Privacy-preserving compliance, enforced on-chain. Holders prove set-membership + non-revocation with a Groth16-shaped proof (PII never leaves the device); the Odra contract registers commitments and revoked nullifiers on Casper Testnet; an autonomous monitor revokes the moment a risk event fires.
The main security console showing the on-chain Merkle root, autonomous monitoring agent status, and active credential holders.
The interactive panel displaying the credential holder list, where users can trigger verification and inspect compliance.
Expanding a holder's card exposes their cryptographic details (commitment leaf hash, nullifier, and target Merkle root) verifying their compliance privately.
Triggering a simulated OFAC hit on Mallory. The monitor agent instantly detects the risk event, pushes a revocation transaction to Casper, and Mallory is ejected from the pool.
The dashboard after reset, restoring the initial state for the next demonstration run.
Centralized compliance tools force users to surrender their Personally Identifiable Information (PII) repeatedly, creating massive data silos vulnerable to breaches. Bastion is a privacy-preserving compliance gateway: a holder's PII is hashed into a commitment off-chain, only the commitment + nullifier ever touch the chain, and an autonomous monitor revokes credentials the instant compliance lapses.
Key Features:
- β‘ Privacy-preserving credentials: a real Merkle tree + nullifier scheme proves set-membership and non-revocation. The proof is Groth16-shaped (snarkjs-API compatible) and the commitment hash is SHA-256-based β structured as a drop-in for field-native Poseidon + real snarkjs Groth16, which is the documented roadmap. No PII is ever written on-chain.
- π Autonomous enforcement: a CSPR.cloud streaming monitor triggers
revokeon the Odra contract when a risk event fires β no human in the loop. - π₯οΈ Compliance Console (the live demo): inject a sanctions hit and watch one holder's proof flip βββ, the Merkle root update, and the pool eject them β while every other holder keeps verifying (
/api/console, real Merkle/nullifier recomputation). - π¨ Institutional UI: Next.js 16 / React 19 dashboard styled like a deep-navy security console.
| Layer | Technology |
|---|---|
| Frontend | Next.js 16 (App Router), React 19, Tailwind CSS v4 |
| Contract | Odra (Rust) on Casper Testnet β installed via pnpm deploy:rpc |
| Proof engine | Groth16-shaped, snarkjs-API compatible (SHA-256 commitment) β drop-in for real Poseidon + snarkjs Groth16 (roadmap) |
| Signing | casper-js-sdk (backend PEM key) for autonomous revoke / insert_commitment |
| Infrastructure | x402 micropayments, CSPR.cloud streaming monitor |
flowchart TD
U[User] -->|submit docs off-chain| VER[Verifier Agent]
VER -->|eip-712 credential + Poseidon commitment| CRED[Gasless Credential + Commitment]
CRED -->|CSPR.click insert tx| REG[Upgradable Odra Contract: Merkle root + nullifier set]
REG --> TN[(Casper Testnet)]
PII[(Encrypted off-chain vault)] -. never on-chain .- REG
U2[Holder] -->|secret + Merkle path| ZK[circom/snarkjs Groth16 prover]
ZK -->|proof: member & non-revoked| GATE[Gateway Verifier]
GATE -->|check vs on-chain root/nullifiers| REG
GATE -->|valid β admit| POOL[Gated Demo Pool]
MON[Monitor Agent] -->|CSPR.cloud streams + risk feed| RISK{Risk signal?}
RISK -->|yes| REV[CSPR.click revoke tx: update root / publish nullifier]
REV --> REG
REG -. revoked proof stops verifying β eject .- POOL
DAPP[Protocol / dApp] -->|POST /check + proof| XQ[x402 Check Server]
XQ -->|402 β eip-712 pay β facilitator settle| TN
XQ -->|200 boolean| DAPP
π Deep Dive: For a full architectural breakdown, including specific API endpoints, cryptographic specs, and ZK circuit constraints, see the detailed System Architecture Design Document.
- Casper Innovation Track (Build Direction #4: AI Compliance & KYC)
- Casper Testnet Smart Contract: Built with the Odra framework in Rust, located in bastion.rs. Manages on-chain Merkle-root state transitions of valid credentials and logs revoked nullifiers.
- Casper x402 Micropayments: Integrated in x402_facilitator.ts to gate pay-to-check reads.
- Autonomous signing: Backend
casper-js-sdk(PEM key) builds, signs, and broadcastsinsert_commitment/revokein casper.ts β no browser wallet required.
- Node.js β₯ 20
- pnpm
- Rust & Cargo (only to rebuild the Odra contract)
- Clone:
git clone https://github.com/edycutjong/bastion.git - Change directory:
cd bastion - Install:
pnpm install - Configure:
cp .env.example .env.localand add your keys - Run:
pnpm dev
π‘ Note for Judges β what's real vs. simulated (no overclaiming):
- No login, no PII. Open the Compliance Console straight away β it's the live demo (
/api/console). Inject a sanctions hit and watch one holder's proof flip βββ, the Merkle root recompute, and the pool eject them in real time, while everyone else keeps verifying.- What's real: the Merkle tree, nullifier scheme, commitment recomputation, and the Odra contract (
insert_commitment/revoke) are real. What's simulated: the proof is Groth16-shaped over a SHA-256 commitment (snarkjs-API compatible) β wired as a drop-in for field-native Poseidon + real snarkjs Groth16, which is the roadmap. We don't claim a real Groth16 verifier where there isn't one yet.- On-chain writes (
BASTION_DEMO=false+ funded key + deployedBASTION_CONTRACT_HASH) broadcast real Testnet transactions viacasper-js-sdk; in demo mode they return a clearly-labelled placeholder.
All contracts are live on Casper Testnet (chain
casper-test). SetBASTION_DEMO=false+ fill.env.localto broadcast real transactions.
| Item | Value |
|---|---|
| Bastion Contract | hash-d247c7118d240bb339612f176f23816aa7a42e3bce88b132cad9982707c4a2c0 |
| Install Transaction | 6632ffec189f76cdf4dd8d057642160cac3608b98bd0477e6cc540319c6c0f22 |
insert_commitment (admit a holder) |
1b65887722fa960437e10f1e497ac3837934e645d153e9268d79190b2beebb27 |
revoke (autonomous revocation) |
89db2b3bc80c2e95966e82456ad6f2a3fe6c49a6ce3cc47155f9e44dbf50b7cc |
| CEP-18 Token (x402) | hash-541069ed8cad06249f76edb0972932d012badbb256111d3000df06ac1d703be6 |
| Issuer Account | 01b9c7741b3679191aa4f82e5529e3f0908e3d5cbc9c3c352807e17b7c48bffc55 |
| Network | Casper Testnet (casper-test) |
| Framework | Odra (Rust β WASM, target-cpu=mvp) |
| Machine-readable record | deployments/testnet.json |
The full compliance lifecycle is a confirmed on-chain sequence: a holder is admitted (insert_commitment) then autonomously revoked (revoke) β both real, successful Testnet transactions. Reproduce with pnpm deploy:rpc (install) + BASTION_DEMO=false pnpm tsx scripts/run_lifecycle.ts (lifecycle).
Re-deploy your own:
pnpm deploy:rpcinstalls a fresh contract instance and prints the package hash. See LIVE_TESTNET.md for the full walkthrough.
Originality: all code is original and newly developed for the Casper Agentic Buildathon 2026; shared
@vouch/*packages are authored for this submission.
The following design documents and resources are available in this repository:
- ποΈ System Architecture: Full data flow diagrams (Mermaid), API specifications, and math/cryptographic models.
- π¬ Interactive Demo Guide: Step-by-step walkthrough of the live demo console and expected system behaviors.
- π‘οΈ Sponsor Track Defense: Justification of track eligibility, including Casper Network and x402 integration references.
- π Product Requirements Document (PRD): Initial project scope, problem statement, user personas, and product requirements.
- π Live Testnet Wiring Runbook: Detailed guide to flipping the application from demo mode to Casper Testnet execution.
6-stage pipeline: Quality β Security β Build β E2E β Performance β Deploy
# ββ Code Quality ββββββββββββββββββββββββββββ
pnpm run lint # ESLint
pnpm run typecheck # TypeScript check
pnpm run test # Run tests (99)
pnpm run test:coverage # Coverage report
# ββ Advanced Testing ββββββββββββββββββββββββ
pnpm run e2e # Playwright E2E tests
pnpm run lighthouse # Lighthouse CI audit
# ββ Security ββββββββββββββββββββββββββββββββ
make security-scan # pnpm audit + license check| Layer | Tool | Status |
|---|---|---|
| Code Quality | ESLint + TypeScript | β |
| Unit Testing | Vitest (99 tests) | β |
| E2E Testing | Playwright (3 suites) | β |
| Security (SAST) | CodeQL | β |
| Security (SCA) | Dependabot + npm audit | β |
| Secret Scanning | TruffleHog | β |
| Contract | Cargo Test | β |
This project is licensed under the MIT License β see the LICENSE file for details.




