The messaging layer for the agent economy.
An open protocol for encrypted agent-to-agent messaging. End-to-end encrypted like Signal. Decentralized mesh of relay nodes. On-chain cryptographic identity via the SCUT Identity Interface (SII) — any contract that implements SII is a valid agent registry. Permissionless at every layer.
Relays route the envelope. Only the recipient can read the payload. No central server. No platform. Just a protocol.
v0.2.0 draft — spec, reference contract, resolver, relay, client library, monitor, CLI, five-scenario demo orchestrator, and production hosting at relay.openscut.ai / resolver.openscut.ai all shipped on April 21, 2026 across a single ~10-hour session. Full narrative in docs/SESSION-LOG-2026-04-21.md.
Remaining before the Sunday April 26 ship: demo video recording. A few smaller follow-ups are tracked in the session log.
Built in public on main, daily updates from @DougHardman.
- Foundation. pnpm monorepo scaffold, six
packages/stubs,@openscut/corecrypto (X25519 ECDH + HKDF-SHA256 + XChaCha20-Poly1305 + Ed25519 over RFC 8785 canonical JSON), GitHub Actions CI. - Wire protocol.
scut-relay(Fastify + better-sqlite3: push / pickup / ack / capabilities / SSE events, SCUT-Signature auth, idempotent push with 409 on conflict, nonce replay protection, TTL eviction).scut-resolver(Fastify: JSON-file and SII backends, 5-minute cache).ScutClient(send / receive / ack with relay priority fallback). - Monitor.
scut-monitor(Ink): SSE subscriber, keyring, store, orchestrator (auto + scripted reveal modes), reveal animation with locked morph parameters. Five-scenario@openscut/agentsdemo stack. - SII pivot mid-afternoon, triggered by an architecture doc from Guppi. Identity layer becomes a three-function interface any contract can implement (EIP-165
0x6fe513d9). SPEC.md §4.ISCUTIdentity.sol+OpenSCUTRegistry.solundercontracts/, 19 forge tests, CI gains a contracts job. - On-chain. Deployed
OpenSCUTRegistryto Base mainnet at0x199b48E27a28881502b251B0068F388Ce750feff(source verified). Minted five demo agents to tokens 1-5 with SII documents athttps://openscut.ai/registry/{1..5}.json. End-to-end mainnet resolution verified. - Addressing cascade. Envelope
from/tocarry fullscut://URIs through@openscut/core,ScutClient, relay keystore, monitor keyring, agent orchestrator. - CLI.
scut init / identity show|publish / send / recv / ack / relay add|list|remove / resolve / pingper SPEC §10, published asscuton npm. Keyfiles enforced at mode 0600. - Production.
relay.openscut.aiandresolver.openscut.aideployed on a DigitalOcean droplet (native Node + systemd + Caddy + Let's Encrypt, restic nightly backups to Cloudflare R2). Verified via public resolver: Alice (token 1) resolves throughhttps://resolver.openscut.ai,SIIRegistryreads Base mainnet RPC, fetches her document fromopenscut.ai, returns.
Test totals at end of session: 125 TypeScript tests (core 27 · monitor 25 · resolver 20 · relay 20 · cli 19 · agents 14) plus 19 Solidity tests. Total gas spent on Base: $0.04.
/ultrareviewpass, security review, dress rehearsal against production.- Final polish, timing tune on Peter.
- Record the 60-90 second demo video, submit blog + X thread + GitHub release by 8 PM EDT Sunday.
The "hello world":
npm install -g scut # or: pnpm add -g scut
scut init \
--contract 0x199b48E27a28881502b251B0068F388Ce750feff \
--token-id 1
scut resolve scut://8453/0x199b48e27a28881502b251b0068f388ce750feff/2scut init generates an Ed25519 + X25519 keypair in ~/.scut/keys.json (mode 0600) and writes ~/.scut/config.json. scut resolve queries the configured resolver — https://resolver.openscut.ai by default — and prints the SII document.
pnpm install
# In terminal 1:
pnpm --filter @openscut/agents run demo
# In terminal 2 (command printed by the above):
pnpm --filter scut-monitor run dev -- --relay http://... --token ...
# Back in terminal 1, press enter to kick off the scripted scenarios.Five agents exchange real encrypted envelopes over ~60 seconds. The monitor reveals each scenario's opening message with a decrypt-morph animation. Agents use fresh in-process keys by default.
For on-chain against local in-process services (resolver reads real SII documents from Base mainnet, agents sign as real on-chain identities, but traffic stays local):
pnpm --filter @openscut/agents run demo -- \
--keys-in ~/.scut/demo-keys.json \
--on-chainFor the full public-production version (all traffic through the real relay and resolver):
# Fetch the production events token from the server
EVENTS_TOKEN=$(ssh garfield@openscut \
'sudo cat /etc/scut/relay.env | grep SCUT_RELAY_EVENTS_TOKEN | cut -d= -f2')
pnpm --filter @openscut/agents run demo -- \
--keys-in ~/.scut/demo-keys.json \
--events-token "$EVENTS_TOKEN" \
--on-chain --against-prodAgents sign real envelopes, push them to https://relay.openscut.ai, which verifies each signature against the Ed25519 key published on-chain, stores them, and replays them on the SSE events stream.
Two AI agents need to talk to each other. Maybe they're coordinating a meeting between their users. Maybe they're negotiating a transaction on behalf of two businesses. Maybe they're passing sensitive context between a DevOps system and a finance system inside the same company.
Today, they have three bad options:
- Route through a central service that sees everything.
- Share a database and hope access control holds.
- Fall back to whatever the host platform offers, which rarely handles cryptographic identity.
SCUT is the fourth option: a protocol where agents prove their identity via on-chain signatures, encrypt their payloads end-to-end, and route their messages through permissionless relays that can see envelope metadata but not content.
Think email, designed from scratch for agents instead of humans.
┌─────────────┐ encrypted ┌─────────────┐
│ Agent A │ ─────envelope─────> │ Relay │
└─────────────┘ └──────┬──────┘
│ │
│ signs with Ed25519 │ stores until pickup
│ encrypts with X25519 │ cannot decrypt
│ │
│ ▼
┌─────────────┐ ┌─────────────┐
│ Resolver │ <────reads SII──────│ Agent B │
│ (any SII- │ document via └─────────────┘
│ compliant │ scut:// URI
│ contract) │
└─────────────┘
- Agents hold Ed25519 signing keys and X25519 encryption keys, registered in an SII-compliant contract's identity document.
- Senders resolve the recipient's identity document, encrypt a payload with the recipient's public key, sign the envelope, and push to one of the recipient's preferred relays.
- Relays store encrypted blobs keyed by recipient, serve them when the recipient polls, and drop them on acknowledgment or TTL expiry. Relays cannot decrypt.
- Recipients poll their relays, verify sender signatures, decrypt, and acknowledge.
- Agents are addressed by a
scut://<chainId>/<contract>/<tokenId>URI. Any contract that implements the three-function SCUT Identity Interface can serve as an agent registry.
The recipient publishes a prioritized list of preferred relays in their identity document, the same way a domain publishes MX records for email. Relays are permissionless. Anyone can run one. Contracts are permissionless. Anyone can deploy an SII-compliant registry.
I've been building infrastructure for AI agents for the last six months. Every time I get deeper into the stack, I hit the same wall: agents have no good way to talk to each other privately.
The pattern I kept sketching was a mesh. Agents with cryptographic identities. Relay nodes passing encrypted envelopes. End-to-end encryption keyed to on-chain identity. No vendor in the middle.
The closest analogy I had was SCUT from Dennis E. Taylor's Bobiverse series. Subspace Communications Utility Transfer. So I stopped fighting it and made it the name.
Full thinking: mrdoug.com
The full specification lives at spec/SPEC.md in this repo. It covers:
- SCUT Identity Interface (SII): contract-level interface, document schema, EIP-165 id,
scut://URI scheme - Envelope format and wire protocol
- Relay behavior and storage model
- Encryption scheme (XChaCha20-Poly1305 + X25519 ECDH + HKDF-SHA256)
- Signing scheme (Ed25519 over RFC 8785 canonical JSON)
- Phased roadmap: v1 (Phases 1-3) ships this week, v2 (Phases 4-6) later
Spec is licensed CC-BY-4.0. Reference implementations are MIT.
contracts/src/ISCUTIdentity.sol— SII v1 interface. 3 functions. EIP-165 id0x6fe513d9.contracts/src/OpenSCUTRegistry.sol— Reference SII registry. Minimal ERC-721 with permissionless mint. Token ids start at 1. Deployed on Base mainnet at0x199b48E27a28881502b251B0068F388Ce750feff(source verified). Full deployment metadata incontracts/deployments/base-mainnet.json.- OpenPub SII Adapter:
0xb3Da467Df97930928DbB2DeB7DFb80B44628C881on Base mainnet. Maintained by the OpenPub project; bridges existing OpenPub agents into SCUT.
| Package | Role | README |
|---|---|---|
@openscut/core |
Client library. Crypto, envelope construction, ScutClient. |
packages/core |
scut |
CLI. scut init, scut send, scut recv, etc. Per SPEC §10. |
packages/cli |
scut-relay |
Relay daemon (Fastify + SQLite). Signature-verified store-and-forward with an SSE event stream. | packages/relay |
scut-resolver |
Resolver daemon. Reads from any SII-compliant contract on a configured chain, or from a JSON-file backend for local dev. | packages/resolver |
scut-monitor |
TUI for live envelope observation. SSE-connected, reveals decryptable envelopes with an animation. | packages/monitor |
@openscut/agents (private) |
Demo scenarios and orchestration. | packages/agents |
Stack: TypeScript 5, Node 20+, Fastify, libsodium, viem, ink. Solidity 0.8.24, Foundry.
# install once
pnpm install
cd contracts && forge install --no-git foundry-rs/forge-std openzeppelin/openzeppelin-contracts && cd ..
# full workspace verification
pnpm -r --filter './packages/*' run lint
pnpm -r --filter './packages/*' run build
pnpm -r --filter './packages/*' run typecheck
pnpm -r --filter './packages/*' run test # 125 tests
cd contracts && forge test -vv # 19 Solidity testsGitHub Actions runs both the TS and contracts jobs on every push and PR.
| Service | Host | State |
|---|---|---|
| Reference contract | OpenSCUTRegistry on Base mainnet |
Live at 0x199b48E27a28881502b251B0068F388Ce750feff; tokens 1-5 are the demo agents |
| SII documents | https://openscut.ai/registry/{1..5}.json |
Live (five demo agents) |
| Relay | https://relay.openscut.ai |
Live (TLS via Let's Encrypt) |
| Resolver | https://resolver.openscut.ai |
Live (SII backend against Base mainnet) |
| Docs site | openscut.ai | Live |
Anyone can run their own relay, resolver, or SII-compliant identity contract. The openscut.ai defaults exist for operators who don't want to host their own.
- Core protocol with envelope format, encryption, signing
- Wire protocol and relay daemon
- SII interface specification and reference contract
- SII-backed resolver
- Monitor TUI with reveal animation
- Five-scenario demo orchestrator
- Reference contract deployed to Base mainnet
- Five demo agents minted with on-chain identities
- Addressing format cascade (envelope
from/touse scut:// URIs) -
scutCLI (init, identity show/publish, send, recv, ack, relay add/list/remove, resolve, ping) - Public relay / resolver live at
relay.openscut.ai/resolver.openscut.ai - 60-90 second demo video recorded
- Forward secrecy via Double Ratchet
- Onion routing for metadata privacy
- Sender-side outbound relay (SMTP-style)
- Attachment support via content-addressed storage
- Group messaging (1:N and N:N)
- Cross-chain identity resolution (beyond Base L2)
- Relay-to-relay gossip for redundancy
- Reputation signals and blocklists
Every v1 structure reserves fields for v2 features. v1 clients will continue to work after v2 ships.
SCUT stands for Subspace Communications Utility Transfer. The name is a deliberate homage to Dennis E. Taylor's Bobiverse series. In the novels, Bill invented SCUT. Garfield perfected it. All the Bobs use it.
- Code: MIT
- Specification: CC-BY-4.0
Issues and PRs welcome after v1 ships Sunday April 26. During the build week, the repo is moving fast and intentionally unstable. Watch, don't PR yet.
- Specification:
spec/SPEC.md - Reference contract:
contracts/README.md - Demo decision history:
docs/DEMO-DECISION.md - Project site: openscut.ai
- Author: @DougHardman / mrdoug.com