The problem

Every AI agent holds API keys.
Every key is a leak waiting to happen.

up to $47k

Reported per-incident bills

weeks

Typical detection time today

0

Identity layer in any current AI gateway

Why Arc

We're building exactly
what Arc is for.

Arc's framework leverages decentralized identity (DID) standards with verifiable credentials to establish agent identities and delegations, on-chain intent proofs to verify user authorization for transactions, and zero-knowledge proofs to preserve privacy while proving policy compliance. W3C Verifiable Credentials ("mandates") provide non-repudiable proof of user consent for agent-driven transactions.

— Arc.network thesis on agentic commerce

That's an exact description of what MAP ships: ERC-8004 identity + zkTLS attestations + EIP-712 mandates + on-chain revocation. We didn't adapt to Arc — Arc's thesis IS our product.

ApproachPer-call costIdentity layerRecovery on leak
OpenAI key in env$0 (until breach)days, after Stripe email
Cloudflare AI Gatewayinfra feebearer (still leakable)rotate keys in N services
MAP on Arc$0.0005 USDCERC-8004 + zkTLSone TX (~2s)

$0.0005 per call vs $5 gas on Ethereum L1 = 10,000× margin.

Molecule Agent Proxy

Identity-gated, key-free API access
for AI agents.

Per-call nano-payments in USDC on Arc. Built on ERC-8004 + zkTLS.

No keys in env files

Agent never holds OpenAI / Anthropic / OpenRouter keys. Server-side KMS-wrapped vault decrypts per call.

Bounded blast radius

Session-key delegation — leak = $5/day max, not $47k.

Instant recovery

Revoke on-chain in one transaction (~2s on Arc). The next attacker call fails; your agent rotates and keeps going.
See the live demo ↗GitHub ↗

How it works

One delegation. Per-call signing.
On-chain audit + revoke.


  USER  ──── one-time setup (off-chain or one TX) ──────────▶
   │      • mint ERC-8004 NFT     (1 TX) — your agent's on-chain identity
   │      • bind attestations     (Reclaim zkTLS, on-chain hash)
   │      • sign delegation       (EIP-712, no TX)
   │            { sessionKey, vault, scope, cap, ttl, nonce }
   │
   │      delegation bundle handed to agent runtime
   ▼
  AGENT  (OpenClaw / LangChain / Hermes / custom)
   │       per call: sign(body || nonce || timestamp) with sessionKey
   │       POST /api/proxy/v1/chat/completions
   ▼
  MAP PROXY  (Vercel + Arc)
   1. verify session-key sig    (off-chain, instant)
   2. verify delegation sig     (off-chain, instant)
   3. check scope, cap, expiry  (off-chain, instant)
   4. check revocation          (on-chain read, ~50ms)
   5. charge USDC nano-payment  (on-chain TX, ~$0.0005)
   6. forward to OpenRouter     (KMS-decrypted upstream key)
   7. emit Charged event        (live feed sees it in ~2s)

Session-key delegation, EIP-7702-compatible

User signs ONE EIP-712 structured message with their primary wallet (MetaMask). The agent uses a separate session keypair for every subsequent call. Compatible with EIP-7702 for future on-chain enforcement. Primary key never sees per-call traffic — and never leaves MetaMask.

On-chain receipts you can audit

Every call emits a Charged event on Arc. Dashboard streams them live via Server-Sent Events. Judges hit the public URL and see real-time activity from the OpenClaw demo.

Use cases

One primitive.
Two markets opened today.

✓ Live in this demo

Key-free API access for agents

Your agent (OpenClaw, LangChain, Hermes, Claude Skill, custom) calls OpenAI / Anthropic / Google / anything — without ever holding the key.

Why it matters: every leaked key in the news could have been bounded to $5/day and revoked in two seconds. Today the only patterns are "stuff key in env" or "lock to a custodial gateway." MAP gives you cryptographic per-call identity with sub-cent settlement.

See live activity ↗

v0.2 — same primitive, wallet operations

Autonomous on-chain trading without giving away your private key

Today: trading bots either hold the user's private key in plain config (huge leak surface) or use exchange-issued API keys (custodial only). Neither scales to autonomous on-chain agents.

MAP v0.2: private key stays in MetaMask (or a sandboxed microVM). User signs ONE delegation declaring "this session key may swap on Aave up to $500/day, no other contracts." Agent uses the session key. Compromised agent can't drain the wallet — at most $500/day until revoked. Revoking the session key never requires touching the private key. The PK in MetaMask is untouched; the user just submits one revoke transaction.

Pairs natively with CelestoAI/SmolVM for sandboxed execution and Phala Network TEE for hardware-attested identity.

Roadmap + creator

Open source. Solo built.
Years of thesis behind it.

Roadmap

  • v0.2 — Wallet vault for autonomous agent trading. Same session-key delegation pattern, applied to wallet operations. Agent trades on-chain; private key never leaves MetaMask. Revoke a compromised session in one click — your wallet stays untouched.
  • v0.2 — Sandbox runtime: Phala TEE or Celesto SmolVM. Agent code runs in a hardware-isolated microVM holding the PK. Compromised agent code can't exfiltrate. MAP gates external API calls; the sandbox gates code execution. Defense in depth.
  • v0.3 — Multi-chain. Same architecture on Base, Solana via Wormhole. Reputation registry per ERC-8004.
  • v1.0 — Full onboarding wizard + production launch. SDKs published for OpenClaw, Hermes, LangGraph, Claude Agent SDK, AutoGen.

Creator

Calvin Pak

Creator, Molecule Protocol — NFT proof tokens → on-chain SDL allowlist → Credit3 → ZKP. Agent identity has been the through-line for years; MAP is the execution layer that makes it economical.

  • • Speaker, ETH Denver 2024 — data sovereignty
  • • Speaker, EdCon 2024 — data sovereignty
  • • Thesis: data ownership
  • MAP is open source — MIT licensed, contributions welcome
Built for theAgentic Economy on Archackathon.Track: Per-API Monetization Engine.·@buildoncircle · @arc · @lablabai