NPC.fi spec
Be an NPC, get paid — anonymously. The protocol specification: anti-Sybil, anonymity, token, architecture, risks. Living document.
The problem
AI training has plateaued on text. The next scarce resource is realistic human behavioral data: how people decide, hesitate, get distracted, change their mind. Synthetic data can't fake it. Big Tech harvests it already — for free, without consent, without payment.
At the same time, Base's AI-agent boom (Virtuals, Clanker, A0x, Moltbook) has 18k+ agents that all sound and act the same. There is no marketplace for personality — for the lived patterns that make an agent feel like a real human.
The insight
- Humans opt-in, control granularity, earn $NPCFI per query (buyers pay USDC; the protocol swaps it to $NPCFI on Clanker).
- Buyers get queryable behavioral patterns, not raw records — protected by TEEs and differential privacy.
- A token (
$NPCFI) coordinates the three sides: supplier rewards, buyer settlement, validator anti-Sybil staking.
Closest analog is Vana (data DAOs), but Vana sells static datasets in bulk. NPC.fi sells live, queryable patterns via API — closer to a real product than a token wrapper around a CSV.
Three-sided market
Suppliers — humans
- OAuth: Google Calendar, Spotify, YouTube, GitHub. (No Plaid / banking in v1.)
- Question-answer surface — direct prompts answered in deadpan voice for higher per-unit payout.
- Optional browser extension (v2).
- Premium tier — paid live interviews via WebRTC (opt-in, voice-cloning anonymization).
Buyers — paying side
- AI agent creators on Virtuals/Clanker — persona archetypes
- Game studios — realistic NPC decision patterns
- Ad platforms — A/B test against simulated audiences
- Robotics / AV — pedestrian + urban movement patterns
- Researchers — consented behavioral studies
Pricing per query in USDC. Typical: $0.05–$5 batch, $50+ for live human sessions.
Anonymity stack
NPC.fi uses no identity verification of any kind. No World ID. No Gitcoin Passport. No KYC. The protocol only ever sees a wallet address.
Privacy layers
- Client-side PII stripping (open-source WASM module in supplier's browser).
- TEE-attested ingestion (AWS Nitro v1 → Marlin/Phala v2). Remote attestation verifiable in-browser.
- Differential privacy noise injected on the user's device before patterns leave.
- k-anonymity floor: minimum 50 humans per query result; sub-floor queries rejected.
- Pseudonymous payouts via Privacy Pools (0xbow) or Railway, opt-in.
Hard rules
- No biometric data, no minors, no medical records — ever.
- All ingestion + plausibility code open source + reproducibly buildable.
- No identity primitives anywhere in the stack. If one creeps in, kill it.
- User can delete stored derivatives + revoke license at any time (forward-only).
Anti-Sybil without identity
We don't need to prove a supplier is human. We need to prove their data looks human. Three layers, stacked.
Layer 1 — Stake-to-supply
Every persona locks a refundable $NPCFI (or USDC) bond. Slashed for implausible data. Returned on retirement in good standing. Sybils scale linearly with capital.
Layer 2 — Behavioral plausibility detector
Open-source model scores incoming streams on circadian rhythms, hesitation patterns, cross-source coherence, error rates, novelty. Personas failing threshold → downranked → payout-capped → slashed.
Layer 3 — Compounding reputation
Quality score accrues on a soulbound Persona NFT. High-rep personas earn premium per-query rates. Slashable. Six months of consistent data is unforgeable; time becomes the trust signal.
Layer 4 — Validators (v2)
Stake $NPCFI to spot-check personas; earn from correct flags, lose stake on wrong ones. Decentralizes anti-Sybil over time.
Token mechanics
| Stake-to-supply | Refundable bond per persona. Primary anti-Sybil mechanism. Slashable. |
| Buyer settlement | Buyers pay USDC; protocol fee swapped to $NPCFI and partially burned. |
| Supplier payouts | Paid in $NPCFI. Buyer USDC is auto-swapped on the Clanker market and credited to contributors as the protocol token. |
| Validator staking (v2) | Stake $NPCFI to spot-check personas. Correct flag earns slashed stake. |
| Governance | Vote on plausibility-detector params, allowed categories, fee splits, upgrades. |
| Persona NFT | Soulbound. Accrues reputation. Higher rep → higher per-query payouts. Slashable. |
Launch via Clanker. Reserve a meaningful tranche for supplier rewards. Reserve a separate tranche for red-team bounties on the plausibility detector. No pre-sale, no investors, no KYC'd whitelist.
Architecture (web-first)
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Supplier Web │ │ Buyer Web/API │ │ Validator Web │
│ (Next.js) │ │ (Next.js + SDK) │ │ (Next.js) │
└────────┬─────────┘ └────────┬─────────┘ └────────┬─────────┘
│ OAuth (client-side) │ REST / GraphQL │ stake, flag
▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ NPC.fi API Gateway (Node) │
│ - Auth: wallet signature ONLY (no identity primitives) │
│ - Query routing, rate limiting, billing │
│ - Cloudflare Turnstile at edge │
└─────────────────────────────────────────────────────────────────┘
│ │ │
▼ ▼ ▼
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ TEE Aggregator │ │ Pattern Index │ │ Base Contracts │
│ (AWS Nitro) │ │ (Postgres+pgv) │ │ (Solidity) │
│ - PII strip │ │ - vector search │ │ - $NPCFI token │
│ - DP, k-anon │ │ - aggregates │ │ - stake/slash │
│ - plausibility │ │ │ │ - Persona NFTs │
└──────────────────┘ └──────────────────┘ └──────────────────┘Tech stack
- Frontend: Next.js 14 App Router · Tailwind · custom design system
- Web3: wagmi v2 · viem · Coinbase Wallet SDK · injected connectors
- Chain: Base mainnet (Sepolia first) · Solidity + Foundry
- Backend: Node + Fastify · Postgres + pgvector
- TEE: AWS Nitro Enclaves (MVP) → Marlin/Phala (v2)
- Bot defense: Cloudflare Turnstile at API edge. Never reCAPTCHA.
- Personhood: none. No World ID, no Gitcoin Passport, no KYC.
- Plausibility detector: open-source Python service, GPU-optional
- Payments: USDC on Base via x402 micropayments
- Analytics: PostHog (self-hosted for privacy consistency)
MVP scope (8–12 weeks)
Goal: one paying buyer cohort (Virtuals/Clanker agent creators), 500 verified suppliers, real USDC flowing.
Phases
- Week 1–2: foundations. Repo, Next.js, Foundry, Sepolia deploys.
- Week 3–5: supplier app. Onboarding, stake UI, 3 OAuth sources, PII stripping, questions surface.
- Week 6–8: TEE aggregator + plausibility detector + pattern index.
- Week 9–10: buyer dashboard + SDK + 5 query templates.
- Week 11–12: mainnet launch via Clanker. First 10 paying buyers + 500 suppliers.
Out of scope (v1)
- Browser extension
- Live interview tier
- Validator network (automated slashing from plausibility + buyer ratings is enough at MVP)
- Mobile app
- Full decentralization of TEE
- Any identity verification — never, not even v2
Risks & honest tradeoffs
| Regulatory (AML / money-transmitter) | Frame as data licensing, not financial. Lawyer pre-launch. Geofence if needed. |
| Cold-start | Lead with buyers, not suppliers. Pay early suppliers from treasury. |
| Sybil farming (no identity gate) | Stake-to-supply + plausibility + reputation. Aggregate quality is what gets paid for. |
| Plausibility detector gets gamed | Open source it day one. Bug-bounty + treasury-funded red-teaming. |
| Ethics optics | Counter-frame: stop letting Big Tech take it for free. |
| Big Tech ships native equivalent | They literally can't match the anonymity guarantee. Their model requires identity. |
| Buyer side stays speculative | Wedge first on Virtuals/Clanker creators with real budget. |
| Data quality degradation | Reputation + slashing + buyer ratings compound. Low-quality personas economically self-exit. |
Living document. Amendments are governance-controlled once $NPCFI is live. Until then, this is the canonical product spec.