Nexario

Nexario — Authority Leasing Infrastructure for Autonomous AI Agents

(Yes, it's ERC-7710 redelegation. We gave it a fancier name because "delegation chain depth 3" doesn't fit on a pitch deck — but the feedback loop it creates is real: every execution consumes authority, every execution updates reputation, and future authority decisions depend on reputation.)

THE CORE IDEA

Users sign once with MetaMask Flask. That single ERC-7715 permission grant delegates a bounded USDC budget — with amount, duration, scope, and delegation depth constraints — to a coordinator agent. The coordinator plans multi-step tasks and redelegates authority to specialized sub-agents via ERC-7710. Each sub-agent redeems its delegation through 1Shot's gasless relay, paying fees in USDC from the user's delegated budget. A Venice-powered oracle writes execution proof to an on-chain ReputationRegistry after every task. Zero ETH. Zero extra popups. Full auditability.

→ Full code references for all integrations: https://github.com/0xZaid10/Nexario#smart-accounts-kit--code-references

METAMASK SMART ACCOUNTS KIT

MetaMask Flask is the only signer in Nexario. We use the ERC-7715 wallet_grantPermissions method to create an erc20-token-periodic permission — the user sets a USDC budget (e.g. $1) and duration (e.g. 1 hour). MetaMask Flask returns a permissionsContext: a 2882-byte ABI-encoded delegation object containing the full ERC-7710 delegation chain rooted at the MetaMask DelegationManager (0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3), which is an EIP-7702 stateless delegator deployed by MetaMask.

This permissionsContext is stored in our SQLite backend and restored across browser reloads — so users never need to re-authorize within the session window. Even when the browser is closed, the backend scheduler can fire autonomous tasks using the stored context.

The ERC-7710 redelegation chain works as follows: the user's Flask wallet signs the root delegation via ERC-7715. The Nexario coordinator acts as the root delegate. For each sub-agent dispatched, the coordinator creates a scoped sub-delegation with tighter constraints. Each sub-agent redeems its sub-delegation through 1Shot's relayer, which validates the full chain cryptographically on-chain before executing. If the user revokes the session, all future relay attempts fail immediately — no backend changes needed.

Critical implementation note: the wallet_grantPermissions response contains both a permissionsContext field and a context field. The actual ABI-encoded delegation is in context — not permissionsContext. This distinction is undocumented and cost us significant debugging time. See Feedback & Reflections in the README for full technical details.

→ Code references: src/lib/delegation/authorize.ts · src/lib/delegation/build.ts · src/services/taskRunner.ts · src/services/delegationTracker.ts

1SHOT API

1Shot is the gasless relay layer that makes every on-chain action in Nexario possible without ETH. We use all five 1Shot relay methods plus real-time webhook callbacks.

relayer_getCapabilities — called on startup to fetch supported chains, accepted tokens (USDC on Base), target addresses, and fee collector addresses. Cached per chain.

relayer_getFeeData — called before each agent execution to get the current relay fee quote. Always $0.01 USDC on Base. Used to build the relay fee execution.

relayer_estimate7710Transaction — pre-flight estimation with the full execution bundle before submitting. Catches delegation chain errors, budget exhaustion, and enforcer rejections before any gas is spent. If estimation fails, we fall back to getFeeData context.

relayer_send7710Transaction — the core method. Called once per agent per task. Each call submits an ERC-7710 bundle containing: (1) relay fee transfer to 1Shot feeCollector, (2) agent fee transfer to the agent wallet, and optionally (3) the user's intended action (e.g. USDC transfer to a recipient). All three outputs land in a single Base mainnet transaction — one Basescan entry, one gas cost, paid entirely in USDC from the user's delegated budget.

relayer_getStatus — polling fallback to resolve the real on-chain transaction hash from the 1Shot task ID. Used as backup when the webhook hasn't fired yet.

Webhooks — Nexario registers a webhook endpoint at https://api.nexario.buzz/api/webhook/oneshot. 1Shot POSTs real-time callbacks on every transaction: type: 4 (pending/submitted) and type: 0 (confirmed with full receipt including transaction hash, block number, gas used, and full RedeemDelegations event logs). The webhook fires before polling resolves — transaction hashes appear in the user's drawer the moment the block confirms on Base. The webhook payload format uses { type: 0|4, data: { id, chainId, receipt } } — different from the M2M platform format, reverse-engineered from live payloads.

Live confirmed transactions on Base mainnet:

• 0x5b2df6...79466 — multi-agent pipeline (research + audit + report)

• 0xf64918...42e49 — executor USDC transfer bundled with agent fees

• 0xe9dff0...8ac7 — TEE agent relay (counsel + intelligence)

• 0x9a75c4...3b065 — webhook-confirmed before polling resolved

• 0x414821...0972e — Uniswap v4 risk analysis pipeline

→ Code references: src/lib/oneshot/relay.ts · src/lib/oneshot/estimate.ts · src/lib/oneshot/status.ts · src/lib/oneshot/webhook.ts · src/api/routes/routes.ts

VENICE AI

Venice AI is the inference backbone. Every agent except the Executor runs on Venice. We use 8 different Venice model families across 10 agents — each selected for the agent's specific task requirements.

Coordinator uses Venice's Qwen3 235B (qwen3-235b-a22b-instruct-2507) for complex multi-step task planning and final result synthesis across all sub-agent outputs.

Research uses Venice's Kimi K2.6 (kimi-k2-6) with Venice's native web search enabled — fetching live ETH prices, DeFi protocol TVL, gas fees, on-chain wallet history, and market data without external APIs.

Audit uses Venice's Qwen3 235B in Thinking mode (qwen3-235b-a22b-thinking-2507) — extended step-by-step reasoning for smart contract risk analysis and financial exposure assessment.

Report uses Venice's Kimi K2.5 (kimi-k2-5) for executive synthesis, plus Venice TTS to generate MP3 audio summaries included with every task result.

Counsel uses Venice's Qwen3 6.35B TEE (e2ee-qwen3-6-35b-a3b) — a hardware-attested secure enclave. Legal analysis, contract review, and compliance questions processed with zero data retention. Not stored, not logged, not trained on.

Intelligence uses the same Venice TEE model for competitive research — market analysis, competitor intelligence — with full privacy.

Reflection uses Venice's Gemma 4 26B TEE Uncensored (e2ee-gemma-4-26b-a4b-uncensored-p) — Venice's uncensored TEE model for personal journaling, wellness content, and sensitive personal reasoning.

Reputation uses Venice's Kimi K2.6 with web search for on-chain wallet identity scoring and trust analysis.

Monitor uses Venice's Qwen3 5.9B (qwen3-5-9b) — lightweight and fast for autonomous condition watching.

The coordinator runs a two-stage privacy classifier on every message before planning — fast keyword scan then Venice classification call. Score above 65 automatically routes to the appropriate TEE model. Legal → Counsel. Competitive → Intelligence. Personal → Reflection. No user configuration.

→ Code references: src/lib/venice/chat.ts · src/lib/venice/agentClient.ts · src/lib/venice/media.ts · src/lib/privacy/classifier.ts · src/agents/coordinator.ts

x402 PAYMENT PROTOCOL

All 10 Nexario agents expose standard HTTP 402 paywalls on POST /api/agents/:agentId/call. When called without a payment proof, the endpoint returns:

HTTP/1.1 402 Payment Required
X-Payment-Required: true
X-Payment-Amount: 100000
X-Payment-Token: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
X-Payment-Recipient: {agent wallet}
X-Payment-Chain: 8453
X-Payment-Method: x402+1shot

The X-Payment-Method: x402+1shot header is our extension of the x402 protocol — it signals that payment should flow through 1Shot's ERC-7710 relay rather than a direct on-chain transfer. The caller pays via 1Shot (receiving a task ID as proof), then retries with the X-Payment-Proof header. Within Nexario's coordinator loop, this entire x402 cycle is automated from the user's delegated budget.

→ Code references: src/api/routes/agents.ts · src/lib/x402/agentPayment.ts · src/lib/venice/x402.ts

ON-CHAIN REPUTATION

After every task, a dedicated oracle wallet (0x1C280993F1423dc3DC050aFE5bfe5FbBDb7b05c3) writes reputation tags to our ReputationRegistry (0xDf2Fbb3fa60ebB1214b782697707cEec14Ae4F82) on Base mainnet. Tags written per task: revenues, successRate, responseTime, delegationDepth, caveatCompliance. The 1Shot task ID is used as the feedbackHash — proving a real payment occurred before reputation was written. Reputation is unforgeable: you cannot write a positive score without having actually paid for and completed a task.

→ Code references: src/services/reputationWriter.ts · contracts/src/registry/ReputationRegistry.sol

CONTRACTS (BASE MAINNET)

• AgentRegistry: 0x3a7C05101aC0Bb99e06026855459d376d7906f15 — ERC-721 NFT registry. Each of the 10 agents is a token with base64-encoded JSON metadata URI.

• ReputationRegistry: 0xDf2Fbb3fa60ebB1214b782697707cEec14Ae4F82 — oracle-gated tagged feedback per agent.

• AuthorityLeaseRegistry: 0x5D20459A2C49D5Ba7E5aB0389baaAbFe6F58f2a4 — tracks authority leases with budget, depth, and delegation hash.

• MetaMask DelegationManager: 0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3 — EIP-7702 stateless delegator, validates full ERC-7710 chain on-chain before 1Shot executes.

AUTONOMOUS OPERATION

Sessions are stored in SQLite with the full permissionsContext. The node-cron scheduler fires recurring tasks using the stored context — even when the browser is closed. A Binance WebSocket monitor (wss://stream.binance.com/ws/ethusdt@trade) watches price conditions and fires full agent pipelines autonomously when triggered. Results are saved to chat_messages and replayed via SSE when the user reconnects.

→ Code references: src/services/scheduler.ts · src/lib/monitor/priceWatcher.ts · src/services/chatMessages.ts

Architecture + Contracts

- Designed authority leasing model on top of ERC-7715 + ERC-7710 + ERC-8004 stack

- Deployed 3 custom smart contracts on Base mainnet: AgentRegistry (ERC-8004 NFTs), ReputationRegistry (oracle-gated feedback), AuthorityLeaseRegistry (budget + depth tracking)

- Registered all 10 agents as ERC-8004 NFTs with on-chain metadata URIs containing Venice model IDs, TEE status, x402 support, capabilities, and A2A endpoints

- Integrated MetaMask Flask ERC-7715 wallet_grantPermissions flow — discovered exact context field format (2882-byte ABI-encoded delegation), correct target address (1Shot), and permission data structure through extensive testing

Core Orchestration Engine

- Built full task orchestration pipeline: coordinator planning → Venice sub-agent execution → 1Shot relay → Venice oracle reputation writes

- Integrated all 5 1Shot API methods: relayer_getCapabilities, relayer_getFeeData, relayer_estimateFee, send7710Transaction, relayer_getStatus

- Built 10 specialized Venice AI agents across 8 model families (Qwen3 235B, Kimi K2.6, Kimi K2.5, Qwen3 235B Thinking, Qwen3 6.35B TEE, Gemma 4 26B TEE Uncensored, Qwen3 5.9B, Venice TTS)

- Coordinator auto-detects content sensitivity and routes to Venice TEE models (counsel, intelligence, reflection) without user configuration

- Executor agent builds pure calldata for on-chain USDC transfers — bundled as 3rd execution in 1Shot relay alongside relay fee and agent fee

- x402 HTTP 402 paywalls on all 10 agent endpoints with X-Payment-Method: x402+1shot

Hardening + Debugging

- Fixed ERC-7715 permissionsContext extraction — discovered context field (not permissionsContext field) contains the ABI-encoded delegation for 1Shot

- Fixed oracle nonce collisions — sequential writes with global nonce counter across all agent reputation writes

- Fixed ERC-7715 ORACLE_PRIVATE_KEY missing from env schema (was falling back to deployer key = agent owner = contract revert)

- Resolved 1Shot send7710Transaction parameter format through iterative testing

- Real tx hash resolution via relayer_getStatus — frontend shows actual Basescan link, not 1Shot task ID

- Budget enforcement in executor — blocks transfers exceeding remaining session budget

- Venice 429 rate limit handling — retry logic with exponential backoff for planning and synthesis

- SSE named event fix — switched to unnamed events so EventSource.onmessage fires correctly

Features + Frontend

- Autonomous scheduled tasks firing via node-cron with stored permissionsContext — works with browser closed

- Persistent chat sessions restored from backend on reload — permissionsContext fetched from database, no re-authorization needed within session window

- Full message persistence in SQLite with SSE replay buffer for autonomous task results

- Transaction details drawer in frontend — agent name, fee, real Basescan tx hash per agent

- Session budget tracking — deducts actual fees paid (not sub-task budget allocation)

- On-chain reputation accumulating across 50+ confirmed 1Shot relay transactions on Base mainnet

Bootstrapped - Self-funded solo project. Built and deployed entirely independently during the hackathon.