commitBase · 24h + evt
L8
SDK + adapters

Plug in. Ship today.

Python, TypeScript, and Rust SDKs. One install. Per-rail adapters and Docker images ready for any agent runtime.

SDKs

  • oris-pypython
  • oris-sdktypescript
  • oris-rsrust

Network adapters

  • Base · Solana · Eth · Arb · Opnative
  • Stripe · Visa · AWS AgentCoreHTTP
  • x402 · Coinbase Agentprotocol
From request to receipt

Intent. Anchored.

Each check signs the next. By the time a rail asks, the bundle already holds every answer.

SDK
Agent emits tx_intent

counterparty · amount · stablecoin · chain · category

→ tx_intent
L2
Policy.evaluate(intent, tenant_root)

returns verdict + policy_root_proof

→ verdict + proof
L3
Veris.attest(agent_did, intent)

BLS-signed attestation · sanctions · risk_tier · drift

→ veris_attestation
L4
ComplianceBundle.assemble(…)

~1.5 KB · revocation_witness + sealed_envelope

→ bundle + sig
L7
Multi-tier DA write

celestia + arweave + ipfs-filecoin · 96-byte on-chain pointer

→ bundle_hash
L6
Network verifier checks bundle

Ed25519 / ZK · revocation non-membership · nonce

→ ALLOW / DENY
L7
Post-tx attest · root anchored on Base

regulator portal SAR auto-draft fires on rule hit

→ anchored
What the bundle holds

One payload.
Every rail verifies it.

1.5 KB off chain. 96 bytes on chain. The same artifact passes on Base, Solana, and HTTP rails without rewriting a single check.

ComplianceBundle {
  version:        "v2",
  agent_did:      "did:ethr:<chain_id>:<addr>",
  tenant_node:    bytes32,             // ENS namehash
  policy_root:    bytes32,             // per-tenant Merkle

  veris_attestation: {
      sanctions_clean: bool,
      risk_tier:       low|medium|high|blocked,
      drift_score_bp:  u16,           // 0..10000
      evaluated_at:    u64,
      expires_at:      u64,
      signer_pubkey:   address,       // Veris MPC ring
      signature:       BLS_aggregate,
  },

  tx_intent: {
      counterparty: address,
      amount_usd_e6: u64,
      stablecoin:   bytes4,
      chain_id:     u64,
      category:     bytes32,
      nonce:        bytes32,         // Redis SETNX 30s
      expires_at:   u64,
  },

  revocation_witness: {
      tier:              u8,         // 1 immediate, 2 behavioural
      root:              bytes32,
      not_present_proof: bytes,
      tree_size:         u64,
  },

  proof_type: u8,    // 0x01 Ed25519 · 0x02 SP1 · 0x03 Halo2
  proof:      bytes,

  sealed_envelope: bytes,   // regulator-encrypted

  bundle_id_evm:     bytes32,  // keccak256
  bundle_id_circuit: bytes32,  // Poseidon
}
Invariant

Public-input layout is locked across Faz A and Faz B. The ZK partner substitutes proof_type and proof field content without touching any other byte of the schema.

Replay-proof per tx

Recursive signature binds nonce + expires_at + tx_intent. No bundle can ever be reused at a verifier on any network.

Pointer-based wire format

96-byte on-chain payload (hash + sig). Full bundle lives in multi-tier DA. Verify path is on-chain only, networks never store our bundles.

Audit-only field

sealed_envelope is never read by the verifier. It carries the full disclosure the regulator can unseal, encrypted under a threshold of their pubkey and the Oris MPC.

The promises we keep

Eight rules.
Every layer. Always.

INV-01

Signed everything.

Every layer output is Ed25519 or BLS signed by a registered Oris / Veris MPC key. Signature chains are audit-traceable to root.

INV-02

Default-deny.

Any layer failure or ambiguity defaults to deny. Compliance takes precedence over performance at every fork in the code.

INV-03

No proprietary DA.

Bundles never live exclusively on Oris-controlled infrastructure. Multi-tier DA guarantees protocol durability beyond Oris's existence.

INV-04

No vendor lock-in.

Networks query us, they never deposit value with us. Settlement remains the network's responsibility on its own balance sheet.

INV-05

Partner-ready interfaces.

Every layer exposes a public spec with at least one reference implementation. Partners drop in their own implementation against the spec.

INV-06

Standardised proof types.

L4 proof field is type-tagged. Adding a new proof type adds a verifier branch, never a new contract.

INV-07

Replay-proof per tx.

Recursive signature binds nonce + expires_at + tx_intent. No bundle can ever be reused, across networks, across time.

INV-08

Paranoid audit gates.

Every layer must pass forge/cargo test + coverage thresholds, static-analysis gates, and a Spearbit-grade review before the next layer starts.

What we never do

What Oris will never touch.

×Move money. No custody, no transfer, no settlement. Ever.
×Operate a stablecoin. We do not issue or back any settlement asset.
×Compete with payment rails. We do not become Base, Solana, Stripe, or Visa.
×Manage agent wallets. ERC-4337 smart accounts stay tenant-managed.
×Host agent inference. We do not run model traffic.
×Hold sealed-envelope keys alone. Always threshold, regulator + MPC.
Before you ship

Ship a safer
agent this week.

Talk to us about the spec, the verifier ABI, and an issuer key. Ten minutes saves a quarter of legal review.

Talk to us See it work