Pay. Compute. Disappear.
Three actors. One round-trip. A receipt that survives without exposing what was asked.
x402 challenge
The caller hits an inference endpoint. The provider returns HTTP 402 with a payment requirement. The caller settles via the x402 facilitator on Base, Polygon, or Solana — milliseconds, no signup.
Attested enclave
The model runs inside a TEE — Atoma, Marlin Oyster, or Phala dstack. The provider commits to the input, runs the inference, and binds the output to the same nonce. The enclave attestation quote is captured.
Receipt, then nothing
The caller receives the response and a HULDR receipt: input commit, output commit, payment ID, quote hash, BLS signature. Verifiable forever. The prompt and response live nowhere outside the caller's machine.
A receipt is a stamp.
Mono-spaced, deterministic, portable. Verifiable offline with a single command. The aurora seal sits in the corner — the rest is fact.
Below the aurora, a clean topology.
HULDR is a thin trust layer between caller and provider, with an optional anchor relay for compact onchain audit trails.
Four lines on the caller. Three on the provider.
Drop-in for any TEE inference endpoint. Receipts verify offline.
// install: npm i @huldr/sdk import { huldr } from "@huldr/sdk"; const client = huldr({ chain: "base" }); const { response, receipt } = await client.charge({ provider: "atoma:meta-llama/llama-3.1-70b", prompt: "redacted by design", maxPay: "0.001 ETH", }); await huldr.verify(receipt); // boolean — fully offline
import { huldr } from "@huldr/sdk/server"; huldr.serve({ modelId: "meta-llama/llama-3.1-70b", tee: "marlin:tdx", pricePerCall: "0.00042 ETH", }, async ({ prompt }) => runInTee(prompt));
Who reaches for the seal.
HULDR is invisible to end users. It surfaces only at three points in any system — once per actor.
The agent making the request.
Drop the SDK around any AI call. The receipt arrives stapled to the response. Store it, forget it, prove it later. No HULDR account, no signup, no extra round-trip.
↳ four lines · receipt stamped on returnimport { huldr } from "@huldr/sdk"; const { reply, receipt } = await huldr.charge({ url: "https://atoma.ai/v1/chat", body: { prompt }, maxPay: "0.001 ETH", }); // receipt.id ◇ stamp it, ship it
The TEE host running the model.
Bond stake once. Sign each receipt with the BLS key that lives inside the enclave — never on the host. The protocol handles x402 settlement, attestation hashing, and registry anchoring.
↳ one stake · one serve · zero leakageimport { huldr } from "@huldr/sdk/server"; // once per provider — bond on Base await huldr.register({ stake: "1000 HUL" }); huldr.serve({ modelId: "meta-llama/llama-3.1-70b", tee: "marlin:tdx", price: "0.00042 ETH", }, runInEnclave);
The auditor, the contract, the curious.
Three flavors, one proof. CLI for offline audits. Wasm for in-browser. On-chain BLS pairing when a downstream contract needs to gate on verified, paid, attested inference.
↳ offline · in-browser · on-chain (~263k gas)huldr verify rcpt.json payment x402:base 0x712a…91c attest marlin:tdx 0xfe40…aa11 pairing bls12_381 e(-G1,σ)·e(pk,H)=1 ◆ valid
What HULDR will never do.
- 01Read user prompts. The receipt only ever sees a commitment.
- 02Hold a database of caller activity. There is none.
- 03Take a skim. The protocol's revenue is provider stake yield, not call fees.
- 04Become a payment rail. We sign x402; we don't replace it.