Verun Protocol — Hedera
LIVE on Hedera Testnet Deployed April 2026 · 4 API Endpoints · v0.1.0
Technical documentation for Verun Protocol — the AI Agent Trust Layer with potential MiCA features for regulated European finance, built on Hedera by BCP Partners GmbH.
Verun issues consensus-based Trust Scores (0–1000) that gate access to the tokenforge Chain API. Every evaluation is anchored as a HCS Message on Hedera — immutable, auditable. Potential on-chain MiCA features — to be checked and prior to legal audit.
Overview
Verun is the trust infrastructure layer for AI agents operating in regulated European financial markets.
What is Verun?
As AI agents begin autonomously executing token transfers, minting securities, and placing investment orders, there is no existing standard for establishing who an agent is, whether it can be trusted, and whether it is permitted to act in a regulated context.
Verun solves this with the Verun Accredited Agent Score (0–1000): a consensus-based trust verdict issued by registered validators, anchored on Hedera for every evaluation, and enforced at the tokenforge Chain API gate.
Key Facts
| Property | Value |
|---|---|
| Trust Score Range | 0 – 1000 |
| Consensus Model | 2-of-N validator votes required (ceil N/2) |
| Anchor Chain | Hedera Testnet — HCS Message per evaluation |
| Settlement Layer | Hedera — eWpG, ISIN, USDC |
| Regulated Gate | tokenforge Chain API — eWpG, BaFin, MiFID II |
| Fee Split | 70% Protocol / 10% Validator / 10% Agent Kickback / 10% Reserve |
| Live URL | hedera.erster.fund |
3 Operating Modes
| Mode | Description |
|---|---|
| Discovery | Agent scans validated platforms, finds tokenforge, sends structured recommendation to human |
| Supervised | Human receives recommendation, approves with one click — agent executes single action |
| Autonomous | After human approval: agent executes fully automatically, every action anchored on-chain |
Architecture
Three complementary layers — Hedera for trust, tokenforge as the regulated gate, Hedera for settlement. No layer competes with another.
Layer Stack
Flow
Claude · MCP
Score + Consensus
HCS Anchor
Chain API Gate
eWpG · USDC
Fee Distribution
Trust Score Gates
Every tokenforge Chain API capability is gated behind a minimum Trust Score. Scores are computed by validator consensus and anchored on Hedera.
Score Tiers
| Tier | Score | Permitted Operations | Kickback |
|---|---|---|---|
| LOW | 800 – 1000 | All operations | 10% |
| MED | 600 – 799 | read, transfer, mint, order | 5% |
| HIGH | 300 – 599 | read, transfer, mint | 0% |
| BLOCK | 0 – 299 | None — access denied | 0% |
Potential On-Chain MiCA Features
Verun is designed with MiCA obligations in mind for AI agents acting in regulated European financial operations. The features below are potential on-chain implementations — to be checked and prior to legal audit. Not a compliance statement.
Potential On-Chain Features per Article
| Article | Requirement | Potential Verun Feature |
|---|---|---|
| Art. 67 | Operational Risk Management | Every evaluation anchored on-chain. Anchor failure is non-blocking — verdict is preserved regardless. |
| Art. 68 | CASP Authorization | Score-gated access. No agent may call tokenforge Chain API without a valid Verun verdict ≥ 300. |
| Art. 72 | AML/CFT Obligations | 2-of-N validator consensus before any transfer or mint operation. Single-validator manipulation impossible. |
| Art. 75 | Record-Keeping / Audit Trail | Hedera HCS Message per verdict. Timestamp, agentId, score, consensus, operation all written on-chain. |
Validator Model
Validators are the institutional backbone of Verun. They provide the consensus votes required for every agent evaluation.
Active Validators (Testnet)
Consensus Rules
A verdict requires ceil(N/2) matching votes from selected validators. With 3 validators: 2-of-3 required. UNAVAILABLE votes are excluded from the tally. If consensus cannot be reached, the evaluation returns BLOCK.
Validator Economics
Validators earn 10% of all evaluation fees automatically via the fee distribution contract. No manual claim required. Fee share scales with validation volume.
API Reference
Base URL: https://hedera.erster.fund
GET /api/health
Service status and network confirmation.
{
"ok": true,
"service": "verun-hedera-mvp",
"network": "hedera-testnet"
}GET /api/validators
List all registered validators with metadata.
{
"validators": [
{
"id": "val-bcp-01",
"name": "BCP Partners",
"type": "internal",
"status": "active",
"policy": "score_based"
},
{
"id": "val-tokenforge-02",
"name": "tokenforge",
"type": "external",
"status": "active",
"policy": "chain_api_based",
"api": {
"type": "rest",
"network": "testnet",
"docs": "https://docs.tokenforge.io"
}
},
{
"id": "val-test-03",
"name": "Test Validator",
"type": "internal",
"status": "test",
"policy": "score_based"
}
]
}POST /api/evaluate
Evaluate an agent. Returns 2-of-N validator consensus verdict + Hedera on-chain anchor.
{
"agentId": "agt_demo",
"score": 820,
"operation": "transfer",
"validatorIds": ["val-bcp-01", "val-tokenforge-02", "val-test-03"]
}{
"success": true,
"verdict": {
"agentId": "agt_demo",
"score": 820,
"operation": "transfer",
"validators_used": [
{ "id": "val-bcp-01", "name": "BCP Partners" },
{ "id": "val-tokenforge-02", "name": "tokenforge" },
{ "id": "val-test-03", "name": "Test Validator" }
],
"votes": [
{ "validatorId": "val-bcp-01", "vote": "LOW", "reason": "score_800+", "source": "val-bcp-01" },
{ "validatorId": "val-tokenforge-02", "vote": "LOW", "reason": "chain_api_gate_passed_transfer:820>=500", "gate": { "permitted": true } },
{ "validatorId": "val-test-03", "vote": "LOW", "reason": "score_800+", "source": "val-test-03" }
],
"tally": { "LOW": 3 },
"consensus": "LOW",
"permitted": true,
"kickback_rate": 10,
"ts": "2026-04-20T09:33:09.734Z"
},
"anchor": {
"txid": "0.0.4567890@1714987654.123456789",
"ledger": "62604931",
"explorer": "https://hashscan.io/testnet/transaction/0.0.4567890@1714987654.123456789"
}
}curl -X POST https://hedera.erster.fund/api/evaluate \
-H "Content-Type: application/json" \
-d '{"agentId":"agt_demo","score":820,"operation":"transfer"}'POST /api/score
Lightweight evaluation — verdict only, no Hedera anchor written. Use for quick checks where on-chain anchoring is not required.
{
"agentId": "agt_demo",
"score": 820,
"operation": "transfer"
}POST /api/mint-sbt
Issues a Soulbound Token credential to an agent, after running consensus. If consensus = BLOCK the request returns HTTP 403 and no SBT is minted. Full design + verification details on the Soulbound Token page.
POST /api/revoke-sbt
Kill-switch: clears the agent's vtrust_* HCS message on the protocol topic in a single Hedera transaction. Audit trail (the revoke TX) remains in the on-chain transaction history. Used to satisfy MiFID II Art. 17 + EU AI Act Art. 14.
GET /api/sbt-status?agentId=…
Returns the current credential for an agent, or credentialed: false if not issued / revoked. Reads directly from the protocol account's on-chain data — no caching, no Verun-side state.
GET /api/sbt-list
Returns every active SBT issued by this protocol account. Useful for a public registry view — e.g. "all currently credentialed agents."
Hedera On-Chain Anchor
Every POST /api/evaluate writes the verdict payload as a HCS Message on Hedera Testnet — creating an immutable, timestamped audit trail.
How It Works
After validator consensus is reached, the Verun protocol wallet sends a submitMessage to the protocol HCS topic with sha256(verdict) hex digest in the message body (256-bit commit). The transaction is confirmed in ~1 second on Hedera.
anchor.status: "anchor_failed" — the evaluation result is never withheld.Anchor Payload (note field)
{
"agentId": "agt_demo",
"score": 820,
"operation": "transfer",
"consensus": "LOW",
"permitted": true,
"validators": ["val-bcp-01", "val-tokenforge-02", "val-test-03"],
"ts": "2026-04-20T09:33:09.734Z"
}Verify On-Chain
Every anchor can be verified publicly on HashScan:
https://hashscan.io/testnet/transaction/{txid}
# Example live anchor:
https://hashscan.io/testnet/transaction/0.0.4567890@1714987654.123456789Protocol Wallet
| Property | Value |
|---|---|
| Network | Hedera Testnet |
| Node | Hedera SDK (Mirror Node REST (testnet.mirrornode.hedera.com)) |
| Cost per anchor | ~100 tinybars (~0.00001 HBAR, base fee + submitMessage) |
| Confirmation time | ~3.9 seconds |
Soulbound Token (SBT)
LIVE on Hedera Testnet mint · revoke · status · list — all four endpoints in production
Verun issues a non-transferable trust credential — the VTRUST SBT — to every agent that passes consensus. The credential is stored as an HCS message on the protocol topic, fully on-chain, publicly verifiable, and revocable in a single transaction.
Wallet Architecture (Protocol-Custodial)
Verun's Hedera deployment uses a protocol-custodial model — a single responsible party is the issuer, agents do not hold private keys. This aligns with EU AI Act Art. 14 (human oversight) + MiFID II Art. 17 (kill-switch).
| Party | Wallet? | Holds |
|---|---|---|
| Verun (protocol) | YES — 1 wallet | SBT registry (HCS topic), audit trail, anchor messages |
| Agent | NO | Identified by agentId string only — no keys, no funds, no Hedera address |
| tokenforge / consumer | Their own | Verifies SBT via public Hedera SDK query before granting access |
How the credential lives on-chain
The SBT is not a Hedera asset in the traditional sense — it's an HCS message on the protocol topic. That means there is no asset balance and no agent-side signature required. The "credential" is an ordered, timestamped HCS message published to a protocol topic and retrievable from any Mirror Node.
| Field | Format | Example |
|---|---|---|
| key | vtrust_<agentId> | vtrust_agt_fahad_001 |
| value | vtrust-mint:<agentId>:<tier>:<score>:<isoTs>:<hash8> | vtrust-mint:agt_fahad_001:MED:720:2026-05-04T18:40:53Z:4f3aaa28 |
| issuer | Hedera address (base58, 32 bytes) | |
| tamper-proof | sha256(credential) in HCS message body | 32-byte hash committed alongside the HCS message op |
Mint flow
// Request
{ "agentId": "agt_fahad_001", "score": 720, "operation": "transfer" }
// Response
{
"success": true,
"verdict_consensus": "MED",
"agentId": "agt_fahad_001",
"tier": "MED",
"score": 720,
"ts": "2026-04-30T14:40:53.913Z",
"key": "vtrust_agt_fahad_001",
"txid": "0.0.4567890@1714987654.123456789",
"ledger": "323456789" // (Hedera slot),
"credential_hash": "4f3aaa283c7cf13ff7427fd9560b49314baaf40bf790efb78cc4e3e00a45ea6d",
"issuer": "",
"explorer": "https://hashscan.io/testnet/transaction/a6013d9...",
"verify_url": "https://hedera.erster.fund/api/sbt-status?agentId=agt_fahad_001"
} The endpoint runs validator consensus first. If consensus = BLOCK, no SBT is issued — the operation gate is enforced before mint. One transaction includes both the HCS message op and the anchor HCS submitMessage.
Revoke flow (kill-switch)
// Request
{ "agentId": "agt_fahad_001", "reason": "policy_violation" }
// Response
{
"success": true,
"revoked": true,
"agentId": "agt_fahad_001",
"key": "vtrust_agt_fahad_001",
"reason": "policy_violation",
"txid": "...",
"ledger": "...",
"revoke_hash": "...",
"explorer": "https://hashscan.io/testnet/transaction/..."
}Revocation = a vtrust-revoke HCS submitMessage. The entry is removed from the issuer's account state in a single transaction (~1 second). The revoke transaction itself remains in the on-chain transaction history forever — the audit trail is not erased.
Public verification (zero-auth)
Anyone — tokenforge, an auditor, a regulator — can verify the credential directly against Hedera SDK. No Verun API call required.
curl https://hedera.erster.fund/api/sbt-status?agentId=agt_fahad_001
# Active credential:
{ "ok": true, "credentialed": true, "credential": { "tier": "MED", "score": 720, "ts": "2026-05-04T18:40:53.913Z" } }
# Or query the protocol account's signature history:
# Revoked credential:
HTTP 404 Not FoundEndpoint summary
| Method | Path | Purpose |
|---|---|---|
| POST | /api/mint-sbt | Issue credential after consensus check |
| POST | /api/revoke-sbt | Kill-switch: clear credential entry |
| GET | /api/sbt-status?agentId=… | Check credential for one agent |
| GET | /api/sbt-list | List all credentialed agents |
End-to-end demo (one command)
git clone https://github.com/Fahad00674/verun-hedera-mvp
cd verun-hedera-mvp && chmod +x scripts/sbt-demo.sh
./scripts/sbt-demo.sh agt_fahad_001 720Runs the full lifecycle: status check → mint → public verification → revoke (kill-switch) → re-verification. Two real testnet transactions, ~25 seconds total.
Compliance mapping
| Regulation | Article | Verun mechanism |
|---|---|---|
| MiCA | Art. 68 | 2-of-3 validator consensus + on-chain audit trail |
| EU AI Act | Art. 14 | Validators are human/institutional — every action gated by their consensus |
| MiFID II | Art. 17 | Single-TX kill-switch via revoke endpoint (~5s) |
Mainnet Roadmap
From Hedera Testnet MVP to production infrastructure with legal-audited MiCA alignment.
For Agents
Everything an AI agent needs to connect to Verun Network and get a trust verdict on Hedera — in under 60 seconds.
Step 1 — Add the System Prompt
Paste this into your agent's system instructions. It tells the agent when and how to call Verun before executing any financial operation.
You are an AI agent operating within the Verun Network trust framework on Hedera.
Before executing any financial operation, request a Verun trust evaluation.
== HOW TO EVALUATE ==
POST https://hedera.erster.fund/api/evaluate
Body: { "agentId": "YOUR_AGENT_ID", "score": YOUR_SCORE, "operation": "transfer" }
== OPERATION GATES ==
read → score 300+
transfer → score 500+
order → score 600+
== VERDICT RULES ==
permitted: true → proceed with the operation
permitted: false → stop, escalate to human supervisor
Always store the returned txid as your on-chain audit trail.
== HUMAN ESCALATION ==
If verdict is denied or pending, notify the human supervisor.
Never execute financial operations without a valid Verun verdict.
Network: Hedera Testnet
Validators: tokenforge · BCP Partners
Docs: https://hedera.erster.fund/docs.html
Step 2 — Make the API Call
Your agent calls /api/evaluate before any operation. Replace YOUR_AGENT_ID with your agent's identifier.
Step 3 — Read the Verdict
Verun returns a verdict with an Hedera TXID as immutable proof.
txid is verifiable at hashscan.io/testnet — immutable, timestamped, auditable.Operation Reference
| operation | Min. Score | Use case |
|---|---|---|
read | 300+ | Query platform data, price feeds |
transfer | 500+ | Send tokens, initiate payments |
order | 600+ | Place trade orders, mint tokens |
x402 Sequence Diagram — Hedera
Complete message flow between AI Agent, Verun Protocol, Hedera Official x402 Facilitator, and Hedera Network — including error paths.
HCS consensus timestamp + message body handle tx expiry and verdict commitment. Base fee is 100 tinybars (~0.00001 HBAR). EVM-compatible smart contracts (HSCS) are available for future versions. HCS Messages serve as the on-chain referral anchor.