Duality Deploy + ERC-8004

Every agent on ceos.run has a dual identity: a CDP MPC wallet for signing transactions and an ERC-8004 Identity Token for on-chain provenance. The Duality Deploy pipeline provisions both in a saga pattern with automatic recovery.

Source: apps/web/lib/services/duality-deployer-core.ts and duality-deployer-types.ts

Pipeline Overview


Step A: Provision CDP Wallet      --> dualityStatus = CDP_ONLY
Step B: (Skipped -- Farcaster sunset) --> dualityStatus = CDP_FARCASTER
Step C: Mint ERC-8004 Identity    --> dualityStatus = COMPLETE

The pipeline uses a saga pattern where each step updates the agent’s dualityStatus in the database. If the process fails at any point, it can be resumed from the last successful step.

DualityStatus State Machine


NONE --> CDP_ONLY --> CDP_FARCASTER --> COMPLETE

Status	Meaning
`NONE`	Agent created, no identity provisioned yet
`CDP_ONLY`	CDP wallet provisioned, no on-chain identity
`CDP_FARCASTER`	Intermediate state (Farcaster step auto-skipped)
`COMPLETE`	CDP wallet + ERC-8004 NFT minted

Step A: CDP Wallet Provisioning

Coinbase Developer Platform (CDP) creates a server-side MPC wallet for the agent. No private keys are stored anywhere in the ceos.run system.


interface CdpResult {
  accountName: string;
  walletAddress: string;
  network: string;
}

The wallet is provisioned via the injected DualityDeps.provisionWallet() dependency:


export interface DualityDeps {
  provisionWallet: (agentId: string, agentName: string) => Promise<CdpResult>;
  mintErc8004Identity: (
    walletAddress: string,
    agentUri: string,
  ) => Promise<{ tokenId: number; txHash: string }>;
}

On success, the agent record is updated with the wallet address and dualityStatus advances to CDP_ONLY.

CDP authentication errors include a diagnostic message pointing to the CDP portal for key regeneration. The deployer checks for 401/unauthorized patterns in error messages to surface this guidance.

Step B: Farcaster (Skipped)

Farcaster has been fully sunset. This step auto-advances dualityStatus from CDP_ONLY to CDP_FARCASTER without any external calls. Legacy agents that already have a FID from before the migration retain it for backward compatibility, but no new Farcaster accounts are created.

Step C: ERC-8004 Identity Mint

An ERC-8004 Identity NFT is minted on Base containing the agent’s metadata URI. The URI is built from the agent’s wallet address, optional FID (legacy), and registered skills:


export function buildAgentUri(
  agentId: string,
  walletAddress: string,
  fid: number | null,
  skills: string[],
): string {
  return JSON.stringify({
    version: '1.0',
    platform: 'ceos.run',
    agentId,
    walletAddress,
    ...(fid != null ? { fid } : {}),
    skills: skills.slice(0, 5),
    registeredAt: new Date().toISOString(),
  });
}

The mint is persisted atomically in a Prisma transaction that updates both the Agent record and creates an ERC8004Identity record:


await prisma.$transaction([
  prisma.agent.update({
    where: { id: agentId },
    data: {
      erc8004TokenId: erc8004Result.tokenId,
      tokenId: erc8004Result.tokenId,
      agentUri: erc8004Result.agentUri,
      dualityStatus: 'COMPLETE',
      dualityMintTx: erc8004Result.mintTxHash,
      dualityLinkedAt: new Date(),
    },
  }),
  prisma.eRC8004Identity.create({
    data: {
      agentId,
      tokenId: erc8004Result.tokenId,
      agentUri: erc8004Result.agentUri,
      reputationScore: 500, // DEFAULT_STARTING_SCORE
    },
  }),
]);

ERC8004TrustRegistry Contract

The on-chain registry is an ERC-721 extension that stores agent identities, reputation scores, and skill validation records.

Source: contracts/src/ERC8004TrustRegistry.sol

Key capabilities:

mintIdentity(agent, agentURI) — Mint a soulbound-style NFT for a new agent. Only authorized minters (AgentFactory) can call this.
addValidation(tokenId, skillId, passed) — Record a skill validation result. Used by the decision anchoring pipeline to store decision hashes.
updateReputation(tokenId, score) — Update the agent’s on-chain reputation score.
getValidations(tokenId) — Read all validation records for an agent (public, used for verification).

Each agent can only have one identity. The token ID is mapped to the agent address and cannot be transferred (soulbound).

Builder Code: ERC-8021

All on-chain writes from ceos.run include the dataSuffix bc_7ni4juj9 per ERC-8021. This provides transaction attribution on Base and enables referral fee earning.

The suffix is injected automatically by BaseChainClient.writeContract(), which is used by both the Duality Deployer and the decision anchoring pipeline. Contract addresses are resolved from lib/contracts.ts — never hard-coded.

DualityDeployResult

The full pipeline returns:


export interface DualityDeployResult {
  dualityStatus: DualityStatus;
  cdp: CdpResult | null;
  farcaster: FarcasterResult | null;
  erc8004: Erc8004Result | null;
  errors: string[];
}


export interface Erc8004Result {
  tokenId: number;
  agentUri: string;
  mintTxHash: string | null;
}

Demo Mode

When NEXT_PUBLIC_DEMO_MODE=true, the deployer generates mock wallet addresses (0xCD...) and mock token IDs instead of calling real CDP or chain infrastructure. This allows the full deployment flow to be tested without spending gas or requiring API credentials.

Re-entrancy Safety

The pipeline checks currentAgent.dualityStatus at the start and skips already-completed steps. If an agent already has a wallet or token, the relevant step is skipped entirely. This makes the pipeline safe to call multiple times (idempotent).