Private deliverables are hard to settle fairly
Smart contract audits, private patches, unreleased designs, diligence packets, and internal datasets often cannot be posted to a public chain or shared widely with a counterparty.
Private work. Public settlement.
BlindArbiter
BlindArbiter settles milestone escrow without exposing the deliverable.
A buyer escrows funds against a natural-language rubric. A seller submits sealed evidence. BlindArbiter produces a redacted verdict, then either releases the escrow or opens a dispute with verifiable onchain receipts.
Blind review workeroperator runtime
Ethereum Sepolia escrowdeployed
Arkhai lifecyclesettled live
Status receipts4 anchored
Agent activity3/22/2026, 5:19:04 PM
What is live
5Ethereum Sepolia txs
6Arkhai txs
4Status receipts
15verifiable proof events
Problem
Teams need to settle private milestone work without exposing audits, patches, or due diligence files.
Mechanism
BlindArbiter reviews sealed evidence inside a self-hosted Ubuntu operator runtime, emits a redacted verdict, and drives release or dispute without leaking the underlying deliverable to external APIs.
Proof
Escrow settlement is live on Ethereum Sepolia, Arkhai is settled on Sepolia, and receipts are anchored on Status.
Agent runtime
The blind review worker is a self-hosted OpenClaw agent running in a secure Ubuntu operator environment. Sensitive deliverables stay inside that runtime and are evaluated deterministically without being sent to external APIs.
This public deployment is a read-only proof site. Live case execution stays on the operator environment.
Blind review with public consequences
- Buyer funds a milestone escrow against a natural-language acceptance rubric.
- Seller submits sealed evidence for review without exposing the underlying work.
- The blind review worker evaluates the rubric inside a secure Ubuntu environment using the OpenClaw framework.
- BlindArbiter issues a redacted verdict and settles release or dispute with onchain receipts.
Privacy guarantee
The blind review worker is a self-hosted autonomous AI agent running in a secure Ubuntu operator environment via OpenClaw. Sealed deliverables are evaluated deterministically inside that runtime, so sensitive artifacts never need to leave the operator environment or be shipped to third-party APIs.
The proof is onchain
- Ethereum Sepolia shows the escrow contract and the canonical release flow.
- Arkhai shows a live natural-language agreement lifecycle from creation to collection.
- Status shows receipt anchoring for verdict and settlement events.
Settlement flow
The buyer and seller see the same public consequences, while the sealed review stays inside the operator runtime.
Buyer funds escrow
A milestone is funded against a natural-language acceptance rubric instead of an informal chat agreement.
Seller submits sealed evidence
The seller uploads a private artifact bundle and narrative without exposing the deliverable to the counterparty.
Local agent evaluates rubric
A self-hosted OpenClaw agent running in a secure Ubuntu operator environment scores the sealed submission deterministically.
Redacted verdict is posted
BlindArbiter writes a public verdict summary, report hash, and receipt trail without leaking the sensitive artifact.
Onchain settlement
The milestone is released or disputed onchain, while Status receipts anchor the public consequences.
Live Proof
Real deployments and real transaction traces used by the current demo.
Ethereum Sepolia
Escrow contract
0x89cf6d586902b8750e6d6e5158c51e838cae7aa0
Operator wallet
0x8942F989343e4Ce8e4c8c0D7C648a6953ff3A5A2
Deploy tx
Deployed at
3/21/2026, 1:46:06 PM
Canonical case
Case 5
Escrow amount
0.0002 ETH
Final status
released
Completed at
3/22/2026, 5:19:04 PM
Buyer
0x8942F989343e4Ce8e4c8c0D7C648a6953ff3A5A2
Seller
0x69449340611aE2D705E5CF6f1109E210c4f7b2d3
Arbiter
0x8942F989343e4Ce8e4c8c0D7C648a6953ff3A5A2
Counterparty separation
buyer and seller are distinct wallets
create casesuccess
accept casesuccess
submit deliverablesuccess
post verdictsuccess
releasesuccess
Arkhai / Alkahest
Live NLA lifecycle
Escrow UID
0x7dcb3e401d6b849ac2bde9f989348ee0fa80e76d19ab1a8dabf57b6ef2ac9502
Fulfillment UID
0xa6d957eff3f9afcdf9689e4896b407292f73a7a32274be11ffe0078c26141da8
Collection tx
token deploylive
create escrowlive
fulfill string obligationlive
request arbitrationlive
oracle decisionlive
collect escrowlive
Status Sepolia
Receipt registry
0x6d67cf8ba5857425bed0d2b214e0ce2814f7db07
Registry deploy tx
Anchored receipts
4
releasede599f87b-a2dc-4b8d-8e49-ff9e5eea7596
verdict postede599f87b-a2dc-4b8d-8e49-ff9e5eea7596
disputedcase-access-control-audit
verdict postedcase-access-control-audit
Canonical settlement
This is the reference BlindArbiter flow shown in the demo and backed by the live proof above.
released
Milestone value
$123
Settlement path
release
Buyer
Verifier Team
Seller
Verified Seller
Milestone rubric
Release escrow only when the sealed patch narrative explains the access fix, test evidence, and secret handling.
Sealed submission
The private patch explains how privileged functions are protected after the patch, documents test execution evidence, and confirms secrets remain sealed during review.
Redacted verdict
All private acceptance signals aligned with the milestone rubric.
Privileged functions are protected after the patch,Test execution evidence is documented,Secrets remain sealed during reviewpass
Matched 24 relevant signals inside the private narrative.
Why the verdict is credible
The public site cannot show the sealed work itself, so it shows the chain of consequences instead.
Escrow release happened onchain
The canonical case reached a released state on Ethereum Sepolia after the verdict was posted.
Status anchored the receipt trail
Verdict and settlement actions are published as receipts instead of exposing the private deliverable.
Arkhai mirrored the dispute logic
A live natural-language agreement was created, fulfilled, arbitrated, and collected on Sepolia.
Blind review stayed sealed
The public proof shows hashes, verdicts, and txs while the deliverable remains private.
Canonical dispute
Illustrative failed milestone: the sealed work stayed private, but the rubric was not satisfied and the dispute path was triggered.
disputed
Milestone value
$500
Settlement path
dispute
Buyer
Security Council
Seller
Private patch contributor
Milestone rubric
Release only if the sealed patch bundle documents test execution evidence, rollback notes, and access-control coverage for the proposed fix.
Sealed submission
Seller submitted a sealed patch bundle for an authorization fix with a narrative summary, but omitted reproducible evidence for executed tests and did not document rollback verification.
Redacted verdict
The private patch explains the code change, but the sealed submission failed to document test execution evidence and rollback verification. BlindArbiter therefore withheld release and triggered the dispute path.
Patch scope matches rubricpass
The sealed bundle appears to address the requested authorization boundary.
Test execution evidencefail
No reproducible proof of executed tests or attested command output was included in the sealed package.
Rollback and recovery notesfail
The submission did not document how the private patch could be reverted safely if the milestone failed in production.
Why the dispute is verifiable
The public proof still shows the consequence chain even though the failed milestone remains sealed.
Failure reason was redacted, not leaked
The failed milestone references missing test execution evidence, not the private patch contents themselves.
Dispute receipts anchor the branch onchain
BlindArbiter can post both a verdict receipt and a dispute receipt on Status, giving the failed path the same auditability as a release.
Operator runtime keeps review sealed
The OpenClaw worker runs in the operator secure Ubuntu environment, so the failed submission never needs to leave that boundary.
Next step
Run BlindArbiter in your own operator environment
Clone the repo, deploy the escrow contracts, and keep sealed review inside your own Ubuntu and OpenClaw runtime while preserving the same public receipt trail.