L1
Hallucination Blacklist
Reject obviously hostile or disallowed payloads before secrets move anywhere.
This docs surface stays focused on the commercial product surface itself: integrity seal, integrity unseal, metadata, health, SDK path, and what each request gains from the pipeline.
Step 1
Login with wallet
Wallet login registers the developer account. Founder wallet becomes owner. Other wallets become developer users.
Step 2
Create app key
Each app gets its own managed API key. Usage, revocation, and rate controls stay per app.
Step 3
Integrate SDK or REST
Use the official TypeScript SDK source now, or call the platform endpoints directly from your stack.
Step 4
Pick your layer mode
Use integrity endpoints for full record flow, or call blacklist, audit, proof, governance, handshake, and status modules independently.
API Key Rule
Raw API keys are shown once at creation time. YieldBoost stores only a hashed representation after that. New keys are package-scoped: Free stays on non-AI verification modules, Builder and Pro can use the Alibaba anti-sybil module, and Protocol unlocks full compute, AWS Nitro Fortress, selected partner SDK wrappers, and all store surfaces. If a partner loses the raw key, the secure path is to revoke and mint a new one, not to reveal it again from the server.
For productized endpoints, open the Modular Immunity Armory. Each card has its own playground and docs for plugging a YieldBoost API key into another developer's web app.
Public base: https://dev.yieldboostai.xyz. Local base: http://127.0.0.1:3030.
The official SDK source now ships inside this repository at `sdk/yieldboost-ai-sdk`. It is ready to vendor or publish, and it wraps the API key header plus the public integrity, audit, proof, governance, handshake, and status surface.
Node / server example
import { YieldBoostClient, sealWithSigner, unsealWithSigner } from "yieldboost-ai-sdk";
import { Wallet } from "ethers";
const client = new YieldBoostClient({
apiKey: process.env.YIELDBOOST_API_KEY!,
baseUrl: "https://api.yieldboostai.xyz",
});
const signer = new Wallet(process.env.TEST_WALLET_PRIVATE_KEY!);
const sealed = await sealWithSigner(client, signer, {
network: "mainnet",
plaintext: "portfolio snapshot that must stay private",
metadata: {
app: "acme-backend",
purpose: "nightly-proof",
},
});
const opened = await unsealWithSigner(client, signer, {
network: "mainnet",
storageId: sealed.storage_id,
});
console.log(sealed.storage_id, opened.plaintext);Browser wallet example
import {
YieldBoostClient,
requestBrowserWalletAddress,
sealWithBrowserWallet,
} from "yieldboost-ai-sdk";
const client = new YieldBoostClient({
apiKey: import.meta.env.VITE_YIELDBOOST_API_KEY,
});
const walletAddress = await requestBrowserWalletAddress(window.ethereum);
const sealed = await sealWithBrowserWallet(client, {
provider: window.ethereum,
walletAddress,
network: "mainnet",
plaintext: "user-owned secret",
metadata: {
tenant: "consumer-app",
feature: "integrity-backup",
},
});If you do not want the SDK, keep your integration centered on the platform routes. The lower-level auth handshake exists behind the scenes, but the public story here stays on the 10-layer security surface.
Core integrity request
curl -X POST https://api.yieldboostai.xyz/v1/integrity/seal \
-H "Content-Type: application/json" \
-H "X-API-Key: yb_live_xxx" \
-d '{
"network": "mainnet",
"wallet_address": "0xYourWallet",
"signature_kind": "eip191",
"message": "signed wallet authorization message",
"signature": "0xSignedByWallet",
"plaintext": "confidential payload",
"mime_type": "text/plain",
"metadata": {
"tenant": "demo-app",
"purpose": "backtest-proof"
}
}'Python batch example
import os
import requests
api_key = os.environ["YIELDBOOST_API_KEY"]
storage_id = os.environ["YIELDBOOST_STORAGE_ID"]
metadata = requests.get(
f"https://api.yieldboostai.xyz/v1/integrity/{storage_id}/metadata",
headers={"X-API-Key": api_key},
).json()
print(metadata["storage_id"])
print(metadata["integrity_hash"])
print(metadata["anchor_tx_hash"])This page only shows the public surface that expresses the 10-layer security product. Legacy vault-prefixed transport routes are intentionally left out here so the developer story stays clean and separate from the hacker challenge product. Partner teams can use the full record flow or call individual layers as standalone security services.
POST /v1/integrity/seal
integration surface
Encrypt and persist plaintext or file through the full 10-layer TITAN X stack.
POST /v1/integrity/unseal
integration surface
Owner-only decrypt path. The same wallet that sealed must authorize unseal.
GET /v1/integrity/{storage_id}/metadata
integration surface
Read sanitized integrity metadata without exposing plaintext or ciphertext.
GET /v1/integrity/records?wallet_address=0x...&network=mainnet
integration surface
List integrity records for one wallet without exposing secret payload contents.
POST /v1/blacklist/check
integration surface
Use L1 as a standalone screening service for hostile or disallowed text payloads.
POST /v1/audit/evaluate
integration surface
Use L1 and L2 as an integrity audit service without sealing or anchoring payloads.
POST /v1/proof/run
integration surface
Use L6 Zero-Knowledge Proof Layer to generate or verify proof envelopes for arbitrary commitments.
POST /v1/governance/evaluate
integration surface
Use L8 Programmable Governance as a policy decision service for any product surface.
POST /v1/handshake/log
integration surface
Use L9 to write audit-grade coordination logs even when no integrity record is created.
GET /v1/status/layers
integration surface
Read platform status for each of the 10 layers as its own product surface.
GET /v1/health
integration surface
Check infra readiness, active network, and live L1-L10 status.
This is the part worth being loud about. Partner apps are not just calling a storage endpoint. Every request enters a layered integrity pipeline designed to filter abuse, isolate sensitive computation, persist proof-backed records, and keep an audit trail that survives beyond a single process.
L1
Reject obviously hostile or disallowed payloads before secrets move anywhere.
L2
Deterministic logic checks catch malformed or suspicious requests.
L3
Sensitive encryption and decryption happen inside isolated, on-demand compute.
L4
Ownership and integrity state are recorded without leaking payload content.
L5
Encrypted proof receipts are pushed to decentralized storage.
L6
Proof envelope and integrity hash are produced for later verification.
L7
Storage commitments are anchored to 0G so records become externally inspectable.
L8
Policy gates, rate limits, and circuit breakers protect the surface.
L9
Security logs and cross-agent audit traces preserve operational accountability.
L10
Continuity rail and enclave witness for the full-stack product surface.