From deterministic plans to verifiable private-policy decisions
The roadmap reflects the implementation that exists today. The ZK and Soroban path is no longer a future concept: it is a working testnet milestone with a hosted demo, genuine proofs, three decision outcomes, and explicit transaction evidence.
-
Deterministic Stellar action layer
- Local ONNX intent classification maps natural-language requests into deterministic typed ActionPlans without requiring an external AI API.
- Canonical ActionPlans provide an explicit structure before any Stellar Classic or Soroban action can progress.
- Stable guardrail exits cover allowlist protection, contract-policy failures, and intent-safety failures through exit codes
3,4, and5. - Typed Soroban templates normalize practical inputs including
address,bytes,symbol, andu64. - Runtime behavior is shared across the REPL, CLI,
.ncfiles, and the server API. - The standard execution boundary remains
simulate → preview → confirm → submit. - x402-lite provides a guarded payment-required and finalize flow with replay-aware state handling.
- Public WebUI and Stellar CLI demos expose the current system without requiring local installation.
-
NeuroChain ZK Guardrail Attestation
- A known deterministic NeuroChain evaluator runs inside a RISC Zero guest against a private owner policy and private audit nonce.
- Genuine RISC Zero Groth16 receipts prove evaluator execution while the policy rules, commitment salt, and audit nonce remain private.
- The canonical public journal binds the evaluator image ID, ActionPlan hash, policy commitment and version, decision, exit and reason codes, approval state, and audit nullifier.
- A Soroban guardrail application routes the receipt through a pinned verifier router to the Groth16 verifier.
- The contract accepts only owner-authorized policy commitment and version pairs.
- The bundled scenarios return
approved,requires_approval, andblockedwith stable decision semantics. - Permissionless
verifyis repeatable and read-only, so it does not consume the audit nullifier. zk.stellar.attestsubmits a separate explicit proof-verification transaction on testnet and returns a transaction hash and explorer link.zk statuspreserves the validated local binding together with the latest Stellar verification mode, transaction hash, and nullifier state for the active session.- Owner-authenticated
verify_and_consumeis available in the local operator flow to record the audit nullifier and reject replay. - A valid proof never automatically signs or submits the underlying ActionPlan.
-
Make the guardrail easier to integrate and operate
- Provide a cleaner SDK and API path for external Stellar applications to supply typed ActionPlans and request private-policy verification.
- Improve the operator experience for policy commitment authorization, versioning, rotation, and revocation.
- Feed decoded Soroban events and return values back into deterministic DSL workflows.
- Execute practical multi-step workflows inside a single
.ncrun instead of only isolated actions. - Add clearer audit, observability, and proof-status views for operators and external reviewers.
- Evaluate focused testnet pilot flows for automated treasury, controlled payments, or tokenized-asset operations.
- Define durable operational handling for replay state and Stellar network TTL maintenance.
- Design a separate approved ActionPlan execution integration without weakening the proof-versus-submit boundary.
- Move x402-lite toward a real facilitator boundary with production-shaped authentication and idempotency.
-
Security, operations, and mainnet-readiness criteria
- Independent security review of the ZK, Soroban, policy, replay, and execution boundaries.
- Dependency, build, artifact, and software-supply-chain hardening.
- Long-lived state maintenance and restoration procedures beyond normal network TTL windows.
- Production-grade owner, key, policy-rotation, and recovery design.
- Monitoring, rate limits, abuse controls, and operational incident handling.
- Release hardening with regression, parity, reproducibility, and deployment gates.
- Mainnet consideration only after successful pilots, security review, and explicit deployment approval.
What the roadmap is optimizing for
The direction remains conservative: explicit typed actions, independently verifiable private-policy decisions, and a clear separation between proof verification and transaction execution.
Deterministic inputs
Natural-language or application input is converted into a typed ActionPlan before guardrails or chain interaction.
Verifiable private decisions
RISC Zero and Soroban make the private-policy result independently verifiable without publishing the policy rules.
No automatic execution
Proof verification remains an authorization input. Signing and submitting the underlying ActionPlan stay separate.
Run the live Stellar testnet milestone
The hosted CLI demonstrates local binding, all three private-policy outcomes, Soroban verification, and one separate explicit testnet attestation.