A privacy-preserving data marketplace on Solana. Sell access to your data — never the data itself.
Status: experimental — DO NOT USE IN PRODUCTION. No security audit has been performed. Interfaces, on-chain accounts, and proof formats are unstable and change between releases. See SECURITY.md.
HORUS is a protocol for trading access to data without surrendering the data.
A data owner encrypts a dataset client-side and lists it on-chain with a predicate commitment — a binding promise about what the dataset contains (row count, schema, freshness) that can later be proven in zero knowledge. A buyer purchases a time-boxed capability that authorizes a bounded set of queries. Payment settles on Solana through an escrow that releases to the owner per answered query, minus a protocol fee. The raw bytes never leave the owner's custody; the buyer receives query results plus a proof that the result was computed correctly against the committed dataset.
The three properties HORUS is built around:
| Property | What it means |
|---|---|
| Data stays put | Owners share access, not files. Capabilities expire and are revocable. |
| Honest listings | Predicate commitments are checkable in ZK — a listing can't lie about its data. |
| Atomic settlement | Escrow releases per-query on Solana; no off-chain trust between parties. |
┌─────────────┐ capability ┌─────────────┐
data owner ─►│ registry │◄────────────────────► │ access │
│ (listings, │ │ (grants, │
│ predicate │ query + proof │ scopes, │
│ commits) │◄──────────────────────►│ expiry) │
└─────┬───────┘ └──────┬──────┘
│ escrow ref │ usage
▼ ▼
┌──────────────────────────────────────────────────┐
│ settlement (Solana escrow, per-query payout) │
└──────────────────────────────────────────────────┘
▲ ▲
│ predicate / query-correctness proofs │
┌─────┴────────────────────────────────────────┴──┐
│ zk (experimental — behind ENABLE_ZK_EXPERIMENTAL)│
└──────────────────────────────────────────────────┘
See docs/architecture.md for the full diagram and data flow.
Normative protocol definitions live in spec/. Code follows the spec, not
the other way around.
| RFC | Title | Status |
|---|---|---|
| RFC-0001 | Protocol overview & terminology | Accepted |
| RFC-0004 | Capability-based access grants | Accepted |
| RFC-0007 | Escrow & per-query settlement | Accepted |
| RFC-0009 | Dataset registry & predicate commitments | Draft |
| RFC-0011 | ZK predicate & query-correctness proofs | Experimental |
# Rust workspace (core + cli + sdk/rust)
cargo build --workspace
# run the unit suite (access + settlement engines)
cargo test --workspace
# experimental ZK paths are gated — opt in explicitly
cargo build --features zk-experimentalMSRV is 1.78. The ZK paths additionally require a circuits/ artifact directory
(not checked in); see RFC-0011.
A gateway answers buyer queries against a local dataset it custodies and posts settlement proofs on-chain. It never serves raw rows.
horus gateway \
--keypair ~/.config/solana/id.json \
--dataset ./data/listing.enc \
--commitment ./data/listing.commit.json \
--cluster devnet--cluster mainnet requires ENABLE_MAINNET=true and a release-candidate build.
| SDK | Package | Status | Notes |
|---|---|---|---|
| Rust | horus-sdk (sdk/rust) |
🟢 codec + types | Source of truth; commitment construction is implemented. On-chain client is WIP. |
| TypeScript | @usehorus/sdk (sdk/ts) |
🟡 codec only | Commitment codec matches Rust byte-for-byte; client RPC stubbed until programs deploy. |
| Python | horus-sdk (sdk/py) |
🟡 codec only | Same scope as TS. |
The client surface below is the target API. What ships today is the verified
commitment codec (commit, estimateBudget); connect / buyAccess / query
throw until the Solana programs are deployed (RFC-0001 §End-to-end flow).
import { Horus } from "@usehorus/sdk";
// Target API (on-chain calls land with the settlement programs):
const horus = await Horus.connect({ cluster: "devnet" });
const cap = await horus.buyAccess(listingId, { queries: 100, ttlSecs: 3600 });
const { rows, proof } = await horus.query(cap, "SELECT count(*) WHERE region = 'EU'");
await horus.verify(proof); // result is correct against the committed datasetHORUS assumes a malicious counterparty on both sides and an honest-but-curious gateway operator. Detailed threat model, trust assumptions, and the list of things HORUS explicitly does not protect against are in docs/security-model.md.
| Component | Reviewed | Notes |
|---|---|---|
Access grants (crates/horus-access) |
internal | External audit not yet scheduled. |
Settlement (crates/horus-settlement) |
internal | External audit not yet scheduled. |
ZK proofs (crates/horus-zk) |
none | Experimental; do not rely on soundness. |
Protocol changes start as an RFC in spec/, not as a PR to a crate. Open a
discussion, get rough consensus, then implement. See CONTRIBUTING.md.
Licensed under either of Apache License 2.0 or MIT license at your option.