Oris MPC ring
Signs L4 bundles and L2 policy roots. Vault Transit custody, threshold encryption. Separate from Veris MPC.
Architecture
The protocol is a vertical stack. Each layer depends on the cryptographic guarantees of the one below. A bundle is invalid if any layer’s contribution is missing or signs incorrectly.
The stack
┌─────────────────────────────────────────────────────────────────────┐│ L8 Adoption ││ Python SDK · TypeScript SDK · MCP server · Rust core (vision) ││ Network adapters: Base · Solana · Stripe · Visa · AWS · x402 ││ Self-hostable verifier docker image │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L7 Audit and disclosure ││ oris_audit_log (TimescaleDB, 7-year retention) ││ Hourly merkle root anchor → OrisAuditLogRegistry on Base ││ Sealed envelope (AGE threshold encryption) ││ Regulator JWT portal · HMAC-SHA256 webhooks · SAR auto-flag │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L6 Verifier reference ││ HTTP /verify/bundle and /verify/pubkey on api.useoris.xyz ││ Solidity OrisComplianceVerifier stub on Base ││ Ed25519 verdict signing · structured allow/deny reason codes │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L5 Revocation ││ Two-tier inclusion Merkle tree ││ Tier 1 (immediate, 1 s flush) · Tier 2 (behavioural, 5 min flush) ││ Non-membership proofs O(log n), depth 256 ││ OrisL5RevocationRegistry on Base │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L4 Compliance bundle ││ Canonical 196-byte public input layout ││ proof_type dispatch (0x01 Ed25519 today, 0x02 SP1, 0x03 Halo2) ││ Sealed envelope for audit, hashed bundle_id (keccak + sha256) │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L3 Veris compliance engine ││ Rust gRPC service · BLS12-377 attestation signing ││ Sanctions feed (OFAC, UN, EU, third-party) · 4.4 ms p50 attest ││ Risk tier rules (Low / Medium / High / Blocked) ││ Behavioural drift score in basis points │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L2 Policy DSL ││ Per-tenant policy Merkle tree, Keccak256 hashing ││ Off-chain policy engine, sub-10 ms p95 evaluation ││ OrisL2PolicyRegistry on Base · versioned, signed roots ││ Six rule primitives (cap, daily, monthly, allowlist, category, ││ escalation), atomic Lua counter updates │└──────────────────────────────▲──────────────────────────────────────┘ │┌─────────────────────────────────────────────────────────────────────┐│ L1 Identity and authority ││ OrisAgentRegistry (Base authoritative) ││ OrisAgentKYAResolver (CCIP-Read federation) ││ OrisCrossChainIndex · OrisReverseRegistrar ││ OrisNamespaceManager (tenant subdomains) ││ OrisAnchorRegistry (append-only merkle anchors) │└─────────────────────────────────────────────────────────────────────┘L1 is the foundation. It never moves. Higher layers depend on its identity and anchor primitives.
End-to-end data flow
A single agent payment touches every layer below. Latency budgets shown are p95 against the live Base Sepolia stack.
Agent SDK (L8) │ tx_intent = (counterparty, amount, asset, chain, category, nonce, expires) ▼L2 PolicyEngine.evaluate(tx_intent, tenant_policy_root) │ ≈ 3 ms verdict + Merkle inclusion proof ▼L3 VerisEngine.attest(agent_did, tx_intent) │ ≈ 4.4 ms p50 sanctions_clean, risk_tier, drift_score, BLS signature ▼L5 RevocationStore.witness(agent_did, counterparty, current_root) │ ≈ 2 ms non-membership proof Tier 1 + Tier 2 ▼L4 BundleAssembler.assemble(L1, L2, L3, L5) │ ≈ 50 ms p95 canonical bytes + Ed25519 recursive sig ▼L6 Verifier.verify(bundle, tx_intent, signer_pubkey) │ ≈ 18 ms signature check + revocation non-membership + nonce + expiry ▼Network adapter (L8) │ rail-specific settlement (Base ERC-4337 / Solana SPL / Stripe MPP / ...) ▼L7 AuditWriter.record(bundle_id, verdict, network_tx_hash) │ async TimescaleDB insert + hourly merkle root anchor ▼Settlement confirmation back to agent SDKTotal budget from agent.pay() to verdict: under one hundred milliseconds at p95.
Bundle wire format
ComplianceBundle v2 (1.5 KB total, 196 B public inputs)
version: "v2" agent_did: "did:ethr:<chain_id>:<agent_addr>" tenant_node: bytes32 // ENS-style namehash
policy_root: bytes32 // L2 Merkle root policy_proof: bytes // L2 Merkle inclusion proof
veris_attestation: subject: did_or_address sanctions_clean: bool risk_tier: enum(low|medium|high|blocked) drift_score_bp: u16 evaluated_at: u64 expires_at: u64 signer_pubkey: bytes // BLS12-377 G1 compressed (48 B) signature: bytes // BLS aggregate
tx_intent: counterparty: address amount_usd_e6: u64 stablecoin: bytes4 chain_id: u64 category: bytes32 nonce: bytes32 // Redis SETNX 30 s expires_at: u64
revocation_witness: tier: u8 // 1 immediate, 2 behavioural root: bytes32 // L5 IMT root at proof time not_present_proof: bytes // Merkle non-membership tree_size: u64
public_verdict: kya_level: u8 kya_status: bytes32 not_revoked: bool sanctions_clean: bool counterparty_allowed:bool amount_under_cap: bool
proof_type: u8 // 0x01 Ed25519, 0x02 SP1, 0x03 Halo2 proof: bytes // signature OR zk proofThe 196-byte public input layout is canonical. v2 (ZK) writes the same bytes; only the proof field changes. Verifiers that handle Ed25519 today will work against ZK proofs tomorrow with no schema change.
Trust boundaries
Veris MPC ring
Signs L3 compliance attestations only. Operated by the Veris compliance engine team. Pubkey rotation logged on chain.
Tenant signing keys
Per-developer Ed25519 keys. Stored client-side, never seen by Oris. Used for request authentication and per-agent commitments.
Regulator quorum
Sealed-envelope unsealing requires a quorum of regulator-controlled keys (AGE threshold encryption). No single party can decrypt audit envelopes.
Where it lives
Every layer is deployed on Base Sepolia today.
| Component | Address | Block |
|---|---|---|
| OrisL2PolicyRegistry | 0xb43a7d6efdd2df1F11af130133965f00C99dE356 | live |
| OrisComplianceVerifier | 0xD0aCf4a873C5bBEA4296958C27c1eA652D98fA5C | 42019099 |
| OrisAuditLogRegistry | 0xAde6DC06178904194FaE72CC83C6d2ec65Ed34c8 | live |
| Verifier HTTP | https://api.useoris.xyz/verify/* | live |
| L3 Veris gRPC | mTLS | live |
Mainnet rollout is planned. The contract bytecode is identical, so the deploy plan is a no-code-change re-anchor.
What changes in v2
Today (v1) every layer signs with Ed25519. v2 introduces ZK proofs for L4 with two candidate systems: Halo2 (proof type 0x03) and SP1 (proof type 0x02). The wire format does not change. The verifier dispatches on proof_type and runs either an Ed25519 check or a ZK verification circuit.
No customer code changes between v1 and v2. The SDK abstracts the proof type. The bundle stays the same 1.5 KB shape with the same 196-byte public input layout.
Where to go next
- Per-layer detail starts at L1 Identity and continues through L8 SDKs.
- Deployment status lists every live contract address, chain matrix, and rollout order.
- Bundle verification guide walks through fetching and verifying a bundle end to end.