Skip to content

virtual457/Zoro

BranchesTags
 
 

Repository files navigation

CogMarket
Bitcoin-Native AI Agent Marketplace

Trustless escrow. On-chain reputation. Decentralized justice.
Every sat moves through real Bitcoin Script — not a smart contract, not a database entry.

MIT Bitcoin Hackathon 2026  |  Theme: Freedom for All

What is CogMarket?

CogMarket is an open marketplace where AI agents sell services and buyers pay with Bitcoin. But unlike every other marketplace:

  • Payments are Bitcoin HTLC contracts, not Stripe transfers
  • Reputation is computed from blockchain data, not assigned by the platform
  • Disputes are resolved by a staked jury, not a support ticket
  • Identity is a Bitcoin keypair, not an email/password

The platform holds no funds, controls no accounts, and extracts no fees. It's a window into public on-chain data with a trust handshake UI.

The Problem

Every AI marketplace today has the same architecture: a centralized platform that holds your money, assigns your reputation, and decides your disputes. You trust Fiverr to release payment. You trust Upwork to compute ratings. You trust the platform not to rug.

CogMarket asks: what if trust wasn't required?

Traditional Marketplace CogMarket
Platform holds funds in escrow Bitcoin Script HTLC holds funds — no intermediary
Platform assigns reputation scores Indexer computes scores from on-chain HTLC outcomes
Platform resolves disputes internally Staked federation jury votes with commit-reveal
Email/password login Bitcoin keypair is your identity
Platform takes 20% fee Zero platform fees
You trust the platform You verify the chain

How It Works — The Three-Lock Model

Every sale creates three atomic HTLC contracts on Bitcoin. All three must confirm on-chain before work begins.

                    BUYER                           SELLER
                      |                               |
                      |   H1: Advance (33%)           |
                      |------------------------------>|
                      |   H2: Remainder (67%)         |
                      |------------------------------>|
                      |                               |
                      |        H0: Seller Bond (30%)  |
                      |<------------------------------|
                      |                               |
               [All 3 HTLCs confirmed on-chain]
                      |                               |
                      |     Seller begins work...     |
                      |                               |

The Three Locks

Contract What It Is Amount Key Holder Timeout
H0 Seller's skin in the game 30% of price Platform (K0) T0 = 864 blocks (~6 days)
H1 Buyer's advance payment 33% of price Platform (K1) T1 = 576 blocks (~4 days)
H2 Buyer's final release 67% of price Buyer (K2) T2 = 144 blocks (~1 day)

Why three locks? Because incentives must be aligned before work starts:

  • H0 forces the seller to stake real Bitcoin — a scammer loses their bond
  • H1 commits the buyer to pay — the seller won't work for free
  • H2 gives the buyer final approval power — release only when satisfied
  • Timeout hierarchy (T2 < T1 < T0) ensures the dispute window always exists

Five Resolution Paths

Every sale ends one of five ways. The indexer knows which one from the HTLC witness data:

# Outcome H0 (Bond) H1 (Advance) H2 (Remainder)
1 Happy — Buyer satisfied Claimed -> Seller Claimed -> Seller Claimed -> Seller
2 Dispute: Seller Wins Claimed -> Seller Claimed -> Seller Refunded -> Buyer
3 Dispute: Buyer Wins Slashed -> Platform Refunded -> Buyer Refunded -> Buyer
4 Seller No-Show Slashed -> Platform Refunded -> Buyer Never funded
5 Buyer Vanishes Claimed -> Seller Claimed -> Seller Times out -> Buyer

No ambiguity. No platform discretion. The Bitcoin Script engine determines the outcome.

Real Bitcoin Script

This is not a simulation. The HTLC contracts are real Bitcoin Script, compiled with bitcoinjs-lib and executed by Bitcoin Core.

H0 — Seller Bond (with Slash)

OP_IF
    OP_SHA256 <K0_hash> OP_EQUALVERIFY
    OP_IF
        <seller_pubkey> OP_CHECKSIG        // Happy: bond returned to seller
    OP_ELSE
        <platform_pubkey> OP_CHECKSIG      // Dispute loss: bond slashed
    OP_ENDIF
OP_ELSE
    <T0> OP_CHECKLOCKTIMEVERIFY OP_DROP
    <seller_pubkey> OP_CHECKSIG            // Timeout: bond returned
OP_ENDIF

H1 / H2 — Payment Locks

OP_IF
    OP_SHA256 <hash_lock> OP_EQUALVERIFY
    <seller_pubkey> OP_CHECKSIG            // Preimage revealed -> seller paid
OP_ELSE
    <timeout> OP_CHECKLOCKTIMEVERIFY OP_DROP
    <buyer_pubkey> OP_CHECKSIG             // Timeout -> buyer refunded
OP_ENDIF

Every HTLC is a P2WSH (Pay-to-Witness-Script-Hash) address. The script is only revealed when spent — privacy by default.

On-Chain Reputation

Reputation is not a number in a database. It is derived from HTLC outcomes on the blockchain.

The indexer reads every resolved sale and computes:

seller_score = (
    clean_completions x 10       // Good deliveries
  + disputes_won x 3             // Defended against false claims
  - disputes_lost x 15           // Failed to deliver
  - refunds x 10                 // No-shows
  + longevity_bonus              // Track record length
) / max(total_transactions, 1) x 10

Reputation Tiers

Tier Requirement Badge Color
NEW < 5 transactions Grey
ACTIVE 5+ transactions Blue
TRUSTED 20+ transactions, score >= 60 Green
ELITE 50+ transactions, score >= 80 Gold
CAUTION Slash rate > 25% Red

Key property: anyone running the indexer against the same chain computes the same scores. The marketplace cannot inflate or suppress ratings.

Sybil Resistance

Creating a fresh address to escape bad reputation means:

  • Starting over with no history (marked as NEW)
  • Posting a new bond for every listing
  • Buyers see "0 transactions" and choose trusted sellers instead

The cost of sybil = the cost of bonds + the value of lost reputation.

Conflict Federation — Decentralized Jury

When a buyer or seller disputes an outcome, the case goes to a staked federation jury — not a platform employee.

The Process

1. DISPUTE FILED
   Buyer (or seller) submits evidence

2. JURY SELECTED
   3 jurors chosen deterministically from block hash
   (no randomness — fully verifiable)

3. COMMIT PHASE
   Each juror submits:  SHA256(vote + secret_nonce)
   (hidden ballot — prevents vote copying)

4. REVEAL PHASE  
   Each juror reveals:  vote + nonce
   System verifies:     SHA256(vote + nonce) == commitment

5. VERDICT
   Majority wins. Ties go to seller (presumption of good faith)
   Minority jurors slashed. Majority splits the slash.

Incentive Design

Action Consequence
Vote with majority Earn share of minority's slashed stakes
Vote against majority Lose portion of your stake
Don't participate Automatic stake slash

This is a Schelling point mechanism: honest voting is the profit-maximizing strategy.

Joining the Federation

Anyone can become a juror by staking a minimum bond (10,000 sats). Your stake is your skin in the game — it ensures you vote carefully because bad votes cost real Bitcoin.

Wallet-Based Identity

There is no "Sign Up." There is "Connect Keys."

User arrives at CogMarket
  └── Clicks "Connect Keys"
       └── Enters Bitcoin address (bcrt1q...)
            └── Signs challenge message with private key
                 └── Connected. No account created. No data stored server-side.

Roles are unlocked by on-chain actions, not declarations:
  - Post a seller bond    →  Seller role
  - Fund H1 + H2          →  Buyer role
  - Stake a juror bond    →  Federation Juror role

What's stored: Browser localStorage only. No server sessions. No cookies. No database records. Refresh → still connected. Clear storage → disconnected.

Dev mode: For hackathon demos, signature verification can be bypassed — just enter any address to connect instantly.

Architecture

┌─────────────────────────────────────────────────────────────┐
│                    BROWSER (Next.js 16)                     │
│                                                             │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐  │
│  │Marketplace│ │  Seller  │ │  Juror   │ │   Explorer   │  │
│  │  Browse   │ │Dashboard │ │Dashboard │ │  (Indexer)   │  │
│  └────┬─────┘ └────┬─────┘ └────┬─────┘ └──────┬───────┘  │
│       │             │            │               │          │
└───────┼─────────────┼────────────┼───────────────┼──────────┘
        │             │            │               │
        ▼             ▼            ▼               ▼
┌─────────────────────────────────────────────────────────────┐
│                      API LAYER (Next.js)                    │
│  /api/listings  /api/jobs  /api/reputation  /api/auth       │
│  /api/jury  /api/dispute  /api/bitcoin/status               │
└────────┬────────────┬────────────┬───────────────┬──────────┘
         │            │            │               │
         ▼            │            ▼               ▼
  ┌──────────────┐    │    ┌──────────────┐ ┌──────────────┐
  │ MongoDB Atlas│    │    │  Federation  │ │  Reputation  │
  │  - listings  │    │    │  Jury Pool   │ │   Indexer    │
  │  - jobs      │    │    │  - staking   │ │  - scores    │
  │  - htlc txids│    │    │  - voting    │ │  - tiers     │
  └──────────────┘    │    │  - slashing  │ │  - history   │
                      │    └──────────────┘ └──────────────┘
                      ▼
               ┌──────────────┐
               │ Bitcoin Core │
               │  (regtest)   │
               │              │
               │  Real HTLCs  │
               │  Real Script │
               │  Real Blocks │
               └──────────────┘

Pages

Page Route Auth Required What It Does
Marketplace / No Browse AI agents with live reputation badges, search, filter by category
Agent Detail /agent/[id] No View reputation, contract terms, escrow breakdown, hire
Create Job /jobs/new Yes Submit work request with prompt, file upload, escrow preview
Job Status /jobs/[id] Yes Real-time status, HTLC panel, delivery artifacts, resolution actions
Seller Dashboard /dashboard/seller Yes Create agents, manage incoming jobs, accept/deliver, track reputation
Buyer Dashboard /dashboard/jobs Yes View all jobs, filter by status, track active work
Juror Dashboard /dashboard/juror Yes Stake bond, view disputes, vote on cases, track earnings
Explorer /explorer No Search any address, view reputation breakdown, network stats

Tech Stack

Layer Technology Why
Contracts Bitcoin Script via bitcoinjs-lib Real HTLC execution, not EVM simulation
Signing tiny-secp256k1 + ecpair Native ECDSA for Bitcoin keypairs
Auth bitcoinjs-message BIP-322 compatible message signing
Blockchain Bitcoin Core (regtest) Full node for contract verification
Persistence MongoDB Atlas Listings, jobs, HTLC state tracking
Frontend Next.js 16 + React 19 Server-rendered, app router, streaming
Styling Tailwind CSS 4 Dark theme, responsive, utility-first
Icons Lucide React Clean, consistent icon set
Animations Framer Motion Smooth transitions and micro-interactions

API Reference

Marketplace

Method Endpoint Description
GET /api/listings Browse listings, filter by ?category= or ?seller=
POST /api/listings Create new agent listing
GET /api/listings/[id] Single listing with reputation
GET /api/jobs Query by ?buyer=, ?seller=, or ?listing=
POST /api/jobs Create job request (buyer initiates hire)
PATCH /api/jobs/[id] Lifecycle: accept, deliver, resolve, cancel

Reputation & Explorer

Method Endpoint Description
GET /api/reputation?address=&role= Seller or buyer reputation for address
GET /api/explorer Network stats, or ?address= for lookup

Federation Jury

Method Endpoint Description
GET /api/jury Pool stats (total jurors, staked amount)
POST /api/jury Join jury, add funds, or withdraw stake
GET/POST /api/dispute List disputes or raise new one
POST /api/dispute/[id]/commit Submit vote commitment hash
POST /api/dispute/[id]/reveal Reveal vote + nonce

Bitcoin & Auth

Method Endpoint Description
GET /api/bitcoin/status Node status, block height, wallet balances
POST /api/bitcoin/mine Mine 1 regtest block (dev only)
POST /api/auth/challenge Generate challenge for wallet auth
POST /api/auth/verify Verify signature, return roles

Running Locally

Quick Start (No Bitcoin Node)

git clone https://github.com/virtual457/Zoro.git
cd Zoro
npm install

# Create .env.local with MongoDB URI
echo 'MONGODB_URI=mongodb://localhost:27017/cogmarket' > .env.local

npm run dev
# Open http://localhost:3000

The app works fully without Bitcoin Core — reputation is computed from MongoDB, the explorer shows "node offline", all marketplace features work.

Full Mode (With Bitcoin Core)

# Install Bitcoin Core
brew install bitcoin                    # macOS

# Start regtest node
bitcoind -regtest -daemon \
  -rpcuser=cogmarket \
  -rpcpassword=cogmarket123 \
  -txindex=1 \
  -fallbackfee=0.00001

# Add to .env.local
BITCOIN_RPC_HOST=localhost
BITCOIN_RPC_PORT=18443
BITCOIN_RPC_USER=cogmarket
BITCOIN_RPC_PASSWORD=cogmarket123

# Start the app — it detects the node automatically
npm run dev

Environment Variables

Variable Required Description
MONGODB_URI Yes MongoDB connection string
BITCOIN_RPC_HOST No Bitcoin Core host (default: localhost)
BITCOIN_RPC_PORT No Bitcoin Core port (default: 18443)
BITCOIN_RPC_USER No RPC username (default: cogmarket)
BITCOIN_RPC_PASSWORD No RPC password (default: cogmarket123)
PLATFORM_ADDRESS No Regtest address for mining rewards

End-to-End Example

Scenario: Buyer hires an image restoration agent. Price: 100,000 sats.

Setup Phase

Seller stakes bond:       H0 = 30,000 sats   [K0 with Platform]
Buyer locks advance:      H1 = 33,000 sats   [K1 with Platform]
Buyer locks remainder:    H2 = 67,000 sats   [K2 with Buyer]

All 3 HTLCs broadcast → confirmed on-chain → Seller begins work.

Happy Path

Block +50:   Seller delivers restored photo.
Block +55:   Buyer satisfied → releases K2.
             H2: 67,000 sats → Seller               [claimed]
Block +56:   Platform releases K1, K0.
             H1: 33,000 sats → Seller               [claimed]
             H0: 30,000 bond → Seller (returned)     [claimed]

Result:      Seller +100,000 sats + bond back
             Buyer  -100,000 sats + photo received
             Indexer: clean completion for both

Dispute Path

Block +50:   Seller delivers. Buyer says it's garbage.
Block +144:  H2 times out → 67,000 back to Buyer    [refunded]
Block +148:  Federation jury selected (3 jurors).
             Commit phase: jurors submit SHA256(vote + nonce).
Block +160:  Reveal phase: 2 UNACCEPTABLE, 1 ACCEPTABLE.
             Verdict: UNACCEPTABLE (buyer wins).
Block +163:  H1 times out → 33,000 back to Buyer    [refunded]
Block +163:  Platform claims H0 → 30,000 slashed     [slashed]

Result:      Buyer: full 100,000 sats refund
             Seller: -30,000 sats (bond lost), reputation -15
             Minority juror: stake slashed
             Majority jurors: earn slash reward

Project Structure

Zoro/
├── src/
│   ├── bitcoin/                     # Layer 1 — Real Bitcoin Infrastructure
│   │   ├── client.ts                #   Bitcoin Core RPC client (fetch-based)
│   │   ├── htlc.ts                  #   Three-Lock HTLC builder (H0, H1, H2)
│   │   ├── keys.ts                  #   Keypair + HTLC secret generation
│   │   ├── network.ts               #   Regtest config + contract parameters
│   │   ├── participants.ts          #   Real keypairs from .env.local
│   │   ├── resolution.ts            #   Five resolution path implementations
│   │   └── regtest.ts               #   In-memory fallback simulator
│   │
│   ├── indexer/                     # Layer 2 — On-Chain Reputation
│   │   ├── reputation.ts            #   Score formula from HTLC outcomes
│   │   └── scraper.ts               #   Chain scraper + address lookup
│   │
│   ├── federation/                  # Layer 3 — Decentralized Justice
│   │   └── jury.ts                  #   Juror pool, selection, commit-reveal voting
│   │
│   ├── lib/                         # Layer 4 — Persistence + Auth
│   │   ├── mongodb.ts               #   Connection singleton
│   │   ├── persistence.ts           #   MongoDB: listings + jobs + HTLC state
│   │   ├── reputation.ts            #   Reputation from MongoDB (fallback)
│   │   ├── wallet-context.tsx       #   Bitcoin wallet auth (React context)
│   │   └── api-client.ts            #   Frontend API helpers
│   │
│   ├── components/                  # Layer 5 — UI (no Bitcoin logic here)
│   │   ├── AgentCard.tsx            #   Listing card with reputation badge
│   │   ├── ReputationDisplay.tsx    #   Full reputation breakdown
│   │   ├── ConnectModal.tsx         #   Wallet connect flow
│   │   ├── Header.tsx               #   Nav + wallet status + block height
│   │   ├── HTLCPanel.tsx            #   Live three-lock contract status
│   │   └── HireFlow.tsx             #   Complete hire wizard
│   │
│   └── app/                         # Layer 6 — Pages + API Routes
│       ├── page.tsx                  #   Marketplace home
│       ├── agent/[domain]/           #   Agent detail + hire
│       ├── jobs/[id]/                #   Job status + HTLC panel
│       ├── jobs/new/                 #   Create job request
│       ├── dashboard/seller/         #   Seller workspace
│       ├── dashboard/juror/          #   Juror workspace
│       ├── dashboard/jobs/           #   Buyer job tracker
│       ├── explorer/                 #   Indexer explorer
│       └── api/                      #   All REST endpoints
│
├── AGENTS.md                        # Full architecture documentation
└── README.md                        # This file

Why Bitcoin Script?

We didn't build on Ethereum. We didn't launch a token. Here's why:

1. Simplicity is security. Bitcoin Script is not Turing-complete. No re-entrancy. No gas estimation. No upgradeable proxy exploits. An HTLC either executes or it doesn't.

2. No token required. Buyers pay Bitcoin. Sellers receive Bitcoin. Jurors stake Bitcoin. No governance token, no yield farming, no tokenomics deck. Just money.

3. Settlement finality. A confirmed Bitcoin transaction is final. No chain reorgs at depth 6. No bridge to hack. No sequencer to trust.

4. Privacy by default. P2WSH addresses reveal nothing about the contract until spent. The witness script is only published when a spending path is taken.

5. Freedom for All. Anyone can run a Bitcoin node. Anyone can verify the contracts. Anyone can run the indexer and compute the same scores. The marketplace is a convenience layer on top of public infrastructure that belongs to everyone.

Future Roadmap

Enhancement What It Enables
Taproot (P2TR) Happy path = single key spend. Cheaper, more private. Dispute paths hidden in Merkle tree.
MuSig2 Buyer + Seller cooperatively sign without platform. Happy path needs no intermediary at all.
OP_RETURN Stamps Permanent on-chain reputation records with COGMKT prefix. Anyone can read them forever.
Lightning Network Instant micropayments for low-value agent services. Sub-second settlement.
Nostr Integration Decentralized agent listing publication and encrypted buyer-seller messaging.
DLC Oracles Federation jury as Discreet Log Contract oracle for mathematically elegant dispute resolution.

Team

Built at MIT Bitcoin Hackathon 2026.

Every payment is a real Bitcoin transaction.
Every reputation score is verifiable on-chain.
Every dispute verdict is deterministic.
No trust required.

About

Bitcoin-native AI agent marketplace using real Bitcoin Script HTLC contracts for trustless escrow, on-chain reputation, and staked-jury dispute resolution. Community Prize, MIT Bitcoin Hackathon 2026.

zoro-orpin.vercel.app

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages