Skip to main content
Glama

Proofline

Don’t trust the score. Re-run the proof.

Proofline is a conflict-aware match-verification and settlement layer for World Cup products and AI agents. It turns attributed sports observations into a reproducible evidence packet, holds automation when sources disagree, and anchors the final canonical hash on Injective EVM testnet.

The product is built around VARA — the Verifiable Autonomous Referee Agent. Unlike a score widget with a blockchain button, VARA exposes the full decision path: provenance, independence groups, disagreement, Evidence Score inputs, canonical event JSON, payment boundary, and on-chain commitment.

Hosted demo: proofline.axiqo.xyz · GitHub: a252937166/proofline · Immutable release: global-cup-final

Public Injective testnet proof

The complete paid-proof path was executed on Injective EVM testnet (eip155:1439) on 11 July 2026:

Evidence

Public result

Registry v3

0x380D75d068dec45D8145ef89B7A40a6201Ac1ef1 — source fully verified, Solidity 0.8.35

Deploy

0xdf71…9523

Grant anchorer role

0x5858…acb4

Anchor WC-2026-M97-FRA-MAR final result

0x24cd…7344

x402 settlement, 0.01 test USDC

0x2923…842e

This 2026 purchase moved the payer from 19.99 to 19.98 test USDC and the payee from 20.01 to 20.02. The complete public packet, issuer signature, anchor, purchase-binding hash, and receipt are available as the no-wallet featured sample.

Related MCP server: Universal Crypto MCP

The judge moment

The default case is the real 2026 delayed result France 2–0 Morocco. Its ESPN and FIFA observations converge into evidence root 0xe048…61b3, which is anchored and sold through the real testnet path above. Then run the secondary historical replay of Wales 0–2 IR Iran (25 Nov 2022). A synthetic lagging feed changes Wayne Hennessey’s 86th-minute red card to yellow. Proofline immediately pulls the Evidence Score back, marks the event contested, and keeps settlement held. When the official corroboration arrives and the bad claim is retracted, the same deterministic verifier recovers. Late goals, full-time status, and a matching anchor finally open the settlement gate.

The fault is labelled synthetic everywhere. The football facts are sourced from a fixed CC0 OpenFootball commit and an independently linked FIFA match review; the replay is permanently labelled Historical Replay · Not Live.

The product also exposes two honest 2026 data modes. WC-2026-M97-FRA-MAR is a delayed, post-match France 2–0 Morocco snapshot with ESPN and FIFA provenance. WC-2026-M99-NOR-ENG and WC-2026-M100-ARG-SUI are scheduled fixtures with score=null; they are never presented as live matches. The deterministic 2022 replay remains the reproducible conflict-control path, while the 2026 result is the primary proof, anchor, x402, and fresh-verification path.

End-to-end product

flowchart LR
  A["World Cup sources"] --> B["Normalized observations"]
  B --> C["VARA evidence graph"]
  C -->|conflict| D["Quarantine settlement"]
  C -->|corroborated| E["Canonical event hash"]
  E --> F["Injective EVM anchor"]
  C --> G["Free match API"]
  C --> H["x402 proof packet"]
  G --> I["Proofline MCP"]
  H --> I
  F --> I
  I --> J["Agent Skill policy"]
  K["CCTP future funding path"] -.-> H

Competition fit

Requirement

Proofline implementation

Judge proof

Injective

Append-only MatchProofRegistry on Injective EVM testnet

Fully verified contract, deployment, role grant, and real anchor linked above

x402

0.01 native testnet USDC proof resource with a policy-capped Agent flow

Real successful settlement plus payer/payee balance deltas linked above

USDC / CCTP

Native testnet USDC payment is executed; CCTP is future work

No burn, attestation, or mint transaction is claimed

MCP Server

Ten domain tools for match lookup, event verification, settlement readiness, proof purchase, packet and anchor checks

Stdio runtime plus committed official Injective MCP execution evidence

Agent Skill

Explicit source, settlement, spending, replay, and CCTP safety rules

Agent refuses low-score or non-final settlement

AI-native product

Machine-verifiable evidence and deterministic decisions, not a chat wrapper

Packet integrity, trusted issuer signature, and latest on-chain commitment verify independently

Quick start

Requirements: Node.js 20+ and npm.

cp .env.example .env
npm install
npm run check
npm run dev

Open http://localhost:5173. The API listens on http://localhost:8787. The page opens on the 2026 France–Morocco delayed snapshot and exposes its two source lanes without claiming a live feed. The default configuration is intentionally a no-key, no-wallet sandbox: the secondary 2022 conflict-control flow emits a real HTTP 402 negotiation shape and an explicitly labelled deterministic demo receipt. It never claims that sandbox payment or anchoring happened on-chain.

Conflict replay script

  1. Reset the historical replay.

  2. Run it and watch the red-card event move from observed to contested.

  3. Inspect the exact conflicting field and source independence groups.

  4. Let the replay reach full time, verification, and anchoring.

  5. Request the premium proof: the first response is 402 Payment Required.

  6. Use the labelled sandbox signature to retrieve the packet locally.

  7. Inspect its three verification layers, then modify one field and observe packet integrity fail.

For the real testnet path, follow the guarded commands in the testnet runbook. The deployment command fills the registry address automatically; anchor and x402 payment commands remain non-broadcasting until their action-specific flag and acknowledgement are both present.

Commands

npm run dev               # API + web control room
npm run check             # typecheck + tests + production builds
npm run compile:contract  # compile Solidity registry
npm run wallets:create:testnet # create isolated testnet-only wallets in .env
npm run deploy:contract   # deploy registry and atomically fill .env (broadcasts)
npm run verify:contract:testnet # publish and verify exact compiler input
npm run testnet:preflight # read-only registry, role, balance and x402 checks
npm run testnet:api       # real anchor + official inline facilitator; no startup tx
npm run anchor:testnet    # prepare replay anchor; no tx unless explicitly approved
npm run buy:proof         # official Agent quote/sign-only; no payment by default
npm run evidence:publish-sample # publish a settled packet without its payment signature
npm run mcp               # start the stdio MCP server
npm run smoke             # exercise replay, 402, packet and tamper rejection

Verification model

96.49/100 is an Evidence Score, not a probability that an event is true. It is a deterministic policy score built from source reliability, independent quorum, agreement, freshness, and conflict penalties. Only one strongest representative per independenceGroup can affect candidate ranking and score; duplicating one upstream feed 100 times adds no voting weight.

Every premium packet is checked at three independent layers:

  1. Packet integrity: recompute canonical event JSON, eventHash, evidenceRoot, policy result, and packetHash.

  2. Trusted issuer: recover the EIP-712 signer and require it to match the configured trusted issuer, not merely any cryptographically valid signer.

  3. Latest on-chain commitment: read the match-wide latest registry revision and match its event hash, evidence root, score, and valid state. A later dispute or rejection invalidates an older proof for settlement.

Run npm run check for type checks, unit/integration tests, real-EVM contract tests, browser tests, production builds, and Solidity compilation. npm run smoke exercises conflict, recovery, proof negotiation, verification, and tamper rejection locally.

Repository map

apps/web/           React control room and replay/proof experience
apps/api/           Replay engine, evidence API, anchoring and x402 boundary
packages/core/      Canonicalization, VARA verifier and portable proof packet
packages/mcp/       AI Agent-facing MCP tools and hard spending policy
contracts/          Injective EVM append-only proof registry and deploy script
skills/             Project-owned Agent Skill
data/replays/       Attributed, deterministic historical replay fixture
docs/               Architecture, trust, design and judging evidence

Trust boundaries

  • One source family never counts as multiple independent votes.

  • A single source cannot reach verified.

  • Any active incompatible claim forces contested and holds settlement.

  • Each browser/MCP replay has an isolated session, so judges cannot reset one another's evidence state.

  • Every 402 quote freezes a packet hash for five minutes; the paid retry is rejected before settlement unless its signed requirement carries that quote ID, so replay progress cannot swap the report after review.

  • Signed payments are journaled by session, packet, payer, and EIP-3009 nonce. Concurrent duplicates are locked, settled retries are served from cache, and uncertain outcomes remain pending across restarts instead of charging again.

  • A second ProofPurchase EIP-712 signature binds packetHash, payer, payee, amount, deadline, USDC nonce, and browser session. The UI requests it from a separate, explicit page click so OKX surfaces confirmation 2/2; signature 1/2 remains in memory and no payment header is submitted between the two.

  • The browser persists only a high-entropy, non-spendable recovery capability, never PAYMENT-SIGNATURE. A settled report can be restored after reload or a Chrome restart without opening a wallet or calling the facilitator.

  • Legacy packets affected by the historical replay-clock issuance bug may be reissued without repayment only when the original integrity/current-issuer signature passes, the issuer-time failure is the sole failed check, payment chronology is valid, and a fresh Injective registry lookup matches. The paid packet hash and replacement packet hash remain explicitly separate.

  • Frozen packet JSON and entitlement state are atomically persisted with mode 0600, so a restart cannot regenerate a different packet for a settled quote.

  • Registry v3 has one concurrency-aware writer, appendRevision; the shortcut writer is removed and a Final decision is fully immutable.

  • A final result requires a finished match, threshold Evidence Score, no conflict, and a confirmed anchor for the same canonical hash.

  • Real testnet verification checks registry identity and the match-wide latest revision. Demo receipts never pass this public-chain check.

  • Provider credentials and raw licensed payloads stay server-side.

  • The chain proves a commitment and ordering, not sporting truth by itself.

  • Demo and testnet paths are distinct machine-readable modes.

  • CCTP is future work; no burn, attestation, mint, or balance recheck is claimed.

See the product specification, architecture, trust model, data provenance, visual system, and the judge guide for the complete reasoning.

Production release assets for proofline.axiqo.xyz are documented in the CentOS deployment guide. The deployment uses a loopback-only API, nginx, systemd, root-only environment file, checksum-verified immutable releases, health-gated atomic switching, and rollback.

Testnet configuration

Proofline targets Injective EVM testnet chain ID 1439 (eip155:1439) and native testnet USDC. Copy .env.example, deploy the registry, and set:

CHAIN_MODE=injective-testnet
PROOF_REGISTRY_ADDRESS=0x...
ANCHOR_PRIVATE_KEY=0x...
X402_MODE=injective-testnet
X402_PAY_TO=0x...
X402_FACILITATOR_PRIVATE_KEY=0x...

Use funded testnet-only wallets. Never commit .env.

After completing the replay, npm run buy:proof uses the official Injective x402 client to quote, policy-check, and sign an EIP-3009 authorization with the dedicated X402_AGENT_PRIVATE_KEY, but keeps it in memory by default. A real settlement additionally requires --pay and the exact ephemeral acknowledgement documented in the testnet runbook. It refuses any origin, redirect, chain, asset, payee, frozen packet hash, or price outside the allowlist in .env.

Agent execution evidence

Proofline's stdio MCP exposes ten narrow tools, from list_matches and verify_event through purchase_match_proof and verify_onchain_anchor. The repository also contains a reproducible, sanitized execution transcript from the official Injective MCP at pinned commit f5af39367975872a85b5447cefc9a197f2e635ea: it listed 37 tools and successfully executed address_normalize, usdc_native_info, and account_balances on testnet; the balance call reports the payer's real testnet holdings. See evidence/agent/official-injective-mcp.json and the capture script. A second transcript records five real calls through Proofline's own ten-tool MCP, including a fresh revision-1 verify_onchain_anchor read: evidence/agent/proofline-mcp-testnet.json.

License

Project code is MIT licensed. Replay data attribution and third-party terms are documented separately in data provenance.

A
license - permissive license
-
quality - not tested
A
maintenance

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/a252937166/proofline'

If you have feedback or need assistance with the MCP directory API, please join our Discord server