Honest answers, with citations.

No — Compass v1 uses SD-JWT VC selective disclosure plus a sealed Phala dstack TDX receipt-signer. The TEE evaluates the policy predicate against the disclosed claims. The on-chain commitment binds an attestation digest sourced from a per-receipt RA quote.

The trade-off vs ZK is documented in docs/zk-future-work.md. Short version: ZK removes the TEE trust assumption but costs ~5-30s of in-browser proving and a per-policy circuit. Compass' threat model — abusive employer with subpoena power — is well-fit to the TEE path's sub-second receipt mint. A v2 dual-path is on the roadmap.

A 15-minute timestamp bucket and a cryptographic commitment to the user's on-chain agent identity. Specifically, the ReceiptIssued event fields: receiptId · policyId · nullifier · agentIdCommitment · resultHash · attestationDigest · timestampBucket · expiry.

What it does NOT receive: name, HKID, employer, visa status, date of birth, document scans, anything in the SD-JWT VC. The vault stays encrypted in the user's browser with a non-extractable WebCrypto key.

See the subpoena scene for the live render of what gets disclosed.

The signing key is derived inside the TDX enclave from dstack.getKey('compass-receipt-signer') — it's deterministically sealed to the MR_TD of the attested image. The key never leaves the enclave; the only way to obtain it is to compromise TDX itself or coerce Intel.

Per-receipt RA quotes bind (signer, image, receiptId) so even an archived quote cannot be replayed across deployments.

That's strong against employer-level adversaries; weaker against nation-state-level adversaries with TDX zero-day capability. We name this trade-off in docs/honest-limits.md.

Clone the repo and run the bundled verifier:

git clone https://github.com/StephenSook/Compass-OG-.git
cd Compass-OG-/enclave
npm install --legacy-peer-deps
npm run verify-receipt -- --bundle ./samples/receipt-sample.json

The verifier re-derives the entire cryptographic chain locally: signer recovery, quote freshness check, image binding check, attestation digest derivation. No remote calls needed once the bundle is on disk.

The frontend reads NEXT_PUBLIC_COMPASS_USE_MAINNET — unset means Galileo testnet (safer for casual exploration), set to 1 switches to Aristotle mainnet. The mainnet contracts are deployed and accepting receipts; the flip happens before recording the demo video so judges can watch real mainnet receipts mint live.

See the reality table on /about for the canonical state of which rows are real vs draft.

Two things. First, a sliding-window rate limit (5 req/min per client IP) at the route boundary — app/src/lib/ratelimit.ts. Second, the contract requires a valid EIP-712 grant signed by an existing agent owner, so a flood requires minting agent NFTs first (which costs the attacker gas).

The rate-limit is in-memory and stateless across Vercel cold starts — adequate for the hackathon window, but Vercel KV / Upstash Redis is the v2 fix. Documented in the module header.

Primary users: vulnerable migrant workers in Hong Kong — Foreign Domestic Helpers, agricultural workers, garment workers — who need to prove eligibility for free legal aid, shelter access, or public hospital care without disclosing their identity to a system their employer may later subpoena.

Secondary users: the NGO intake clinicians who today operate paper-form intake and would benefit from a drop-in kiosk that turns receipt-not-identity into the default. See the kiosk mode.

It's a working hackathon submission. Contracts are deployed and accepting receipts on both Aristotle mainnet (chainId 16661) and Galileo testnet (chainId 16602). The Phala dstack TDX enclave is live and signing receipts with a key sealed to its attested image. Browser-side encryption is real — non-extractable WebCrypto in IndexedDB. SD-JWT VC issuance is real Ed25519.

The persona narrative (Maria, the domestic worker) is a composite. Real NGO partnerships are pending — six outreach drafts are queued in docs/outreach/.

Honest reality table: /about.

Nothing technical. Compass narrows the disclosure surface but cannot defeat coercion under direct duress — if the employer watches the worker's screen at the moment of disclosure, the plaintext VC is visible before encryption.

Compass' threat model is the asynchronous subpoena, not the face-to-face coercion. A worker who has already left the abusive situation and is using a clinic kiosk in a safe space gets the full guarantee. A worker under active surveillance does not. We name this in docs/honest-limits.md.

HELP for Domestic Workers, Bethune House Migrant Women's Refuge, and Mission for Migrant Workers are three of the most active frontline organisations supporting Foreign Domestic Helpers in Hong Kong. The Hospital Authority is the public-hospital provider whose free-care eligibility is gated on visa status.

The demo policies match real services these organisations provide. Real partnerships are not yet established; persona narrative is inspired by their work but does not represent any real client of theirs.

Architecturally, yes — the receipt-signer is policy-agnostic. Any eligibility predicate that can be evaluated against SD-JWT VC claims fits the same flow: refugee assistance eligibility, food bank eligibility, anonymous job-seeker eligibility, anonymous survivor-of-violence service eligibility, academic financial-aid eligibility.

Compass v1 is specialised to the migrant-worker context because the threat model is sharpest there. If you want to fork for another use case, the contract surface is ~250 LoC and the policy hash is a public input — open an issue tagged use-case-fork and we can talk scope.