Shade Agents
The Shade Agent Framework allows developers to build decentralized and trustless AI agents that control accounts and assets across multiple blockchains.
Previous Web3 agents fall into one of two categories:
- They are trustless and verifiable by using a trusted execution environment (TEE), but if the TEE goes down, the private keys and funds of the agent are lost.
- The agent’s accounts are persistent, but the agents are centralized.
Shade Agents provide verifiability and non-custody by operating in TEEs, but also persistent control of accounts by using NEAR's decentralized key management. Any instance of an agent running the same code inside a TEE has access to the same accounts. You don't need to worry about private keys being lost or exposed.
Thanks to combining TEEs with the NEAR tech stack, Shade Agents can autonomously sign transactions across any chain, interact with AI models and external data sources, manage assets, and perform privacy-preserving, verifiable computations, offering the flexibility and performance of Web2 with the verifiability of Web3.
Shade Agents power Agentic Protocols: a new type of decentralized application designed to be autonomous, proactive, and intelligent.
How do Shade Agents work?
Shade Agents consist of two main components: the agent
and the agent smart contract
.
When an agent is booted up in a TEE, the TEE's hardware-based entropy
generates a random private key and account. This private key is exclusively used to call the agent contract, not for storing funds.
What is a TEE?
A trusted execution environment is a secure area of a CPU that runs code in an isolated and protected way. This means we know the expected code is running and its execution is not exposed outside of the enclave. TEEs produce attestations to prove that the code is running within a TEE and that it's running the specified code.
The agent calls the register_agent
function on the agent smart contract
, providing two pieces of information generated inside the TEE:
- A
remote attestation quote
(which proves it is running inside a genuine TEE). - The Docker image's SHA256
code hash
(to prove that the expected code is running).
If the attestation quote is valid and the code hash matches the expected code hash of the agent (defined during the agent contract's deployment), the agent's account is approved as a valid agent inside the agent contract.
Once registered, the agent
can call the request_signature
function on the agent contract, enabling it to sign transactions on behalf of the Shade Agent. request_signature
leverages chain signatures for decentralized key management, allowing the Shade Agent to hold assets and sign transactions on nearly any chain.
Anyone
can deploy the same Docker image of the agent
to a different TEE. Since the Docker image will have the same code hash, it can then be registered as a new valid agent, and thus gain access to signing transactions using the Shade Agent's accounts. This means the accounts are persisted across different TEE instances. To facilitate this functionality, agents are designed to be stateless.