npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

silo-agent

v1.0.3

Published

Encrypted private memory + execution attestation for AI agents on 0G

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ropo1299ropo1299

Keywords

0gai-agentsprivacymcpopenclawattestationencrypted-memorymodel-context-protocol

Readme

SILO

Encrypted private memory + execution attestation for AI agents, powered by 0G.

AI agents are accumulating sensitive personal data — medical records, financial info, personal preferences — and storing it in plaintext. SILO fixes this by giving any agent framework encrypted, decentralized memory backed by 0G Storage, with cryptographic proof of every action the agent takes.

What It Does

| Feature | Description | |---|---| | Encrypted Vault | AES-256-GCM encryption with PBKDF2 key derivation. Data is encrypted in-memory and stored on 0G — never at rest in plaintext. | | Execution Attestation | Every store/retrieve is hashed into a Merkle tree. Commit a session to publish a verifiable proof of agent behavior without revealing content. | | Multi-Agent Sharing | Agents can securely share encrypted memories via vault_share and vault_import — enabling cross-agent collaboration with cryptographic accountability. | | MCP Server | 21 tools for Claude Desktop, Cursor, or any MCP-compatible client (vault + DeFAI + shared memory + autonomy). | | Real-Time Dashboard | Live WebSocket-powered UI showing stores, retrieves, Merkle tree visualization, and session attestation ceremonies. | | CLI Tools | verify to prove data exists, doctor to validate setup, demo to run the full cycle. | | DeFAI Copilot | Intent-to-plan API with guardrails, risk previews, explicit user approval, and optional 0G Compute rationale. |

Quick Start

# Clone and install
git clone https://github.com/rohanpotta/ethdenverhack.git
cd ethdenverhack

# Install backend
cd 0g-agent-shield
npm install

# Configure
cp .env.example .env
# Edit .env with your private key (get testnet tokens: https://faucet.0g.ai)

# Validate setup
npm run build
npm run doctor

# Start the API server + dashboard backend
npm start

# In a second terminal — start the dashboard UI
cd ../0g-agent-shield-ui
npm install
npm run dev

Open http://localhost:5173 to see the SILO dashboard.

Common Failures (Fast Fixes)

  • EADDRINUSE: address already in use :::3000
    • Cause: another process already uses port 3000.
    • Fix:
      lsof -i :3000
kill -9 <PID>
npm start
  • ngrok ERR_NGROK_334 endpoint already online
    • Cause: previous tunnel is still active.
    • Fix:
      pkill -f ngrok
ngrok http 3000
  • MCP silo: ... is not valid JSON
    • Cause: non-protocol logs leaked to MCP stdout.
    • Fix:
      • Upgrade to latest silo-agent.
      • Keep MCP as npx silo-agent mcp (do not wrap in extra shell logging).
      • Restart Claude Desktop after config updates.
  • 0 balance — get testnet tokens from https://faucet.0g.ai
    • Cause: wallet is unfunded.
    • Fix:
      • Fund the exact address in your MCP/backend PRIVATE_KEY via faucet.
      • Re-run npm run doctor.

Use With Claude Desktop / Cursor

Add to your MCP config (~/Library/Application Support/Claude/claude_desktop_config.json or Cursor MCP settings):

{
  "mcpServers": {
    "silo": {
      "command": "npx",
      "args": ["silo-agent", "mcp"],
      "env": {
        "PRIVATE_KEY": "your_private_key_no_0x_prefix",
        "EVM_RPC": "https://evmrpc-testnet.0g.ai",
        "INDEXER_RPC": "https://indexer-storage-testnet-turbo.0g.ai"
      }
    }
  }
}

No build step or absolute paths needed — npx resolves the package from npm.

  1. Ask Claude: "Store my medical diagnosis securely"
  2. Claude responds with a root hash and attestation event number
  3. Verify: npx silo-agent verify <rootHash>

MCP Tools

SILO exposes 21 MCP tools. Core vault tools:

| Tool | Description | |---|---| | vault_store | Encrypt data and upload to 0G Storage | | vault_retrieve | Download from 0G and decrypt | | vault_session_log | View the current attestation session | | session_commit | Finalize session: Merkle root + encrypted trace to 0G | | vault_balance | Check wallet balance | | vault_status | Show agent address, session ID, network | | vault_share | Encrypt, store, and generate a share descriptor for another agent | | vault_import | Retrieve and decrypt shared memory from another agent's descriptor |

DeFAI tools:

| Tool | Description | |---|---| | defai_plan | Generate a structured DeFi plan with guardrails + risk preview | | defai_approve | Explicit user approval/rejection gate before execution |

Multi-Agent Sharing

SILO enables agents to share encrypted memories without exposing plaintext:

Agent A (Claude Desktop)              Agent B (Cursor)
    │                                      │
    ├─ vault_share("patient data")         │
    │   → rootHash: 0xabc...              │
    │   → share descriptor ─────────────► │
    │                                      ├─ vault_import("0xabc...")
    │                                      │   → decrypted data
    │                                      │
    └─── Both actions are attested ────────┘
         in their respective Merkle trees

Both agents' actions are independently recorded in their attestation sessions. The shared secret (VAULT_SECRET or PRIVATE_KEY) must match for cross-agent decryption.

Dashboard

The real-time dashboard provides:

  • Vault Panel — Store and retrieve data with live encryption visualization
  • Merkle Tree — D3.js visualization of the attestation tree building in real-time
  • Agents Panel — Multi-agent sharing demo with transfer animation
  • Event Log — Full audit trail of all vault operations
  • SDK Fix Panel — Documents SILO's contribution to the 0G SDK ecosystem

The dashboard connects to the API server via WebSocket for live event streaming.

Use As a Library

npm install silo-agent
import { AgentVault } from "silo-agent";

const vault = new AgentVault({
  privateKey: "abc123...",
  evmRpc: "https://evmrpc-testnet.0g.ai",
  indexerRpc: "https://indexer-storage-testnet-turbo.0g.ai",
});
await vault.init();

// Store encrypted data
const { rootHash } = await vault.store("Patient has arrhythmia");

// Retrieve and decrypt
const data = await vault.retrieve(rootHash);

// Commit attestation (Merkle root + encrypted trace → 0G)
const proof = await vault.commitSession();
console.log(proof.merkleRoot); // public commitment

How Attestation Works

  Agent Action #1 ──hash──┐
  Agent Action #2 ──hash──┤
  Agent Action #3 ──hash──┼──► Merkle Root (public commitment)
  Agent Action #4 ──hash──┘         │
                                    ▼
                          Published on-chain or
                          stored as verifiable proof

  Full trace (encrypted) ──────────► 0G Storage
                                    (only vault holder can decrypt)

What this proves:

  • The agent performed exactly N actions in this session
  • The actions occurred in a specific order
  • No actions were added or removed after the fact
  • The full trace is available for audit — but only to the key holder

What this does NOT reveal:

  • What the actual data was
  • What the agent's prompts or memory contained
  • Any personally identifiable information

Architecture

┌────────────────────────────────────────────────────────┐
│                   MCP Server (mcp.ts)                  │
│              21 tools for any AI client                │
│        pushes events to dashboard via REST             │
└────────────────────┬───────────────────────────────────┘
                     │
┌────────────────────▼───────────────────────────────────┐
│                AgentVault (vault.ts)                    │
│         Unified API: store / retrieve / commit         │
└──┬──────────────┬──────────────────┬───────────────────┘
   │              │                  │
   ▼              ▼                  ▼
┌────────┐  ┌──────────┐  ┌──────────────────┐
│ Crypto │  │ Storage  │  │  Attestation     │
│ AES-256│  │ 0G SDK   │  │  Merkle Tree     │
│ GCM    │  │ Upload/  │  │  Event Hashing   │
│ PBKDF2 │  │ Download │  │  Session Commit  │
└────────┘  └──────────┘  └──────────────────┘

┌────────────────────────────────────────────────────────┐
│              API Server (server.ts)                     │
│    Express REST + Socket.IO WebSocket                  │
│    /api/store  /api/retrieve  /api/attest              │
│    /api/push-event (MCP bridge)  /api/events           │
└────────────────────┬───────────────────────────────────┘
                     │ WebSocket
                     ▼
┌────────────────────────────────────────────────────────┐
│              Dashboard (React + Vite)                   │
│    VaultPanel │ MerkleTree │ AgentsPanel │ EventLog    │
└────────────────────────────────────────────────────────┘

CLI Tools

# Validate your environment
npm run doctor

# Run the full demo cycle
npm run demo

# Run the DeFAI safe-execution demo
npm run defai:demo

# Verify a specific stored memory
npm run verify -- <rootHash>

# Inspect an attestation trace
npm run verify -- <traceRootHash> --trace

# Check 0G Flow contract state
npm run verify-flow

DeFAI Endpoints

POST /api/defai/plan
POST /api/defai/approve

/api/defai/plan creates a structured swap plan with guardrails and simulation preview.
/api/defai/approve enforces explicit user control by requiring an approval/rejection action.

Set OG_COMPUTE_URL to route planning rationale through 0G Compute. If unavailable, SILO falls back to deterministic heuristics.

If you use the 0G starter-kit query API (/api/services/query), also set:

  • OG_COMPUTE_PROVIDER_ADDRESS
  • OG_COMPUTE_FALLBACK_FEE (default 0.01)

DeFAI Scenario Card (Judge-Ready)

  • Intent: Rebalance 500 USD from ETH to USDC
  • Guardrails: maxSlippageBps=75, timeoutSec=90, maxNotionalUsd=1000, allowlist=ETH,USDC,DAI,WBTC
  • AI output: structured plan with route preview, risk rationale, and simulation (expectedOutUsd, minOutUsd)
  • User control: explicit defai_approve / defai_reject gate before any execution
  • Evidence: plan + approval artifacts encrypted to 0G with attestation trail
  • Execution mode in this MVP: dry_run_only (no automatic transaction broadcast)

DeFAI Safety Guarantees

  • No transaction is auto-broadcast by SILO DeFAI MVP.
  • Guardrail violations block planning before approval.
  • User approval is mandatory and explicit for every plan.
  • Rejection path is first-class (defai_rejected) and halts execution intent.
  • Plan and approval artifacts are persisted on 0G for post-hoc auditability.

DeFAI Scope Boundary (Honest MVP)

SILO currently stops at planning + safety + approval + dry-run execution payload.
Execution adapters are pluggable via execute(plan) style integration and intentionally out-of-scope for this MVP.

Project Structure

silo/
├── 0g-agent-shield/              # Backend — Node.js TypeScript
│   ├── src/
│   │   ├── lib/
│   │   │   ├── crypto.ts         # AES-256-GCM encryption (WebCrypto)
│   │   │   ├── storage.ts        # 0G Storage SDK wrapper + ABI fix
│   │   │   ├── attestation.ts    # Merkle-based execution proofs
│   │   │   └── vault.ts          # Unified public API (AgentVault)
│   │   ├── mcp.ts                # MCP server (21 tools)
│   │   ├── server.ts             # Express API + WebSocket server
│   │   ├── verify.ts             # CLI: verify stored data
│   │   ├── doctor.ts             # CLI: validate environment
│   │   ├── demo.ts               # CLI: full end-to-end demo
│   │   ├── verify-flow.ts        # CLI: 0G Flow contract debugger
│   │   ├── index.ts              # Library exports
│   │   └── tests/                # Unit tests (node:test)
│   │       ├── crypto.test.ts    # 14 tests — encryption round-trips, tamper detection
│   │       └── attestation.test.ts # 21 tests — Merkle tree, session lifecycle
│   ├── claude-desktop-config.json
│   ├── .env.example
│   ├── package.json
│   └── tsconfig.json
│
├── 0g-agent-shield-ui/           # Frontend — React + Vite + Tailwind
│   ├── src/
│   │   ├── App.tsx               # Dashboard shell (5 views)
│   │   ├── components/
│   │   │   ├── ColdOpen.tsx      # Particle assembly splash screen
│   │   │   ├── VaultPanel.tsx    # Store/Retrieve with HexCascade effect
│   │   │   ├── MerkleTree.tsx    # D3.js Merkle proof visualization
│   │   │   ├── AgentsPanel.tsx   # Multi-agent sharing demo
│   │   │   ├── EventLog.tsx      # Audit trail table
│   │   │   ├── CommitCeremony.tsx # Session commit celebration
│   │   │   ├── SdkDiffPanel.tsx  # SDK contribution showcase
│   │   │   └── effects/          # Visual effects (HexCascade, DotGrid)
│   │   └── hooks/
│   │       └── useHashScramble.ts
│   └── package.json
│
├── .env.example
└── README.md

SDK Contribution

During development, we discovered and fixed a breaking ABI mismatch in the 0G TS SDK for the Galileo testnet. The SDK's submit() function was missing the required submitter address parameter. SILO's storage layer includes a transparent proxy fix that upgrades the transaction payload automatically.

Testing

cd 0g-agent-shield
npm test

Runs 35 unit tests covering:

  • Crypto (14 tests): Encrypt/decrypt round-trips, tamper detection, cross-key isolation, unicode handling
  • Attestation (21 tests): Merkle tree construction, session lifecycle, event ordering, edge cases

Why This Matters

Every AI agent project on 0G today builds its own storage integration from scratch. None of them encrypt agent memory. None of them provide verifiable execution proofs.

SILO is the missing middleware:

  • Drop-in encrypted memory for any agent framework
  • Execution attestation that proves agent behavior without revealing data
  • Multi-agent sharing with cryptographic accountability
  • MCP-native, so it works with the entire AI tooling ecosystem
  • Real-time dashboard for monitoring and demo purposes

License

MIT