Nautilus Trust Oracle Guide
Complete guide for setting up and operating the Nautilus Trust Oracle server.
Overview
The Nautilus server is a trust oracle service that runs in an AWS Nitro Enclave to provide verifiable, authentic market resolutions with cryptographic proof.
Features
- Enclave-Based Security: Runs in isolated AWS Nitro Enclave
- Cryptographic Signing: Ed25519 signature scheme
- External Data Verification: Queries APIs to verify outcomes
- Media Provenance: Verifies image authenticity via hashing
- Audit Trail: Stores all resolutions in database
Quick Start
Prerequisites
- Rust 1.75+
- PostgreSQL database (shared with indexer)
- AWS Nitro Enclaves SDK (for production)
Local Development
BASHcd nautilus-server cargo build cargo run
Configuration
Set environment variables:
BASHexport DATABASE_URL=postgresql://user:password@localhost:5432/prophyt_indexer
Architecture
Key Management
- Ed25519 signing keys generated in enclave
- Keys stored securely in database
- Public keys registered on-chain
- Private keys never leave enclave
Resolution Process
- Receive market resolution request
- Verify market has ended
- Query external data sources
- Compute source data hash
- Verify media provenance (if provided)
- Serialize resolution data
- Sign with Ed25519 private key
- Return signed resolution
Database Schema
The server creates two tables:
nautilus_keys:
- Stores signing keys
- Private and public keys
- Timestamps
nautilus_resolutions:
- Resolution history
- Full metadata
- Signatures and public keys
API Endpoints
POST /resolve
Request market resolution.
Request:
JSON{ "market_id": 1, "market_question": "Will Bitcoin reach $100k?", "market_end_time": 1735689600, "data_source_url": "https://api.example.com/data", "image_url": "https://example.com/image.png" }
Response:
JSON{ "market_id": 1, "outcome": true, "source_data": "Bitcoin price: $105,000", "source_data_hash": "abc123...", "resolution_timestamp": 1735689600, "media_hash": "def456...", "signature": "sig123...", "public_key": "pubkey123..." }
GET /health
Health check endpoint.
Response: 200 OK if healthy
GET /markets/pending
Get markets pending resolution.
Response:
JSON{ "markets": [ { "market_id": "1", "question": "Will Bitcoin reach $100k?", "end_date": "2024-01-01T00:00:00Z", "external_link": "https://example.com/data" } ] }
Outcome Verification
The server intelligently parses various API response formats:
JSON Responses
- Boolean fields:
outcome,result,resolved,answer - Price comparison: Extracts targets from questions
- Status fields:
status,state,condition - Numeric comparisons: Threshold-based markets
Text Responses
- Keyword detection: yes/no, true/false, success/failed
- Price patterns: Extracts and compares prices
- Positive/negative indicators
Example Patterns
Price Market:
- Question: "Will BTC reach $100k?"
- Extracts target: $100,000
- Compares with current price
- Returns outcome based on comparison
Status Market:
- Question: "Will feature X be released?"
- Checks status field in API response
- Returns true if status indicates success
Media Provenance
When image URL is provided:
- Downloads image from URL
- Computes SHA256 hash
- Includes hash in resolution data
- Enables on-chain verification
Production Deployment
AWS Nitro Enclaves
- Build Docker Image:
BASHdocker build -t prophyt-nautilus-server .
- Create Enclave Image:
BASHnitro-cli build-enclave \ --docker-uri prophyt-nautilus-server:latest \ --output-file nautilus-server.eif
- Deploy Enclave:
- Launch EC2 instance with Nitro Enclaves
- Configure network and storage
- Run enclave with resource allocation
- Register on Chain:
- Extract PCRs from enclave
- Register in Prophyt NautilusRegistry
- Provide public key and PCRs
Configuration
Database:
- Ensure accessible from enclave
- Configure connection string
- Verify schema is initialized
Network:
- Configure VPC and security groups
- Allow database access
- Expose API endpoint
Security
Enclave Isolation
- Signing keys never leave enclave
- All operations in secure environment
- PCR validation for code integrity
Signature Security
- Ed25519 fast, secure signing
- Serialization format matches contract
- Timestamp validation prevents replay
Data Integrity
- Source data hashes
- Media provenance hashes
- Resolution history for audit
Integration
With Indexer
The indexer automatically calls Nautilus:
- Market expires
- Indexer requests resolution
- Nautilus returns signed resolution
- Indexer submits to blockchain
Manual Resolution
TYPESCRIPTconst response = await fetch('http://localhost:8080/resolve', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ market_id: 1, market_question: "Will SUI reach $5?", market_end_time: Math.floor(Date.now() / 1000), data_source_url: "https://api.example.com/sui-price", }), }); const resolution = await response.json(); // Submit resolution to blockchain
Monitoring
Health Checks
BASHcurl http://localhost:8080/health
Database Queries
SQL-- Check keys SELECT * FROM nautilus_keys; -- Check resolutions SELECT COUNT(*) FROM nautilus_resolutions; -- Recent resolutions SELECT * FROM nautilus_resolutions ORDER BY created_at DESC LIMIT 10;
Logs
BASH# Local development cargo run # Docker docker logs nautilus-server # Enclave # Check EC2 instance logs
Troubleshooting
Server Not Responding
- Check if server is running
- Verify port is accessible
- Check database connection
- Review server logs
Resolution Fails
- Verify market has ended
- Check external API is accessible
- Verify data source URL format
- Review error messages
Signature Verification Fails
- Check serialization format
- Verify timestamp is recent
- Ensure enclave is registered
- Check public key matches
Best Practices
- Key Management: Never expose private keys
- Database Security: Use secure connections
- API Security: Implement authentication
- Error Handling: Log errors securely
- Monitoring: Track resolution success rates
- Backups: Regular database backups