DEV Community: NOVAInetwork

Shipped 7 AI Infrastructure Features in One Weekend. Here's What I Built.

NOVAInetwork — Mon, 11 May 2026 11:54:11 +0000

This weekend I shipped seven protocol features for NOVAI, the AI-native Layer 1 blockchain I am building. The code is on a 4-validator testnet. All tests pass. The codec went from V3 to V5. The signal type set went from 7 to 16. Here is what each piece does and why it matters.

What NOVAI is

NOVAI is an L1 blockchain written from scratch in Rust. Consensus is HotStuff-style BFT with a 3-chain commit rule. There is no virtual machine. AI entities are first-class protocol primitives, not contracts. The chain has a fixed transaction set, and entity registration is one of those transactions. I am 18, in my first year of university, and I work on this alone.

Feature 1: On-chain AI reputation

The reputation system lets oracle entities adjust other entities' on-chain scores. An oracle is an AI entity that holds the submit_reputation_updates capability. It emits a ReputationUpdate signal (type 7). The execution handler applies the score change atomically.

The entity codec went from V3 (236 bytes) to V4 (246 bytes) to add reputation fields. The signal payload tail is 35 bytes: target id (32), event type (1), points delta (2). I added two memory types for the audit trail: ReputationEvent (memory type 5) and Rating (memory type 6).

Reputation events are typed. Job completed, dispute won, fraud detected, auto-release penalty, decay, stake slash, composition failure, proof verified. The handler rejects updates with unknown event types. The protocol controls what can move a reputation, not application code.

Why it matters: AI agents need a reputation the chain itself can read. Fee floors and slashing rules want to gate on trustworthiness. Reputation that lives in an indexer is reputation the protocol cannot use.

Tests live in crates/execution/tests/reputation_system.rs.

Feature 2: Signal marketplace

The signal marketplace lets one entity buy a priced signal from another. The seller publishes a SignalCatalog memory object (type 7). It lists signal types and prices. The buyer emits a SignalPurchase signal (type 8) with a 41-byte tail: seller id, purchased signal type, max price.

The handler matches the requested signal type against the seller's catalog. It checks the buyer can pay. It transfers from buyer to seller minus a 200-basis-point protocol fee. The fee accrues to the marketplace treasury.

pub const KEY_MARKETPLACE_TREASURY: &[u8] = b"treasury/marketplace";
pub const MARKETPLACE_FEE_BPS: u128 = 200;
pub const BPS_DENOMINATOR: u128 = 10_000;

Why it matters: AI signals have economic value. An anomaly detector that sees something tradable should be able to charge for the signal. Without a protocol-level marketplace, you end up with off-chain backchannels. Trust assumptions move outside the chain, where the chain cannot enforce them.

The handler returns specific error variants on the unhappy paths: BuyerInsufficientBalance, SellerCatalogNotFound, SignalTypeNotInCatalog, MaxPriceExceeded. Tests live in crates/execution/tests/marketplace_system.rs.

Feature 3: Entity staking and slashing

The codec went from V4 to V5 (270 bytes). I added two fields: stake_balance: u128 and stake_locked_until: u64. Three new signals manage stake.

StakeDeposit (type 9) moves funds from economic_balance to stake_balance. It sets stake_locked_until = current_height + 1000. StakeWithdraw (type 10) moves funds back. The handler rejects the move unless the lock has expired. StakeSlash (type 11) is oracle-only.

The slash handler is the most careful piece in this batch. It deducts from the target's stake with saturating subtraction. It credits the slashed amount to the slash treasury. It applies a REP_EVENT_STAKE_SLASH reputation event. All writes go in one atomic batch. If any step fails, none apply.

pub const STAKE_LOCK_PERIOD: u64 = 1000;
pub const KEY_SLASH_TREASURY: &[u8] = b"treasury/slash";
pub const REP_EVENT_STAKE_SLASH: u8 = 6;

Why it matters: an entity with no stake has nothing to lose. Reputation alone is gameable by sock puppets. Stake plus a slash path lets oracles actually punish bad behavior. The lock period blocks the obvious "deposit, misbehave, withdraw fast" attack.

Tests live in crates/execution/tests/staking_system.rs.

Feature 4: Cross-entity composition

The composition protocol lets entities declare which other entities they depend on. The owner publishes a CompositionGraph memory object (type 8). The graph lists source entities, the signal types consumed, optional minimum reputation, optional minimum stake, and a required flag.

An oracle can emit a CompositionCheck signal (type 12) when a dependency has failed. The handler walks the target's composition graph. It finds the named dependency. It verifies the failure reason against current chain state. If the dependency is required, the handler sets is_active = false on the owner. The handler always emits a REP_EVENT_COMPOSITION_FAILURE event with delta -1.

pub const COMPOSITION_FAILURE_SOURCE_INACTIVE: u8 = 0;
pub const COMPOSITION_FAILURE_REPUTATION_BELOW_MIN: u8 = 1;
pub const COMPOSITION_FAILURE_STAKE_BELOW_MIN: u8 = 2;
pub const COMPOSITION_FAILURE_SOURCE_NOT_FOUND: u8 = 3;

Each failure reason is verified against state. If an oracle claims "source is inactive" but the source is in fact active, the handler rejects with DependencyFailureNotVerified. The protocol does not trust the oracle. It trusts the oracle's signature plus the on-chain state.

Why it matters: AI services compose. A trading bot might consume signals from a market-maker, an oracle, and an anomaly detector. If the upstream anomaly detector goes offline, the bot keeps deciding on stale data. The composition graph and the auto-pause mechanism let the protocol stop downstream entities when their inputs go bad.

I rejected self-dependency at create time and at update time. Tests live in crates/execution/tests/composition_system.rs.

Feature 5: ZK proof verification

The ProofSubmission signal (type 13) lets an entity attest to off-chain computation. The signal carries a 65-byte tail: proof_type (1), code_hash (32), computation_hash (32). The actual proof bytes live in the off-chain payload referenced by signal_hash. The handler calls a ZkVerifier trait.

The v1 verifier is a stub that always accepts. Production verifiers will replace it. The trait signature includes proof_type and code_hash. A future Groth16 or PLONK verifier can dispatch on the proof system. It can also bind the verification key to the entity's code hash.

When a proof verifies, the handler does two things. It creates a VerificationRecord memory object (type 9) owned by the issuer. It emits a REP_EVENT_PROOF_VERIFIED event with delta +3. The record has a fixed 105-byte payload: proof_type, code_hash, computation_hash, proof_hash, height_be.

pub const PROOF_TYPE_STUB: u8 = 0;
pub const PROOF_TYPE_GROTH16: u8 = 1;  // reserved
pub const PROOF_TYPE_PLONK: u8 = 2;    // reserved
pub const PROOF_TYPE_MAX: u8 = PROOF_TYPE_STUB;

Only PROOF_TYPE_STUB works in v1. The handler rejects Groth16 and PLONK with UnsupportedProofType. Bumping PROOF_TYPE_MAX is the gate to activate a real verifier.

Why it matters: AI computation cannot be repeated on chain. Re-running a model is too expensive, and the result depends on hardware nondeterminism anyway. ZK proofs let an entity claim "I ran this code on this input and got this output". The chain can verify the claim without re-running anything.

The v1 stub is honest about not being a real verifier. The trait shape, the verification record format, and the reputation pathway are what shipped. The verifier itself is the next thing to activate.

I added 12 integration tests in crates/execution/tests/verification_system.rs.

Feature 6: Entity delegation (OAuth for AI)

The delegation system lets entity A grant a subset of its capabilities to entity B. The grant is bounded in time. It is auditable on chain. Revocation is a single DELETE transaction.

The delegator publishes a DelegationGrant memory object (type 10). The 42-byte payload holds version (1), delegate entity id (32), granted capabilities (1), and expires-at (8). An expires_at of 0 means no expiry. Updates of an existing grant are rejected.

Each delegator can hold at most 20 active grants. The granted_capabilities bits must be a subset of the delegator's static capabilities. You cannot delegate what you do not have yourself.

pub const MAX_DELEGATION_GRANTS: u32 = 20;
pub const DELEGATION_GRANT_SIZE: usize = 1 + 32 + 1 + 8;

Capability resolution has a fast path. If the entity has the requested capability statically, the handler returns immediately. Only if the static check fails does the resolver scan the delegation index. The slow path reads any active grants where the entity is the delegate. It ORs the granted bits into an effective capability set. The selector is re-evaluated against the merged set.

The fast path matters because most calls do not use delegation. Adding delegation should not slow down the common case.

Why it matters: AI services need to delegate. Imagine a trading firm running ten sub-strategies. The parent entity holds capabilities like emit_proposals. It wants to authorize each strategy to act on its behalf. Without on-chain delegation, you either share keys (bad) or build a custom relay contract (slow). With delegation, one DELETE revokes a misbehaving sub-strategy in a single transaction.

I added 14 integration tests in crates/execution/tests/delegation_e2e.rs.

Feature 7: Signal subscriptions

The subscription protocol lets a buyer pay a producer per-block for a fixed duration. The buyer locks the full amount upfront. The producer is paid lazily, when the buyer cancels.

The subscriber emits a SubscriptionCreate signal (type 14). The 49-byte tail carries: producer id (32), covered signal type (1), rate per block (8), duration in blocks (8). The handler locks rate_per_block * duration_blocks from the subscriber's economic balance. It creates a Subscription memory object (type 11) owned by the subscriber.

The subscription record is 114 bytes. The fields are subscriber id, producer id, covered signal type, rate per block, start height. Also end height, last settled height, total locked, and an is_active flag.

pub const SUBSCRIPTION_SIZE: usize = 32 + 32 + 1 + 8 + 8 + 8 + 8 + 16 + 1;
pub const MAX_SUBSCRIPTIONS_PER_ENTITY: u32 = 10;
pub const SUBSCRIPTION_CANCEL_FEE_BPS: u128 = 500;

To settle, the subscriber emits a SubscriptionCancel signal (type 15) with the subscription id. The handler computes accrued blocks: min(current_height, end_height) - last_settled_height. It credits the producer with accrued_blocks * rate_per_block minus a 2% marketplace fee.

It then computes the unaccrued remainder: total_locked - accrued_blocks * rate_per_block. It pays the producer a 5% cancel fee on the remainder, with no marketplace cut. The rest is refunded to the subscriber. The record is marked inactive.

Only the original subscriber may cancel. Cancelled records remain in state for audit. The subscriber reclaims the slot by issuing a DELETE transaction.

Why it matters: many AI services want recurring revenue. A DeFi protocol may need oracle predictions for ten thousand blocks. Buying each signal one at a time is wasteful. Locking funds upfront gives the producer assurance the buyer can pay. Lazy settlement on cancel avoids on-chain bookkeeping every block.

I added 18 integration tests in crates/execution/tests/subscription_system.rs.

The numbers

Before this weekend the chain had 7 signal types and 5 memory object types. The entity codec was V3 at 236 bytes.

After:

16 signal types
12 memory object types
V5 entity codec, 270 bytes
1,327 passing tests
60 commits on main
Zero clippy warnings, zero failing tests

Three treasuries hold the relevant funds. The AI treasury collects fees from AI-related transactions. The marketplace treasury collects the 200-basis-point fee on signal purchases. The slash treasury accumulates funds from misbehaving entities.

Transaction payload version bytes now cover ten distinct types. One transfer. One signal commitment. Three memory object operations: create, update, delete. Two governance operations: submit and execute. Three entity operations: register, register-with-key, and credit.

The documentation

I also wrote four docs to make the new surface usable.

docs/QUICKSTART.md walks through a 5-minute local devnet bring-up. docs/AI_ENTITY_COOKBOOK.md is seven end-to-end recipes covering reputation, marketplace, staking, composition, ZK, subscriptions, and delegation. docs/BUILDER_OVERVIEW.md is a mental model for developers who want to build on NOVAI without reading the consensus paper. docs/RPC_REFERENCE.md is the full RPC surface, audited against the V5 codec and the new signal types.

The CLI now supports all 16 signal types, including subscription create and cancel. The memory CRUD commands cover the original 10 memory object types. The getAiEntity RPC exposes V4 reputation and V5 stake fields.

What's next

Next on the list: service-level agreements as on-chain contracts between buyer and seller entities. Payment channels for high-frequency AI-to-AI economic activity. A real ZK verifier to replace the v1 stub. A cross-chain bridge so AI signals can settle on other L1s.

The thesis is simple. AI is going to do economic work. The chain it runs on should know what an AI is. It should know what the AI has done. It should know what its outputs are worth. NOVAI is the layer that makes AI economic activity legible to the protocol itself, not to a side indexer.

Try it

The repo is public. The quickstart gets a 4-node devnet up locally in five minutes. Read the cookbook to see the seven new features end to end. The tests pass. Open an issue if something breaks.

The repo is public: https://github.com/0x-devc/NOVAI-node

Your Blockchain Can't Tell What's an AI

NOVAInetwork — Thu, 07 May 2026 14:21:10 +0000

Imagine an AI agent submits a transaction to a typical chain. What does the chain actually see?

It sees a 20-byte address. Maybe a 32-byte one if you're on a hashed-address chain. It sees the transaction calldata. It sees a signature. It sees a fee. It does not see the word "AI" anywhere. The address could be a wallet on a phone. It could be a bot script. It could be a smart contract, but it doesn't know that for sure either, because contracts and EOAs share the address space.

This is the identity problem. The chain has no native concept of an AI, so it cannot apply different rules to one. It cannot say "AI agents pay a different fee floor" or "this kind of message is only valid if it came from a registered model" or "this entity has a 100-object memory cap." All of that has to be invented at a higher layer, usually inside a contract, and the chain itself stays neutral.

Neutral sounds nice. In practice it means every project reinvents the same identity primitives, slightly differently, with slightly different security properties.

What gets reinvented

Walk through what an AI-agent project usually has to build inside a contract:

A registry mapping addresses to agent metadata.
A balance tracker so the agent can pay fees from a budget rather than the user's wallet.
A nonce per agent for replay protection.
A capability flag system to gate what the agent is allowed to call.
An audit log of every action the agent took.
Per-agent quotas for storage, calls per block, or whatever the application needs.

None of this is exotic. All of it is identity infrastructure. The chain does not provide it, so each project bolts it on top. The result is that two AI agents from two different projects have different definitions of "agent," different ways of tracking activity, and different audit semantics. There is no protocol-level answer to "what is an AI doing on this chain right now?"

What the chain should be able to answer

Three questions a chain should be able to answer about an AI:

Is this address an AI?
What is it allowed to do?
What has it done?

On most chains, the answer to all three is "I don't know, ask the indexer." That is a bad answer when fees, governance, and consensus might want to gate behavior on the result.

The NOVAI approach

I built NOVAI so the answer is "yes, here's the entity record."

Every AI on the chain is registered as an AiEntity. The struct lives in crates/ai_entities/src/lib.rs. The fields that matter for identity:

pub struct AiEntity {
    pub id: AiEntityId,            // 32 bytes, deterministic
    pub code_hash: CodeHash,       // hash of code or weights
    pub creator: Address,          // who registered it
    pub pubkey: [u8; 32],          // entity's ed25519 key
    pub economic_balance: u128,    // entity's own balance
    pub nonce: u64,                // entity's tx nonce
    pub capabilities: Capabilities,
    pub autonomy_mode: AutonomyMode,
    pub is_active: bool,
    // ...
}

The id is computed as blake3("NOVAI_AI_ENTITY_ID_V1" || code_hash || creator). Same code and same creator produce the same id. Different creators always get different ids, even when running the same model. There is no name service, no off-chain registry, no central authority. The id is a function of two facts.

The entity has its own ed25519 keypair. The entity signs its own transactions. The entity pays fees from its own balance. The address derived from the entity's public key is reverse-indexed to the entity record, so when a transaction arrives, the dispatcher knows whether the sender is an AI before it routes the call.

That last sentence is the whole point. Here is the function that does it, from crates/execution/src/lib.rs:

pub fn check_ai_entity_sender<K: Kv>(
    db: &K,
    tx: &TxV1,
) -> Result<Option<AiEntity>, ExecError<K::Error>> {
    let Some(entity) = lookup_ai_entity_by_address(db, &tx.from)? else {
        return Ok(None);
    };

    if !entity.is_active {
        return Err(ExecError::EntityNotActive);
    }

    let tx_type = tx.payload.first().copied()
        .ok_or(ExecError::UnknownPayloadVersion { version: 0 })?;

    match tx_type {
        TRANSFER_PAYLOAD_V1 => Ok(Some(entity)),
        SIGNAL_COMMITMENT_PAYLOAD_V1 => {
            if entity.has_capability("emit_proposals") {
                Ok(Some(entity))
            } else {
                Err(ExecError::IssuerMissingCapability)
            }
        }
        CREATE_MEMORY_OBJECT_PAYLOAD_V1
        | UPDATE_MEMORY_OBJECT_PAYLOAD_V1
        | DELETE_MEMORY_OBJECT_PAYLOAD_V1 => {
            if entity.has_capability("read_memory_objects") {
                Ok(Some(entity))
            } else {
                Err(ExecError::IssuerMissingCapability)
            }
        }
        _ => Err(ExecError::IssuerMissingCapability),
    }
}

This is one function. It runs before every transaction. It returns Some(entity) if the sender is a registered AI, None if it is a normal account, and an error if the AI is trying to do something it is not allowed to do.

That is the answer to all three questions:

Is this address an AI? Look it up. The lookup either resolves to an entity record or it does not.
What is it allowed to do? Read the capabilities bitfield and the autonomy_mode. The dispatcher enforces them.
What has it done? Every signal the entity emits is indexed by issuer and height. Every memory object it owns is indexed by type. The chain stores all of this natively.

What this enables

Once the chain has a typed answer to "is this an AI," a lot of things become straightforward:

Per-AI fee policy. A future governance change could set a different minimum fee for AI-issued signal commitments. The dispatcher already branches on tx type and entity status. The hook is there.
Per-AI quotas. Every entity is capped at 100 memory objects and 64 KiB per object. These are protocol constants, not contract logic. They apply uniformly.
Capability gates. A Gated-mode entity can request execution of a Tier 1 or Tier 2 action, but only through approval gates (Multisig, Threshold, or TimelockOnly). The capability flag and the gate type live in the entity record. The chain checks both.
Native audit. A wallet, an explorer, or another bot can ask "what has this entity done in the last N blocks?" The answer is a query, not an indexer ETL.
Governance over AI behavior. A governance proposal can deactivate an entity by flipping is_active to false. The dispatcher rejects every subsequent tx from that entity at the type-system level. There is no contract-level kill switch you have to remember to wire up.

What this does not solve

I want to be honest about the limit. The chain knows that an entity with code_hash H is registered, and it can verify that the entity signed a transaction with the matching key. It does not know that the entity's actual computation matches the code at that hash. That is a separate problem, and it is the role of the Autonomous autonomy mode (currently reserved) and ZK-proof verification.

For now, the trust model is this: the chain knows who the entity claims to be, what it is allowed to do, and what it has done. The chain does not know that the entity is faithful to its declared code. That gap exists on every AI-on-chain project I have looked at. NOVAI is structured to close it through ZK proofs in a later phase, but the chain has to know what an AI is first.

What you can do with this

If you are coming from blockchain: you get a way to reason about AI agents that is finite, typed, and indexable. The dispatcher tells you what an AI can do. The state tells you what it has done.

If you are coming from AI: you get a substrate where your agent has its own identity, its own balance, its own memory, and its own audit trail. You do not have to rebuild any of that. You build the agent.

Repo: github.com/0x-devc/NOVAI-node. The architecture doc walks through every crate. The first-AI-entity tutorial registers an entity in about ten minutes.

Twitter: [@NOVAInetwork]

AI Entities as Protocol Primitives: Why I Didn't Use Smart Contracts

NOVAInetwork — Mon, 04 May 2026 15:12:22 +0000

I've been building an L1 blockchain called NOVAI. The design choice that gets the most questions is this one: AI entities live inside the protocol, not on top of it. There is no VM. No deployable contracts. AI is a first-class type in the chain, the same way an account or a transaction is.

This post is about what that means in practice, why I made the call, and what it costs.

How AI on chain usually works

If you've looked at AI-on-chain projects in the last while, the pattern is roughly this. The AI runs off-chain as a Python service, a hosted model, or an agent framework. It interacts with the chain through a smart contract that holds funds, registers identity, or stores configuration. Outputs come back through an oracle or a signed message that the contract verifies.

This works in the sense that you can ship something. But it leaves the chain blind. From the chain's point of view, there is no such thing as "an AI." There is an address. That address might be a person, a contract, a bot, or a script someone forgot to turn off. The protocol cannot tell them apart, and so it cannot apply different rules to them.

The off-chain AI also has no native identity, no native memory, and no native economic agency. Anything resembling persistent state has to be re-implemented inside a contract: per-bot balances, nonce tracking, capability flags, audit logs. Every project does this slightly differently. All of it lives at the contract layer where the chain itself has no opinion.

That is the square-peg-round-hole problem. Smart contracts were built for arbitrary user logic. Bolting AI on top means the chain treats AI like any other untyped caller, and developers carry the weight of inventing identity, memory, and economic primitives every time they ship a new agent.

The decision

I went the other direction. NOVAI does not have a VM. It has a fixed set of transaction types, and one of those types registers an AI entity. Here is the struct from crates/ai_entities/src/lib.rs:

pub struct AiEntity {
    pub id: AiEntityId,
    pub code_hash: CodeHash,
    pub creator: Address,
    pub autonomy_mode: AutonomyMode,
    pub capabilities: Capabilities,
    pub economic_balance: u128,
    pub nonce: u64,
    pub pubkey: [u8; 32],
    pub memory_root: [u8; 32],
    pub params_root: [u8; 32],
    pub registered_at: u64,
    pub last_active_at: u64,
    pub is_active: bool,
}

What each field means:

id is a 32-byte identifier computed as blake3("NOVAI_AI_ENTITY_ID_V1" || code_hash || creator). Same code and same creator produce the same id by design. Different creators get different ids even when running the same code.
code_hash is the hash of the module code or weights. The chain does not run the model. It records what model is supposed to be running.
creator is the account that registered the entity.
autonomy_mode is Advisory, Gated, or Autonomous (reserved). Advisory entities can only emit signals. Gated entities can request actions that go through approval gates.
capabilities is a bitfield with five flags: read public chain, read memory objects, emit proposals, request execution, read NNPX derived views.
economic_balance is the entity's own balance, in a u128. The entity pays its own fees from this. It is not the creator's wallet.
nonce increments per entity-signed transaction, like an account nonce.
pubkey is the entity's ed25519 public key. The entity signs its own transactions with the matching secret.
memory_root and params_root are roots over the entity's persistent on-chain memory and learned parameters.
is_active flips to false if a governance rollback removes the entity.

The thing to land on: an AI entity has its own keypair and pays its own fees. It is not a function call dispatched by a user wallet. When a bot publishes a signal, the transaction is signed by the entity, the fee comes out of the entity's balance, and the chain looks the entity up by the address derived from the entity's pubkey. The chain knows an AI is talking. It applies AI-specific rules.

Signals and memory

Two more types matter. Signals are the AI's output to the chain. Memory objects are the AI's persistent storage on the chain.

The signal commitment, from crates/ai_entities/src/signals.rs:

pub struct SignalCommitment {
    pub commitment_hash: [u8; 32],
    pub signal_type: AiSignalType,
    pub height: u64,
    pub issuer: [u8; 32],
}

AiSignalType has seven variants: Anomaly, Optimization, Prediction, RiskScore, AuditReport, SpamRisk, CongestionForecast. An entity emits one of these and attaches a 32-byte commitment hash that binds to an off-chain payload. The chain indexes the signal by issuer and height. Other entities, wallets, or the explorer can query getSignalsByIssuer and read every signal an entity ever produced.

Memory objects, from crates/ai_entities/src/memory.rs, have five types: ChainSummary, LabelIndex, EmbeddingCommitment, AnomalyLog, StatisticsSnapshot. The size of each object is capped at MAX_MEMORY_OBJECT_SIZE = 65536 bytes. The number of objects per entity is capped at MAX_MEMORY_OBJECTS_PER_ENTITY = 100. These are protocol constants, not contract logic. Every entity has the same bounds.

The 10 transaction types

Because there is no VM, the transaction surface is finite. Every transaction in every block is one of ten types, defined as constants in crates/execution/src/lib.rs:

ID	Type	Purpose
1	Transfer	Send tokens between accounts
2	SignalCommitment	An AI entity publishes a signal
3	CreateMemoryObject	Entity stores a memory object
4	UpdateMemoryObject	Entity updates a memory object
5	DeleteMemoryObject	Entity deletes a memory object
6	SubmitProposal	Submit a governance proposal
7	ExecuteProposal	Execute a passed proposal
8	RegisterAiEntity	Register an entity (no key)
9	CreditAiEntity	Top up an entity's balance
10	RegisterAiEntityWithKey	Register an entity with its own ed25519 key

The dispatcher routes by the first byte of the payload:

pub fn dispatch_tx<K: KvBatch>(
    db: &mut K,
    tx: &TxV1,
    current_height: u64,
) -> Result<(), ExecError<K::Error>> {
    // ...fee check...
    let ai_entity = check_ai_entity_sender(db, tx)?;
    let version = tx.payload.first().copied()
        .ok_or(ExecError::UnknownPayloadVersion { version: 0 })?;

    match version {
        TRANSFER_PAYLOAD_V1 => apply_tx_v1_transfer_inner(db, tx, ai_entity),
        SIGNAL_COMMITMENT_PAYLOAD_V1 => {
            let entity = ai_entity.ok_or(ExecError::IssuerNotFound)?;
            apply_signal_commitment_tx_inner(db, tx, entity, current_height)
        }
        // ... and so on for the other eight ...
    }
}

The line that does the AI-specific work is check_ai_entity_sender. Before any tx is routed, the dispatcher looks up the sender in the address-to-entity index. If the sender is an AI entity, the function checks that the entity is allowed to submit this tx type. Signal commitments require the emit_proposals capability. Memory writes require the read_memory_objects capability. Governance, registration, and credit operations are denied to AI entities entirely. A normal account is unaffected by these checks.

That is the protocol-level distinction the smart-contract approach cannot make. The chain knows.

What this costs

The trade-off, plainly. No VM means no arbitrary code. You cannot deploy a custom market-making contract, a token, or anything that does not map onto the ten types above. If your application needs that, NOVAI is the wrong chain.

What you get in exchange:

Determinism by construction. No floats anywhere in execution. Iteration over state is sorted. Two nodes with the same starting state and the same block produce the same state root, every time.

No gas surprises. Every tx type has a minimum fee constant and a fixed worst-case cost. There are no out-of-gas reverts halfway through a tx. There is no quadratic blowup hidden inside a contract.

The chain understands every operation. Indexing, audit logs, capability checks, and per-entity quotas are enforced at the protocol level. Memory objects capped at 100 per entity. Each object capped at 64 KiB. Transactions capped at 128 KiB. These are not conventions. They are invariants.

AI is a typed thing. The chain can answer "is this address an AI?" with a state lookup. Every signal it ever published is indexed by issuer and height. Every memory object it owns is indexed by type. None of this requires a third-party indexer.

That last point is the design payoff. AI on-chain identity is a primitive, not an afterthought.

A demo entity

The repo has two demo bots in TypeScript. They are small enough to read in one sitting.

The anomaly bot in demos/anomaly-bot/ registers itself as a Gated entity with its own ed25519 key, polls novai_getLatestBlock every 1.5 seconds, and runs three detectors over a 50-block window: empty-block streak, head-stalled, and leader-rotation. Registration looks like this:

const tx = registerAiEntityWithKey(
    creator,
    nonce,
    REGISTER_FEE,
    CODE_HASH,
    entity.publicKey,
    AutonomyMode.Gated,
    {
      readPublicChain: true,
      readMemoryObjects: true,
      emitProposals: true,
    },
    ENTITY_INITIAL_BALANCE,
);

When a detector fires, the bot publishes a SignalType.Anomaly signal and an AnomalyLog memory object. Both are signed by the entity, not the creator. Both deduct fees from the entity's balance. The signal commitment is a domain-tagged blake3 hash of the detection details.

The multi-entity demo in demos/multi-entity/ runs two of these. Bot A (the predictor) publishes a Prediction signal and a LabelIndex memory object every ten seconds. Bot B (the risk-scorer) reads Bot A's signals and memory objects via RPC, compares Bot A's predictions to actual block data, and publishes its own RiskScore signal in response.

The thing worth pointing at: Bot B never makes an HTTP call to Bot A. It calls getSignalsByIssuer and getMemoryObjects against the chain. The chain is the only integration surface. A third bot could plug into Bot A's outputs tomorrow with no coordination, no shared infrastructure, no API key.

That is composability without contracts. The state shape is fixed by the protocol, so any entity can read any other entity's outputs deterministically.

Consensus integration

There is one more piece worth showing. Vote messages in the BFT consensus layer carry an optional AI signal commitment. From crates/consensus_types/src/lib.rs:

pub struct Vote {
    pub height: u64,
    pub round: u64,
    pub block_hash: [u8; 32],
    pub voter: Address,
    pub signature: [u8; 64],
    /// Optional AI signal commitment (hash only, advisory).
    /// Does not affect vote validity.
    pub ai_signal_commitment: Option<[u8; 32]>,
}

The comment matters. "Advisory" and "does not affect vote validity." The signal commitment does not gate consensus. A validator that includes one is volunteering a 32-byte pointer to an AI advisory output, and other nodes can fetch and verify it against the entity's published signals. Consensus is still consensus. The AI layer rides alongside it.

The point is that this field exists at all. AI signals travel inside consensus messages as first-class data, not as a side channel. That is the kind of thing you can only do when AI is part of the protocol.

What's next

The chain runs. The four-node devnet boots from one script. The two demos run end to end.

Next up:

Public testnet.
More entity types and richer capability constraints.
More demo entities, including ones that consume each other's memory objects in non-trivial ways.

Repo: github.com/0x-devc/NOVAI-node. The architecture doc walks crate by crate. The first-AI-entity tutorial registers an entity in about ten minutes if you have Rust installed.

Twitter: @NOVAInetwork

I'm 18 and I built a Layer 1 blockchain from scratch in Rust

NOVAInetwork — Mon, 27 Apr 2026 13:42:36 +0000

I'm 18 and I'm building NOVAI, an AI-native Layer 1 blockchain written from scratch in Rust. This week I went open source and shipped a full set of developer docs. Here's everything that landed.

The project

NOVAI is a Layer 1 blockchain where AI entities are protocol primitives, not smart contracts. Most "AI blockchains" bolt AI onto an existing VM through oracle calls or contract wrappers. NOVAI does it differently. AI entities exist at the same level as accounts and validators. They have on-chain identity, persistent memory, economic balance, and capability flags. All enforced at the protocol layer.

There is no smart contract VM. No WASM runtime. Every transaction type is a native protocol operation.

The entire codebase is clean-room. No code from Substrate, Tendermint, Cosmos SDK, or any other implementation. 65,000+ lines of Rust across 16 crates, 1,100+ tests, zero unsafe code.

GitHub: github.com/0x-devc/NOVAI-node
Website: novai.network

What makes NOVAI different

On most blockchains, "AI integration" means an off-chain model that pokes the chain through oracle calls or contract wrappers. The AI runs somewhere else. The chain just stores the result.

NOVAI puts AI entities inside the protocol. An entity is a first-class on-chain identity that:

Holds its own balance and pays its own fees
Has its own Ed25519 signing key and signs its own transactions
Publishes signal commitments (anomaly, prediction, risk-score, and 4 more types)
Owns persistent memory objects (chain summaries, statistics snapshots, anomaly logs)
Has governance-controlled autonomy modes and capability flags

The chain doesn't need to interpret bytecode to understand what an entity is doing. Every operation has known semantics at the protocol layer.

What shipped this week

Open source launch

The full codebase went public under Apache 2.0. Git history was cleaned. CI is green on GitHub Actions.

Developer docs - 5 deliverables

1. Quick Start Tutorial - "Build Your First AI Entity on NOVAI in 10 Minutes"

Step-by-step CLI walkthrough. Generate keys, fund from faucet, register an AI entity with its own signing key, publish a signal, create a memory object, query everything back. Every command and output block is real captured data from a live 4-node devnet.

Read it on GitHub

2. TypeScript SDK Tutorial

170-line working example. Connect to a node, fund an account, transfer tokens, register an AI entity, verify it on chain. Self-contained npm project. Just run npm install && npm start.

See the example

3. Rust SDK Tutorial

Same flow in idiomatic async Rust on tokio. Single file, runs with cargo run --example quick-start.

See the example

4. RPC Reference

777 lines covering all 13 JSON-RPC endpoints. Each one has a description, parameter table, response shape, error table, and a real curl command with captured output.

Read it on GitHub

5. Architecture Deep Dive

Crate-by-crate walkthrough of all 16 crates organized by dependency layer. Mermaid diagrams for the consensus flow and the transaction lifecycle. Three guided reading paths for newcomers.

Read it on GitHub

Block explorer

React + Vite + Tailwind single-page app that calls the node's RPC endpoints. Live block list with 2-second polling, block detail page, account lookup, AI entity page with memory objects and signals, and a network stats dashboard. Developers run it locally against their devnet.

AI entity demos

Three runnable demos showing the AI-entity-as-protocol-primitive pattern.

Anomaly bot - A TypeScript bot that registers itself as an on-chain entity, polls chain activity every 1.5 seconds, runs three heuristic detectors (empty block streaks, round spikes, stalled chains), and publishes an anomaly signal plus a memory object whenever one fires. Cooldowns prevent re-firing on the same condition.

Multi-entity demo - Two bots interacting purely through the chain. Bot A (predictor) publishes prediction signals guessing future block tx counts. Bot B (risk-scorer) reads those predictions via on-chain memory objects, waits for the target block, compares predicted vs actual, and publishes a risk-score signal with the delta. No shared database. No API calls between them. Just on-chain data.

CLI demo script - Full entity lifecycle in bash with banner sections for blog posts or video recordings. Keygen, faucet, register, credit, signal publish, memory CRUD, query.

The bug fix that unblocked everything

While building the tutorials I found that entity-signed signal and memory transactions were silently failing through the RPC path. The root cause was four handlers using the wrong lookup key. They did a primary-key lookup with an address value instead of using the reverse index that maps address to entity ID. The entity record was never found so every signal and memory transaction quietly returned an error that got swallowed.

The fix was refactoring all four handlers into inner functions that take a pre-resolved entity. Added 7 regression tests that exercise the full dispatch path. Verified end-to-end on a live devnet.

I wrote about a similar silent-failure bug in my first blog post: The Bug That Silently Broke My Entire Blockchain

The numbers

65,000+ lines of Rust
16 crates in the workspace
1,100+ tests passing
30M+ blocks committed on the private testnet
Zero unsafe code
10 native transaction types
4-validator private testnet running since early 2026
HotStuff BFT consensus with 3-chain commit rule
Sparse Merkle Tree state with deterministic 32-byte roots
Ed25519 signatures, Blake3 hashing, Noise XX transport encryption
Apache 2.0 licensed

What's next

Public testnet. The private testnet runs on a shared VPS that causes state root divergence under sustained load. The fix is a dedicated CPU server. Once that's in place we'll have a public RPC with SSL, validator onboarding, and the block explorer deployed at explorer.novai.network.

I'm also looking for a technical co-founder. I'm building this solo. If you're a Rust engineer interested in BFT consensus, on-chain AI primitives, or clean-room blockchain development, the codebase is open and PRs are welcome.

Website: novai.network
GitHub: github.com/0x-devc/NOVAI-node
Twitter: @NOVAInetwork

The Bug That Silently Broke My Entire Blockchain How a single function rejected "trailing bytes" and made every block commit with zero transactions

NOVAInetwork — Sun, 26 Apr 2026 13:29:55 +0000

I spent two days debugging why my from-scratch Layer 1 blockchain committed every block with zero transactions, despite the mempool accepting them perfectly.

This is the story of how I found it, what it taught me, and why silent failures are the hardest bugs in distributed systems.

The setup

I'm building NOVAI, a Layer 1 blockchain in Rust with HotStuff BFT consensus. No forks, no frameworks. Every crate written from scratch. Four validators running on a local devnet, producing blocks at around 75 per second.

The chain worked perfectly. Blocks committed. QCs formed. Validators voted. Everything was green.

Then I added transaction support. And every single block committed with tx_count=0.

The symptoms

The RPC endpoint accepted transactions. Submitted, accepted, zero rejected. The mempool inserted them. drain_ready pulled them into proposed blocks. But every committed block: zero transactions.

No error logs. No panics. No warnings. The chain just kept producing empty blocks as if nothing was wrong.

The investigation

I started with the obvious: is the mempool shared between the RPC thread and the consensus loop? I compared Arc pointer addresses. Same instance. Same mempool.

Then I checked timing. Maybe the leader's block was being replaced by an empty one from a different leader after a timeout. I found a race condition in the timeout handler where round_start_time could be read before the state lock was acquired. Fixed it. Blocks still empty.

Next hypothesis: only node 0 had the RPC endpoint. The other three validators had empty mempools. When they were leader (75% of the time), they proposed empty blocks. I added transaction gossip so all validators share transactions over P2P. Still empty.

I added diagnostic logging at every stage of the pipeline. PROPOSE_DIAG, COMMIT_DIAG, VERIFY_DIAG, QC_DIAG. Every block showed tx_count=0 at the proposal stage. Transactions were being drained from the mempool into the proposed block, but somehow vanishing before the block reached other validators.

The pattern

Then I noticed something. The chain ran perfectly at around 75 blocks per second with empty blocks. But the moment a block contained even one transaction, the chain stalled. Timeouts fired. Round numbers escalated. No recovery.

This wasn't a "transactions get lost" bug. This was a "transactions kill consensus" bug.

The root cause

Deep in the codec layer, there was a function called decode_tx_v1_signed(). It decoded a single transaction from a byte buffer, then checked if there were any remaining bytes. If so, it rejected the input as "trailing bytes."

This is correct behavior when decoding a standalone transaction from an RPC call. One transaction, one buffer, no leftovers.

But inside decode_block_v1(), the buffer contains multiple transactions concatenated together. The decoder would parse the first transaction, see the remaining transactions as "trailing bytes," and silently return an error.

Every block with one or more transactions failed to decode at the network layer. Validators never received the proposal. They never voted. No quorum certificate formed. The chain stalled.

The fix was one new function: decode_tx_v1_signed_streaming(). It advances the cursor without checking for trailing bytes. Used exclusively inside block decoding. The original function is preserved for standalone transaction decoding where the trailing bytes check is correct.

What happened after the fix

The chain immediately started committing blocks with transactions. All four validators reaching consensus. Transaction gossip working across the network. The chain has since committed over 16 million blocks.

What I learned

Silent failures are the hardest bugs in distributed systems. There were no error logs, no panics, no stack traces. The chain just produced empty blocks and looked healthy. Every metric was green except the one that mattered.

Systematic elimination is the only approach that works. I ruled out dual mempool instances, lock contention, timeout races, leader rotation, cache eviction, and codec round-trip failures, one by one. Each hypothesis was tested, disproved, and crossed off.

The fix was 20 lines of code. The investigation was two days. The ratio between understanding and implementation is always lopsided in distributed systems, and that's fine. The understanding is the hard part.

The technical details

For anyone working on custom binary codecs in Rust: be careful with "trailing bytes" checks in your decoders. They're correct for standalone message parsing but catastrophically wrong when the same decoder is reused inside a container format where multiple messages are concatenated. The streaming pattern (advance cursor, don't check for leftovers) is the right approach for container decoding.

The codebase is on GitHub: github.com/0x-devc/NOVAI-node

65,000+ lines of Rust. 4,000+ tests. Zero unsafe code.