Skip to main content
All Work

Pramaan

On-chain provenance and trust infrastructure for GI craft products.

Year

2025

Status

Deployed — Sepolia testnet

Stack

Solidity · Hardhat · Next.js · JavaScript · OpenAI Vision · Ethereum Sepolia

Problem

Geographical Indication products — handwoven textiles, regional crafts, artisan foods — face endemic counterfeiting. The artisan who made the authentic product receives no royalty when counterfeits circulate. Buyers have no reliable verification mechanism. The supply chain is opaque by default.

Why it matters

GI tags protect cultural heritage and artisan livelihoods, but the protection is only as strong as the verification mechanism behind it. A paper certificate is trivially forgeable. A QR code pointing to a centralised database can be duplicated. The only verification mechanism that is non-trivially hard to fake is one where the proof lives on a public, append-only ledger with cryptographic identity binding that cannot be detached from the issuing entity.

Approach

Pramaan builds trust at three layers simultaneously. Identity layer: every artisan receives a soulbound (non-transferable) ERC721 token — their on-chain identity is permanently bound to their wallet. Trust layer: a web-of-trust vouching system, validator roles for institutional verification, and Aadhaar flag for identity anchoring. Product layer: every registration requires a craft score ≥ 60, passes an AI authenticity gate, and records full provenance data on-chain.

Architecture

Two Solidity contracts on Ethereum Sepolia. ArtisanRegistry manages soulbound identity tokens, artisan registration gating (craftScore ≥ 60), validator role management, Aadhaar verification flags, web-of-trust vouching with reputation tracking, and slashing for fraudulent pathways. ProductRegistry manages product lifecycle: verified-artisan-only registration, AI authenticity gate (terroir score ≥ 70), dynamic tapered royalties auto-settling to the original artisan on every transfer, and anti-clone scan nonce checkpointing to prevent replay attacks. The AI authenticity gate uses OpenAI Vision (Gemini Vision fallback). The model analyses the uploaded product image for visual markers consistent with the claimed craft type: texture patterns, colour composition, structural motifs, weave geometry. Returns a terroir score (0–100). Score below 70 blocks registration. This is first-level screening — not forensic authentication. The primary trust mechanisms are the verified identity binding and the on-chain supply-chain record. I owned the full blockchain stack: contract architecture, Hardhat configuration, deployment scripts, ABI extraction and frontend sync, and the complete web3 integration layer.

Deployed Contracts

ArtisanRegistry: 0xebbc94929cAa7ccFcDB92D879dF3305184ec3589
ProductRegistry:  0xe6f5eBb08532AD11A2b4Fb4dCa9aD4BDBffcF738
Network: Ethereum Sepolia (chainId 11155111)

System flow

Artisan connects walletSoulbound ERC721 issued (craftScore ≥ 60 gate)Aadhaar flag + validator approvalWeb-of-trust — other artisans vouchUpload product image → AI gate (terroir score ≥ 70)On-chain registration with provenance fieldsQR certificate generatedTransfer → tapered royalty auto-settles to original artisanAnti-clone nonce checkpointBuyer verifies trust trail + handler chain + nonce replay check

Tradeoffs

Aadhaar verification is a mock on-chain flag — not a live KYC integration. Real UIDAI API access is not available to individual developers outside official partnerships. The flag architecture is correct; the verification source is a stub. The AI gate is probabilistic — a high-quality photograph of a counterfeit could score above 70, which is why it is framed as first-level screening only. Sepolia for the hackathon; Polygon mainnet is the target production chain given lower gas costs for artisan-level transactions.

Learnings

Smart contract design forces adversarial thinking before interface thinking. The soulbound token architecture and the anti-clone nonce system both came from asking "what does an attacker do if this works?" before asking "what does a user do?" That ordering produced better contracts than building toward the happy path. Being precise about what the AI gate does and doesn't guarantee — first-level screening versus authentication — was a discipline that had to be maintained throughout.