Web3 & AIVM Primer
AI agents are starting to take on-chain actions — sending payments, calling contracts, making financial decisions. I came across ChainGPT while wandering. This is a primer on Web3 and ChainGPT's AIVM — what it is, how it works, and how the pieces fit together.
1. What AIVM Actually Is
AIVM (AI Virtual Machine) is ChainGPT’s purpose-built Layer-1 blockchain for decentralized AI. Think of it as Ethereum, but optimized for AI workloads instead of just financial transactions.
It’s built on Cosmos SDK (not Ethereum), uses Tendermint consensus, and has four specialized modules that no other L1 has: AI, Compute, Data, and Registry — with specialized validator sets for the first three.
The core thesis: Today AI is centralized, expensive, and opaque. Three companies own the GPUs and the black-box models. AIVM decentralizes the entire stack — compute, models, data, and verification — on a blockchain.
The Big Picture: The Agentic AI Economy Stack
2. The Four Core Primitives
2.1 Policy Oracle
”Cryptographic guardrails that intercept, evaluate, and enforce agent action before execution”
What it does: Before an AI agent executes anything on-chain (send funds, call a contract, access data), the Policy Oracle checks: “Is this agent authorized to do this? Does this action comply with the rules?”
Think of it as a firewall for AI agents
- Agent tries to execute
transfer(100 CGPT) - Policy Oracle intercepts the transaction before it hits the mempool
- Evaluates against the agent’s policy: spending limits? approved destinations? time-of-day restrictions?
- If pass → execution proceeds. If fail → transaction rejected with cryptographic proof of why
Why this exists
Autonomous agents handling real money need guardrails that cannot be bypassed by the agent itself. An LLM can hallucinate; a smart contract can’t. The Policy Oracle is the on-chain enforcement layer — it doesn’t rely on the agent “behaving well,” it cryptographically prevents bad behavior.
Technical implementation (likely)
Built as a Cosmos SDK module that acts as a pre-execution hook. Each agent registers a policy (stored on-chain). The module checks every transaction against the policy using zk-proofs so the validation itself is verifiable without revealing private policy details.
2.2 Agent Identity & Reputation — ERC-8004
What it is: An Ethereum draft standard (EIP-8004, proposed August 2025) that creates the passport system for AI agents. Authored by people from MetaMask, Ethereum Foundation, Google, and Coinbase.
Three on-chain registries
| Registry | Purpose | Analogy |
|---|---|---|
| Identity Registry | Each agent gets a unique on-chain ID (minted as an ERC-721 NFT). Points to an “agent card” JSON with name, capabilities, service endpoints (MCP, A2A, web), payment address. | Passport / business license |
| Reputation Registry | Interactions and feedback recorded against an agent’s identity. Numerical scores + categorical tags (response time, uptime, accuracy). | Yelp / credit score for agents |
| Validation Registry | Standardized mechanism to record verifiable evidence that an agent completed a task, produced correct output, met constraints. Supports multiple validation strategies (social consensus → crypto-economic slashing). | Notarized certificate of completion |
Why this matters for AIVM
Without identity, you cannot have accountability. ERC-8004 gives AIVM the identity layer it needs for the Policy Oracle to actually know who is acting.
ERC-8004 vs. existing identity systems
| System | Purpose | Built for agents? |
|---|---|---|
| OAuth | Human user authorization | No |
| DIDs (Decentralized Identifiers) | Entity identifiers | No |
| ENS | Human-readable wallet names | No |
| ERC-8004 | Agent-to-agent discovery, identity, reputation, validation | Yes — built from scratch for this |
2.3 Programmable Payments & Wallet Abstraction — x402
What it is: An open protocol by Coinbase that turns the HTTP 402 Payment Required status code into a real payment layer. The 402 code has existed in the HTTP spec since the 90s but was never implemented — x402 finally makes it work, using blockchain rails.
How it works (simplified)
- Agent calls an API endpoint
- Server responds:
HTTP 402 Payment Required+ invoice (amount, token, recipient address) - Agent’s wallet automatically pays the invoice on-chain (USDC on Base, Solana, Polygon, Arbitrum, or World — sub-cent fees, sub-second confirmation)
- Payment proof is attached to the next request — server verifies and serves the response
Why this matters for agents
Traditional payments require human interaction (credit cards, OAuth, subscription management). x402 enables machine-to-machine micropayments at the HTTP layer. An agent can pay fractional cents for a single API call, a data query, or a compute second — no human in the loop.
Settlement chains
x402 launched on Base (Coinbase’s L2) in May 2025 and added Solana, Polygon, Arbitrum, and World support. Base remains the primary chain by volume; Solana is a strong second thanks to ~$0.00025 fees and ~400ms slot times (full finality ~12.8s under Tower BFT). The x402 Foundation was announced with Cloudflare in September 2025, and V2 shipped in December 2025. As of March 2026: ~119M transactions on Base, ~35M on Solana, and roughly $600M annualized volume.
”Wallet Abstraction” in the JD
Refers to the idea that agents shouldn’t need to manage private keys and gas tokens directly. AIVM’s wallet abstraction layer would let agents hold and spend value without the friction of traditional crypto wallets — think session keys, smart accounts (ERC-4337 style), or on-chain payment channels.
Key x402 adopters
Cloudflare, Google, Vercel, Solana, Polygon, Stellar — major infrastructure players are already integrating.
2.4 Immutable Accountability — Execution Receipts
What it does: Every action an AI agent takes on AIVM produces a cryptographically signed, on-chain receipt. This creates a permanent, tamper-proof audit trail.
What goes into a receipt
| Field | Description |
|---|---|
agent_id | ERC-8004 identity of the acting agent |
task_hash | Hash of the task specification (what was requested) |
result_hash | Hash of the output (what was produced) |
proof | zk-proof or TEE attestation that the task was executed correctly |
executor | Which GPU node/data provider ran the task |
policy_check | Proof that the Policy Oracle approved the action |
payment_id | Reference to the x402 payment that settled it |
timestamp | Block height and time |
Why this matters
In a world with 1 billion AI agents, you cannot trust an agent’s word that it did what it was supposed to. Execution receipts provide cryptographic proof that can be verified by anyone. This is the foundation for: dispute resolution, regulatory compliance, insurance/underwriting for agent actions, and reputation scoring.
Analogy: If the Policy Oracle is the “firewall before execution” and ERC-8004 is the “passport system,” then Execution Receipts are the “receipt + security camera footage” — immutable proof of what happened, who did it, and whether it complied with policy.
3. AIVM Architecture — How the L1 Works
3.1 Foundation: Cosmos SDK + Tendermint
AIVM is not an EVM chain (not Ethereum-compatible like Polygon PoS, BNB Chain, or Avalanche C-Chain). It’s built on Cosmos SDK, a framework for building application-specific blockchains.
| Component | What it provides |
|---|---|
| Tendermint Core | Consensus engine (BFT — Byzantine Fault Tolerant). Block times ~6 seconds. Finality in one block (no reorgs). |
| Cosmos SDK | Modular framework. You pick which modules your chain needs (staking, governance, IBC). AIVM adds three custom modules. |
| IBC | Inter-Blockchain Communication protocol. Allows AIVM to transfer assets and data with any other Cosmos chain and (via bridges) Ethereum, Solana, etc. |
Key implication: Being on Cosmos SDK means AIVM can design its execution environment from scratch. They’re not constrained by EVM compatibility. They can build modules optimized specifically for AI workloads.
3.2 The Four Specialized Modules
| Module | What it manages | Analogy |
|---|---|---|
| AI Module | Registry of AI models (versioned, with metadata). Orchestrates tasks: user submits a job → AI module routes it to the right compute node and verification path. | Docker Hub + Kubernetes scheduler, but for AI models on-chain |
| Compute Module | Decentralized GPU marketplace. GPU providers register, stake $CGPT, bid on jobs. Tracks SLAs: did the GPU deliver on time? With correct specs? Builds provider reputation. | AWS spot market meets Uber surge pricing, but decentralized |
| Data Module | On-chain registry of datasets (hashes, not the data itself). Manages access permissions and tokenized licenses. Data owners earn royalties every time their dataset is used for training or inference. | Getty Images meets IPFS, with automatic royalty distribution |
| Registry Module | Maintains the canonical mappings between models, validators, and providers. The connective tissue that lets the AI, Compute, and Data modules reference each other consistently. | DNS for the on-chain AI stack |
3.3 Dual-Path Execution
AIVM uses two execution paths depending on the workload:
| On-Chain (small jobs) | Run directly in the AIVM runtime. Fully transparent, every step verifiable. Suitable for lightweight inference (small models), policy checks, identity lookups. |
|---|---|
| Off-Chain (heavy jobs) | Heavy inference or training runs on rented GPUs off-chain. Result comes back to AIVM with a ZKML-based zk-proof or TEE (Trusted Execution Environment) attestation that the chain verifies in milliseconds. You get GPU speed with on-chain verifiability. |
This is the key differentiator. Ethereum can’t run LLM inference on-chain (too slow, too expensive). Centralized clouds can run it fast but you can’t verify the result. AIVM’s dual-path model gives you both — GPU performance with cryptographic proof of correctness.
3.4 The Four Validator Types
| Validator Type | Role | Stakes | Can be slashed for |
|---|---|---|---|
| Core Validators | Standard consensus. Propose and validate blocks. | $CGPT | Downtime, double-signing |
| AI Validators | Verify that model outputs are correct. Run inference redundancy checks. | $CGPT | Approving incorrect model outputs |
| Compute Validators | Verify GPU providers delivered the compute they promised. Check SLA compliance. | $CGPT | Falsifying performance metrics |
| Data Validators | Verify dataset integrity. Ensure data hasn’t been tampered with. | $CGPT | Approving corrupted/tampered data |
The community elects these validators. Having specialized validator sets creates a three-layer audit on every AI task: was the model correct? was the compute honest? was the data clean?
4. $CGPT Token Economics
$CGPT is the utility token of the ChainGPT ecosystem, including AIVM. It’s not just a governance token — it’s the economic engine that powers the entire decentralized AI flywheel.
Token Flow (simplified)
Validators also earn $CGPT for verification. Treasury receives a slice for grants. Holders use $CGPT for governance voting.
| Role | Gets $CGPT for | Locks/Risks $CGPT for |
|---|---|---|
| Users (AI consumers) | — | Paying for AI jobs (locks tokens in escrow during execution) |
| GPU providers | Honest computation | Staking as collateral (slashed if they cheat) |
| Data providers | Every time their dataset is used | Staking for data integrity |
| Model creators | Royalties per inference call | Listing/staking to register models |
| Validators (all 4 types) | Verification work + block rewards | Staking to participate in consensus |
| Treasury | Receives % of fees | Funds grants, ecosystem development |
| Token holders | — | Governance voting power proportional to stake |
The flywheel: More AI jobs → more $CGPT locked in escrow → more demand for GPU/data providers → more providers stake $CGPT to participate → higher staking ratio → tighter supply → token value increases → attracts more providers and users. Usage drives demand, not speculation.
5. Where AIVM Is on the Roadmap
Current phase (May 2026): Public Testnet is live (launched Q1-Q2 2026). They’re running interactive on-chain campaigns, onboarding validators, and launching the GPU Marketplace Integration SDK.
Next phase (Q2-Q3 2026): Resource Network Expansion — automating GPU provider onboarding, deploying SLA enforcement, launching the decentralized compute marketplace.
Mainnet: TBD (targeted 2026). No fixed date published.
6. Code & Dataflow Examples
6.1 ERC-8004: Registering an Agent Identity
// ERC-8004 Identity Registry — simplified conceptual interface
// Based on EIP-8004 specification
interface IERC8004IdentityRegistry {
// Register a new agent identity. Returns the agent's on-chain ID.
function registerAgent(
string calldata name, // Human-readable agent name
string calldata agentCardURI, // IPFS/Arweave URI to agent card JSON
address paymentAddress, // Where the agent receives payments (x402)
string[] calldata endpoints, // MCP, A2A, HTTP endpoints
bytes calldata capabilities // Encoded capability descriptors
) external returns (uint256 agentId);
// Query an agent's metadata
function getAgent(uint256 agentId) external view returns (
string memory name,
string memory agentCardURI,
address owner,
address paymentAddress,
uint256 registeredAt,
bool active
);
// Update agent endpoints (only owner)
function updateEndpoints(uint256 agentId, string[] calldata endpoints) external;
// Revoke an agent identity (marks as inactive, not deletable — immutable)
function revokeAgent(uint256 agentId) external;
}
// Agent Card JSON (off-chain, stored on IPFS/Arweave)
{
"name": "DeFi Risk Agent v2",
"description": "Autonomous agent that monitors DeFi positions and rebalances on risk thresholds",
"version": "2.1.0",
"capabilities": ["defi_monitoring", "risk_assessment", "transaction_execution"],
"endpoints": {
"mcp": "https://agent.example.com/mcp",
"a2a": "https://agent.example.com/a2a",
"web": "https://agent.example.com/dashboard"
},
"payment": {
"address": "0x7a9B...3f2C",
"acceptedTokens": ["USDC", "CGPT"],
"pricingModel": "per_query",
"rateLimit": 100
},
"compliance": {
"jurisdiction": "global",
"kycLevel": "verified",
"policyHash": "0xa1b2c3..."
}
}6.2 Policy Oracle: Pre-Execution Check
// AIVM Policy Oracle — conceptual Cosmos SDK module
// Intercepts agent transactions before they enter the mempool
// Policy definition stored on-chain per agent
message AgentPolicy {
string agent_id = 1; // ERC-8004 agent ID
repeated SpendingLimit limits = 2; // Per-token spending caps
repeated AddressAllowlist allowlist = 3; // Approved destinations
TimeWindow active_hours = 4; // When the agent can operate
uint64 max_gas_per_tx = 5; // Gas limit guardrail
bytes policy_hash = 6; // Hash of the full policy document
}
message SpendingLimit {
string denom = 1; // Token denomination (e.g., "ucgpt", "uusdc")
uint64 max_per_tx = 2; // Max per single transaction
uint64 max_per_day = 3; // Max per rolling 24h window
}
// AnteHandler (runs BEFORE every transaction)
func (po PolicyOracle) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool) {
agentID := extractAgentID(tx) // Get ERC-8004 ID from tx signer
policy := po.GetPolicy(ctx, agentID)
if policy == nil {
return Error("unregistered agent — no policy on file")
}
// Check 1: Spending limits
for _, msg := range tx.GetMsgs() {
if sendMsg, ok := msg.(BankSend); ok {
if !policy.AllowsSpend(sendMsg.Amount, sendMsg.ToAddress) {
return Error("policy violation: spend exceeds limit or disallowed destination")
}
}
}
// Check 2: Active hours
if !policy.IsWithinActiveHours(ctx.BlockTime()) {
return Error("policy violation: agent outside active hours")
}
// Check 3: Gas limits
if tx.GetGas() > policy.MaxGasPerTx {
return Error("policy violation: gas exceeds limit")
}
// All checks passed — allow execution
// Record the policy check result for the execution receipt
ctx.EventManager().EmitEvent(
NewEvent("policy_approved",
"agent_id", agentID,
"policy_hash", policy.PolicyHash,
),
)
return nil // proceed to execution
}6.3 x402: Agent-to-Service Payment Flow
// x402 Payment Flow — HTTP-level agent payment
// --- STEP 1: Agent requests a service ---
GET /api/v1/inference/run HTTP/1.1
Host: compute.aivm.network
X-Agent-ID: agent_0x7a9B...3f2C // ERC-8004 identity
// --- STEP 2: Server responds "Payment Required" ---
HTTP/1.1 402 Payment Required
X-Payment-Address: 0xComputeNode...A1B2
X-Payment-Amount: 0.05 // in USDC (or CGPT)
X-Payment-Token: USDC
X-Payment-Chain: solana // settlement chain
X-Payment-Expiry: 1715788800 // Unix timestamp
X-Receipt-Endpoint: https://aivm.network/receipts/verify
// --- STEP 3: Agent's wallet pays automatically ---
// (No human interaction. Wallet abstraction layer handles signing.)
const payment = {
to: "0xComputeNode...A1B2",
amount: "0.05",
token: "USDC",
chain: "solana",
metadata: { agentId: "agent_0x7a9B...3f2C", taskHash: "0xabc123..." }
};
const txHash = await agentWallet.sendPayment(payment);
// --- STEP 4: Agent retries with payment proof ---
GET /api/v1/inference/run HTTP/1.1
Host: compute.aivm.network
X-Agent-ID: agent_0x7a9B...3f2C
X-Payment-Tx: 5xQz...9yRw // Solana transaction hash
// --- STEP 5: Server verifies payment on-chain, serves response ---
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": "The sentiment analysis indicates neutral with 87% confidence...",
"execution_receipt": "0xf8a1b2...", // ← immutably recorded on AIVM
"proof_type": "zkml",
"compute_node": "0xComputeNode...A1B2"
}6.4 Execution Receipt: On-Chain Record
// AIVM Execution Receipt — stored as a Cosmos SDK event / on-chain record
{
"receipt": {
"receipt_id": "0xf8a1b2c3d4e5...",
"block_height": 842091,
"timestamp": "2026-05-15T10:23:45Z",
// Who acted
"agent": {
"agent_id": "agent_0x7a9B...3f2C",
"erc8004_registry": "0xIdentityRegistry...",
"agent_name": "DeFi Risk Agent v2"
},
// What was done
"task": {
"task_hash": "0xabc123...",
"task_type": "inference",
"model_id": "sentiment-analyzer-v3",
"input_hash": "0xdef456...",
"result_hash": "0x789ghi..."
},
// Proof of correct execution
"verification": {
"method": "zkml",
"proof": "0x[compressed ZKML proof]",
"verified_by": "ai_validator_42",
"verification_block": 842091
},
// Who executed it
"executor": {
"node_id": "0xComputeNode...A1B2",
"node_type": "gpu_provider",
"gpu_spec": "NVIDIA A100 80GB",
"sla_met": true,
"execution_time_ms": 1450
},
// Policy compliance
"policy_check": {
"policy_hash": "0xa1b2c3...",
"approved": true,
"checked_by": "policy_oracle_module",
"limits_checked": ["spend", "destination", "gas", "active_hours"]
},
// Payment trail
"payment": {
"amount": "0.05",
"token": "USDC",
"tx_hash": "5xQz...9yRw",
"settlement_chain": "solana",
"paid_to": "0xComputeNode...A1B2"
}
}
}6.5 How the Pieces Actually Connect — Cross-Chain Architecture
ERC-8004 lives on Ethereum. AIVM lives on Cosmos SDK (Tendermint). These are two different blockchains with different consensus engines, different state machines, and different address formats. If the Policy Oracle on AIVM needs to look up an agent’s ERC-8004 identity, how does that work?
Option A: Native ERC-8004 Registry on AIVM (Most Likely)
AIVM implements its own ERC-8004-compatible registry as a Cosmos SDK module. When you deploy an agent, you register it directly on AIVM. The registry follows the same interface as Ethereum’s ERC-8004 but is built natively into the AIVM state machine — so the Policy Oracle queries it with zero cross-chain latency.
For agents that already exist on Ethereum (registered in the Ethereum ERC-8004 registry), AIVM provides a cross-chain bridge + relayer (via Axelar, Wormhole, or similar — IBC is Cosmos-native, so Ethereum requires a bridge layer) that watches Ethereum ERC-8004 events and mirrors identities onto AIVM. The agent owner proves ownership by signing a message with the same Ethereum key.
// AIVM's native ERC-8004 module — same interface, Cosmos-native implementation
// Contract: x/erc8004/module.go
func (k Keeper) RegisterAgent(ctx sdk.Context, msg *MsgRegisterAgent) (uint64, error) {
// This runs ON AIVM, not Ethereum
agentID := k.GetNextAgentID(ctx)
agent := Agent{
Id: agentID,
Name: msg.Name,
Owner: msg.Sender, // AIVM address (bech32 prefix: "aivm1...")
AgentCardUri: msg.AgentCardUri, // IPFS/Arweave URI
PaymentAddress: msg.PaymentAddress,
Endpoints: msg.Endpoints,
Active: true,
RegisteredAt: ctx.BlockHeight(),
}
k.SetAgent(ctx, agentID, agent)
// Emit event that relayers can forward to Ethereum ERC-8004
ctx.EventManager().EmitTypedEvent(&AgentRegisteredEvent{
AgentId: agentID,
AivmAddress: msg.Sender.String(),
EthAddress: msg.EthAddress, // Optional: cross-chain identity link
})
return agentID, nil
}The Cross-Chain Reality
| Chain | What lives there | How AIVM accesses it |
|---|---|---|
| AIVM (Cosmos SDK) | Native ERC-8004 registry, Policy Oracle module, Execution Receipt module, AI/Compute/Data modules, $CGPT token | Direct state read (same chain). Zero latency. |
| Ethereum | Original ERC-8004 registry (EIP-8004), some agents minted here first | Cross-chain bridge + relayer (Axelar/Wormhole) mirrors identity events to AIVM. ~Second latency. |
| Solana | x402 payment settlement (USDC transfers). Actual money movement. | AIVM reads Solana tx confirmation via a bridge or oracle (Wormhole, Pyth). The execution receipt records the Solana tx hash as proof of payment. |
Key insight: When someone says “ERC-8004,” they mean the standard, not necessarily the Ethereum deployment. AIVM can implement the same agent identity interface natively. The whole point of ERC standards is that they’re standards — any chain can adopt them. Don’t get trapped into thinking everything is on Ethereum.
6.6 Cosmos SDK Module Lifecycle — Where the Primitives Fire
Understanding when each module executes is critical. In Cosmos SDK, each block goes through a fixed lifecycle. Modules hook into specific phases:
| Phase | When it runs | What AIVM modules fire here |
|---|---|---|
| BeginBlocker | At the start of every block. Before any transactions are processed. | Compute Module: updates GPU provider SLAs, checks for expired jobs. Data Module: verifies dataset integrity proofs submitted in previous block. |
| AnteHandler | Before each individual transaction is executed. Runs for EVERY tx in the block. | Policy Oracle (Section 6.2 code): checks ERC-8004 identity, spending limits, destination allowlist, gas limits, active hours. If AnteHandler returns error → tx rejected, never executes, no gas spent. |
| Msg Handler (Execute) | The actual transaction logic. Only runs if AnteHandler passed. | AI Module: routes inference jobs to GPU nodes, records task submissions. The agent’s action happens here. |
| EndBlocker | At the end of every block. After all transactions are processed. | Execution Receipt module: compiles receipts for all completed tasks in this block, writes them to state, emits events. Reputation module: updates agent and provider scores based on receipts. |
// Cosmos SDK module wiring — how AIVM modules plug into the lifecycle
// File: app/app.go
app.ModuleManager = module.NewManager(
// Standard Cosmos modules
auth.NewAppModule(appCodec, app.AccountKeeper),
bank.NewAppModule(appCodec, app.BankKeeper),
staking.NewAppModule(appCodec, app.StakingKeeper),
// AIVM custom modules
aimodule.NewAppModule(appCodec, app.AIKeeper), // AI model registry
computemodule.NewAppModule(appCodec, app.ComputeKeeper), // GPU marketplace
datamodule.NewAppModule(appCodec, app.DataKeeper), // Data marketplace
erc8004module.NewAppModule(appCodec, app.ERC8004Keeper), // Agent identity
policyoracle.NewAppModule(appCodec, app.PolicyKeeper), // Policy Oracle
receiptmodule.NewAppModule(appCodec, app.ReceiptKeeper), // Execution receipts
)
// Module order matters — determines which modules' BeginBlocker/EndBlocker run first
app.ModuleManager.SetOrderBeginBlockers(
computemodule.ModuleName, // Compute module runs first (SLA checks)
datamodule.ModuleName,
aimodule.ModuleName,
// Standard modules...
)
app.ModuleManager.SetOrderEndBlockers(
// Standard modules first...
receiptmodule.ModuleName, // Receipt module runs last (compiles receipts)
policyoracle.ModuleName, // Policy Oracle resets daily counters
)6.7 Wallet Abstraction — How Agents Pay Without Humans
It is necessary to understand “Programmable Payments and Wallet Abstraction: including x402-inspired flows.” x402 handles the payment protocol. Wallet abstraction handles how the agent signs transactions without a human holding a private key and approving every single one.
The Problem
A traditional crypto wallet requires a human to sign every transaction with a private key. An AI agent making hundreds of decisions per day cannot stop and ask a human to click “approve” each time. Wallet abstraction solves this.
Three Layers of Wallet Abstraction (from simple to sophisticated)
| Layer | How it works | Trade-off |
|---|---|---|
| 1. Server-side key management | The agent’s code holds an encrypted private key in a secure enclave (e.g., AWS KMS, HashiCorp Vault). The agent programmatically signs transactions. Used by most centralized agents today. | Simple. But: single point of failure. Not trustless. |
| 2. Smart Accounts (ERC-4337 style) | The agent doesn’t use a private key directly. It uses a smart contract wallet (a “smart account”). The smart account can have programmable rules: daily spending limits, multi-sig requirements for large transactions, session keys that expire. The agent holds a session key — a limited-permission key that can only spend up to X amount, only send to approved addresses, and expires after Y hours. | Trust-minimized. If the session key is compromised, damage is capped. But requires smart account infrastructure on the chain. |
| 3. TEE-based autonomous wallets | The agent’s wallet runs inside a Trusted Execution Environment (Intel SGX, AMD SEV). Only the code that passes a remote attestation can access the key. The TEE generates a cryptographic proof that the key was accessed only by verified code. No human, no server, no cloud provider can extract the key. | Most secure. But: TEE hardware is specialized, attestation infrastructure is complex. |
// Smart Account with Session Keys — conceptual AIVM implementation
// The agent's smart account (on AIVM) has a master key and multiple session keys
// Agent deploys a smart account with programmable rules
message SmartAccount {
bytes master_key = 1; // Stored in cold storage / TEE
repeated SessionKey session_keys = 2; // Rotated regularly
SpendingPolicy default_policy = 3;
}
message SessionKey {
bytes public_key = 1;
uint64 expires_at = 2; // Block height or timestamp
SpendingPolicy limits = 3; // Per-key override of default policy
repeated string allowed_actions = 4; // ["inference", "payment"] but NOT "withdraw_all"
}
// When the agent calls x402, it signs with a session key
// The x402 facilitator verifies: signature valid? key not expired? within limits?
// If yes → payment proceeds. If no → rejected.
// No human touched a keyboard.7. Competitive Landscape — Who Else Is Building This?
| Project | What they’re doing | How AIVM differs |
|---|---|---|
| Fetch.AI | Agent framework + L1 on Cosmos. Agents can discover and transact. | AIVM has specialized AI/Compute/Data validator sets and ZKML-based execution verification — Fetch.AI focuses on agent discovery and communication rather than verifiable execution. |
| Bittensor | Decentralized ML network. Miners run models, validators score outputs, rewards distributed via TAO token. | AIVM adds GPU marketplace + data marketplace modules. Bittensor is purely model-focused; AIVM covers the full stack. |
| Akash Network | Decentralized cloud compute marketplace (GPU and CPU). | AIVM adds AI-specific execution verification, model registry, and data marketplace. Akash is compute-only. |
| Gensyn | Decentralized compute for ML training. Zk-proof verification of training jobs. | AIVM covers inference + training + data. Gensyn is training-focused, hasn’t shipped mainnet. |
| Near AI | Near Protocol’s AI division. Building agent infrastructure, user-owned AI. | Near AI is a division within an existing L1. AIVM is purpose-built as an AI-first L1 from the ground up. |
AIVM’s positioning: Unlike general-purpose chains, AIVM has specialized validator roles — AI, compute, and data validators — and is natively built to support AI workloads. It combines Cosmos SDK’s IBC interoperability with verifiable off-chain execution so any chain or Web2 stack can tap into it.
8. Connected Walkthrough — An Agent from Registration to Execution Receipt
Scenario: A DeFi hedge fund deploys an autonomous agent on AIVM that monitors lending pools and rebalances positions when risk thresholds are breached.
Every step references the concrete code snippets from Section 6 and explains which chain, which module, and what data flows. This connects the dots that the earlier sections introduced in isolation.
Step 1: Agent Registration — Identity on AIVM
| What happens | The fund registers the agent on AIVM’s native ERC-8004-compatible Identity Registry (Section 6.5, Option A). The agent gets a unique on-chain ID minted as an NFT. The agent’s metadata — name, capabilities, MCP/A2A/HTTP endpoints, x402 payment address — is stored in an “agent card” JSON on IPFS, referenced by the on-chain record. |
|---|---|
| Which chain | AIVM (Cosmos SDK). This is a native AIVM transaction, not an Ethereum one. |
| Which code | IERC8004IdentityRegistry.registerAgent() from Section 6.1, but implemented as a Cosmos SDK module (x/erc8004/), not a Solidity contract. The interface is the same; the runtime is Cosmos. |
| Data produced | agentId = 42, an agent card URI on IPFS, and an on-chain record mapping agentId → owner, endpoints, paymentAddress. |
| Connects to | The Policy Oracle needs this agentId for every future transaction. The x402 payment layer needs the paymentAddress. |
Step 2: Policy Registration — The Agent’s Guardrails
| What happens | After identity registration, the fund registers the agent’s policy with the Policy Oracle module on AIVM. Policy includes: spending limits (max 10,000 USDC per tx, 100,000 per day), allowed destinations (only the Aave and Compound lending pool contracts), active hours (24/7 for this agent), gas limits. The policy is stored on-chain, hashed, and cryptographically bound to the agent’s ERC-8004 ID. |
|---|---|
| Which chain | AIVM. Policy is native to AIVM — it doesn’t exist on Ethereum or Solana. The Policy Oracle is an AIVM Cosmos SDK module. |
| Which code | The AgentPolicy protobuf message from Section 6.2. Registered via a MsgSetPolicy transaction. |
| Data produced | An on-chain AgentPolicy record with spending limits, allowlist, time windows, and a policy_hash. |
| Connects to | Every future transaction from this agent will be checked against this policy in the AnteHandler (Step 4). |
Step 3: Agent Detects a Risk Event — Off-Chain Inference
| What happens | The agent runs continuously off-chain (could be a server, a cloud function, or a cron job). It monitors on-chain data: ETH price drops 8% in 10 minutes, triggering a liquidation risk on a USDC loan. The agent’s decision-making LLM runs inference on a rented GPU from AIVM’s Compute Module (not a centralized cloud). The GPU produces a result: “rebalance position: withdraw 5,000 USDC from Aave, repay 5,000 USDC to Compound.” Along with the result, the GPU node generates a ZKML zk-proof that proves the inference was computed correctly without revealing the model weights or the raw input. |
|---|---|
| Which chain | Off-chain GPU (any provider registered in AIVM’s Compute Module). The zk-proof is generated off-chain and submitted to AIVM for verification. |
| Which code | Covered by the Compute Module (x/compute/) — not explicitly in Section 6 code snippets, but the dual-path execution architecture from Section 3.3. |
| Data produced | A task specification hash, the inference result, and a compressed ZKML proof (typically a few KB, depending on the model and proving system). |
| Connects to | The result triggers the agent to propose an on-chain transaction (Step 4). The zk-proof will be included in the execution receipt (Step 6). |
Step 4: Policy Oracle — The Pre-Execution Gate
| What happens | The agent constructs an AIVM transaction: withdraw 5,000 USDC from Aave and repay to Compound. The transaction is signed by the agent’s session key (from the Smart Account — Section 6.7, Layer 2). Before the transaction enters the mempool, the Policy Oracle AnteHandler intercepts it. The AnteHandler runs four checks in sequence:
All checks pass. The AnteHandler emits a |
|---|---|
| Which chain | AIVM. This is the AnteHandler phase (Section 6.6) of the AIVM Cosmos SDK lifecycle. Runs before the actual message handler. |
| Which code | PolicyOracle.AnteHandle() from Section 6.2. This is the exact code that runs here. |
| Data produced | An event: policy_approved(agent_id=42, policy_hash=0xa1b2c3…). The daily spending counter increments by 5,000. The AnteHandler returns nil (no error). |
| Connects to | Because AnteHandler returned nil, the transaction proceeds to execution (Step 5). The policy_approved event will be included in the execution receipt. |
What happens if a check fails? The AnteHandler returns an error and the transaction is rejected before the message handler runs. No state changes from the agent’s intent occur. Fees may still be deducted depending on which AnteDecorators executed before the failure, but the policy-violating action never reaches state.
Step 5: On-Chain Execution + x402 Payment Settlement
| What happens | With the Policy Oracle’s greenlight, the transaction enters the AIVM mempool. A Core Validator includes it in the next block (~6 seconds). The Msg Handler executes the agent’s intent: the AI Module records the task, the agent’s smart account moves 5,000 USDC from Aave to Compound via IBC or a bridge contract. Simultaneously, on Solana: The x402 payment for the GPU compute used in Step 3 settles. The agent’s Smart Account had pre-funded a Solana wallet. When the GPU node responded with |
|---|---|
| Which chain | AIVM: the agent’s DeFi action. Solana: the GPU compute payment (x402). Two chains, one workflow. |
| Which code | AIVM side: the AI Module and Bank Module message handlers. Solana side: the x402 HTTP flow from Section 6.3, plus the agent’s Smart Account session key signing from Section 6.7. |
| Data produced | AIVM: a successful block with the agent’s transaction included, an ai_task_submitted event. Solana: a USDC transfer transaction with hash 5xQz…9yRw. |
| Connects to | The AIVM events and the Solana tx hash feed into the Execution Receipt (Step 6). |
Step 6: Execution Receipt — Immutable Proof of Everything
| What happens | At EndBlocker (the final phase of the Cosmos SDK block lifecycle — Section 6.6), the Execution Receipt module compiles all the evidence from this block into a single, on-chain receipt. For this agent’s action, the receipt contains: the agent’s ERC-8004 identity (from Step 1), the policy check result (from Step 4’s AnteHandler event), the task specification and zk-proof (from Step 3), the executor (GPU node) identity, the Solana x402 payment tx hash (from Step 5), and the block timestamp. |
|---|---|
| Which chain | AIVM — the receipt is an on-chain record in the AIVM state. It is not on Ethereum or Solana, but it references data from both. |
| Which code | The receipt JSON schema from Section 6.4. This is the exact structure that gets written to AIVM state in x/receipt/abci.go → EndBlocker(). |
| Data produced | A full execution receipt (see Section 6.4 JSON). Immutable. Indexed by receipt_id. Queryable by anyone via the AIVM block explorer. |
| Connects to | The receipt is the input for the Reputation update (Step 7). It also serves as the auditable trail for compliance and dispute resolution. |
Why EndBlocker? The receipt is compiled at the end of the block, after all transactions have executed, because it needs data from multiple sources: the AnteHandler policy event (start of block), the Msg Handler execution (middle of block), and potentially off-chain data (zk-proofs, Solana tx confirmations) that were submitted during the block. Writing it in EndBlocker ensures all evidence is collected and the block is atomic — either the whole block (including receipts) is committed, or none of it is.
Step 7: Reputation Update — Closing the Feedback Loop
| What happens | Also in EndBlocker (or in the next block’s BeginBlocker), the Reputation module reads the execution receipt and updates scores:
Both scores are written to the ERC-8004 Reputation Registry on AIVM. The score is portable — if this agent interacts with a protocol on another chain that reads AIVM state via IBC, its reputation carries over. |
|---|---|
| Which chain | AIVM — the reputation scores live in the AIVM ERC-8004 module alongside the identity. |
| Which code | The ERC-8004 Reputation Registry interface (Section 2.2). Implementation: x/erc8004/keeper.go → UpdateReputation(). |
| Data produced | Updated reputation scores for agent 42 and GPU node 0xComputeNode…A1B2. Immutable history of all feedback submissions. |
| Connects to | Full circle. The next time an agent or protocol queries the registry to find a trustworthy GPU provider or a reliable DeFi agent, these scores are the input. The flywheel spins. |
Complete Flow Diagram
┌──────────────────────────────────────────────────────────────────────────────────────┐
│ AIVM (COSMOS SDK) │
│ │
│ STEP 1-2: Registration STEP 4: AnteHandler STEP 5: Msg Handler │
│ ┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ │
│ │ x/erc8004/ │──agentId──▶│ x/policyoracle/ │ │ x/ai/ │ │
│ │ RegisterAgent() │ │ AnteHandle() │ │ SubmitTask() │ │
│ │ → agentId = 42 │ │ → identity ✓ │ │ x/bank/ │ │
│ └──────────────────┘ │ → spend limit ✓ │ │ Send() │ │
│ │ → destination ✓ │ └──────────────────┘ │
│ ┌──────────────────┐ │ → gas ✓ │ │
│ │ x/policyoracle/ │ │ → return nil ────┼───────▶ PASS │
│ │ SetPolicy() │ └──────────────────┘ │
│ │ → policy_hash │ │
│ └──────────────────┘ │
│ │
│ STEP 6-7: EndBlocker │
│ ┌──────────────────┐ ┌───────────────────┐ │
│ │ x/receipt/ │───▶│ x/erc8004/ │ │
│ │ EndBlocker() │ │ UpdateReputation()│ │
│ │ → receipt_id │ │ → scores updated │ │
│ └──────────────────┘ └───────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────────────────────┘
│ ▲
│ STEP 3: Off-chain GPU │ STEP 5: x402 Payment (Solana)
│ zk-proof submitted │ Solana tx hash recorded in receipt
▼ │
┌───────────────────┐ ┌──────────────────┐
│ GPU Node │ │ Solana │
│ (A100, off-chain) │ │ USDC transfer │
│ → zk-proof │ │ $0.00025 fee │
└───────────────────┘ │ 400ms finality │
└──────────────────┘
Summary
This section walks through a complete agent lifecycle on AIVM in 7 steps, spanning three chains — AIVM for identity, policy, execution, and receipts; off-chain GPUs for inference with zk-proofs; and Solana for x402 settlement. The key insight is that AIVM’s Cosmos SDK architecture lets us hook into the exact lifecycle points where each primitive needs to fire — AnteHandler for policy enforcement, Msg Handler for execution, EndBlocker for receipt compilation. Nothing is bolted on after the fact.
9. Glossary
- L1 (Layer-1 Blockchain)
- The base blockchain layer — the actual distributed ledger. Bitcoin, Ethereum, Solana, and AIVM are L1s. L2s are scaling solutions built on top of L1s (e.g., Arbitrum on Ethereum). AIVM is an L1, meaning it has its own validators, consensus, and security — it doesn’t inherit security from another chain.
- Consensus Mechanism
- How the network agrees on the state of the chain. AIVM uses Tendermint BFT (Byzantine Fault Tolerant) — validators vote on blocks. Requires 2/3+ of staked voting power to agree. Finality is instant (no waiting for confirmations like on Ethereum).
- Cosmos SDK
- A framework for building application-specific blockchains. Instead of forcing everything into the EVM (Ethereum Virtual Machine) model, Cosmos SDK lets you build custom modules for your specific use case. AIVM uses this to add AI, Compute, and Data modules natively.
- IBC (Inter-Blockchain Communication)
- The protocol that lets Cosmos SDK chains talk to each other. Assets and data can move between AIVM and any other IBC-enabled chain (50+ chains). Also bridges to Ethereum, Solana, etc.
- zk-Proof (Zero-Knowledge Proof)
- A cryptographic method where one party proves to another that a computation was done correctly, without revealing the inputs. AIVM uses ZKML-based zk-proofs so that off-chain AI computations can be verified on-chain without re-running the full model. ~Millisecond verification time.
- TEE (Trusted Execution Environment)
- A secure area of a CPU that guarantees code and data are protected. Used as an alternative to zk-proofs for some workloads. Like an encrypted vault on the GPU that proves it ran your code without tampering.
- MCP (Model Context Protocol)
- Anthropic’s open standard for AI agents to access tools and external services. Standardizes how agents call APIs, query databases, etc. Part of the emerging agent stack alongside x402 and ERC-8004.
- A2A (Agent-to-Agent)
- Google’s protocol for structured messaging between AI agents. How one agent talks to another agent without human translation.
- Slashing
- The penalty mechanism in proof-of-stake blockchains. If a validator behaves maliciously (double-signs blocks, approves incorrect AI outputs, fakes performance metrics), their staked tokens are partially destroyed (“slashed”). This is the economic security model — bad behavior costs real money.
- ERC-721
- The Ethereum standard for NFTs (non-fungible tokens). Each token is unique. ERC-8004 uses ERC-721 to mint a unique token for each agent identity — the NFT is the agent’s on-chain passport.
- Mempool
- Short for “memory pool.” The waiting room for transactions that haven’t been included in a block yet. The Policy Oracle checks transactions before they enter the mempool.
- Stablecoin (USDC, USDT)
- A cryptocurrency pegged 1:1 to a fiat currency (usually USD). x402 primarily uses USDC on Solana for payments because stable value matters for business transactions.
- DAO (Decentralized Autonomous Organization)
- A community-governed entity where decisions are made by token holder voting. ChainGPT has DAO governance — $CGPT holders vote on protocol upgrades, treasury allocation, etc.
- Testnet vs. Mainnet
- Testnet: A parallel blockchain used for testing. Tokens have no real value. You can break things. Mainnet: The real blockchain with real assets at stake. AIVM is currently on public testnet (Q1-Q2 2026); mainnet is TBD.