Announcing Always Online (AOL): Native ICP Access Management
Today we’re announcing Always Online (AOL), an ICP-native protocol for conditional, token-gated access using VetKD keys. AOL enables smart access patterns across web3—DAOs, DataDAOs, agent swarms, and shared resources.
The architecture is simple: balance-checked gates on DFINITY determine access, and VetKD-derived decryption keys handle the rest. The codebase is intentionally lean—a Motoko canister, a TypeScript SDK, and a Python SDK. Because the surface area is small, every line matters.
We’re looking for technical dev feedback on the architecture and derivation logic from folks experienced with VetKD and access control patterns on ICP.
Derivation Spec v1 Highlights
- Deterministic: All implementations (Motoko, Python, TypeScript) produce byte-identical output for the same inputs.
- Simple preimage: Gate parameters (chain, token address, threshold, CID) are concatenated with colon separators and a fixed domain tag, then SHA-256 hashed to produce the 32-byte derivation input.
- VetKD-native: Output feeds directly into
vetkd_derive_keyand IBE encryption/decryption.
For the full implementation including serialization rules, test vectors, and VetKD configuration, see the repo.
Repo: GitHub dot com havencto/haven-aol