Receipts now anchor to two decentralized storage networks, not one

A founder we respect sent us the 0G docs and asked which modules we should fold in. We spent an afternoon on it, almost wrote a "here is why we are holding off" post, then re-read what we had written and realized we had answered the wrong question.

The question was not "should 0G replace our Filecoin mirror." The answer to that is no, and it stays no. The right question for a hackathon is "can 0G add a second public mirror on top of what we already have." That answer is yes, and shipping it took an afternoon.

What changed this week

Every signed receipt now gets pinned to two public storage networks instead of one. Filecoin (via Lighthouse) was already there from last week. 0G testnet is there now too.

The two networks hold byte-identical copies of the same receipt JSON. Your /security page shows two clickable links per receipt: one labeled filecoin:, one labeled 0g:. Either link gets you back to the same bytes we signed.

Why two networks instead of one

The honest answer: not because one was failing. Filecoin via Lighthouse works fine. We added 0G because the trust story gets meaningfully stronger when nobody can break the proof by knocking out a single storage provider.

If Lighthouse changes its terms tomorrow, the Filecoin link could break. If 0G's testnet indexer goes down, the 0G link breaks. The signed bytes themselves never change, but the convenient verification path through one network could close. With two parallel networks, a judge or an auditor can pick whichever one is up.

Same principle as keeping a backup of your photos in two cloud providers, except for the cryptographic proof that your assistant did what you said it did.

What did NOT change

The signed receipt is the same shape it was last week. The ed25519 signature is the same. The Solana fingerprint we publish every five receipts is the same. The /api/receipts/public-key endpoint returns the same key.

0G Storage joined the side of the architecture that holds the bytes, not the side that signs them. Storage is provenance. Signature is authenticity. We did not move any signature work to 0G; we duplicated the public-archive step.

What you do not have to think about

You do not have to know what 0G is. You do not have to install a wallet. You do not have to pay a 0G testnet fee. Both mirrors are operational metadata we run on our side. The only place 0G is visible to you is the small 0g: bafyrei... link next to each receipt on /security, and that link is one click away from a small JSON explanation page if you ever want to verify the bytes yourself.

What we still skipped from 0G

The hackathon scope is intentionally narrow: 0G Storage today, 0G Agent ID landing in a follow-up. The three other 0G modules (Compute, Persistent Memory, TEE Privacy) stay deferred. Decentralized GPU marketplace would break our "bring your own key" promise. Persistent Memory is still "coming soon" on their side. TEE inference privacy is a problem we already solved by not running inference ourselves.

If you are a founder evaluating any of these infrastructure platforms (0G, but also the various decentralized AI / wallet / agent stacks that show up every month), the move that worked for us was: "is there a smallest possible thing I can ship that adds verifiable value without rewriting my product?" The answer is usually a parallel index, a second mirror, or a redundant signer. Not a stack swap.

You did not buy us to learn about decentralized storage. You bought us for an assistant that drafts your email and waits for your tap. The two mirrors are part of why that tap is safe.