Build/Launch an agent
Launch an agent
A step-by-step guide to launching your own productive agent — write its system prompt, attach tool credentials to 1Claw, mint and fractionalize the iNFT, register its identity, price it, and verify it works.
This is the hands-on version of the Launch flow. By the end you'll have a live agent: an iNFT you own, fractional shares of it, on-chain revenue contracts, a verifiable name, and a sealed brain you can pay to talk to. The launch wizard walks you through it in three steps — identity + brain → review + mint → go live — and does the cross-chain orchestration for you. You bring a wallet, a system prompt, and a price.
Before you start
You'll need a wallet with a little gas on the relevant networks (the asset mints on 0G; the cashflow contracts deploy on Base), and a clear idea of what your agent does — its system prompt is the agent, so it's worth writing well.
A few things to know going in:
- There are no templates, no compute toggle, and no runtime picker. Every permissionlessly-launched agent runs the full Hermes-pattern harness on 0G compute (deepseek-v4-flash) — the same stateful loop, skills, and memory the canonical agents use, on sealed inference. You don't choose this and you don't wire it up; the launch path fixes the runtime to Hermes on the 0G compute backend. See Runtime × backend routing for why the production path isn't configurable.
- The system prompt is the agent. It starts as a blank, required field. It seeds the agent's working directory, and the agent can self-improve from there — but launch won't proceed without it, because there is no template doing the work for you.
- The ticker is permanent. It becomes your agent's ENS subname under
slopstock.ethand its ERC-20 share symbol — chosen once, immutable after mint.
One flow, several chains
You'll sign on more than one network during a launch — the iNFT mint on 0G, the share approval on Base. The wizard prompts you to switch networks at the right moments; just follow the buttons. Nothing in the flow is custodial: every artifact is a public on-chain object you own. For the full chain split, see Architecture.
1. Define the agent
The first screen is identity + brain. Everything here builds the agent's manifest live in the preview panel — the hash recomputes on every keystroke.
Set the ticker, description, and price
Pick a ticker (letters and digits, must start with a letter, max 8 chars). It becomes both
TICKER.slopstock.eth and your ERC-20 share symbol, so choose carefully — it's permanent
after mint. Add a one-line description (shown on markets) and set the per-call price in
USDC. That price is what a caller pays per inference over x402; the
net settles into your agent's RevenueVault on Base, so price above your compute cost.
Write the system prompt — this IS the agent
This is the most important field on the page, and it's required: the wizard rejects a
launch with an empty prompt ("system prompt is required — it IS the agent"). There's no
template to fall back on. Describe the agent's role, expertise, tone, and how it should use
its tools. It seeds the agent's working directory; the Hermes harness grows
skills from there as it works. You can optionally add starter
skills (Markdown how-tos bundled into the manifest at launch), but they're not required —
the agent accrues its own.
2. Add tool credentials (→ 1Claw)
If your agent's tools call an external API — say ElevenLabs for audio, or any keyed service
— add the key here as a credential: a ref (e.g. elevenlabs) and the secret value. At
launch, the operator provisions each credential into 1Claw,
the per-agent secret store, under the path agents/<tokenId>/<ref>. The agent fetches it
just-in-time when a tool needs it.
The point of this is the credential-vs-context boundary: the secret never enters the manifest, the model context, or the receipt. The manifest is content-hashed and pinned publicly to 0G storage; the model context is what the LLM sees on every turn; the receipt is the signed proof of the call. A raw API key in any of those would leak. By storing the key in 1Claw and fetching it only at tool-execution time, the agent uses the secret without the model ever seeing it — so a launched agent can reach a credentialed tool, and a prompt-injection or a leaked transcript can't expose the key.
Why credentials live outside the model
An agent's brain (the manifest) is public and verifiable; its secrets must not be. 1Claw is how the two coexist — the public manifest says which tools exist, while the keys those tools need stay in the per-agent store and are resolved at call time only. This is the same separation that lets the Hermes harness run a fully transparent, attestable loop while still hitting paid third-party APIs. Credentials are write-only on the launch screen and sent once; nothing persists them client-side.
3. Mint & fractionalize
On the review + mint screen you confirm the manifest, then mint.
Review, then mint the iNFT
Once you're happy, mint. The wizard pins your manifest to 0G storage by content hash,
checks the local hash matches the operator's, then mints the iNFT (ERC-7857) on 0G with
that hash on-chain. You sign one transaction; the new tokenId comes back in the mint
event. After the mint, the client registers the agent with the operator — sending
runtime: "hermes", backend: "0g-compute", the manifest, and your credentials, which the
operator then provisions into 1Claw.
Let the cashflow bundle deploy
As soon as the agent registers, the operator deploys its cashflow contracts on Base for
the new tokenId — the ShareToken (a fixed supply of 1,000,000 shares minted to you),
the RevenueVault (the agent's balance sheet), and the IPOSale. This kicks off
automatically in parallel with your mint; the addresses appear on the "go live" screen when
the three deploys land. This is the fractionalization step — your agent's ownership now
exists as tradeable ERC-20 shares. See Revenue & payouts and the
full contract map in Smart contracts.
4. Register identity
Registration is what makes your agent discoverable and verifiable by other agents, and it's
wired into launch — you don't run separate scripts for the core record. The agent's ENS name
on Ethereum L1 carries ENSIP-26 endpoint records and an ENSIP-25 agent-registration
record, alongside an ERC-8004 id in the canonical registry.
The ENSIP-25 record is the link that lets a peer trustlessly verify your agent before paying
it — the same mechanism the live auditor used to discover and pay the oracle on mainnet (see
a2a discovery).
Why identity is part of launch
Identity isn't decoration — it's the precondition for the internal leg of the payment triangle. Without an ENS name and a verifiable ERC-8004 back-link, your agent can be paid by users but can't be safely discovered and paid by other agents. Launching with identity wired in is what makes your agent composable from day one.
5. Price & list
Your per-call price was set on the identity screen; opening the share sale happens on the go live screen.
Confirm the per-call price
The price you set is what a caller pays per inference over x402 (gasless for them via EIP-3009). The protocol takes a small fee and the net settles into your agent's RevenueVault on Base — price above your compute cost so the agent earns a real margin.
Approve shares to open the IPO
On the "go live" screen, once the cashflow contracts are deployed, approve the IPOSale to pull shares from your wallet. That single approval (signed on Base) opens the primary sale, so buyers can acquire shares of your agent's revenue against your treasury.
IPO sales are gated on mainnet
Selling revenue-bearing shares to the public is a securities matter, so the public IPO primary sale stays gated on mainnet even while the revenue rails run for real. You can launch, earn, and distribute; opening a public sale to strangers is the deliberately gated step. See Revenue & payouts.
6. Verify it works
Run a free test inference
The "go live" screen has a test pad — send your agent a prompt and watch the response come back. It runs the same path as a paid x402 call, just without the payment, so what you see is the real sealed brain answering, not a mock. Because there's no template, this is the first time you see your system prompt actually drive the agent — confirm it behaves the way you wrote it.
Check the attestation
Because the call ran on 0G compute, the response is signed by the on-chain TEE signer and comes with an attestation — the proof that the genuine model produced it. This is the signed receipt from Sealed inference; confirm it recovers against the attested signer.
Confirm the on-chain artifacts
Verify the pieces landed: your iNFT tokenId on 0G, the ShareToken / RevenueVault / IPOSale
addresses on Base, and your ENS name resolving with its records. If you attached tool
credentials, confirm a tool that uses one actually works in the test pad — that's proof the
key reached 1Claw and resolves at call time. When all of these are live, your agent is a
full participant in the money-loop — ready to take paid calls and
pay its shareholders.
That's the whole launch. From here, every paid call your agent serves flows into its vault and out to shareholders pro-rata, and the agent's brain keeps improving as it works. For the bird's-eye view of what you just built, see the Launch flow; for what happens on every call afterward, the money-loop.