TL;DR: Proofly is a did:t3n agent you delegate a compliance check to. Using Terminal 3's Agent Auth SDK, the data owner signs a scoped grant that lets the agent run exactly one function β verify β and nothing else; the host enforces it natively (no rogue functions, no rogue egress). The agent reads sealed credentials inside an Intel TDX enclave and returns an SD-JWT + OID4VP presentation disclosing only a signed yes/no β zero PII crosses the network.
| What you're judging | Where to look |
|---|---|
| π Live demo | proofly.edycu.dev |
| π¬ 90-sec pitch video | watch |
π Agent Auth implementation (scoped agent-auth-update grant + native enforcement) |
agent/src/authz.ts Β· agent/src/index.ts |
| π§ The agentic flow (problem β delegate β verify β selective disclosure) | Architecture & Flow Β· contract/src/lib.rs |
| β Stability (CI: lint, typecheck, 100% backend coverage, E2E, SAST, secret scan) | Engineering Harness Β· CI runs |
| π Onboarding bug + doc-gap report (the $200 track) | docs/ONBOARDING_BUG_REPORT.md |
| π Why only Terminal 3 | docs/SPONSOR_DEFENSE.md |
Run it in 60s:
cd agent && npm install && npm run dev(agent on :3001), thencd board && npm install && npm run dev(UI on :3000). Without anAGENT_KEYthe agent boots in demo mode; set one from the T3 claim page for live auth.
β Maya β Lisbon Β· passes adult-eu-nosanction β disclosed { result: true }
|
β Dmitri β sanctioned Β· fails with reason β { result: false }
|
The Flow: Verifier requests a compliance proof (e.g.
over_18 β§ country β EU β§ not_sanctioned) β Proofly loads user's sealed SD-JWT credentials inside the TEE β evaluates policy criteria on plaintext inside isolated memory β issues an SD-JWT selectively disclosing only the boolean result β packages the credential into an OID4VP Verifiable Presentation (vp).
Every app that gates on age, KYC, or jurisdiction collects raw identity documents to verify a single boolean. That's a honeypot: GDPR/CCPA liability, data breach exposure, and massive user drop-off. For AI agents acting on a user's behalf, it is even worse: an autonomous script is copying and pasting passports between services. The verifier never wanted the passport β it wanted a trustworthy "yes" or "no."
Proofly is a did:t3n-verified privacy agent. The user's underlying credentials are decrypted only inside a Trusted Execution Environment (TEE).
- Zero-PII Disclosure: The agent evaluates rules inside the enclave and exports only a signed boolean proof of compliance. Absolutely no birth date, country string, or name crosses the network.
- Dynamic Policy Engine: Composable compliance rules:
age>=18 AND country IN (EU) AND NOT sanctioned. - Tamper-Proof Audit logs: Records every disclosure (verifier, user, policy, timestamp, and signature hash) inside the enclave KV store.
flowchart LR
subgraph App["Integrating app (VC verifier)"]
REQ[presentation request:\n claims + predicate]
end
subgraph Proofly["Proofly agent (did:t3n)"]
API[/POST /verify/]
PE[Policy β required claims]
CLI[T3nClient.executeAndDecode]
end
subgraph T3["T3N TEE (Intel TDX / Wasmtime)"]
DISP[proof contract: dispatch]
VP[vp: build Verifiable Presentation]
SIGN[signing: SD-JWT selective disclosure]
PROF[(user-profile: sealed claims)]
end
REQ --> API --> PE --> CLI -->|execute fn| DISP
PROF --> DISP --> SIGN --> VP --> CLI --> API -->|"VP disclosing only required claims"| App
Proofly -. did:t3n .-> REG[did-registry / agent-registry]
- Verify Request: The verifier requests compliance check
adult-eu-nosanctionfor a user did. - Retrieve Profile: Enclave retrieves user's encrypted credentials from the
user-profilehost interface. - Evaluate: Enclave contract decrypts profile under
cluster CEKand checks rules. - Selectively Disclose: Enclave
signinggenerates SD-JWT disclosing only{ result: boolean }, andvppackages it as an OID4VP Verifiable Presentation. - Log Audit: Enclave saves the audit entry inside the isolated KV store.
Primary track β Agent Auth SDK. The data owner signs an agent-auth-update that scopes the Proofly agent to exactly its verify-policy / create-policy / get-health functions and api.terminal3.io egress. T3N enforces this natively at the host layer β an out-of-scope function or host fails with host/agent-auth.unauthorized_function / host/http.egress_denied. We construct the real grant payload in agent/src/authz.ts (buildAgentAuthUpdateInput).
We use seven distinct Terminal 3 host capability interfaces:
agent-auth(agent/src/authz.ts): Scopes the agent to its functions + egress allowlist via a signedagent-auth-updategrant (the bounty centerpiece).signing(contract/src/lib.rs:196): Generates SD-JWT selectively-disclosed credentials inside the hardware VM.vp(contract/src/lib.rs:208): Packages credentials as OID4VP Verifiable Presentations.user-profile(contract/src/lib.rs:95): Stores and retrieves encrypted user profiles securely.kv-store(contract/src/lib.rs:67): Manages registered policies and audit logs.did-registry&agent-registry(agent/src/identity.ts): Resolves the agent'sdid:t3nidentity and discoverable agent URI.- TEE Attestation (Intel TDX): Enforces execution of compiled WASM logic inside hardware-secured VMs.
- Node.js β₯ 20
- Rust & Cargo (with
wasm32-wasip2target) - npm
-
Clone the repository:
git clone https://github.com/edycutjong/proofly.git cd proofly -
Build the Rust WASM contract:
cd contract rustup target add wasm32-wasip2 cargo build --target wasm32-wasip2 --release cd ..
-
Install & run the standalone backend Agent Service:
cd agent npm install npm run devThe agent boots on
http://localhost:3001and connects to the live Terminal 3 agent network. -
Install & run the frontend portal:
cd board npm install npm run devOpen
http://localhost:3000to view the Proofly Dashboard.
Production Proxy Pattern: The frontend portal automatically routes compliance verification requests to the live Agent Service at
http://localhost:3001.
We enforce a production-grade 6-stage engineering harness (Quality β Security β Build β E2E β Perf β Deploy Gate) running on every commit.
| Layer | Tool | Status | Details |
|---|---|---|---|
| Code Quality | ESLint + TypeScript strict check | β Passing | Zero warnings/errors across whole monorepo |
| Unit Testing | Vitest with Coverage | β Passing | 18+ tests with 100% backend code coverage |
| E2E Testing | Playwright (Desktop & Mobile) | β Passing | 3 test suites, 12 assertions passing on every commit |
| Security (SAST) | GitHub CodeQL | β Active | Continuous static application security scanning |
| Security (SCA) | Dependabot + npm audit |
β Active | Inline dependency audits on build, weekly security PRs |
| Secret Scanning | TruffleHog | β Active | Inline git history scanning to prevent credential leaks |
| Performance | Lighthouse CI | β Active | Accessibility (>=90%), Performance, Best Practices, and SEO gates |
| CI/CD Pipeline | GitHub Actions | β Active | Parallelized multi-stage orchestrator with concurrency controls |
# ββ Code Quality & Unit Tests βββββββββββββββ
npm run ci # Full lint + typecheck + unit coverage (in board/)
npm run lint # Run ESLint check
npm run typecheck # Compile-check TypeScript types
# ββ E2E & Performance Tests ββββββββββββββββββ
npm run e2e # Run Playwright E2E suites (demo mode)
npm run e2e:ui # Playwright interactive runner
npm run lighthouse # Lighthouse CI audit local build| Suite | Focus | Status |
|---|---|---|
| Key Custody Test | Asserts that generated keys/signatures are restricted to TEE memory and never leak to disk/env/logs | β Passing |
| Happy Path Suite | Verifies Maya (Lisbon, age 24, PT) successfully passes adult-eu-nosanction |
β Passing |
| Age Gate Check | Verifies Leo (minor) fails age checks and returns failure reason | β Passing |
| Sanction Check | Verifies Dmitri (sanctioned) fails sanctions checks and returns failure reason | β Passing |
| Zero-PII Boundary | Verifies that no birth date, country code, or name is present in verifier payload | β Passing |
| Audit Logs | Verifies logs are recorded, searchable, and filterable | β Passing |
| Boundary Matrix | Validates 100 distinct parameterized age checks | β Passing |
We ran 200 iterations of the AND-composed policy-evaluation step (claim comparison) in-process, mirroring contract/src/lib.rs:verify_policy.
Scope: This measures the deterministic evaluation logic, not a live T3N enclave round-trip (handshake + encrypted channel + Wasmtime execution + SD-JWT/VP packaging), which is network-bound. Numbers are fully reproducible:
python3 scripts/bench.py- Mean: 0.000611 ms
- p50 (Median): 0.000292 ms
- p95: 0.000625 ms
MIT Β© 2026 Edy Cu