SealedMind
We built a memory layer for AI encrypted, portable, and provably secure. Your AI remembers everything. Nobody else can read it. You own it forever.
Videos
Description
What is SealedMind?
SealedMind is a privacy-first AI memory primitive built on the 0G stack. It gives every user a sovereign, encrypted, AI-searchable memory vault — called a Mind — that nobody, not even the application operator, can read without explicit, on-chain consent. Think of it as a personal second brain that lives on a decentralized network, processed inside a hardware-level trusted execution environment, owned entirely by the user's wallet, and shareable with other agents through a revocable on-chain capability. Live on 0G mainnet (chainId 16661) and Galileo testnet (16602) today.
The Problem
Every useful AI agent — your coding copilot, your therapist bot, your trading assistant — gets smarter with memory. But today that memory is broken in three ways. One, it doesn't persist across agents — you explain yourself to ChatGPT, then to Claude, then to your company's internal AI. Two, when AI does remember, you don't own it — your history belongs to OpenAI's servers, you can't take it with you, can't sell it, can't will it to your kid. Three, there is zero privacy proof — "we don't read your data" is a policy, not math, and there's no cryptographic receipt that the LLM ever processed your data inside a sealed environment. The whole AI-agent category is stuck because agents have no property semantics.
The Solution
SealedMind composes four pieces of the 0G stack into a single privacy primitive. Every memory is encrypted client-side with AES-256-GCM under a key derived from the user's wallet signature via HKDF — the server is mathematically blind to plaintext. The encrypted ciphertext is uploaded to 0G Storage and content-addressed by rootHash. On 0G Chain, an ERC-7857 iNFT called a Mind NFT represents the user's full memory vault — transferable, composable, owned by the wallet. When a user recalls memory, the query is embedded locally (all-MiniLM-L6-v2, 384-dim), HNSW vector search finds the top-K nearest memories, and the matching content is sent into 0G Sealed Inference — Qwen 2.5 7B running inside Intel TDX with a confidential NVIDIA H100 GPU pass-through. The plaintext never exists outside the enclave, and every reply comes back with a hardware-signed TEE attestation. Crucially, every remember, recall, and chat operation now fires a background transaction to our on-chain MemoryAccessLog — and the chainscan link is returned in the verify response. The "Verify Proof" button on every reply isn't a checkmark, it's a link to the on-chain truth.
Smart Contracts
SealedMindNFT is an ERC-7857 intelligent NFT where one token equals one user's entire memory vault. It stores the 0G Storage CIDs, memory count, shard names, and authorized user list per Mind. Transferable — you can sell, lease, or inherit your Mind.
CapabilityRegistry lets Mind owners grant fine-grained access to specific memory shards — for example, granting a doctor's AI read-only access to the health shard for 30 days while keeping finance and relationships private. Capabilities are on-chain, time-expiring, scope-limited, and revocable in a single transaction. Instant 403 for the grantee on the next read.
MemoryAccessLog is an immutable, on-chain audit trail. Every memory operation — remember, recall, chat — emits an accessRecorded event with the mindId, operation, attestation hash, and storage CID. Wired end-to-end into the backend so the chainscan transaction hash returns in the verify response, making every access independently auditable in one click.
Verifier is the TEE attestation verifier wired into SealedMindNFT for hardware-attestation validation.
Backend
The backend runs on Node.js plus Express plus TypeScript, hosted on Railway. It handles Sign-In with Ethereum authentication, issues long-lived API keys for end-users and operator integrations, performs two-pass fact extraction (regex fast-path then TEE-LLM fallback for ambiguous cases), encrypts memories with AES-256-GCM under HKDF-derived per-user keys, generates 384-dimensional embeddings using HuggingFace all-MiniLM-L6-v2, stores encrypted blobs on 0G Storage via the official 0G TypeScript SDK, maintains an HNSW vector index for fast cosine-similarity search, routes recall queries through 0G Sealed Inference via the 0G Serving Broker, fires the background MemoryAccessLog transaction for every operation, and exposes a standalone TEE-attested chat endpoint for any agent that just needs sealed inference.
Frontend
The React 19 dApp uses Vite, Tailwind v4, RainbowKit, wagmi, and viem for wallet connectivity. Users can mint their Mind iNFT, store memories into named shards (health, finance, work, relationships, general), recall using natural-language queries, and grant or revoke shard-level capabilities to other wallet addresses — all on-chain. Every recall response renders an AttestationCard showing the TEE attestation chip plus a "Verify Proof" button — when clicked, the backend re-checks the attestation chain and returns the on-chain MemoryAccessLog chainscan link. The proof is a click, not a claim. The site also includes a live architecture page (full SVG diagram of the 6 trust boundaries plus a 6-card threat model), a developer self-serve onboarding page (wallet, SIWE, API key in 30 seconds), a demo page with a live two-agent capability demo plus copy-paste scripted prompts and a self-serve test guide, an access landing page for shared capabilities, and a deck presentation route for the pitch.
CLI and Agents
The sealedmind CLI ships with login, remember, recall, grant, and revoke commands — scriptable JSON output, persistent API key after one-time SIWE login. A Life OS agent built on OpenClaw and Claude Haiku 4.5 lets users interact with their Mind through natural conversation in the terminal. We also built a live two-agent demo — Aria (Alice's personal assistant on Claude) talks to Dr. Chen's clinical AI (Claude orchestration plus Qwen 2.5 7B in Intel TDX for the privileged synthesis). The demo runs the full capability grant, recall, revoke lifecycle live in a browser, with every on-chain transaction surfaced in a live event feed.
Three SDKs Published
@sealedmind/sdk on npm — TypeScript, MIT-licensed, full typings, three method calls (remember, recall, grantCapability), works in any JavaScript runtime.
sealedmind on PyPI — async Python SDK via httpx, same surface area, for LangGraph, smolagents, AutoGen, CrewAI, OpenClaw, or any custom Python agent.
evermemos-sealedmind on PyPI — a sanctioned drop-in addon for 0gfoundation/0g-memory, 0G's own official memory project. One pip install, one env var, and any existing 0G Memory deployment gets encrypted-under-wallet-key memory plus on-chain audit. This is the move that makes us a contributor to the 0G stack itself, not just a consumer of it.
Partnerships
Daimon — a consumer dApp for tradeable AI trading agents. Every Daimon's brain is a SealedMind ERC-7857 iNFT. Memory under the owner's wallet key, capability rental for renting access to the brain, on-chain audit on every read. Marketplace contract live on both Galileo testnet AND 0G mainnet at 0xb9D42824955b492BE4cBf13988C3d0Ad9985F807. Without SealedMind, Daimon doesn't exist.
VeilSolver — the MEV-resistant intent solver on 0G. They had a bespoke encrypted-storage layer for trader strategies and audit blobs. They ripped that out and replaced it with @sealedmind/sdk calls — their strategy registry, audit trail, and compliance log all run on SealedMind now. Joint integration guide published in our repo.
We talked with over ten teams in the 0G ecosystem about integrating. Two went all the way and shipped on top of us. We've been present at every 0G builder showcase and every builder meet since day one of the program.
0G Technologies Used
0G Storage for all encrypted memory blob persistence (content-addressed by rootHash). 0G Sealed Inference for both fact extraction during remember and synthesis during recall — Qwen 2.5 7B in Intel TDX plus H100, attested per call. 0G Chain (mainnet 16661 plus Galileo testnet 16602) for all smart contract interactions — Mind iNFT minting, capability grants and revocations, and the immutable MemoryAccessLog audit trail. 0G Memory — we extended it directly via our evermemos-sealedmind PyPI addon, hooking into the official memsys.addons entry point.
Progress During Hackathon
<p><strong>Phase 0 - Monorepo Scaffold</strong></p><p>Set up a workspace monorepo with five packages: contracts (Hardhat plus Solidity 0.8.24), backend (Node.js plus Express plus TypeScript), frontend (React 19 plus Vite plus Tailwind v4 plus TypeScript), sdk (TypeScript client library), and cli (Commander.js plus ethers v6). Defined the full architecture upfront — ERC-7857 NFT identity, 0G Storage for encrypted blobs, 0G Sealed Inference for TEE processing, HNSW vector search for recall, and on-chain capability tokens for access control.</p><p><strong>Phase 1 - Smart Contracts</strong></p><p>Wrote and deployed four smart contracts to both 0G Mainnet (chainId 16661) AND 0G Galileo Testnet (chainId 16602), all source-verified on chainscan. SealedMindNFT (ERC-7857 iNFT, one token per user's vault). CapabilityRegistry (on-chain capability tokens, shard-level access control, time-bound grants, on-chain revocation). MemoryAccessLog (append-only audit trail). Verifier (TEE attestation verifier). All deployed in single transactions; deployment manifest committed to the monorepo.</p><p><strong>Phase 2 - 0G Storage Integration</strong></p><p>Built the storage service wrapping the 0G TypeScript SDK. Implemented AES-256-GCM encryption with random IV per blob, chunk-aligned padding (256-byte blocks with a 4-byte length header), upload via the 0G Indexer, and download with decryption and unpadding. Every memory blob is content-addressed by its rootHash, which is stored in the Mind iNFT on-chain.</p><p><strong>Phase 2.5 - 0G Sealed Inference Spike</strong></p><p>Investigated and resolved the 0G Serving Broker ESM/CJS interop issue — the package ships a broken ESM build that re-exports from a CJS bundle, breaking named imports in Node ESM modules. Fixed using createRequire from node:module to force the CJS path. Validated the full TEE flow: broker init, provider discovery, metadata fetch, request header generation, inference call, and attestation verification via processResponse.</p><p><strong>Phase 3 - Memory Engine with Two-Pass Extraction</strong></p><p>Built the full memory pipeline. On remember: raw text goes through a two-pass fact extractor — regex fast-path for high-confidence patterns, TEE-LLM fallback (Qwen 2.5 in Intel TDX) for ambiguous cases — then embeddings (all-MiniLM-L6-v2, 384d) are generated locally, facts are encrypted with the user's HKDF-derived AES-256-GCM key, ciphertext is uploaded to 0G Storage, the HNSW index is updated, and the Mind iNFT on-chain is updated with the new CID and memory count. On recall: the query is embedded, HNSW cosine search finds top-K nearest memories, retrieved texts are sent to 0G Sealed Inference for synthesis, and the response carries the chatId plus the attestation validity flag from processResponse. Also implemented conflict resolution via cosine similarity — when a new memory contradicts an old one, the supersession is tracked.</p><p><strong>Phase 4 - REST API</strong></p><p>Built the full Express REST API. Auth (SIWE nonce, signature verification, JWT session, long-lived API keys, operator keys). Minds (existence check, creation, metadata). Memory (remember, recall). Capabilities (grant, revoke, list, audit). Attestations (verify). Standalone inference chat endpoint (TEE-attested Qwen 2.5 7B for any caller, gated by API key plus rate limit). 81 tests across 4 suites.</p><p><strong>Phase 5 - TypeScript SDK</strong></p><p>Built a fully-typed TypeScript SDK wrapping the entire API into a SealedMind client. Covers auth, mind management, memory operations, capability grant and revoke, and attestation verify.</p><p><strong>Phase 6 - React dApp</strong></p><p>Built the full frontend with React 19, Vite, Tailwind v4, Wagmi, Viem, and RainbowKit. Pages: Landing, Dashboard (mint Mind, store memories into shards, recall with TEE attestation badge), Demo (live two-agent capability flow), Pitch, Developer, Docs, Sharing (grant and revoke), Chat. SIWE sign-in, MetaMask and WalletConnect support, every recall response displays a chainscan-clickable AttestationCard.</p><p><strong>Phase 7 - CLI and Life OS Agent</strong></p><p>Built the sealedmind CLI with login, remember, recall, grant, and revoke commands. Built a Life OS agent on OpenClaw plus Claude Haiku 4.5 — auto-detects memories worth saving, calls the CLI to store them encrypted, recalls relevant memories during conversation. Also built a branded chat UI that proxies to the OpenClaw agent for browser-based demos.</p><p><strong>Phase 8 - Production Deployment</strong></p><p>Deployed the backend to Railway (custom nixpacks for Node 20 plus Python 3 plus gcc plus gnumake for hnswlib-node native compilation, health check endpoint, restart policy). Deployed the frontend to Vercel. Resolved workspace package unavailability on Vercel by bundling the SDK source inline. Fixed TypeScript erasableSyntaxOnly constraint. Added vercel.json rewrites for SPA route handling.</p><p><strong>Phase 9 - Live Two-Agent Demo plus FastAPI Bridge</strong></p><p>Built a cinematic two-agent demo — Aria (Alice's personal assistant on Claude) plus Dr. Chen's clinical assistant (Claude orchestration plus Qwen 2.5 7B in Intel TDX for the privileged synthesis). LangGraph state graph, FastAPI HTTP/WebSocket bridge, containerized agent server hosted on Railway. The demo runs the full capability lifecycle live: seal data, denied read, on-chain grant, attested recall, on-chain revoke, instant 403. Live at <a href="http://sealedmind.vercel.app/demo">sealedmind.vercel.app/demo</a>.</p><p><strong>Phase 10 - Three SDKs Published plus 0G Memory Extension</strong></p><p>Published @sealedmind/sdk to npm (TypeScript, MIT). Published sealedmind to PyPI (Python). Published evermemos-sealedmind to PyPI — a sanctioned drop-in addon for 0gfoundation/0g-memory, 0G's own official memory project. The addon hooks into the official memsys.addons entry point — one pip install, one env var, and any 0G Memory deployment gets encrypted-under-wallet-key memory plus on-chain audit. We're a contributor to the 0G stack itself, not just a consumer of it.</p><p><strong>Phase 11 - On-chain MemoryAccessLog Wiring plus Chainscan-Clickable Verify</strong></p><p>Wired the MemoryAccessLog contract end-to-end into the backend. Every remember, recall, and chat now fires a background transaction. When the tx lands, the chainscan link is patched into the in-memory attestation record and returned in the verify response. The AttestationCard's "Verify Proof" button now surfaces a clickable chainscan link — the proof is a click, not a claim.</p><p><strong>Phase 12 — Architecture Page plus Threat Model</strong></p><p>Built a live architecture page on the frontend — a hand-built SVG diagram of the 6 trust boundaries (User wallet, Browser, Backend operator, 0G Storage, TEE enclave, 0G Chain), every node a real deployed component. Plus a six-card threat model: for every realistic adversary (honest-but-curious operator, malicious storage node, compromised inference host, capability bearer over-using access, stolen ops wallet, stolen user wallet), we point to a specific math primitive that defeats them.</p><p><strong>Phase 13 - Capability Share plus Access Landing Page</strong></p><p>Built a one-click capability share modal on the Sharing tab — the owner enters a grantee address plus shard, gets back a shareable URL. The recipient lands on a self-explanatory page showing the capability details (mindId, shard, expiry, on-chain status) plus a "Recall as this grantee" CTA.</p><p><strong>Phase 14 - Partnerships (Daimon and VeilSolver)</strong></p><p>Closed two real third-party integrations. Daimon — a consumer dApp for tradeable AI trading agents where every brain is a SealedMind iNFT; their marketplace deployed at 0xb9D42824955b492BE4cBf13988C3d0Ad9985F807 on both Galileo and mainnet. VeilSolver — the MEV-resistant intent solver; they replaced their bespoke encrypted-storage layer with @sealedmind/sdk calls for strategy registry plus audit trail. Joint integration guides published.</p>