Overview
Chainlink CRE (Compute Runtime Environment) enables iStory to run AI analysis in a confidential, verifiable enclave with cryptographic proof written on-chain. The integration provides:- Verifiable AI: Gemini AI analysis validated by Chainlink DON consensus
- Privacy-Preserving: Only minimal proofs on-chain, full metrics off-chain
- Tamper-Proof: On-chain attestations prove analysis occurred without revealing content
CRE Status: Production-ready on Base Sepolia. Workflow deployed and processing story verifications.
Architecture
Data Flow
Dual Write
- On-Chain: Quality tier + threshold + hashes →
PrivateVerifiedMetrics.sol - Off-Chain: Full metrics →
/api/cre/callback→ Supabase
Privacy Model
What Goes On-Chain vs Off-Chain
What Goes On-Chain vs Off-Chain
On-Chain (PrivateVerifiedMetrics.sol):
qualityTier(1-5): Tier derived from 0-100 scoremeetsQualityThreshold(bool): Score >= 70metricsHash(bytes32): keccak256 of full metrics + saltauthorCommitment(bytes32): keccak256 of author address + story ID
verified_metrics table):significanceScore(0-100)emotionalDepth(0-100)qualityScore(0-100)wordCount(int)themes(string[])
- On-chain proofs enable trustless verification
- Off-chain storage keeps detailed metrics private
- Author commitment allows proving ownership without revealing identity
Smart Contract
PrivateVerifiedMetrics.sol
Contract Addresses
Contract Addresses
Base Sepolia:
- PrivateVerifiedMetrics:
0x158e08BCD918070C1703E8b84a6E2524D2AE5e4c - KeystoneForwarder:
0x82300bd7c3958625581cc2f77bc6464dcecdf3e5
- VerifiedMetrics:
0x052B52A4841080a98876275d5f8E6d094c9E086C
Key Functions
getMetrics()
Returns minimal on-chain proof for a story
verifyAuthor()
Proves authorship by recomputing commitment hash
verifyMetricsHash()
Proves metrics integrity by comparing hashes
isVerified()
Checks if a story has been CRE-verified
CRE Workflow
Project Structure
Workflow Code
main.ts - Entry Point
main.ts - Entry Point
cre/iStory_workflow/main.ts
httpCallback.ts - 8-Step Handler
httpCallback.ts - 8-Step Handler
cre/iStory_workflow/httpCallback.ts
gemini.ts - AI Analysis
gemini.ts - AI Analysis
cre/iStory_workflow/gemini.ts
API Integration
Trigger Workflow
Receive Callback
Read Metrics (Author-Filtered)
Frontend Hook
useVerifiedMetrics
Development Commands
CRE Workflow Commands
Contract Deployment
Security Considerations
CRE Security Model
CRE Security Model
Confidential Compute:
- AI analysis runs in TEE (Trusted Execution Environment)
- ConfidentialHTTPClient encrypts all API requests
- No node can see raw story content
- Multiple nodes validate analysis independently
- Byzantine fault tolerance (⅔ agreement required)
- Consensus aggregation ensures identical results
- On-chain data reveals no content or scores
- Author commitment prevents identity linkage
- Metrics hash enables trustless verification
- Off-chain data only accessible to author
Rate Limiting
Rate Limiting
middleware.ts
Troubleshooting
Workflow Simulation Fails
Workflow Simulation Fails
Error:
Unknown chain: ethereum-testnet-sepolia-base-1Fix: Ensure cre/project.yaml includes RPC configuration:Callback Not Received
Callback Not Received
Checklist:
- Verify
callbackUrlinconfig.staging.jsonis publicly accessible - Check
X-CRE-Callback-Secretheader matches env var - Ensure
/api/cre/callbackrate limit allows multiple nodes (limit: 30) - Check Vercel function logs for errors
On-Chain Proof Missing
On-Chain Proof Missing
Possible Causes:
- Transaction failed (check
txHashon Basescan) - Contract address mismatch (verify
verifiedMetricsAddress) - KeystoneForwarder not authorized (call
setForwarderAddress)
What’s Next?
Tech Stack
Review the complete technology stack
Security
Understand security architecture