auth.service.ts oauth.service.tsemail.service.tsauth.routes.ts LinkedWallet modelkyc.service.ts kyc.routes.tsadmin-kyc.service.ts admin.routes.tsmultisig.service.ts TrustAnchorManager.solTrustAnchorManager.sol blockchain.service.tsTrustAnchorStorage.sol bot.service.ts erc8004.routes.tspayment.service.ts Subscription modelgetCompositeScore() from RMT oracle → identity portal bot directory · needs RMT S30b + testnet oracle deploymentPageRankOracle.sol rmt-sdkverification/MachineConsentHelper.sol — parent-child delegation trees, scoped permissions, revocable branches, rate-limited tokensMachineConsentHelper.sol- 01Merge main → feature/identity-foundation (get Gemini dispatch helper + framework updates)HIGH
- 02Concurrent double-submit coverage gap — admin action race conditionMED
- 03Prisma error propagation coverage gapMED
- 04listUsers null edge cases in enrichment pathMED
- 05AuditTrailPage filter propagation + pagination controlsMED
- 06Vite production build verification added to CILOW
Build the software-only proof-of-human abstraction. Three providers in priority order:
P1: Apple App Attest + Face ID — every iPhone, no hardware Orb, strong PoH
P1: Google Play Integrity — every Android, complementary to Apple
P2: NFC Passport Chip — government-grade, zero biometrics stored
Research needed: ZK proof layer over platform attestation, credential aggregation formula, regulatory mapping per jurisdiction. CLI deliverable: humanproof verify --provider apple
Extend MachineConsentHelper.sol to support parent→child delegation with scoped permissions. Flat delegation (Worldcoin: 1 agent/human) vs hierarchical trees (ours: unlimited depth, scoped, revocable). Dual-consent state machine for upgradeToVerified(): SELF_REGISTERED(500bp) → ANCHOR_VERIFIED → FULLY_VERIFIED(2000bp). Research: is 3-state necessary? What's the KYC confidence weight at each tier? 3-model convergence required (Claude+Codex+Grok) before coding.
Compromised Trust Anchor = all child bots compromised. deregisterTrustAnchor() must walk the botToTrustAnchor mapping and cascade deregistration. This is NOT a nice-to-have — it's critical safety infrastructure. No identity system is trustworthy without revocation. Design: batch walk vs recursive vs event-driven? Gas cost analysis needed on Base.
| Dimension | Worldcoin | Us |
|---|---|---|
| Verification | Orb hardware (iris scan) | Software-only (Apple/Google/NFC) |
| Distribution | ~300 Orb locations | Every iPhone/Android globally |
| Agent delegation | Flat (1 agent/human) | Hierarchical trees, scoped |
| Developer UX | React widget, web3-heavy | CLI-first, REST API, agent-native |
| Regulatory | Banned 7+ countries | No biometric collection |
| Protocol | OPRF MPC, multi-ZK complex | Simpler, auditable |
Layer 3 (Shyft Trust Channels / KYC identity) already provides sybil deterrence via identity cost. This means Layer 2 (RMT PageRank) should measure competence and behavioral trust — not fight sybils. The algorithmic sybil detection suite's job is evidence collection for the identity layer, not primary defense. This was confirmed by ablation: 22 of 33 parameters had zero impact. 3 parameters + trust channels = sufficient.
- 01Wire
getCompositeScore()to rmt-dashboard consumers · IC-S29-4HIGH - 02Fix IC-S28b-7:
oracle=address(0)→ registrationEpoch=0, re-registered bot inherits max decayHIGH - 03Implement citation freshness weighting — unanimous P0, timestamp field exists in EAS, zero schema changesHIGH
- 04Update RMT_SOURCE_OF_TRUTH.md — stale since S28b, pre-dates S29+S30aMED
- 05Design S31 stablecoin fee migration (
rmtToken.safeTransferFrom→ USDT/USDC path)MED
Auto-research running today (qwen3:8b) shows sybil-ring detection at 0% caught — structural not parametric. Root cause: α=0.614 is optimal for synthetic graphs but α=0.85 is optimal for real-world (Bitcoin Alpha/OTC, XBlock 2.97M, AUC 0.960). FP 17-22% at α=0.85 is structural. Fix: extract graph topology stats (density, reciprocityRatio, powerLawExponent) → classify synthetic-like vs real-like → select alpha dynamically. New detectors: coordinated low-rank exploitation, cross-alpha anomaly detection.
2-state or 3-state? SELF_REGISTERED(500bp) → ANCHOR_VERIFIED(1500bp?) → FULLY_VERIFIED(2000bp). Dual-consent: proposeVerification() + acceptVerification(), 72h expiry. KYC confidence weight formula: how does attestation tier translate to score composition multiplier? Must converge before S31 coding begins. Models: Claude+Codex+Grok.
RMT = score marker, NOT payment token (Grok CTO confirmed, 2018 whitepaper). Current ReputationEngine.sol uses rmtToken.safeTransferFrom — must refactor to stablecoin. 70/30 TA/protocol split. Registration bond sizing: ETH vs USDC? Logarithmic escalation at 1000s of bots cross-chain? Economic deterrence vs algorithmic detection — which is cheaper to build and harder to game? Models: Claude+Grok+Gemini (economics).
| ID | Attack | Status | Next action |
|---|---|---|---|
| AV-2–6,8 | Seed gaming, rings, carousel, cluster, staircase, cooldown | DONE | Monitor only |
| AV-1 | Sybil flooding | PARTIAL | Fan-in AV-7 completes defense |
| AV-7 | Fan-in / star topology (>8 citers, ≥70% low-score) | S30b | Threshold defined — implement in SybilDetector.ts |
| AV-9 | Epoch freeze exploitation | PARTIAL | MAX_EPOCH_GAP in S29 — monitor in production |
| AV-10 | Bootstrap bridge (cold start window) | RESEARCH | Phase 8 + citation velocity thresholds |
| AV-11 | TA collusion (graduated staking) | RESEARCH | UR-7: 1/5/10 ETH staking tiers — new contract |
| Connection | Status | What's needed |
|---|---|---|
| Reputation score on bot cards | NOT BUILT | S30b getCompositeScore() → bot.service.ts API → frontend BotCard |
| Verified TA → 2000bp seed | CODE DONE · NOT DEPLOYED | SeedPopulator reads verifiedBots[bot] from ReputationEngine on testnet |
| Cherry-pick BotWizard for RMT track | PLANNED | Grok: cherry-pick only, don't merge full identity branch into RMT |
| Same-anchor citation dampening | RESEARCH | Cross-model confirmed: agents under same TA citing each other carry less weight |
| upgradeToVerified() ↔ KYC tier | RESEARCH | KYC approval event → trigger score seed upgrade on-chain |
- Merge main → identity branch
- 5 identity coverage gaps closed
- getCompositeScore() wired to dashboard
- Citation freshness in oracle (P0)
- RMT SOURCE_OF_TRUTH updated
- Multi-sig ceremony (2 admin wallets)
- Deploy 5 contracts (~2.5hrs)
- Live Postgres + TLS domain
- Event indexer → real chain data
- First developer becomes Trust Anchor
- upgradeToVerified() state machine
- Fee architecture (USDT refactor)
- Revocation cascade design
- Phase 8 topology-aware alpha
- PoH provider stack design
- S31: upgradeToVerified() on-chain
- S26: Reputation scores in portal
- Multi-provider PoH module (Apple/Google)
- Hierarchical delegation trees
- First external beta user (May target)
deregisterTrustAnchor() walks botToTrustAnchor. Gas cost on Base. Models: Claude+Codex.