Cere Protocol / The proof room ROOM 01 / 04
The five primitives that make execution provable, four receipt shapes you can read line by line, what makes this different, and the honest status of every claim.
Agents run on private data under signed access, never raw handover.
Execution becomes verifiable: captured, attested, settled.
Every operation leaves a signed record with scope and cost.
Verified usage clears in $CERE, era by era, no invoices.
Agents, attribution, and payouts: launch your own marketplace.
What the chain of evidence actually looks like, from signed grant to settled era. Illustrative samples: field shapes follow the reference implementation, not live records.
{
"agent_service_pub_key": "ed25519:8f3c…a1d2",
"user_pub_key": "ed25519:5d9e…44b7",
"created_at": "2026-06-10T08:14:02Z",
"expires_at": "2026-09-10T08:14:02Z",
"revoked": false,
"metadata": { "scopes": [ { "context": { "vaultId": "v-7c21…", "scopeId": "calendar" } } ] },
"signature": { "algorithm": "ed25519", "signer": "5d9e…44b7", "value": "0x9b41…" }
}
// signed by the wallet · verified by GAR on every write · status derived at read
{
"record_id": "dac-019283…",
"agent": "ed25519:8f3c…a1d2",
"vault_scope": "v-7c21… / calendar",
"operation": "read + inference",
"compute": { "cpu_ms": 412, "gpu_units": 0.83 },
"result_hash": "blake2:cf02…77aa",
"signatures": ["agent-derived-key", "orchestrator", "agent-runtime"]
}
// multi-signed at source · batched → single extrinsic · payload off-chain, hash on-chain
attestation round · cluster dragon-1 · era 412 assigned validators : 5 (random subset, rotates per round · design mechanism) cross-checked vs : independently observed activity agree : 4 / 5 → ⅔ supermajority ✓ PASS // recorded on ddc-clusters · unattested records never reach payout
event ClusterEraPaid { cluster: dragon-1, era: 412 } customer deposits → debited node providers → credited per validated activity validators → paid for inspection protocol treasury → share accrued // closes the window · split set per cluster by on-chain governance
// math, not promises: every step above is a signed, inspectable object before anyone gets paid
Most AI infrastructure focuses on models, hosting, or orchestration. SCP sits between private data, agent permissions, activity capture, and settlement.
It records what happened: every run leaves a signed, attestable trail.
Agents run against scoped vaults instead of copied datasets.
Settlement depends on attested activity, not platform-reported usage.
Marketplaces are built on top; the protocol stays neutral underneath.
| Component | Status | What you can do |
|---|---|---|
| Cere mainnet | Live since 2021 | Use the L1 settlement and governance foundation |
| Consent registry (GAR) | Live | Record and verify signed consent |
| Dragon 1 storage | DDC mainnet since 2024 | Store data on DDC |
| Dragon 1 agent compute | Testnet | Build and test agent execution |
| Agent marketplace | In build · pre-launch | Nothing public yet; first builders being onboarded |
| SCP standard | Draft v0 · being written | The five interfaces are on this page; public drafts follow |
// who is who: SCP = open standard · Cere = chain underneath · Dragon 1 = flagship cluster · marketplaces = built on top · SDKs ship as @cef-ai on npm · code lives at Cerebellum-Network on GitHub