Skip to content
Oris Docs
Sign in Get API Key

Protocol overview

The Oris Trust and Compliance Protocol (OTCP) is eight cryptographic layers that produce a single signed proof for every agent payment. Networks consume that proof. Regulators consume that proof. Auditors consume that proof. The payment moves only after every layer signs off.

Oris does not move money. Oris signs the proof that the payment is allowed to move.

Eight layers, one signature

Each layer answers a different question. The output of every layer flows into the L4 Compliance Bundle, which is then verified at L6 and recorded at L7.

LayerWhat it answersState
L1 IdentityWho is the agent and who legally owns it? LIVE
L2 PolicyIs this payment within the agreed rules? LIVE
L3 VerisAre the parties sanctions-clean and within risk limits? LIVE
L4 BundleBind the previous three answers into one signed payload. LIVE
L5 RevocationHas any party been revoked since the bundle was signed? LIVE
L6 VerifierVerify the bundle independently before the rail settles. LIVE
L7 AuditRecord every signed action with a tamper-evident hash chain. LIVE
L8 SDKsShip the protocol to developers in Python and TypeScript. LIVE

The proof itself is a 1.5 KB compliance bundle plus a 96-byte recursive Ed25519 signature. The network only needs the 96 bytes to verify.

Data flow

Agent SDK
    |
    | tx_intent (who pays, how much, where to, when)
    v
L2 Policy.evaluate
    | verdict + policy_root_proof
    v
L3 Veris.attest
    | sanctions clean, risk tier, drift score, BLS-signed
    v
L4 ComplianceBundle.assemble
    | binds L1 identity + L2 policy + L3 attestation + L5 revocation witness
    v
L6 Verifier
    | verifies Ed25519 signature, checks revocation non-membership,
    | enforces nonce, returns ALLOW / DENY
    v
Network settles the transaction
    |
    v
L7 Audit log
    | bundle anchored to Base every hour, sealed envelope for the regulator

Every arrow above runs in under a hundred milliseconds end to end. The Veris attestation alone takes 4.4 ms at p50.

What the bundle proves

The compliance bundle is the single payload that travels with the payment. Five public answers come out of it, ready for the regulator phone call.

Who authorized the payment

Agent DID resolves to a registered principal. Identity bound to the legal owner.

What was bought

Counterparty, amount, asset, chain, category, locked in one signature. No swap, no rewrite, no replay.

Under what policy

Per-tenant policy root with a Merkle inclusion proof. Policy version visible.

Was the world compliant

Sanctions clean, risk tier set, no revocation pending. Veris attestation embedded.

Who is liable if it breaks

Sealed envelope stores the full liability chain. Regulator unsealable only with quorum.

If any of the five answers fails to sign, the bundle is invalid and the rail denies settlement. There is no soft-fail.

Proof types

L4 supports two proof types behind a stable wire format. The bundle schema does not change between them.

  • Ed25519 (v1) — Live today. 96-byte recursive signature. Sub-50 ms p95 bundle assembly.
  • ZK recursive (v2) — Pluggable proof type. Halo2 and SP1 are the candidates. Public input layout is fixed at 196 bytes so the verifier interface stays the same.

The proof type is a single byte dispatch field in the bundle header. Networks accept either; the L6 verifier resolves which path to take.

Networks that consume the proof

Base is the authoritative chain. L1 contracts are deployed there and federate read access to every other rail through CCIP-Read.

EVM, today

Base, Arbitrum, Optimism, Polygon, Avalanche, BNB Chain, Celo, Ethereum mainnet (via CCIP-Read).

Non-EVM, today

Solana via the Anchor reference verifier, Tron via TRC20 adapter.

Card and gateway, partner-led

Stripe MPP, Visa Tap, AWS AgentCore, x402, Coinbase Agent. HTTP gateway, same bundle.

Self-hostable

The verifier is open source. Run it inside your own perimeter with the same Ed25519 contract.

See the deployment status page for live contract addresses, chain matrix, and rollout order.

What stays out of scope

Oris signs proofs. Oris does not move funds. Oris does not hold custody. Oris does not issue stablecoins. Oris does not operate a payment rail. The customer of record on every rail is the developer, not Oris.

This separation is deliberate. It keeps Oris outside the money-transmitter and payment-license surface in every jurisdiction. The compliance burden belongs where it should belong, with the entity actually moving the money.

Where to go next

  • Read the architecture page for the layer-by-layer system diagram.
  • Start with the Quickstart if you want to sign your first bundle in ten minutes.
  • Browse the API reference for the 171 endpoints the SDK wraps.
  • Dive into a specific layer through the sidebar. L1 through L8 each ship a dedicated page.