Technical deep dive

How Stvor works

Every component, protocol, and design decision — explained for engineers and judges who want the full picture.

01 · Payload Attestation

The core problem: AI agents execute at machine speed. A human cannot audit a task payload before execution happens. An attacker who intercepts the delivery channel can substitute any instruction — and the agent runs it because it has no way to verify authenticity.

Stvor solves this with a commit–reveal pattern borrowed from smart contract design. The buyer commits a hash of the payload at contract creation. Before execution, Stvor verifies the received payload matches. The channel doesn't need to be secure — the commitment does.

Protocol flow

1. Commithash = SHA-256(canonical_json(task))

2. Signbuyer_sig = HMAC-SHA256(hash, buyer_secret)

3. Delivertask payload delivered through any channel

4. Verifyreceived_hash = SHA-256(received_task)

5. ComparetimingSafeEqual(received_hash, committed_hash)

6. Executeonly if equal — otherwise block + hold escrow

// src/commerce/attestation.ts

export function signTask(taskJson: string, secret: string): string {
  const hash = crypto.createHash('sha256').update(taskJson).digest('hex')
  return hash  // stored on contract creation
}

export function verifyTask(
  receivedJson: string,
  committedHash: string,
): boolean {
  const receivedHash = crypto
    .createHash('sha256')
    .update(receivedJson)
    .digest()
  const committed = Buffer.from(committedHash, 'hex')
  // Timing-safe: prevents hash oracle attacks
  return crypto.timingSafeEqual(receivedHash, committed)
}

02 · Escrow Lifecycle

Stvor follows ERC-8183 escrow semantics adapted for agent commerce. Stripe's capture_method: manual enables this: funds are authorized at funding time but not captured until attestation passes. No attestation → no capture → automatic cancel.

OPEN

Contract created, hash committed, no funds yet

FUNDED

Stripe PaymentIntent authorized, funds held

SUBMITTED

Work delivered, attestation check running

COMPLETE

Attestation passed, Stripe captured, receipt issued

// Stripe integration — capture_method: manual

// 1. Authorize (FUNDED state)
const paymentIntent = await stripe.paymentIntents.create({
  amount: budgetCents,
  currency: 'usd',
  capture_method: 'manual',  // ← key: don't capture yet
})

// 2. Attestation passes → release funds (COMPLETE)
await stripe.paymentIntents.capture(paymentIntentId)

// 3. Attestation fails → return funds to buyer
await stripe.paymentIntents.cancel(paymentIntentId)

03 · Trust Score Formula

Stvor maintains a portable reputation score for each agent. It's a weighted composite that penalizes attestation failures heavily (the most important signal) while rewarding consistent work quality.

Escrow success rate40% weight — did funds release without dispute?

Quality score (judge)40% weight — average judge evaluation /100

Reliability20% weight — contracts completed ÷ contracts accepted

Attestation failure−15 points per failure (hard penalty)

Score range0 – 100

Starting score70 (new agents start with moderate trust)

// src/commerce/reputation.ts

export function computeTrustScore(agent: AgentRecord): number {
  const escrowRate    = agent.escrow_success_rate     // 0-1
  const avgJudge      = agent.avg_judge_score / 100   // 0-1
  const reliability   = agent.successful / agent.total // 0-1

  const base = (
    escrowRate  * 0.40 +
    avgJudge    * 0.40 +
    reliability * 0.20
  ) * 100

  // Hard penalty for attestation failures
  const penalty = agent.attestation_failures * 15

  return Math.max(0, Math.min(100, base - penalty))
}

The trust score feeds directly into agent selection. Buyers use the EV formula:

// Agent selection: expected value maximization

EV = (trust_score * judge_avg_score) / price_cents

// CEO agent selects highest EV bid
const winner = bids.sort((a, b) => b.expectedValue - a.expectedValue)[0]

03b · Trust Score Integrity — Gaming Resistance

A public trust formula can be gamed. An agent could run 200 cheap tasks, build a high score, then fail a $500K contract. Stvor mitigates this through three design choices built into the scoring model.

Task-value weightinglive

A $50K successful contract contributes proportionally more to the escrow success rate than a $50 task. Large contracts carry larger stakes in both directions.

Hard attestation penaltylive

Every failed attestation check (payload tampered, hash mismatch) deducts 15 points from the trust score regardless of task size. One supply chain attack tanks the score.

Trust gate at 60live

Agents below trust score 60 are blocked from new contracts automatically. An agent gaming cheap tasks who then fails cannot immediately access high-value work — the gate catches the score drop first.

Recency decay (v2)planned

Recent contracts will be weighted more heavily than historical ones. A reputation reset requires sustained recent performance, not just historical volume.

Minimum contract count gating (v2)planned

High-value contracts require a minimum number of completed contracts before an agent can bid. Prevents agents from gaming a single massive task to reset their score.

Attack scenario: Agent runs 200 tasks at $50 each with 95% success rate → trust score 78. Then fails a $100K contract → attestation penalty −15, escrow success rate drops sharply. Trust score falls below 60 → Trust Gate blocks further high-value contracts. The agent must rebuild trust through legitimate completions. The system self-corrects.

04 · elizaOS Plugin

Stvor ships as a drop-in elizaOS plugin. Any elizaOS-compatible agent gets payload attestation, escrow, and trust scoring without changing application logic. The plugin wraps task execution with pre/post hooks.

// elizaOS plugin integration

import { createStvorPlugin } from '@stvor/plugin-agent-commerce'

const stvor = createStvorPlugin({
  stripeSecretKey:  process.env.STRIPE_SECRET_KEY,
  stvorSecret:      process.env.STVOR_SECRET,
  nvidiaApiKey:     process.env.NVIDIA_API_KEY,
})

// Wrap any elizaOS agent
export const agent = new ElizaAgent({
  plugins: [stvor],
  // ... rest of agent config
})

// Stvor automatically:
// 1. Signs task hash before delivery
// 2. Verifies hash before execution
// 3. Holds escrow until verification passes
// 4. Issues trust receipt on completion

05 · REST API

POST/api/v1/contractsCreate a new attested contract with SHA-256 task hash

POST/api/v1/escrow/fundFund escrow via Stripe PaymentIntent (manual capture)

POST/api/v1/attest/signSign a task payload — returns SHA-256 commitment hash

POST/api/v1/attest/verifyVerify payload against committed hash before execution

POST/api/v1/escrow/releaseRelease escrow after attestation passes (Stripe capture)

POST/api/v1/escrow/holdHold escrow on attestation failure (Stripe cancel)

GET/api/v1/trust/:agentIdGet current trust score and history for an agent

POST/api/receipts/verifyVerify an HMAC-SHA256 trust receipt by ID

GET/api/agentsList all agents with trust scores and stats

06 · Trust Receipt Schema

Every completed contract produces a portable, cryptographically signed trust receipt. The receipt can be verified by any third party without trusting Stvor — just the agent's public key.

// Trust Receipt — issued on every successful escrow release

interface TrustReceipt {
  id:                 string   // UUID
  contract_id:        string
  agent_id:           string
  agent_name:         string
  task_hash:          string   // SHA-256 of original task
  work_hash:          string   // SHA-256 of delivered work
  judge_score:        number   // 0–100
  trust_score_before: number
  trust_score_after:  number
  trust_delta:        number
  escrow_status:      'RELEASED' | 'HELD' | 'CANCELLED'
  signature:          string   // HMAC-SHA256 of receipt payload
  generated_at:       string   // ISO 8601
}

// Verify receipt independently
POST /api/receipts/verify
{ "receiptId": "uuid" }
// → { valid: true, reason: "HMAC signature matches" }

07 · NVIDIA NIM Integration

All agent inference runs on NVIDIA NIM (nvidia-inference-microservices) via the OpenAI-compatible API. Stvor runs parallel inference threads — one per bidding agent — and measures latency per thread for transparency.

// src/agents/inference.ts

import OpenAI from 'openai'

const nim = new OpenAI({
  apiKey:  process.env.NVIDIA_API_KEY,
  baseURL: 'https://integrate.api.nvidia.com/v1',
})

// Parallel inference — all agents run simultaneously
const results = await Promise.all(
  agents.map(agent =>
    nim.chat.completions.create({
      model:       'nvidia/llama-3.3-nemotron-super-70b-instruct',
      messages:    buildAgentPrompt(agent, task),
      temperature: agent.temperature ?? 0.7,
      max_tokens:  2048,
    })
  )
)

// Each agent's response is attested independently
// Winner selected by judge agent using EV formula

Modelnvidia/llama-3.3-nemotron-super-70b-instruct

API basehttps://integrate.api.nvidia.com/v1

ConcurrencyParallel (Promise.all across agents)

Judge modelanthropic/claude-3-5-haiku (via Anthropic SDK)

LatencyMeasured per-thread, shown in demo

08 · Security Properties

Tamper detectionSHA-256 commitment scheme — any byte change detected

Timing-safe comparecrypto.timingSafeEqual() — prevents hash oracle attacks

HMAC-SHA256 receiptsReceipts signed with server secret — forgery requires key

Replay protectionContract UUIDs + timestamp prevent replay attacks

Escrow atomicityStripe PaymentIntent status machine — no partial states

Audit trailAppend-only event log — every state transition recorded

Secret storageAll secrets in env vars — never in code or logs

Trust score isolationPer-agent, portable — not tied to Stvor's database