Strategy Hub
Firma Network
×
LightCI
Identity & Agent Infrastructure Brief
Confidential · February 2026
Firma Network × LightCI Technical Brief · Identity + Agent Infrastructure

The Foundation
Every Person
Carries With Them

We are building a network where every participant has a soulbound identity, a personal agent, and a declared moral framework. The identity travels across every product in the ecosystem. The agent acts on your behalf in every context. The moral framework is the operating constraint you declare before you can participate. These three things — identity, agent, framework — are a single piece of infrastructure. This brief is the specification for that infrastructure. We are commissioning LightCI to build it.

Deliverable 1
Moral Framework Declaration Contract
Deliverable 2
Soulbound Identity Token
Deliverable 3
Personal Agent Initialization
Deliverable 4
Cross-Context Reputation Registry
Deliverable 5
ZK Privacy Credential Layer
Context
01

What Firma Network Is
and Why This Infrastructure Matters

Firma Network is a sovereign agentic economy — a union of network states that trade with each other, govern themselves, and hold a sovereign reserve currency (FIG) backed by verified productive assets. Every person in the ecosystem has a personal agent. Every agent operates from a declared moral framework. The ecosystem spans multiple products: Firmamint (the Optimism L2 chain), Seedbase (a giving and funding platform), NSSim (the Network State Simulator), and the NSA (the Network State Alliance, the governing entity). What LightCI is building is the identity layer that makes a person's presence coherent across all of them.

The Problem This Infrastructure Solves
WITHOUT this infrastructure: ├── A person giving through Seedbase has no identity that carries to NSA governance ├── A person building a network state in NSSim has no record of who they are or what they've done ├── A person contributing compute to the reserve layer has no reputation that earns them access ├── A person's agent acts without any declared constraint — it optimizes for whatever it's told to └── The ecosystem has activity but no identity — no trust layer, no history, no coherent personhood WITH this infrastructure: ├── One soulbound identity per person — non-transferable, portable across every Firma product ├── One reputation registry — giving history, governance record, build history, contribution quality ├── One personal agent — initialized from identity, operating within declared moral framework ├── One moral framework declaration — public, on-chain, the entry condition for participation └── One privacy layer — prove your reputation tier without exposing what you'd rather keep private THE RESULT: Every product in the ecosystem knows who you are, what you've done, and what you stand for. Your reputation travels. Your agent acts from your values. Your history is yours and it's real.
Deliverable 1
02

The Moral Framework
Declaration Contract

Before a person receives a soulbound identity token, before their agent is initialized, they complete a moral framework declaration. This is not a terms of service. It is a values declaration stored on-chain that becomes the operating constraint for their personal agent. The framework is open source — Firma does not own what "good" means. But participation requires declaring which version of the framework you're operating under. No declaration, no participation. This contract is the gate.

The Three Dimensions Every Person Declares

I
Orientation
How you approach participation in the network — the posture your agent takes by default. Generosity as default, not extraction. This does not mean you cannot trade or earn. It means the frame through which your agent acts is "what does this create for the collective" before "what does this return to me."
Generosity — giving, building, contributing as primary mode
Exchange — trading, earning, operating in markets
Stewardship — governing, maintaining, preserving
II
Scope
The scale at which your agent prioritizes outcomes. You declare who you are building for. This shapes how the reputation system scores your actions — a person who declares global scope is evaluated against broader impact, not just personal network outcomes.
Local — my network state, my community
Regional — my union, my aligned network states
Global — all of humanity, the broader ecosystem
III
Constraints
What your agent will never do, regardless of instruction. These are inviolable and public. Declaring a constraint means your reputation score actively tracks compliance. Violation of a declared constraint is the most serious reputation event in the system — it means you acted against what you publicly said you stood for.
Never extract from vulnerable actors
Never deceive to gain advantage
Never accumulate without contributing back
Never harm the commons for private benefit
Technical Requirement
Declaration stored on-chain in identity contract
The three-dimension declaration is written as a structured data object to the identity contract on Firmamint at initialization. It is immutable unless the person re-declares under a new framework version through the governance process. The declaration is public — any contract, any agent, any institution in the ecosystem can read what you declared.
Technical Requirement
Declaration required before identity token is minted
The identity contract enforces declaration as a prerequisite. The mint function reverts if no valid framework declaration exists for the address. Undeclared addresses cannot receive identity tokens. Identity tokens are the prerequisite for agent initialization. This chain of requirements is the enforcement mechanism — not a human review process, but a contract-level gate.
Technical Requirement
Framework versioning — declarations reference a version hash
The open-source framework will evolve through NSA governance. Declarations must reference the framework version they were made under (stored as a content hash of the framework document). When the framework updates, existing declarations remain valid under the version they declared. People can choose to re-declare under a new version. The version history is auditable.
Technical Requirement
Alignment scoring — agent behavior measured against declaration
The reputation registry receives alignment score updates from the agent layer. Every significant agent action is evaluated against the declared framework and produces an alignment delta — positive (acted in alignment) or negative (diverged from declared constraints). The alignment score over time is visible in the reputation profile. The gap between declaration and behavior is the trust signal.

The moral framework is not a filter on who can join. It is a declaration of how you will act while you are here. The network makes your values visible — and then watches whether you live up to them.

Deliverable 2
03

Soulbound Identity Token —
One Per Person, Non-Transferable

One soulbound token per person. Non-transferable. Deployed on Firmamint. It anchors your moral framework declaration, your personal agent, and your reputation registry. Every product in the Firma ecosystem reads from this token — Seedbase, NSSim, NSA governance, the reserve layer. There is no separate login, no separate identity per product. You are the same person everywhere in the ecosystem. This is not a new concept technically — LightCI has the expertise. The specific requirement here is the moral framework integration and the cross-product reputation portability.

Identity Token — Data Structure
SoulboundIdentity { // Core address owner; uint256 tokenId; uint256 mintedAt; // Moral Framework bytes32 frameworkVersion; // content hash of declared framework doc uint8 orientation; // 0=generosity, 1=exchange, 2=stewardship uint8 scope; // 0=local, 1=regional, 2=global uint8[] constraints; // declared inviolable constraints, array of enum values uint256 declaredAt; // Agent address agentAddress; // the personal agent contract initialized from this identity uint256 agentInitializedAt; // Reputation (read from registry, not stored in token) // reputation is stored in ReputationRegistry, keyed by tokenId // this keeps the identity token lightweight and upgradeable separately // Privacy bytes32 credentialRoot; // merkle root for ZK credential generation }
Technical Requirement
Non-transferable at contract level
Transfer functions revert. The token cannot move to another address. It is not sellable, delegatable, or borrowable. If an address is compromised, recovery process requires NSA governance approval and creates an auditable event in the identity history. There is no silent key rotation.
Technical Requirement
One token per real person — Sybil resistance
LightCI's expertise in verifiable credentials is directly relevant here. The onboarding process should make it technically and economically difficult to hold multiple identity tokens. Recommended approach: a combination of proof-of-personhood credential (World ID, Proof of Humanity, or equivalent) plus a one-time social verification. The Sybil resistance mechanism should not require collecting PII that Firma stores — the proof should be zero-knowledge where possible.
Technical Requirement
Cross-product read access — standard interface
Every Firma product (Seedbase, NSSim, NSA governance, reserve layer) reads from the same identity token using a standard interface. LightCI defines this interface as part of the deliverable. Third-party builders — NSS cohort projects, Base builder grants — integrate against the interface, not against a bespoke implementation. The interface is the public API of the identity layer.
Technical Requirement
Upgradeable identity — framework re-declaration and history
The identity token must support re-declaration when the moral framework updates. Re-declaration writes a new framework version reference to the token but preserves the full declaration history. The history of what framework version you declared, when, and what changed is auditable. You cannot retroactively change what you declared. You can only declare going forward.
Deliverable 3
04

Personal Agent —
Initialized From Identity,
Operating From Values

Every soulbound identity token initializes a personal agent. The agent is not a chatbot. It is the on-chain expression of your identity and your declared moral framework. It acts on your behalf across every Firma product. When you give through Seedbase, your agent acts. When you vote in NSA governance, your agent acts. When you build a network state in NSSim, your agent advises you from your own history, not a generic model. The agent's actions are what build your reputation. The agent's alignment with your declared framework is the signal that determines your trust rating in the ecosystem.

Personal Agent — Architecture and Capability Modules
PersonalAgent — initialized from SoulboundIdentity ├── Reads declared framework from identity token at initialization ├── Framework parameters become the agent's operating constraints ├── Agent address stored in identity token — one-to-one relationship └── Agent cannot be re-initialized with different framework without re-declaration on identity MODULE 01 — Giving / Matching (Seedbase) ├── Mission alignment scoring: match giving history + declared framework to available missions ├── Donor reputation accumulation: consistency, reliability, LP participation quality ├── LP matching: connect proven donors to funding pools for framework-aligned projects └── BUILT BY: Mintware (extends this module for Seedbase product) MODULE 02 — Governance (NSA) ├── Vote according to declared preferences and historical governance positions ├── Proposal quality scoring: surface proposals that align with declared scope and orientation ├── Participation consistency tracking: governance reputation written to registry └── BUILT BY: LightCI (core module, NSA governance integration) MODULE 03 — Advisory (NSSim) ├── Advise on territory design from personal history — your giving history, your past builds ├── Surface alignment: "your declared framework prioritizes climate resilience — this territory scores well" ├── Not a generic tool — calibrated to the person, not a default user └── BUILT BY: Contracted shop (extends this module, spec written by Firma AI engineer) MODULE 04 — Contribution Settlement (Reserve Layer) ├── Manage compute contribution transactions — settlement, routing, fee collection ├── Asset and energy capacity tracking ├── Contribution reputation written to registry └── BUILT BY: LightCI (core module, reserve layer integration) FRAMEWORK ALIGNMENT SCORING — runs on every significant agent action ├── Action is classified against declared orientation, scope, and constraints ├── Alignment delta computed: +positive (aligned) or -negative (diverged) ├── Delta written to ReputationRegistry with action hash and timestamp └── Cumulative alignment score is the most important signal in the trust layer
Technical Requirement
Modular capability architecture — modules extend, not replace
The personal agent ships with four base modules. Third-party builders (Mintware for Seedbase, NSS for the governance designer, Base builders for the tokenomics module) extend the agent by implementing a defined module interface. They cannot replace the core identity layer, the framework alignment scoring, or the reputation registry writes. Extension is additive. The core is owned by Firma/LightCI.
Technical Requirement
ERC-4337 account abstraction compatibility
The personal agent should be compatible with ERC-4337 account abstraction so it can be the smart account that executes transactions on behalf of the user. This is the mechanism that makes "your agent acts for you" real on-chain — not just a metaphor. The agent as smart account means user operations (giving, voting, contributing compute) are executed by the agent contract, with the user's signature as authorization.
Technical Requirement
Framework-constrained execution — agent cannot act against declared constraints
Declared constraints are encoded as execution guards at the contract level where possible. For on-chain actions (transfers to flagged addresses, certain transaction types), the constraint check should revert the transaction before it executes. For off-chain agent behavior (advisory outputs, governance recommendations), constraints are enforced at the AI layer — the model is prompted with constraints as system-level instructions that cannot be overridden by user instructions.
Technical Requirement
Agent initialization only from valid soulbound identity
The agent initialization function reads from the identity token and fails if: (a) no valid identity token exists for the address, (b) no framework declaration exists in the identity token, (c) the framework declaration has been invalidated. There is no path to an agent without a declared identity and a declared framework. This is not a UX gate. It is a contract-level enforcement.
Deliverable 4
05

Cross-Context
Reputation Registry

One reputation registry. All contexts write to it. Your giving history from Seedbase, your governance participation from NSA, your build history from NSSim, your compute contributions from the reserve layer — they all accumulate in the same registry under the same identity token. The registry is multi-dimensional — not a single score, but a profile of dimensions that surfaces different signals in different contexts. A summary credibility score is computed from the dimensions for use in matching and access logic.

Dimension Written by What it tracks Where it surfaces
Giving History Seedbase / Mintware agent module Missions supported, frequency, amounts, follow-through on LP commitments, mission outcome tracking where available LP matching in Seedbase, co-investor signals in NSSim, NSA grant committee access
Governance Participation NSA governance contracts Votes cast, proposals submitted, quality scores on proposals, consistency over time, alignment with passed governance outcomes NSA committee eligibility, NSSim governance designer access tier, FIG issuance governance rights
Build History NSSim on-chain contracts Territories designed, SRI validation scores received, projects deployed to Firmamint, cohort completion records, IP Trust submissions Investor matching in NSSim, SRI review queue priority, NSS cohort leader eligibility
Contribution Record Reserve layer settlement contracts Compute contributed (hours, capacity), energy capacity, asset holdings, uptime reliability for compute contributions Reserve layer access tiers, FIG earning eligibility, NSA treasury co-management rights
Framework Alignment Agent alignment scoring — all modules Gap between declared framework and actual agent behavior across all contexts. This is the most important dimension — it measures whether you are who you said you were. Everything — this is the master trust signal that all other dimensions are weighted against
Ecosystem Tenure Identity contract — time-based Time since identity minted, continuous active participation, periods of inactivity, framework re-declaration history Access to longer-horizon LP positions, senior governance roles, mentorship matching in NSS cohorts
Technical Requirement
Registry is append-only — no retroactive editing
Every write to the reputation registry is permanent. No action can be removed from history — only future actions can change the trajectory of the reputation score. This is not punitive. It is what makes reputation meaningful. A person who behaved badly in year one and well in years two through five has a visible and verifiable arc. The history is the signal.
Technical Requirement
Standard write interface for all products
Seedbase, NSSim, NSA governance, and the reserve layer all write to the registry via a standard interface. Only authorized product contracts can write — unauthorized writes revert. Authorization is managed by the NSA multisig. When new Firma products are built (by NSS cohort builds, by Base grant projects), they apply to the NSA for write authorization. The registry remains the single source of truth.
Technical Requirement
Multi-dimensional profile + summary score
The registry stores raw dimension data. A scoring contract computes the summary credibility score from dimensions using configurable weights. Weights are governed by NSA — the community decides how much each dimension counts. The summary score is used in matching and access logic. The full dimensional profile is available for any context that wants to read specific signals rather than the aggregate.
Technical Requirement
Reputation does not decay — but inactivity is tracked
Past contributions are permanent. They do not decay over time. However, inactivity is tracked as its own dimension — a person who was highly active two years ago and has been absent since has a visible inactivity signal. Active participants have a recency dimension that inactive participants lack. This is not a penalty for absence — it is honest signal about who is currently engaged versus who was historically engaged.
Deliverable 5
06

ZK Privacy Credential Layer —
Prove Without Revealing

The reputation registry is on-chain and auditable by NSA governance. But people have reasonable privacy expectations about the specifics of their giving history and their build record. The ZK credential layer lets people prove their reputation tier, their alignment score, their tenure, and specific dimension thresholds — without revealing the underlying data that generated those credentials. This is LightCI's core competency. The specific credentials Firma needs are defined here.

ZK Credentials — What People Can Prove Without Revealing
CREDENTIAL 01 — Reputation Tier Prove: "my summary credibility score is above threshold T" Without revealing: the specific score, the dimensional breakdown, the actions that generated it Used for: LP matching access gates, NSSim On-Chain mode access, NSA committee eligibility CREDENTIAL 02 — Giving Consistency Prove: "I have given consistently for N months without gaps exceeding G days" Without revealing: which missions, how much, when specifically Used for: LP trust scoring in Seedbase, co-investor signal in NSSim capital rounds CREDENTIAL 03 — Framework Alignment Prove: "my framework alignment score is above threshold A" Without revealing: the specific actions that generated alignment or divergence events Used for: governance eligibility, access to senior NSA roles, FIG issuance governance rights CREDENTIAL 04 — Build History Prove: "I have completed N NSSim builds with SRI validation scores above threshold V" Without revealing: the specific territories, the specific scores, the specific projects Used for: investor matching in NSSim, NSS cohort leader eligibility CREDENTIAL 05 — Ecosystem Participation Prove: "I have been an active participant in the Firma ecosystem for N months" Without revealing: what specifically I did during that time Used for: tenure-gated access (longer-horizon LP positions, mentorship roles) WHAT CANNOT BE HIDDEN The moral framework declaration is always fully public — what you declared is visible to everyone The framework alignment score trajectory is visible — whether you are aligned or diverging is public The existence of your identity and your agent are public — you cannot participate anonymously NSA governance has full read access to the complete registry for any governance purpose
Contract Terms
07

Deliverables, Terms,
and What LightCI Earns

This is not a consulting engagement. LightCI builds a defined set of deliverables, transfers full IP to the Firma Collective trust, and earns economic rights in the collective proportional to their contribution. Economic rights are not equity, not tokens, not a promise. They are on-chain records in the NSA economic rights registry — the same structure every contributor to the collective operates under. LightCI's contribution is foundational. Their economic rights reflect that.

1
Moral Framework Declaration Contract
Solidity · Deployed on Firmamint
On-chain declaration contract with three-dimension schema (orientation, scope, constraints). Framework versioning with content hash references. Declaration required before identity mint. Alignment scoring interface for agent layer to write against. Full test suite. Audit-ready code. Includes the onboarding UX flow that guides a person through their declaration before receiving their identity token.
2
Soulbound Identity Token
Solidity + Verifiable Credentials · Deployed on Firmamint
Non-transferable ERC-721 variant with declaration prerequisite enforcement. Sybil resistance mechanism using proof-of-personhood (ZK where possible). Standard cross-product read interface. Upgradeability for framework re-declaration with immutable history. Agent address stored in token. The interface definition is the public API for all third-party Firma builders. Full documentation for third-party integration.
3
Personal Agent Base Contract + Module Interface
Solidity + ERC-4337 · Deployed on Firmamint
Personal agent contract initialized from soulbound identity. ERC-4337 account abstraction compatible. Four base capability modules: governance participation, contribution settlement, framework alignment scoring, and reputation registry write integration. Defined module interface that Mintware (Seedbase), NSS (governance designer), and Base builders (tokenomics module) implement to extend agent capabilities. Framework constraint enforcement at execution level where feasible.
4
Cross-Context Reputation Registry
Solidity · Deployed on Firmamint
Append-only reputation registry with six dimension schema. Standard write interface with NSA-managed authorization. Multi-dimensional profile storage with configurable summary score computation. Inactivity tracking as explicit dimension. Full read interface for all Firma products — matching, access gating, governance eligibility, investor signals. Events emitted for all writes for off-chain indexing.
5
ZK Privacy Credential Layer
ZK Proofs + Verifier Contracts · Deployed on Firmamint
Five ZK credential types as specified: reputation tier, giving consistency, framework alignment, build history, ecosystem participation. Credential generation from reputation registry data. On-chain verifier contracts for each credential type. Credential generation SDK for Firma product teams. Documentation for integrating credential verification into access gates and matching logic.

Contract Terms

IP Ownership
Full transfer to Firma Collective trust on delivery
All code, documentation, ZK circuit designs, and interface definitions transfer to the Firma Collective trust on final delivery acceptance. LightCI retains no licensing rights, no usage restrictions, no backdoors. The trust owns the infrastructure. The collective governs it through NSA. LightCI retains the right to reference this work in their portfolio with Firma's written approval.
Compensation
Economic rights in the Firma Collective, minted on delivery
LightCI earns economic rights in the Firma Collective proportional to the foundational nature of their contribution. Rights are minted on-chain in the NSA economic rights registry on final delivery acceptance. Economic rights entitle LightCI to a proportional share of the collective's economic activity — the same structure every contributor operates under. No equity, no tokens. On-chain rights in the collective they helped build.
Timeline
Phased delivery against Firmamint build schedule
Delivery is phased against the chain build: (1) Declaration contract and identity token delivered with Firmamint testnet, (2) Personal agent base contract delivered on Firmamint mainnet, (3) Reputation registry delivered with first product integration (Seedbase), (4) ZK credential layer delivered with NSSim On-Chain mode. LightCI has access to Firmamint testnet from day one of the engagement.

LightCI is not a vendor. They are the first infrastructure contributor to the Firma Collective. The identity layer they build is the foundation every person in the ecosystem carries with them — permanently.

Next Steps

What Happens
After This Brief

Step 1
LightCI reviews brief and asks questions
We expect questions on the ZK credential design (which proof system, which trusted setup), the Sybil resistance mechanism (which proof-of-personhood), and the ERC-4337 agent architecture. All are open design questions we want LightCI to drive. The spec defines the requirements — LightCI defines the implementation approach.
Step 2
LightCI delivers implementation proposal
A written proposal covering: implementation approach for each of the five deliverables, technology choices with rationale, timeline phased against Firmamint build schedule, team composition, and economic rights ask. The rights ask should reflect the foundational nature of this contribution — this is the infrastructure layer the entire ecosystem depends on.
Step 3
Alignment meeting with Firma AI engineer
Before contract signature, LightCI meets with Firma's senior AI engineer to align on the agent architecture, the module interface design, and the reputation registry write protocol. The AI engineer is the other half of this infrastructure — they build the agent AI layer on top of what LightCI builds. The two need to be designed together.
Step 4
Contract signed, rights allocated, testnet access granted
Contract executed. LightCI's economic rights are pre-allocated in the NSA economic rights registry — confirmed at signing, minted on delivery. LightCI receives immediate testnet access to Firmamint so they can begin development against the live chain environment from day one. First milestone: moral framework declaration contract and identity token on testnet within six weeks of contract signature.