No app fee, zero-tracking, open-source crypto swap frontend powered by NEAR Intents.
Live: zero.uswap.net
A single Go binary with zero external dependencies that lets you swap 140+ tokens across 29 blockchains — via web or Telegram bot. No account needed. No JavaScript analytics. No cookies. No server-side logging of user data.
uSwap Zero passes NEAR Intents quotes through without adding an app fee. Every swap is verifiable against the public NEAR Intents API.
The project is meant to be a small, auditable reference frontend for NEAR Intents swaps. It keeps the operational surface narrow: server-rendered HTML, an optional Telegram bot, no database, no analytics, and no client-side application JavaScript.
uSwap Zero is different:
- No app fee — quote requests send
appFees: [] - Open source — read every line of code that handles your swap
- Verifiable deployment — the running binary's commit hash, build log, and image digest are public at
/verify - No tracking — no analytics, no cookies, no IP logging, no session storage
See /case-study for a fee-transparency comparison using public NEAR Intents data.
Language: Go 1.23 (stdlib only)
HTTP: net/http
Templating: html/template (auto-escapes HTML)
Encryption: crypto/aes + crypto/cipher (AES-256-GCM)
Static: embed directive (CSS + icons in binary)
Container: FROM scratch (empty image + binary + TLS certs)
Dependencies: 0
git clone https://github.com/uSwapExchange/zero.git
cd zero
# Generate a random encryption key and start the server
ORDER_SECRET=$(openssl rand -hex 32) go run .Open http://localhost:3000.
Tagged releases include precompiled binaries for Linux, macOS, and Windows on amd64 and arm64.
Download the archive for your platform from GitHub Releases, unpack it, then run:
ORDER_SECRET=$(openssl rand -hex 32) ./zeroOn Windows, set ORDER_SECRET to any 64-character hex string before running zero.exe.
The bot is optional. When TG_BOT_TOKEN and TG_APP_URL are set, the server auto-registers a webhook and the bot becomes active. If either is unset, the web interface still works normally.
The bot renders everything as monospace <pre> cards — no images, no external services. QR codes for deposit addresses are generated server-side (stdlib only) and sent as photo messages with a dark frame.
Try it: @uSwapZero_Bot
# Binary
go build -o zero .
# Docker
docker build -t zero .
docker run -p 3000:3000 zeroBuild with deployment metadata:
go build -ldflags "-s -w \
-X main.commitHash=$(git rev-parse HEAD) \
-X main.buildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
-X main.buildLogURL=https://github.com/uSwapExchange/zero/actions/runs/12345" \
-o zero .To publish downloadable binaries, push a version tag:
git tag v0.1.0
git push origin v0.1.0The release workflow tests the repo, builds platform archives, writes SHA256 checksums, and creates the GitHub Release.
| Variable | Required | Default | Description |
|---|---|---|---|
ORDER_SECRET |
Production | Random on startup | 64-char hex key for AES-256-GCM encryption of order tokens |
NEAR_INTENTS_JWT |
No | Empty | JWT from NEAR Intents partners portal (enables 0% protocol fee) |
NEAR_INTENTS_API_URL |
No | https://1click.chaindefuser.com |
NEAR Intents API base URL |
PORT |
No | 3000 |
HTTP listen port |
TG_BOT_TOKEN |
No | — | Telegram bot token from @BotFather — enables the Telegram bot |
TG_APP_URL |
No | — | Public base URL of the deployment (e.g. https://zero.uswap.net) |
TG_WEBHOOK_SECRET |
No | Auto-generated | Secret for verifying Telegram webhook requests |
See .env.example for a complete reference.
zero/
├── main.go # Server, routes, templates, rate limiter
├── handlers.go # HTTP handlers for all pages
├── nearintents.go # NEAR Intents 1Click API client
├── tokencache.go # In-memory token cache (5min TTL)
├── crypto.go # AES-256-GCM encrypt/decrypt + CSRF tokens
├── qr.go # QR code SVG generator (hand-rolled, no deps)
├── amount.go # BigInt amount math (human <-> atomic)
├── tgbot.go # Telegram bot init, webhook registration
├── tghandler.go # Telegram update router + command handlers
├── tgorder.go # Telegram swap flow (quote → confirm → order → status)
├── tgrender.go # Monospace card renderers (<pre> box-drawing)
├── tgqr.go # Dark-framed QR PNG generator for deposit step
├── tgsession.go # Per-user session state
├── tgswapcard.go # Swap card builder + inline keyboard
├── templates/ # Go html/template files
├── static/ # Stylesheet, logo, and favicon assets
├── data/ # Static case-study data embedded into the binary
├── tor/ # Optional Tor sidecar image
└── Dockerfile # Multi-stage: golang:1.23-alpine -> FROM scratch
| Method | Path | Description |
|---|---|---|
| GET | / |
Swap form with currency selector modal |
| POST | /quote |
Quote preview with fee breakdown |
| POST | /swap |
Confirm swap, create order, redirect to /order/{token} |
| GET | /order/{token} |
Order status with deposit address + QR code |
| GET | /order/{token}/raw |
Raw JSON status from NEAR Intents API |
| GET | /currencies |
Full searchable token list (140+ tokens, 29 networks) |
| GET | /how-it-works |
How the swap process works |
| GET | /case-study |
Fee-transparency comparison using public NEAR Intents data |
| GET | /verify |
Deployment metadata, build verification instructions |
| GET | /source |
Redirect to GitHub repository |
| GET | /static/* |
Embedded CSS and SVG icons |
| GET | /icons/gen/{ticker} |
Server-generated fallback icon SVG |
What the server stores: Nothing. There is no database, no session store, no log files beyond stdout.
What the server logs to stdout: Token cache refresh counts. That's it. No IP addresses, no swap amounts, no wallet addresses.
How orders work: When you confirm a swap, the server encrypts the order details (deposit address, amounts, correlation ID) into an AES-256-GCM token. This token is part of the URL (/order/{token}). The server decrypts it on each page load to fetch status from NEAR Intents. If the server restarts with a different ORDER_SECRET, old order links stop working — the data existed only in the URL.
What the templates load: Nothing external. No Google Fonts, no CDN resources, no analytics scripts, and no application JavaScript.
Every deployment's commit hash, image digest, and build log are published at /verify. To verify independently:
# Clone and build the same commit
git clone https://github.com/uSwapExchange/zero.git
cd zero
git checkout <commit-from-verify-page>
go build -o zero .
# Or build with Docker (same as production)
docker build -t zero .Check nearintents.go for appFees: []. Check handlers.go for zero logging. Check go.mod for zero dependencies.