Skip to main content
Z responds to each of the four problems with a distinct architectural mechanism. The mechanisms are designed to compose: the same primitives that deliver access also deliver verifiability, the same privacy substrate that protects user data also protects agent data, and the same property-rights layer that enables agent transactions does so across the inference, settlement, and on-chain layers.

Access → permissionless and unbiased architecture

Z routes inference through an open network of providers and trust tiers, not a single gated endpoint. The Z Inference Gateway is a single API surface backed by frontier providers (Tier 1), partner GPU networks running open-source models under contractual privacy (Tier 2), and trusted execution environments (Tiers 3 and 4). Tier selection is per request; the gateway does not impose a preferred provider. When the chain ships, the access layer extends to a permissionless validator network and to community-hosted models registered against an open model registry. Frontier providers participate alongside open-source hosts; the routing engine does not prefer one origin over another except by user-stated criteria (cost, latency, quality, or trust tier). The architectural commitment is that access is open by default, gated only by what the user chooses to gate it on.

Reliability → guided, verifiable execution

Every inference call is anchored to a verifiable origin: the model that ran, the trust tier under which it ran, and the conditions under which the response was produced. On Tier 3 the response is supported by a hardware attestation chain that the developer can verify independently. On Tier 4 it anchors to a silicon-signed metadata trailer that the gateway relays without inspection. The architectural commitment is that what came out of the model is a verifiable fact, not a claim from the vendor.

Autonomy → programmable property rights

Z is designed around the assumption that agents are first-class principals. This shows up in several concrete ways: wallet-native authentication via SIWE, where an agent can sign in and pay without a human-in-the-loop credentialing step; x402 per-request settlement, where agents pay for inference at the precision of a single request rather than via subscription billing; MPP pre-authorized sessions, where an agent can run many calls within a bounded budget without per-request settlement overhead; and on-chain composition into Z Trade and Z Lend, where agents can hold shielded balances and take actions directly. The architectural commitment is that the system treats an agent as an economic actor with the same standing as a human one.

Privacy → ZK-shielding and TEEs

Z deploys two complementary privacy mechanisms, used at different layers. Trusted Execution Environments secure inference itself. On Tiers 3 and 4 the inference runs inside hardware enclaves that produce attestations of their code and configuration. On Tier 4, the prompt and response are end-to-end encrypted; the gateway is a blind byte-pipe that holds no decryption key. ZK-shielding secures on-chain assets and actions. This is the role of the ShieldedPool, which lets value enter a private state, move within that state without observable links, and exit on a different basis. The architectural commitment is that privacy is structural, not policy. On Tier 4 the gateway cannot retain user content because it never sees it. On the ShieldedPool, value inside the pool is unlinkable because the cryptography makes it so.

Full-stack solution

Each of the four mechanisms is useful on its own. Composed, they describe a substrate on which agents can be deployed against work that matters: open access to capable models; verifiable evidence of what those models produced; the ability for agents to act and settle on their own behalf; and privacy protections that hold across the inference, settlement, and on-chain layers.