Skip to content

EVIDENCE.md

Latest commit

 

History

History
107 lines (86 loc) · 6.68 KB

EVIDENCE.md

File metadata and controls

107 lines (86 loc) · 6.68 KB

Evidence: Aperture on Moca Chain testnet

All artifacts below are real and reproducible on Moca Chain testnet (chain id 222888, explorer https://testnet-scan.mocachain.org). All listed transactions confirmed on-chain with status 1, the 43-test suite re-run green, and the 503/catalog endpoints re-checked.

Deployed contracts

Contract Address
Groth16Verifier (from real payment.zkey) 0x6F1FEb4D4051A994638298c5E3cc0cEdC50B8ee5
PolicyRegistry 0x9aa8f0bfb9f2f6246F54A5B017c97AE6aa89bCD0
ComplianceEscrow v2 (gasless EIP-712) 0x276E394A95a3e8407497262d154b8dB415d9b4E1
ComplianceEscrow v1 0x786F0935299D1A15f585D42Edf8c4e451B48FEA7
TestERC20 (atUSD, real ERC-20) 0xae9DBb6F08aD1D24BFC2698a4C5A32A9A472FFfb
AgentRegistry (DID resolver) 0xE943CdBe65EE680749C344890278a5758Ee52780

Operator / deployer: 0xF63CCda7f67B1a2b1F767705d61b2146563479EC

Live transactions

What Tx
Groth16Verifier deploy 0x1c3e0957...f64d6d69
PolicyRegistry deploy 0x9320fba7...cecf35105
ComplianceEscrow v1 deploy 0x7f388541...e05b630b
ComplianceEscrow v2 deploy 0x69adb455...f9a46b4a
AgentRegistry deploy 0x942d1622...24ea7f5a
TestERC20 deploy 0x6c9c2544...549bd2592
initializeOperator 0x39a97afd...c199ffa378
registerPolicy 0x41c35797...d4607a318
deposit (lock) 0xc2557067...e4267894
ZK-gated release (cast) 0x302fe4f9...424ea366f
ZK-gated release (viem client) 0xaf1c78fc...68dee920
Gasless release (EIP-712 meta-tx, relayer-submitted) 0x096bdfeb...8f41dfe3
AgentRegistry DID register 0x72ce52b5...f10d6291

Notable results, readable on the explorer / via the client:

  • ZK-gated release: a real Groth16 proof from payment.circom was verified on-chain and released 5 atUSD to 0x...bEEF.
  • Gasless release: the operator signed an EIP-712 PaymentAuthorization off-chain and a separate relayer submitted it; the operator's native MOCA balance was unchanged by the payment.
  • DID resolution: did:moca:aperture-agent-1 resolves over the Moca RPC to the operator account 0xF63CCda7f67B1a2b1F767705d61b2146563479EC, the account whose ZK-gated payments are recorded in ComplianceEscrow.

Test suite

forge test --ffi (escrow tests generate real Groth16 proofs via FFI):

Ran 3 test suites: 43 tests passed, 0 failed, 0 skipped
  PolicyRegistry.t.sol      20 passed
  ComplianceEscrow.t.sol    13 passed   (real proofs + gasless EIP-712 path)
  AgentRegistry.t.sol       10 passed

AIR Kit (Faz 1 and 2)

  • AIR Account login works: a real AIR Account smart wallet (0x5a8bb276f77360b3fBEc25285594d159B846F0f1) logged in, and the dashboard signin now offers AIR Account login alongside wallet login.
  • Partner JWT + JWKS are validated by AIR: the REST issue-on-behalf call advanced from 401 Invalid x-partner-auth to 403 issueOnBehalf is not allowed once the JWKS was registered, proving the signature/JWKS chain works.

Moca-side blockers (not our integration)

These are verified directly with curl, independent of any browser, so they are not CORS or client artifacts. Our integration code is complete and waits on these Moca services.

Captured 2026-05-29 22:27 UTC:

# AIR Kit credential subsystem - HTTP 503 (AWS ALB: no healthy backend)
GET https://credential-widget.sandbox.air3.com/        -> HTTP 503
GET https://credential.api.sandbox.air3.com/           -> HTTP 503
GET https://credential-moca.api.sandbox.air3.com/      -> HTTP 503
  • Faz 2 (issue/verify round-trip): blocked. The AIR Kit credential service is not serving (503). Our JWKS, Partner JWT, on-chain-derived credentialSubject and both the server-side and client-side issuance paths are implemented. When Moca brings the credential service online we will wire it through and validate end to end; some adjustments may be needed once the live API behavior is observable.

Catalog API (Bonus) - working

The catalog is NOT on the api.*.mocachain.org/v1 host (those /catalog/* routes return 404). It is served from the credential API host. Verified live 2026-05-29:

GET https://api.sandbox.mocachain.org/v1/catalog/programs            -> HTTP 403/404 (no catalog on this host; code varies by gateway)
GET https://credential-testnet.api.sandbox.air3.com/catalog/schemas  -> HTTP 200 (total 90)
GET https://credential-testnet.api.sandbox.air3.com/catalog/programs -> HTTP 200 (total 91)

moca/credential-service includes a read-only catalog reader (npm run catalog) that browses ecosystem schemas and programs against this live endpoint. Our own "Aperture Verified Agent" schema (01KSTQK70XGFBT558HRHFB) is not listed in the public catalog (the API returns "Schema not found" for it), which is expected since it has not been published to the catalog.