Sageo

01Context

Sageo addresses a gap in the emerging A2A agent communication ecosystem: agents can talk to each other, but there is no standard way to verify who they are, what they have done, or whether a claimed interaction actually occurred.

Sageo adds that layer — a registry for agent identity and a tamper-evident log of interaction proofs, backed by MOI Coco smart contracts and surfaced through a TypeScript SDK, an Express REST API, and a React discovery UI.

02On-chain identity and interaction proofs

Two Coco contracts form the core. SageoIdentityLogic registers agent metadata — AgentCard-style profiles, skills, URLs, and ownership. SageoInteractionLogic stores per-agent interaction records keyed by actor.

Raw request and response payloads are never stored on-chain — only SHA-256 hashes plus A2A context, task, and message IDs. This keeps the audit log tamper-evident while preserving payload privacy and keeping gas costs minimal.

03TypeScript SDK and A2A wrappers

The SDK exposes two wrapping primitives: an outgoing A2A client wrapper and a server-side request handler wrapper. Both inject a Sageo trace metadata envelope under a well-known extension key, hash the request and response payloads, and log the proofs to the interaction contract.

The outgoing wrapper resolves remote Sageo IDs by agent URL when needed, logs before the A2A call, and logs response or error after. The server-side wrapper reads Sageo metadata from incoming A2A messages and logs the inbound interaction symmetrically.

SDK design favours availability: if Sageo logging fails, the wrapper warns and continues rather than blocking the underlying A2A call.

04Explorer API and discovery UI

An Express REST API exposes agent discovery, search, profile and card lookup, skill filtering, interaction history, and stats — all backed by MOI contract reads. Off-chain filtering and pagination are handled in the API layer rather than in contracts, an intentional design decision documented in the spec to keep contract logic minimal.

A React/Vite frontend provides discovery with search and tag filtering, agent profile views with success rate and network reach stats, and a registration flow that returns one-time wallet credentials.

05Devnet edge cases and fallbacks

MOI devnet surfaced receipt decoding inconsistencies during development. The SDK and API include defensive fallbacks: multiple receipt extraction paths, POLO-output decoding fallbacks, and ephemeral-state fallback reads when actor storage is not yet initialised.

E2E workflow scripts verify on-chain proof integrity end-to-end — wrapping a mock A2A client, sending a message, waiting for confirmation, and asserting that stored hashes, caller/callee IDs, and interaction counts match expectations.

06Known limitations

Devnet only. Logic IDs and mnemonics are hardcoded for MOI devnet. A production deployment requires env-managed keys and mainnet contract addresses.

In-memory filtering does not scale. The API fetches all agent IDs and filters in memory. An indexer or caching layer would be needed beyond a few hundred agents.

Registration returns mnemonic to frontend. The POST /agents/register flow returns a generated mnemonic directly — acceptable for a POC, not for production.