Skip to content
View estmcmxci's full-sized avatar
🔵
🔵

Block or report estmcmxci

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
estmcmxci/README.md

estmcmxci.eth

Building ENS as the authority-policy substrate for the managed agent runtime platform (MARP) era. Identity protocol & trust architecture — ENS-native, runtime-portable, audit-grade.

"Generation is abundant; verification is scarce."

I ship to ENS's canonical contracts, publish ENS-native specs through the Public Goods program, and operate live ENS-bound agent deployments on mainnet and Base.

Current work: an ENS verification and revocation toolkit (Verifier + AuthResolver + SDK + conformance suite) for managed agent runtime platforms — submitted to the ENS Service Provider Program (SPP3), July 2026 – July 2027 cycle, currently under review.


Upstream ENS Contributions

Canonical ENS Contracts — PR #509 (merged, v1.7.0)

Replaced software-implemented EllipticCurve verification with the EIP-7951 P-256 precompile in ENS's DNSSEC oracle (Algorithm 13). ~98% gas reduction (~200k+ → ~3,500 per verification). Merged by Makoto Inoue (ENS Labs) 26 Jan 2026; shipped to production in v1.7.0 on 13 Mar 2026.

ENS Public Goods Grant — "ENS v2 Interop Research" (Sep 2025, Stage 1 completed)

Two committed deliverables, both shipped:

DNSSEC Modernization (EIP-7951 context)

Practical pathways for cheaper cryptographic verification in ENS-adjacent flows — the work that became PR #509.


ENS-Native Agent Identity (Live)

Synthesis — Trust Resolution Layer

A verifiable, personhood-anchored, ENS-bound agent identity framework. Five-layer TRL composing ENSIP-25, ENSIP-26, ENSIP-64, ERC-8004, AIP, DVS, and runtime/session attestation paths. MIT-licensed, four packages:

  • @synthesis/resolver — TypeScript resolution library
  • @synthesis/cliEnsemble CLI (issue → pin → publish → verify → rotate)
  • @synthesis/conformanceEnsemble Conformance Suite
  • @synthesis/site — explorer at estmcmxci.co

Repo: https://github.com/estmcmxci/synthesis

1st Place, ENS Identity track — Synthesis Hackathon (May 2026). Track · Project

Live Reference Deployments

NCCoE Position Paper

ENS as the naming layer for AI agent identity — submitted to NIST's National Cybersecurity Center of Excellence.

Oikonomos — ENS-Integrated Agent Operations

Agent keychain + wallet-oriented operational primitives for autonomous DeFi workflows.

Trust-Swap — Gate-Then-Execute Pattern

Reference implementation for trust-gated settlement over resolver-based verification.


The MARP Thesis

The next operator class is managed agent runtime platforms (MARPs). ENS should be their authority-policy substrate.

Managed agent runtime platforms — Pinata Agents, Virtuals Protocol, Bankr Agents, Anthropic + Cloudflare's Claude Managed Agents — are moving from pilots to governed production. What they do not standardize is a portable authorization layer counterparties can verify independently: no outside service can confirm, in real time, that an agent-signed action came from a credential the operator currently authorizes.

ENS already provides naming, discovery, registry, and typed records (ENSIP-25/26/64, ERC-8004). The missing layer is an ENS-keyed authority-policy lookup surface above those primitives. That lookup is the gap. The SPP3 proposal delivers it.

Full positioning: The Next Operator Class: Managed Agent Runtime Platforms (May 2026).


Current Focus

Application status: Steg SPP3 proposal — ENS Verification and Revocation Toolkit for MARPssubmitted and under review for the July 2026 – July 2027 cycle.

A defined integration service:

  • Verifier contract — EIP-7951 P-256 precompile + ecrecover + EIP-1271 staticcall (extensible scheme dispatch)
  • AuthResolver contract — per-name (UUPS proxies via VerifiableFactory), composing ENSv2's EAC + HCA substrate for credential, capability, and revocation records
  • TypeScript SDK — normalized allow/deny reason codes (verified / unverified / stale / revoked / mismatch / policy-denied / endpoint-unproven)
  • Conformance suite — reproducible test vectors, adversarial mutation cases
  • Three Wave-1 pilot integrations — Pinata Agents (operator), Virtuals Protocol (protocol-native), x402 (capability publisher); Bankr Agents day-zero compatible
  • Third-party security audit of Verifier + AuthResolver

A read-only forward-declaring scaffold of this pattern is already running against a live MARP: BankrBot/skills PR #189 — publishes credential / capability / revocation records onto an ENS name via NameStone, resolves and verifies along the verifyAction ordering. Validated on authtest.bankrtest.eth.


Writing + Ecosystem

Pinned Loading

  1. steg-eth/dnssec-solutions steg-eth/dnssec-solutions Public

    EIP-7951 Precompile Demonstrations

    Solidity 1

  2. scenius-paper scenius-paper Public

    Interactive Scenius product paper — reputation-weighted prediction markets for music catalog valuation

    Jupyter Notebook

  3. ensdomains/ens-contracts ensdomains/ens-contracts Public

    The core contracts of the ENS protocol

    TypeScript 726 562

  4. steg-eth/docs steg-eth/docs Public

    TypeScript