The Protocol
Neurolix Protocol is a compliance-ready Confidential AI compute layer on Base L2. It combines hardware-isolated TEE enclaves with cryptographic attestation and trust-minimized on-chain SLA enforcement.
How It Works
The TEE → Attestation → Base L2 loop.
A step-by-step breakdown of how data remains encrypted in transit and in use, ensuring that only the cryptographic commitment leaves the secure boundary.
Architecture
How the stack works
STEP 01
Confidential VM
AI workloads run inside AMD SEV enclaves on Google Cloud Confidential Computing (PoC). Roadmap extends to AMD SEV-SNP, Intel TDX, and NVIDIA H100 CC. The CPU enforces memory isolation — neither the cloud provider nor the node operator can access the plaintext data or model inputs.
AMD SEV (live) · SEV-SNP · Intel TDX · H100 CC (roadmap)STEP 02
Hardware Attestation
After execution, the CPU generates a cryptographically signed attestation report. The report is verified against the hardware vendor's certificate chain (AMD EPYC root, GCP OIDC) and a commitment hash is derived from the model ID, prompt hash, output hash, and timestamp.
SHA-256 · OIDCSTEP 03
On-Chain Anchoring
The commitment hash is submitted to NeurolixAttestation.sol on Base Mainnet. The transaction is immutable and publicly verifiable. The SLA contract enforces payment distribution and slashing conditions based on on-chain state.
Base Mainnet · NeurolixAttestation.solSmart Contracts
Contract suite v1.16 — 16 contracts
52 cumulative patches across 6 adversarial cross-model review cycles. 128/128 Foundry tests passing.
NeurolixAttestation.sol
Commitment hash anchoring. Live on Base Mainnet.
OLIXToken.sol
ERC-20 utility token. Hard cap 100M. No transfer tax.
NodeRegistry.sol
Node operator registration, staking (min 10K OLIX), slashing.
LiquidityVault.sol
On-chain reserve custody — 8M OLIX + USDC. Counter-cyclical price stabilization.
NeurolixGovernor.sol
OpenZeppelin Governor pattern. Requires VotingEscrow.sol (under development) before deployment.
PriceOracle.sol
Triple-feed median oracle with MEV-resistant execution.
Interfaces.sol
Shared ABI boundary across all v1.16 contracts.
AttestationOracle.sol
TEE attestation verifier with ECDSA. Replay protection via session-bound hardware salt.
SlashingManager.sol
Multi-tier slashing state machine (T0–T4). Challenge window for behavioral breaches.
CCCLedger.sol
Internal Credit Ledger — B2B non-transferable CCC issued against USDC settlement. Zero-ERC20. Eliminates crypto-accounting overhead.
ComputeSession.sol
TEE session lifecycle FSM — Model B, Pull/Claim, SLA enforcement and workload commitment.
HardwareRefreshAllowance.sol
Bootstrap hardware reserve allocation for node operators.
ICCCLedger.sol
Shared interface for CCCLedger across the v1.16 contract suite.
NeurolixAttestationVerifier.sol
EIP-712 signature verification with ECDSA and session-bound nonce anti-replay.
NeurolixGateway.sol
Protocol entry-point v1.3 — USDC to CCC conversion with take-rate routing (8/4/88 split).
ProtocolBuybackEngineV16.sol
Anti-MEV buyback engine (inherited). Routes USDC settlement proceeds to LiquidityVault.
Transparency
Open mainnet blockers
These three issues were identified in v1.16 and are addressed by the v1.17 workstream (ComputeSession.sol + NeurolixGateway.sol + CCCLedger.sol, specification v0.2.2 complete — code generated, compile-clean; adversarial cross-model review in progress). These are not deployment blockers for testnet — they are blockers for mainnet token launch.
Heartbeat farming — in resolution
Resolved by sessionId-bound workload commitment (spec v0.2.2 §8, patch P6). ComputeSession.sol compile-clean; pending adversarial cross-model review and testnet deployment.
MEV exit during SLA breach — in resolution
Resolved by NodeRegistry transfer gating with investigation flag (spec v0.2.2 §7, patches P5+P13+P17).
SLA parameter trust — in resolution
Resolved by EIP-712 bilateral signature scheme (spec v0.2.2 §5). ComputeSession.sol compile-clean; pending adversarial cross-model review and testnet deployment.
On-chain references