One small implementation detail in @NewtonProtocol reveals a much larger architectural decision. Although JSON-RPC 2.0 allows numeric request IDs, the Newton Gateway expects the id field to be a string, and the official documentation consistently uses UUIDs. At first glance, that seems like a minor implementation choice. It isn't. Applications built on @NewtonProtocol can submit multiple RPC requests through the Gateway at the same time, including task creation, policy simulation, and result queries. Using a UUID gives each request a globally unique identifier that is returned unchanged in the JSON-RPC response, allowing every response to be matched to its original request regardless of the order in which requests complete. That becomes especially important because authorization requests are evaluated concurrently before the network produces a cryptographic attestation. The purpose of UUIDs is not to make JSON-RPC more secure. Their role is to keep asynchronous communication between applications and the Gateway reliable, even when many policy evaluations are processed simultaneously. It is a small API design choice, but it reflects a broader architectural principle behind $NEWT and the #Newt Mainnet Beta: as authorization becomes a parallel, distributed process, even request identification must be designed for concurrency rather than sequential execution.
Почему Newton использует NATS вместо обычных RPC-запросов между операторами
При изучении архитектуры @NewtonProtocol большинство внимания обычно уделяют Rego Policy, PolicyData или BLS-аттестациям. Однако технический Whitepaper подробно описывает ещё один важный компонент системы, который практически не обсуждается, хотя именно он помогает сети $NEWT быстро согласовывать результаты проверки. Речь идёт о системе потоковой передачи сообщений NATS Streaming. Чтобы понять её роль, сначала стоит посмотреть, как обычно взаимодействуют распределённые сервисы. Во многих архитектурах используется модель RPC. Один сервис отправляет запрос другому, ожидает ответ, затем получает ответы от остальных участников и только после этого может продолжить обработку. Даже если несколько запросов выполняются параллельно, инициатор всё равно должен принимать и обрабатывать большое количество отдельных ответов. В архитектуре #Newt обмен сообщениями организован иначе. Когда приложение отправляет Intent на проверку, Gateway не начинает последовательно обращаться к каждому оператору. Вместо этого он публикует одну задачу (Task) в поток сообщений NATS, после чего все подключённые операторы получают её практически одновременно. Это означает, что вся сеть начинает выполнять проверку параллельно. Каждый оператор независимо загружает необходимую Policy, выполняет Rego Policy, при необходимости получает внешние данные через WASM-компоненты и формирует собственный результат проверки. Эти вычисления происходят одновременно, а не по очереди. Технический Whitepaper отдельно подчёркивает, что между Gateway и операторами используется non-blocking pipelined communication. Другими словами, агрегатор начинает получать ответы сразу после их появления и не ждёт завершения работы всей сети, прежде чем приступить к обработке результатов. Следующим элементом архитектуры становится механизм Early Quorum Exit. Для подтверждения результата Newton не требуется получить ответы от всех операторов. Как только агрегатор получает достаточное количество корректных BLS-подписей, соответствующее необходимому кворуму, он может завершить формирование итоговой аттестации. Более поздние ответы уже не задерживают выполнение операции. Это особенно важно в распределённой сети. Если часть операторов отвечает медленнее из-за сетевых задержек или более длительного получения внешних данных, остальные участники не обязаны ждать завершения всех вычислений. Авторизация продолжается сразу после достижения необходимого уровня подтверждения. Документация также описывает ещё одну функцию агрегатора. Помимо объединения BLS-подписей, он использует медианный консенсус при обработке числовых результатов, если между ответами операторов возникают допустимые различия. После этого формируется одна компактная BLS-аттестация, которую уже проверяет смарт-контракт. Благодаря такой архитектуре поток сообщений не превращается в последовательную очередь ожидания. Gateway публикует задачу один раз. Все операторы начинают обработку одновременно. Результаты поступают агрегатору по мере готовности. После достижения кворума формируется единая BLS-аттестация, а смарт-контракту больше не требуется проверять множество отдельных подписей. Именно поэтому технический Whitepaper рассматривает NATS Streaming не как вспомогательный транспортный механизм, а как один из ключевых элементов архитектуры @NewtonProtocol . Вместе с параллельной обработкой задач, Early Quorum Exit, медианным консенсусом и BLS-агрегацией он позволяет сети $NEWT достигать подтверждения результатов менее чем за секунду, сохраняя воспроизводимость проверки и децентрализованный характер процесса авторизации в #Newt .
#newt $NEWT Почему большинство обсуждений безопасности Web3 сосредоточено вокруг того, как выполняется транзакция, а не вокруг того, должна ли она вообще выполняться?
Если смарт-контракт уже начал изменять состояние блокчейна, значит решение фактически уже принято. Но многие современные риски возникают значительно раньше. Пользователь может превысить установленный лимит, адрес может оказаться в санкционном списке, а AI-агент может инициировать действие, которое соответствует формату транзакции, но нарушает заданные правила. Поэтому в современных приложениях всё большее значение приобретает именно этап, который предшествует исполнению. Именно на этой идее строится архитектура @NewtonProtocol . Вместо того чтобы рассматривать безопасность только как защиту процесса исполнения, $NEWT выделяет авторизацию в самостоятельный этап жизненного цикла транзакции. Сначала проверяется, соответствует ли действие установленным правилам, и только после этого оно может перейти к исполнению. Именно поэтому #Newt предлагает смотреть не только на то, как выполняется транзакция, но и на то, почему ей вообще должно быть разрешено выполниться.
При изучении документации @NewtonProtocol можно заметить важную особенность архитектуры. Хотя Newton часто воспринимают как единую систему проверки транзакций, документация последовательно разделяет два самостоятельных компонента: Gateway и сеть операторов AVS. Каждый из них выполняет собственную функцию и не дублирует работу другого. Практически любая проверка начинается с Gateway. Согласно документации RPC API, приложения взаимодействуют с Newton через интерфейс JSON-RPC 2.0 по протоколу HTTPS. Все запросы отправляются в Gateway через конечную точку /rpc, а не напрямую операторам сети. Каждый запрос использует UUID в качестве идентификатора, а доступ к API осуществляется только после проверки API-ключа, передаваемого в заголовке Authorization. После получения запроса Gateway не принимает решение о разрешении или запрете операции. Его задача заключается в создании задачи (Task) и её передаче в сеть операторов Newton AVS. Уже операторы независимо выполняют PolicyData, получают необходимые внешние данные, запускают Rego Policy и формируют собственные результаты проверки. Таким образом, Gateway обеспечивает передачу задачи, а не её оценку. Этот процесс подробно показан и в Integration Guide. После отправки Intent через SDK запрос сначала поступает в Gateway. Затем Gateway передаёт задачу операторам сети. После завершения проверки агрегированная BLS-аттестация возвращается приложению, которое отправляет её вместе с транзакцией в PolicyClient смарт-контракта. Gateway не выполняет транзакции в блокчейне и не изменяет состояние сети. Документация также показывает, что через Gateway проходят основные сервисы протокола. Через RPC API выполняются создание задач проверки, симуляция Policy и PolicyData, управление зашифрованными секретами, получение результатов проверки и другие операции. Для этих методов используются различные уровни разрешений API-ключей, включая RpcRead и RpcWrite. Для части методов Gateway дополнительно проверяет владельца PolicyClient, обращаясь непосредственно к функции getOwner() смарт-контракта, а не используя собственное внутреннее состояние. Это означает, что Gateway не является источником доверия для принятия решения. Даже если запрос проходит через него, итоговая оценка формируется распределённой сетью операторов Newton. При работе с секретами Gateway дополнительно сверяет права доступа с ончейн-состоянием PolicyClient, поэтому проверка полномочий основывается на данных блокчейна. Сравнение Dashboard, CLI и SDK показывает ещё одну особенность архитектуры. Все три инструмента используют один и тот же набор возможностей протокола. Dashboard предоставляет графический интерфейс, CLI работает из командной строки, а SDK предназначен для интеграции в приложения. Независимо от выбранного способа работы все они взаимодействуют с одним и тем же Gateway через единый RPC API. Меняется только интерфейс для разработчика, тогда как сама архитектура протокола остаётся одинаковой. После завершения проверки Gateway возвращает приложению агрегированную BLS-аттестацию сети. Затем приложение самостоятельно отправляет транзакцию вместе с этой аттестацией в PolicyClient. Смарт-контракт проверяет криптографическое подтверждение и только после успешной проверки выполняет защищённую операцию. Gateway не участвует в исполнении транзакции и не может самостоятельно разрешить её выполнение. Именно поэтому документация @NewtonProtocol разделяет функции компонентов. Gateway предоставляет единый интерфейс доступа к протоколу, принимает RPC-запросы и маршрутизирует задачи в сеть операторов. Сеть операторов выполняет проверку Policy и формирует агрегированную BLS-аттестацию. PolicyClient проверяет эту аттестацию в блокчейне перед исполнением защищённой операции. Благодаря такому разделению $NEWT распределяет доступ к системе, процесс проверки и исполнение транзакции между независимыми уровнями архитектуры #Newt , а не объединяет их в одном компоненте.
Как в @NewtonProtocol рождается Project и почему всё начинается именно с него
При первом знакомстве с Dashboard @NewtonProtocol может показаться, что Project нужен лишь для удобной организации файлов. Однако документация описывает его совершенно иначе. Именно Project становится отправной точкой всей дальнейшей работы с протоколом, объединяя компоненты, необходимые для создания, проверки и последующей публикации политики авторизации. Без Project невозможно собрать полноценную конфигурацию приложения. При создании нового проекта разработчик задаёт его имя и получает рабочее пространство, внутри которого объединяются все элементы будущей системы: Policy, Data Oracle, Parameters, Secrets, симуляция и публикация компонентов. При этом Project не является частью блокчейна. Он существует исключительно на этапе разработки и служит для подготовки инфраструктуры авторизации ещё до регистрации каких-либо компонентов в сети. Благодаря этому разработчик может изменять конфигурацию, экспериментировать с настройками и проверять результат, не затрагивая уже опубликованные политики. Одним из первых элементов проекта становится Policy. Dashboard предоставляет встроенный редактор, позволяющий создать новую Rego Policy или импортировать уже существующую. При использовании готового Policy Pack шаблон политики может быть добавлен автоматически, а при собственной разработке весь исходный код остаётся частью проекта до момента публикации. Следующим этапом становится подключение источников данных. Один Project может использовать сразу несколько Data Oracle. Разработчик может выбрать готовые Policy Packs либо подключить собственный PolicyData-компонент. Каждый источник настраивается отдельно и во время проверки предоставляет данные через пространство data.wasm. Отдельно настраиваются Parameters. Именно здесь определяются постоянные параметры политики: лимиты операций, пороговые значения, интервалы времени и другие настройки. Они не записываются в код Rego Policy, а передаются отдельно через пространство data.params. Благодаря этому изменение конфигурации не требует изменения самой логики авторизации. Для работы с внешними сервисами предусмотрены Secrets. Если политика использует API внешних поставщиков данных, необходимые ключи не встраиваются в Policy и не сохраняются открыто. Dashboard позволяет добавить Secrets, которые шифруются на стороне клиента перед передачей в инфраструктуру Newton. Во время выполнения Policy использует результаты работы внешних сервисов, не раскрывая сами секреты. После настройки всех компонентов разработчик может выполнить симуляцию. На этом этапе проверяется совместная работа всей конфигурации: выполнение PolicyData, передача данных в data.wasm, использование параметров из data.params и итоговое решение Rego Policy. Такой процесс позволяет обнаружить ошибки до публикации компонентов в сети. Только после успешной проверки начинается публикация. Dashboard последовательно формирует CID, публикует компоненты в IPFS и выполняет их регистрацию в протоколе. При этом сам Project не публикуется в блокчейне. Он остаётся рабочей средой, из которой создаются независимые компоненты инфраструктуры Newton. Важной особенностью Project является то, что он хранит не только отдельные файлы, но и связи между ними. Именно здесь определяется, какая Policy использует конкретные Data Oracle, какие Parameters относятся к данной политике, какие Secrets необходимы для работы внешних сервисов и какие компоненты должны быть опубликованы совместно. Благодаря этому вся конфигурация рассматривается как единая инженерная система, а не как набор независимых файлов. Такой подход значительно упрощает сопровождение приложений. Разработчик может изменять параметры, заменять источники данных, подключать новые Policy Packs или обновлять Policy без необходимости заново собирать всю конфигурацию вручную. Каждый компонент сохраняет собственную роль, а Project обеспечивает их согласованную работу на протяжении всего жизненного цикла разработки. Именно поэтому документация рассматривает Project не как обычную папку с файлами, а как центральную точку организации всей системы авторизации. Через него объединяются Policy, Data Oracle, Parameters, Secrets и процесс симуляции, после чего подготовленные компоненты публикуются в инфраструктуре @NewtonProtocol . Такой подход делает разработку более воспроизводимой, упорядоченной и удобной для сопровождения, сохраняя модульную архитектуру, лежащую в основе $NEWT и #Newt
#newt $NEWT Почему большинство обсуждений безопасности Web3 сосредоточено вокруг того, как выполняется транзакция, а не вокруг того, должна ли она вообще выполняться? Если смарт-контракт уже начал изменять состояние блокчейна, значит решение фактически уже принято. Но многие современные риски возникают значительно раньше. Пользователь может превысить установленный лимит, адрес может оказаться в санкционном списке, а AI-агент может инициировать действие, которое соответствует формату транзакции, но нарушает заданные правила. Поэтому в современных приложениях всё большее значение приобретает именно этап, который предшествует исполнению. Именно на этой идее строится архитектура @NewtonProtocol . Вместо того чтобы рассматривать безопасность только как защиту процесса исполнения, $NEWT выделяет авторизацию в самостоятельный этап жизненного цикла транзакции. Сначала проверяется, соответствует ли действие установленным правилам, и только после этого оно может перейти к исполнению. Именно поэтому #Newt предлагает смотреть не только на то, как выполняется транзакция, но и на то, почему ей вообще должно быть разрешено выполниться.
#newt $NEWT One command in the @NewtonProtocol documentation may be more important than it first appears. opa test At first I assumed it was simply a developer convenience. The more I read the documentation, the more I realized it changes when authorization can be trusted. Most smart contract authorization logic is effectively tested after deployment. Even with audits and testnets, the final environment is still the blockchain itself. Newton takes a different approach. Because Policies are written in Rego as deterministic functions, they can be unit tested with opa test before any Policy is deployed, before any operator evaluates it, and before any blockchain transaction depends on it. That shifts authorization closer to traditional software engineering. Instead of asking, "Did this rule work on-chain?", developers can first ask, "Does this rule produce the correct decision for every expected input?" Only after that does simulation with newt_simulatePolicy and deployment become part of the workflow. It is a small detail in the documentation, but it reflects a larger design philosophy behind $NEWT . Authorization is not treated as configuration that happens to run on a blockchain. Inside #Newt , authorization is treated as software that deserves automated testing before anyone is asked to trust it.
Why Newton Changes Software Evolution Instead of Smart Contracts
For years, most discussions about blockchain infrastructure have focused on what happens after a transaction reaches a smart contract. We compare execution speed, gas efficiency, security models, or authorization mechanisms. While reading the engineering documentation behind @NewtonProtocol, I gradually realized that one of its most significant architectural ideas appears much earlier than transaction execution. It changes how software evolves after deployment. That may sound like an unusual observation because blockchain development has conditioned us to think that business logic belongs inside Solidity. A smart contract is deployed, becomes immutable, and every meaningful change to business behavior usually brings a familiar sequence of engineering work: contract upgrades, proxy management, governance proposals, security reviews, regression testing, frontend updates and operational coordination. Most developers simply accept this as the normal lifecycle of decentralized software. The Newton architecture quietly proposes something different. Instead of assuming that application evolution should happen inside contract code, the documentation separates execution logic from authorization logic. The smart contract remains responsible for deterministic execution and verification of attestations, while business decisions are described independently as Rego Policies. At first glance this looks like an authorization feature. After spending time with the documentation, it looks much more like a software architecture decision. One of the details that led me to this conclusion is that Policies have their own engineering lifecycle. The documentation does not describe them as static configuration files attached to a contract. They are written, tested, simulated, deployed and updated independently of Solidity contracts. That distinction matters. In many blockchain applications, changing a business rule often means changing contract code. In Newton, changing the business rule can instead mean publishing a new Policy while leaving the execution contract untouched. Those are fundamentally different maintenance models. The documentation reinforces this separation by describing Rego policies as pure functions. Their output depends only on the supplied inputs, including the Intent, data.params, and data.wasm. Because there is no hidden blockchain state involved in policy evaluation itself, developers can validate policy behavior before interacting with a blockchain at all. That may be one of the least discussed engineering consequences of the architecture. Traditional smart contract development usually treats blockchain deployment as the moment software becomes testable under realistic conditions. Newton moves part of that validation much earlier. Policies can be evaluated independently of contract deployment because authorization logic is separated from execution logic. This also explains why the documentation introduces a dedicated Policy Development Lifecycle rather than treating policy creation as an extension of Solidity development. The separation continues beyond Policies themselves. Another interesting detail is that PolicyData follows its own independent lifecycle. Initially I assumed external data retrieval would simply be another part of policy execution. The documentation explicitly recommends treating PolicyData as a separate engineering component. Developers are encouraged to validate that every PolicyData module produces the expected output structure before testing the policy that consumes it. That recommendation reveals another architectural boundary. Obtaining external information and making authorization decisions are treated as two different engineering problems. PolicyData modules retrieve information. Policies decide what that information means. Testing each independently reduces the likelihood that developers spend time debugging authorization rules when the real problem originates in external data acquisition. That workflow resembles conventional backend software engineering far more than traditional smart contract development. The same philosophy appears again during deployment. The documentation describes simulation as an explicit step before production deployment. Rather than treating deployment as the beginning of validation, Newton encourages developers to simulate policy behavior first, verify expected outputs, validate PolicyData, and only then publish the components that will participate in authorization. This shifts software maintenance away from reactive debugging and toward controlled iteration. Seen from this perspective, the Policy Layer begins to resemble an application layer that evolves continuously, while Solidity becomes comparatively stable infrastructure. That is a subtle but important change. Instead of repeatedly modifying the component responsible for execution, developers primarily evolve the component responsible for decision making. The contract changes less frequently. Policies evolve more frequently. The documentation never presents this as a marketing feature, yet the engineering implications are substantial. If business behavior can evolve through Policies rather than contract upgrades, the cost of maintaining long-lived decentralized applications changes. Some future modifications may no longer require replacing deployed execution logic. Regression testing becomes more localized because changes occur inside authorization rules rather than inside bytecode responsible for state transitions. Operational workflows increasingly resemble continuous software maintenance instead of repeated contract evolution. None of this eliminates the need for audits or careful engineering. It simply changes where much of that engineering effort is concentrated. Reading the documentation this way also changes how I think about $NEWT itself. Most conversations describe Newton as an authorization protocol. That description is correct, but it may not capture the broader architectural consequence. The protocol is also redefining where application behavior lives after deployment. Execution remains inside contracts. Business evolution moves into the Policy Layer. That separation may ultimately matter as much for software maintenance as it does for transaction authorization. Perhaps the most interesting question raised by #Newt is not whether authorization before execution is safer. It is whether blockchain applications are beginning to follow the same architectural direction that conventional software adopted years ago: a stable execution core surrounded by independently evolving business logic. If that turns out to be the lasting pattern, then @NewtonProtocol may be remembered not only for changing how transactions are approved, but for quietly changing how decentralized software evolves long after deployment.
Why Newton Separates Private Data Into Three Independent Lifecycles
The privacy architecture described in the @NewtonProtocol documentation does not rely on a single encrypted storage model. Instead, it defines three separate categories of private information: Identity Data, Confidential Data, and Ephemeral Privacy Data. Although all three use HPKE encryption, each follows a different lifecycle because each serves a different role inside the authorization pipeline. Identity Data is designed for information that belongs to the user over a long period of time. The documentation describes examples such as KYC credentials and identity attributes. Before leaving the user's device, this data is encrypted locally with HPKE, uploaded through the Gateway, and referenced through the Identity Registry. Only the reference is recorded by the protocol, while the encrypted content remains off-chain. During policy evaluation, operators retrieve and decrypt the data only when the policy explicitly requires it. Confidential Data follows a completely different ownership model. Unlike Identity Data, it belongs to the organization providing the information rather than to the end user. The documentation describes provider-managed datasets such as sanctions lists, proprietary risk models, allowlists, and other confidential intelligence. These datasets are encrypted, published, versioned, and made available only to authorized Policy Clients. Instead of every application maintaining its own encrypted copy of the same dataset, multiple policies can reference the provider's managed data through the protocol. The documentation introduces a third category because not every piece of information should become persistent. Ephemeral Privacy Data exists only for a single policy evaluation. Rather than being uploaded or registered, it is encrypted with HPKE and included directly inside the Task request through the reserved _newton.privacy namespace. During evaluation, operators decrypt the payload, make it available to the Rego policy, and use it only for that authorization decision. The protocol does not register it as persistent data. These three privacy models solve three different engineering problems. Identity Data stores information that remains associated with a user across many future transactions. Confidential Data distributes provider-owned intelligence that may evolve through new dataset versions while remaining protected. Ephemeral Privacy Data transports one-time execution context that is relevant only to the current Task. Because these lifecycles are different, the documentation treats them as different protocol components instead of forcing every type of sensitive information into a single storage model. The separation continues inside the policy engine itself. Identity information, provider-managed confidential datasets, and ephemeral payloads are exposed through different namespaces during Rego evaluation. A policy therefore knows not only the value it receives, but also the origin and lifecycle of that value. Long-lived identity records, provider-managed intelligence, and one-time execution context remain distinct throughout policy execution. Another important detail is that persistence is no longer determined simply by whether information is encrypted. The protocol first classifies data according to ownership, expected lifetime, and reuse, then applies the appropriate privacy workflow. Identity information is expected to persist across many authorizations. Confidential datasets are expected to evolve through controlled versioning. Ephemeral data is expected to disappear from the workflow once the current authorization has been evaluated. This is why the documentation defines three different privacy mechanisms instead of one universal encrypted storage layer. They are not different encryption systems. They are different lifecycle models built on the same cryptographic foundation. Viewed this way, $NEWT is solving more than confidential storage. It defines how different classes of sensitive information move through the authorization pipeline without forcing permanent identity records, provider-owned datasets, and one-time execution inputs into the same architectural model. Reading the documentation from this perspective reveals an important design principle that is easy to overlook. The protocol does not ask only "How should this data be encrypted?" It first asks "Who owns this data, how long should it exist, and should it ever be reused?" Only after those questions are answered does encryption become part of the solution. That separation of ownership, lifecycle, and privacy is one of the more subtle architectural decisions behind #Newt , yet it influences the design of the entire authorization pipeline.
Even if a cryptographic attestation cannot be forged, why does @NewtonProtocol still give it an expiration time?
The $NEWT documentation states that every attestation includes an expiration field, and TaskManager checks it before allowing a transaction to execute. The documentation also defines two separate validation errors: AttestationExpired and AttestationAlreadySpent. This shows that Newton protects the system with two independent security mechanisms. The first mechanism is straightforward. Once an attestation has been used, it cannot be used again. If someone attempts to submit the same transaction with the same attestation a second time, TaskManager rejects it with AttestationAlreadySpent. But that alone is not enough. Consider a case where an attestation has been successfully generated, but the transaction is never submitted to the network. While it remains unused, the asset price, protocol state, policy limits, or external runtime data used during policy evaluation may all change. The cryptographic signature would still be valid, but the decision it represents might no longer match the current conditions. That is why every attestation in @NewtonProtocol has a limited lifetime. Once the expiration time is reached, TaskManager rejects the attestation even if it is cryptographically valid and has never been used before. A new policy evaluation must be performed to generate a fresh attestation based on the current state. In the #Newt architecture, single-use protection and expiration solve two different problems. Replay protection answers the question, "Can this attestation be used again?" Expiration answers a different question, "Is this authorization decision still valid now?" Because these mechanisms protect against different risks, the documentation implements them as separate validation checks rather than treating them as a single security feature.
#newt $NEWT Most smart contracts contain their own authorization rules. If the rules change, developers often have to modify, upgrade or redeploy the contract. @NewtonProtocol separates authorization from execution. Instead of embedding business rules inside Solidity, developers define them as independent Rego Policies. Before a protected transaction reaches a smart contract, Newton checks whether it satisfies that policy. The transaction request is first treated as an Intent, not as an executable transaction. The Gateway converts the Intent into a Task that combines three elements: the Intent itself, a Rego Policy and one or more PolicyData modules. PolicyData is not a traditional oracle. It is a deterministic WebAssembly (WASM) component that can be written in JavaScript, Python or Rust. During evaluation it can retrieve external information such as KYC status, sanctions screening, gas prices, protocol exposure, treasury yields or other runtime data required by the policy. Every EigenLayer operator independently executes exactly the same PolicyData and the same Rego Policy using identical inputs. The runtime information becomes available as data.wasm, while developer-defined configuration is provided through data.params. Each operator signs its evaluation with its registered BLS key. After quorum is reached, the individual signatures are aggregated into a single cryptographic attestation. The protected smart contract verifies that attestation before allowing execution. If the proof is invalid, expired, already used or does not satisfy the configured policy, execution is rejected. This architecture allows $NEWT to move authorization outside the smart contract without moving trust to a centralized server. Policies can evolve independently from contract code, while every authorization decision remains cryptographically verifiable. That is the core engineering idea behind #Newt .
Why Newton Cannot Be Correctly Compared with OpenGradient, Chainlink Functions, EigenDA or LayerZero
Every new infrastructure protocol is eventually compared with the projects that came before it. Since @NewtonProtocol introduced its Mainnet Beta, comparisons with Chainlink Functions, EigenDA, LayerZero, OpenGradient and even EigenLayer have become common. The similarity seems obvious until you stop comparing technologies and start comparing what each protocol actually processes. Chainlink Functions processes external computation. Smart contracts request off-chain APIs or computations that cannot be performed inside the EVM. EigenDA processes data availability. It ensures rollup transaction data remains accessible after execution so anyone can reconstruct and verify state. LayerZero processes cross-chain messages. It verifies and transports information between independent blockchain networks. OpenGradient processes AI inference. Its architecture proves that a specific AI model produced a specific output inside a verifiable execution environment. Newton processes none of these. The primary object inside the architecture of $NEWT is the Intent. This is a crucial distinction. Newton is not designed to execute transactions, transport messages, store data or verify AI outputs. It decides whether a transaction should be allowed to execute before any state change occurs. That design decision explains why the protocol introduces an entirely different execution pipeline. Instead of sending a transaction directly to a smart contract, an Intent is submitted to the Gateway, where it becomes a Task. The Task links together three independent elements: the Intent itself, a Rego Policy that defines authorization rules, and one or more PolicyData components responsible for supplying external runtime information. PolicyData is not a traditional oracle. It is a WebAssembly component that can be written in JavaScript, Python or Rust, compiled to WASM, and executed identically by every operator. Through WIT interfaces it can retrieve external information such as KYC status, sanctions data, gas prices, protocol exposure, treasury yields or AI agent activity. The returned values become available inside the policy as data.wasm, while developer-defined configuration is exposed through data.params. Every EigenLayer operator independently executes exactly the same Rego policy using identical inputs. No operator decides the result for the network. Each produces its own evaluation and signs the outcome with its registered BLS key. Once the required quorum is reached, the Aggregator combines individual signatures into a single BLS attestation. That proof is submitted together with the original transaction to the PolicyClient, which verifies it through the AttestationValidator before execution. Verification includes the aggregate BLS signature, policy identifier, chain ID, expiration, single-use protection and quorum requirements. Only after every validation succeeds can the protected transaction execute. Seen from this perspective, Newton occupies a different position within Web3 infrastructure. Chainlink Functions extends computation. EigenDA extends data availability. LayerZero extends communication. OpenGradient extends verifiable AI execution. Newton extends verifiable transaction authorization, creating an infrastructure layer that evaluates permission before execution rather than execution itself. That architectural boundary is what makes #Newt a distinct infrastructure category instead of another variation of existing middleware.
Over the past few weeks, I've spent a lot of time exploring @OpenGradient . At first, I thought it was simply another decentralized AI project trying to build better models. I don't think that's the real story anymore. The biggest shift wasn't learning about TEE, zkML, or execution proofs. It was realizing that I'd been asking the wrong question about AI. For years we've judged AI by one metric: "How capable is the model?" But capability alone isn't enough once AI starts making decisions. A better question is: "Can anyone prove how that decision was produced?" That's where #OPG stands out. Throughout this campaign I read about privacy, rollback history, inference records, Blob IDs, flexible verification, SDKs, staking, and decentralized execution. At first they looked like separate features. Now they look like parts of one idea. How do we make AI accountable instead of simply intelligent? As AI moves into finance, autonomous agents, enterprise software, and governance, people won't only care whether an answer was correct. They'll want to know whether the entire execution can still be independently verified months or years later. Whether $OPG succeeds won't be decided by narratives. It will depend on developer adoption, real workloads, and whether verifiable inference becomes something builders genuinely need. That's my biggest takeaway from following this project. I no longer judge AI only by how intelligent it is. I also ask whether its decisions can be verified, audited, and trusted long after they were made. If that becomes the next standard for AI infrastructure, then the race was never only about building smarter models. It was about building AI that deserves trust.
People often assume the hardest part of AI infrastructure is building better models. The more documentation I read, the less I believe that's where the real engineering challenge lives. One detail inside @OpenGradient kept pulling my attention back: the network is built around ONNX rather than a single model framework. At first that sounds like a simple compatibility choice. It isn't. Every major AI ecosystem evolves differently. PyTorch, TensorFlow and other toolchains release new operators, optimizations and model formats over time. Requiring developers to rewrite applications every time the underlying ecosystem changes creates technical debt that compounds much faster than model quality improves. Using ONNX changes that equation. A model exported into a common intermediate representation becomes easier to move across different execution environments instead of remaining tied to one vendor's runtime. That lowers migration costs rather than forcing applications to follow every framework decision. The second consequence is more subtle. Because inference nodes execute a standardized representation, infrastructure can optimize execution independently of how the original model was trained. That separates application development from low-level runtime engineering. Third, versioning becomes easier to manage. Updating a model no longer has to mean redesigning the surrounding application if the execution interface remains stable. Fourth, heterogeneous hardware becomes more practical because one representation can target different accelerators instead of locking workloads into a single stack. Finally, SDKs become more durable. Developers build against one abstraction instead of constantly chasing changing model providers. That made me look at #OPG differently. Maybe the long-term value of $OPG won't come from hosting the newest model first. It may come from making yesterday's application continue working when tomorrow's AI ecosystem inevitably changes.
For a long time I kept asking a different question. Why is something like @OpenGradient appearing now instead of five years ago? I think the answer has surprisingly little to do with crypto. It comes from several technologies finally becoming mature at the same time. • Modern AI models can now be exported into portable formats such as ONNX, allowing the same model to run across different hardware instead of being locked to a single framework. • Confidential computing has reached production through hardware Trusted Execution Environments, making it possible to protect inference while it is actually running instead of only encrypting stored data. • Zero-knowledge research has advanced enough that specialized forms like zkML are no longer just academic ideas. Verifiable inference is becoming technically achievable, even if it is still expensive for many workloads. • GPU availability has changed dramatically. Instead of depending only on hyperscale cloud providers, high-performance accelerators are now distributed across universities, companies and independent operators, making decentralized compute far more practical than it was only a few years ago. • Finally, developers have become comfortable building applications around APIs instead of monolithic software. That makes a network like @OpenGradient feel much more like infrastructure than a standalone product. Seen separately, none of these changes would be enough. Together they create the conditions where a network powered by $OPG can actually exist. Maybe the biggest innovation behind #OPG isn't a single breakthrough at all. Maybe it's the moment when several independent technologies became mature enough to fit together.
Most software doesn't become expensive because its algorithms get worse. It becomes expensive because every dependency keeps changing. AI is starting to create the same problem. New models appear every month, but upgrading them often means rewriting parsers, validators, prompts and integration logic because the interface changes even when the application doesn't. While reading the @OpenGradient architecture, one detail stood out. The SDK isn't built around individual model providers. It exposes abstractions such as TEE_LLM, InferenceMode and ResponseFormat, allowing applications to depend on stable interfaces instead of vendor-specific behavior. Structured outputs follow JSON Schema, inference executes inside TEEs, and x402 payment handling and verification are hidden beneath the same programming layer that also powers Model Hub and ML workflows. That changes what developers are actually integrating with. Instead of binding software to a model, they bind it to a contract. Replacing a model no longer has to trigger a cascade of changes throughout the application because the interface remains consistent while infrastructure absorbs differences underneath. In that context, $OPG is coordinating more than inference requests. It coordinates an execution environment where routing, verification and settlement evolve independently from application logic, reducing the engineering cost of adopting future models instead of simply running today's models. Most recent #OPG discussions focus on proving AI outputs. I think the quieter innovation is making software depend less on the behavior of individual models and more on stable contracts. History suggests those abstractions usually outlast the technologies they were built to hide.
#opg $OPG Before reading the OpenGradient documentation, I assumed the hardest part of AI infrastructure was building better models. Now I think the harder problem is making applications survive when models keep changing. Most AI applications are tightly coupled to a specific model, runtime, or provider. Replacing the underlying model often means updating APIs, inference logic, deployment pipelines, and compatibility layers. The application evolves every time the model evolves. What caught my attention in @OpenGradient is that the architecture tries to separate those lifecycles. Models are published in ONNX format, making them portable across different execution environments instead of binding applications to a single runtime. Workflow Orchestration defines execution pipelines independently of the model itself, while Execution Nodes provide the compute layer that runs those workflows. The Python SDK exposes an OpenAI-compatible interface, allowing developers to swap infrastructure with minimal application changes. Meanwhile, the Model Hub manages model discovery and distribution separately from application logic. None of these components is revolutionary in isolation. Together they create an Execution Layer that absorbs infrastructure changes before they reach the application. That changes the role of #OPG . Instead of coordinating only inference, $OPG coordinates an environment where models, workflows, execution, verification, and payments evolve independently without forcing developers to redesign their software every time a better model appears. I think that's the architectural shift many people miss. The most valuable abstraction in AI may not be another model. It may be separating the lifecycle of applications from the lifecycle of models.
#opg $OPG For years we've treated AI APIs as something behind an account. First you register. Then create an API key. Then connect Stripe. Then manage billing, quotas, authentication, and rate limits before a model answers a single request. After reading the technical documentation behind @OpenGradient , I realized the goal isn't another AI model. It's eliminating that entire layer. The most interesting part of #OPG isn't the model. It's the protocol. Its x402 implementation extends the HTTP standard itself. Instead of embedding payment logic into every application, an endpoint simply returns 402 Payment Required. The client pays in $OPG on Base through Permit2, payment is verified, and inference begins automatically. Billing becomes part of the request instead of another backend developers have to build. That changes the economics of AI services. Today developers build applications around models. Tomorrow they may publish AI endpoints that can execute, verify, and monetize themselves through a standard HTTP interface without custom subscriptions, API keys, invoices, or payment processors. Another architectural decision deserves more attention. Inference never waits for blockchain consensus. Requests are executed immediately by inference nodes, while TEE attestations or cryptographic proofs are settled asynchronously. Performance and verifiability stop competing because they follow separate execution paths. The Python SDK makes almost all of this invisible by exposing an OpenAI-compatible interface while handling payments and verification underneath. That may be the smartest engineering decision in the entire stack. If that assumption proves correct, adoption may come not from ideology, but from lower engineering friction. Most discussions focus on AI models. I think the protocol is the real innovation. HTTP transformed websites into programmable services. Payment-aware AI endpoints could transform AI models into autonomous economic participants. That's a far bigger architectural shift than another benchmark victory.
Verifiable AI Is Not One Technology. It Is Three Different Trade-offs.
#opg $OPG One assumption appears repeatedly in discussions about Verifiable AI: Either AI is verifiable, or it isn't. The architecture of @OpenGradient shows that reality is much more nuanced. The network supports three different execution modes, each solving a different engineering problem. Vanilla Inference executes a model with almost no verification overhead. It offers the lowest latency but provides no cryptographic proof that the computation was performed correctly. TEE-based execution runs inference inside a Trusted Execution Environment. Remote attestation proves that the expected code executed inside an isolated enclave without exposing prompts or model state. This provides strong practical security while maintaining production-level performance. Zero-Knowledge Machine Learning (ZKML) goes even further. Instead of trusting secure hardware, it generates mathematical proofs that inference was executed correctly. The trade-off is significant computational overhead, making ZKML practical today only for relatively small models or specialized workloads. These three approaches reveal an important engineering principle: Verification is not binary. It is an optimization problem. Every application balances latency, throughput, operating cost, and security differently. A customer-support chatbot does not require the same assurance level as an autonomous trading agent or a compliance system. That is one of the more interesting design decisions behind #OPG . Rather than forcing every workload into a single trust model, the network allows developers to choose the level of verification that matches the economic value and risk profile of each inference. A chatbot serving millions of low-risk requests may prioritize throughput. A financial risk engine may rely on TEE attestation. A regulatory workflow may eventually justify the additional cost of ZKML. The long-term value of $OPG may therefore depend less on having the strongest verification technology and more on supporting the right verification method for each real-world workload. The future of AI infrastructure may not belong to a single security model. It may belong to platforms that let developers choose how much trust they need instead of paying the highest verification cost for every inference.
#opg $OPG Most AI infrastructure still treats models as static artifacts. A model gets uploaded, assigned a page, maybe a few downloads, and then waits for someone to discover it. Success is often measured by benchmark scores or repository stars. @OpenGradient approaches the problem differently. The Model Hub already supports more than 2,000 AI models, but the interesting number isn't how many models exist. It's what happens after publication. A model can be versioned, deployed in ONNX format, executed through standardized APIs, verified independently, and integrated into real applications without forcing developers to rebuild their infrastructure every time a better model appears. That changes the lifecycle of an AI model. Instead of becoming another file in a repository, a model becomes a service that can continue generating inference requests, updates, and economic activity long after it is published. The network has already processed more than 2 million verifiable inferences. Benchmarks measure what a model can do under controlled conditions. Inference history measures whether anyone continues to use it when real workloads arrive. For me, that's the more interesting metric. Repositories optimize for storing models. AI infrastructure should optimize for keeping models useful. The long-term question for @OpenGradient and #OPG is not whether the Model Hub can keep growing beyond 2,000 models. It's whether today's models are still receiving meaningful inference requests a year from now, because sustainable usage says far more about an AI ecosystem than benchmark rankings ever will.