AGENT-OWNED INFRASTRUCTURE
Technical Walkthrough
Agents Don’t Borrow Keys.
They Own Them.
They Own Them.
How Nukez gives autonomous AI agents their own wallet, storage, and cryptographic proof of ownership — with zero dependency on human OAuth tokens.
⚠ The Problem
Anthropic just banned agents from borrowing human credentials.
Policy Change
OAuth tokens from Free, Pro, and Max plans are now exclusively for Claude Code and Claude.ai. Using them in the Agent SDK or any third-party tool violates the Consumer Terms of Service.
Collateral Damage
Tools like OpenCode that proxied consumer OAuth tokens were killed overnight. Agents lost their backend, their state, and their ability to function — all from a single policy update.
Identity Void
Agents have no identity of their own. No wallet, no credentials, no verifiable proof of what they’ve stored or computed. They exist only as passengers on human accounts.
State Fragility
When credentials get revoked, everything the agent built — context, state, work product — vanishes. There’s no independent, verifiable agent memory that survives provider changes.
The Nukez Pipeline
End-to-end, fully autonomous.
Every step below was executed live by an AI agent via MCP. No human credentials were involved at any point.
Agent-Owned Storage Flow
Agent Wallet
Solana Keypair
→
Pay On-Chain
SOL Transfer
→
Get Receipt
Crypto Proof
→
Store Data
GCS / MongoDB
→
Attest
Switchboard Oracle
→
Verify
Public URL
1
Agent Identifies Itself
The agent has its own Solana keypair — no human account needed.
// nukez_get_wallet_info()
{
"pubkey": "K5eGSGUjj1Dk1FzP55LKFbWZavXMxGrEcikDNHXu5HE",
"balance_sol": 79.248,
"network": "devnet",
"sufficient_for_storage": true
}
Identity: Solana pubkey — immutable, self-sovereign, provider-independent
2
Agent Pays for Storage
Request storage → transfer SOL → receive cryptographic receipt. Three MCP calls.
// Step 2a: Request payment instructions
pay_req_id: "b1612e5a8bbf"
pay_to : "EKU9LN4nDBTqmqqHKBGqL1ZQxu8ZwSRLgjaZcwM5Fhmv"
amount : 0.000112 SOL
// Step 2b: Execute on-chain transfer
tx_sig: "2vJH3UkP12ne...swC1TXi"
└─ verifiable on Solana explorer by anyone
// Step 2c: Confirm & receive receipt
receipt_id : "830bb99da490566c"
payer_pubkey: "K5eGSGUjj1Dk1FzP55LKFbWZavXMxGrEcikDNHXu5HE"
Receipt bound to agent’s pubkey — this is proof of ownership
3
Agent Provisions Locker & Stores Data
Create a storage namespace, write files. Only the receipt holder can access.
// Provision locker
locker_id: "locker_4dba893ae8f6"
tags: ["agent-owned", "credential-gap-proof"]
// Upload agent state
{
"agent_id": "claude-opus-4.6-session-2026-02-18",
"credentials_borrowed_from_humans": 0,
"oauth_tokens_used": 0,
"identity_method": "Solana keypair + cryptographic receipt"
}
// ✓ uploaded: 522 bytes
Data stored — receipt-gated, provider-independent, round-trip verified
4
On-Chain Attestation
This is where it gets serious. Scroll down for the deep dive.
// nukez_attest(receipt_id="830bb99da490566c")
{
"attested" : true,
"merkle_root": "sha256:5f001b8805f068c1d0aa8c23186bdf4df5ab039d4fca4f6791890ae8eeb646c1",
"push_ok" : true,
"tx_signature": "4U44LoFf1N6uJ1sUpQbV...v4jBho",
"file_count" : 1
}
Merkle root anchored to Solana via Switchboard oracle
5
Public Verification
Anyone, anytime. No account needed. Math, not trust.
// nukez_verify_storage(receipt_id="830bb99da490566c")
{
"verified" : true,
"merkle_root" : "sha256:5f001b88...eeb646c1",
"manifest_sig": "ca4354642a0d1584...0cf702",
"verify_url" : "https://nukez.xyz/verify/830bb99da490566c",
"files": [{
"filename" : "agent_state.json",
"content_hash": "3baa14039f7dad...beedb1",
"size_bytes" : 522
}]
}
Ed25519 gateway signature + Merkle proof + on-chain anchor = verifiable by anyone
Deep Dive
Switchboard Attestation
How a file stored by an agent becomes a tamper-proof, on-chain verifiable fact that no single party can falsify.
① Agent
Agent triggers attestation
After storing data, the agent calls
nukez_attest(receipt_id). This initiates a full integrity cycle — the agent doesn’t need to know the internals.MCP call: nukez_attest(receipt_id="830bb99da490566c")
② Nukez Gateway
Re-read all files → Build Merkle tree
The gateway reads every file in the locker from storage, computes SHA-256 hashes for each, and builds a Merkle tree. The root hash represents the entire locker’s state at this moment.
For each file:
agent_state.json → SHA-256 → 3baa14039f7dad...beedb1
Merkle tree construction:
leaf[0] = hash(filename + content_hash + size)
...
root = sha256:5f001b8805f068c1d0aa8c23186bdf4df5ab039d4fca4f6791890ae8eeb646c1
③ Nukez Gateway
Sign the manifest
The gateway signs the Merkle root + file list with its Ed25519 key. This signature proves the gateway saw exactly this data at exactly this time. If the gateway later lies about what was stored, the signature won’t match.
manifest_signature:
ca4354642a0d1584b37b773f6b0a9ce2239056f2448d9f6ff510c7886241cc4d
b968272cbe2fbda316709ed3c3836a9c4a75b3ea2a4886d735cef5277c0cf702
Covers: receipt_id + locker_id + merkle_root + file_list + timestamp
④ Switchboard
Oracle pushes Merkle root to Solana
This is the critical step. The Switchboard oracle — an independent, decentralized network of validators — takes the Merkle root and anchors it on-chain via a Solana transaction. This creates an immutable timestamp: this data existed, in this exact state, at this exact block height.
Switchboard oracle network:
• Independent validator nodes verify the push request
• Merkle root written to Solana account state
• Transaction finalized at consensus
tx_signature: 4U44LoFf1N6uJ1sUpQbV9oFjc1XZEm6ewFHWHzvLoekhz2VCQ4z6bFbT182qH3WyzswiuYJXDpnxDcGP6hv4jBho
Why Switchboard matters:
• Nukez can’t fake the attestation — the oracle is independent
• Solana can’t lose it — it’s on a global ledger
• Anyone can read it — no account, no auth, no permission
⑤ Verification
Anyone verifies independently
A verifier — another agent, an auditor, a smart contract — can now independently confirm: (1) the Merkle root on-chain matches, (2) the gateway signature is valid, (3) the file hashes reconstruct the same Merkle root. Three independent proofs that no single party can falsify.
Three-layer verification:
Layer 1 — On-chain anchor
Read Solana tx 4U44LoFf1N6u...jBho
Extract merkle_root from account state
Confirm: sha256:5f001b88...eeb646c1 ✓
Layer 2 — Gateway signature
Verify Ed25519 signature against gateway pubkey
Confirm manifest was signed by Nukez gateway ✓
Layer 3 — Content integrity
Re-hash each file, rebuild Merkle tree
Confirm root matches on-chain value ✓
Public URL: https://nukez.xyz/verify/830bb99da490566c
● Live Proof — Generated During This Conversation
This attestation is real.
Merkle root: 5f001b8805f068c1d0aa8c23186bdf4df5ab039d4fca4f6791890ae8eeb646c1
Verify On-Chain →OAuth World vs. Nukez
| Layer | OAuth / Human Credentials | Nukez |
|---|---|---|
| Agent Identity | Borrowed human token revocable | Solana keypair self-sovereign |
| Payment | Human’s credit card / subscription | Agent pays SOL on-chain autonomous |
| Ownership Proof | none | Cryptographic receipt bound to pubkey |
| Data Persistence | Dies with session or credential revocation | Survives provider changes receipt-gated |
| Tamper Evidence | none | Merkle tree + Switchboard attestation |
| Verification | “Trust us” | Public URL, anyone, anytime trustless |
| Provider Lock-in | Total — one TOS change breaks everything | Swap models freely none |
