NOVA Secure File-Sharing
NOVA is a privacy-first, decentralized file-sharing primitive, empowering user-owned AI at scale with encryted data persistence. NOVA enables secure storage and sharing of sensitive data (e.g., datasets for AI agent fine-tuning) without centralized intermediaries, leveraging group key management, IPFS, NEAR smart contracts, and verifiable TEEs via Shade Agents.
NOVA fills critical gaps in NEARβs ecosystem βno native encrypted persistence for TEEs, Intents, or Shade Agentsβ while inheriting NEARβs strengths like sharding for scalability, low-cost transactions (~0.01 NEAR/gas), and AI-native tools (e.g., NEAR AI CLI). Whether you're building AI social platforms, DeFi apps, or autonomous agent workflows, NOVA provides a secure, verifiable data layer.
Dual-Network Support: Use mainnet for production nova-sdk.com or testnet for development testnet.nova-sdk.com. Testnet uses mocked IPFS for free testing; mainnet uses real Pinata integration (paid).
Why Use NOVA?
Privacy-First: Encrypt files with group keys managed off-chain in TEEs, ensuring only authorized users or AI agents access dataβkeys never exposed on-chain.
Decentralized: Store files on IPFS, log metadata on NEARβs immutable ledger, and manage access via smart contracts. No central servers.
AI-Ready: Seamlessly integrates with NEARβs TEEs, Intents, and Shade Agents, enabling secure data for AI training and execution.
Developer-Friendly: Free-to-integrate SDKs (Rust crate and JS package) with pay-per-action fees baked into the contract, blending into your dAppβs backend.
Key Features
Group Creation & Management: Owners (NEAR AccountIds) create groups via smart contracts, supporting collaborative AI training with multi-group membership. Anyone can create groups (per future updateβcurrently owner-gated for MVP stability).
Access Control: Smart contracts maintain a mapping table for members and attestations, ensuring only authorized users access files via ephemeral tokens. Vital for user-owned AI privacy.
Secure Storage: Files are encrypted with group keys and pinned to IPFS, optimized for AI dApps (e.g., datasets for fine-tuning).
Access Workflow: SDKs retrieve encryption keys from TEE via secure tokens, then perform client-side encryption/decryption βplaintext data never leaves your device or server.
Revocation & Key Rotation: Remove members and rotate keys in TEEs with lazy re-encryption to minimize latency/gas costs for large groups.
Integrity & Trackability: Log signed transactions (with file hashes) on-chain for non-corruption guarantees, leveraging NEARβs ledger for verifiability.
Group Key Security
Keys are managed off-chain in verifiable TEEs via Shade Agents. Never published on-chain, NOVA file-sharing ensures unbreakable privacy against blockchain fetches.
NOVA's keys are generated, stored, and distributed exclusively within Trusted Execution Environments (TEEs) using Shade Agents. This eliminates any on-chain exposure:
Off-Chain Key Management: Keys are derived and encrypted in TEE-secure SQLite databases, accessible only by verified Shade workers (multi-instance with identical code hashes for redundancy and shared access).
No On-Chain Keys: The smart contract stores only group metadata, attestations (checksums/code hashes), and used noncesβno keys or decryptable data. RPC queries (e.g., view_state) reveal nothing sensitive.
Secure Distribution: Users request ephemeral nonce-based access tokens from the contract (gated by on-chain membership). Tokens incorporate a timestamp-derived SHA256 nonce (preventing replay attacks) and are verified in-TEE before key release, ensuring single-use validity without shared secrets.
Verification & Attestation: Every key operation returns a TEE checksum (via agentInfo), proving execution in genuine hardware with unmodified codeβno tampering possible.
Rotation & Revocation: On member removal, keys rotate in-TEE (new derivation), invalidating prior access without re-encryption overhead.
Attack Resistance: Even targeted attacks (e.g., indexing interactions or RPC dumps) can't extract keys: they're never on-chain. High-value targets (e.g., AI datasets) remain secure against nation-state or sophisticated threats.
NOVA's architecture combined with Shade/TEEs confidentiality provides bullet-proof security for your data: verifiable, private, and resilient, aligning with NEAR's user-owned AI vision.
NOVA x NEAR
NOVA complements NEARβs AI-focused tools:
TEEs: Secures data at rest/transit for confidential compute (e.g., private AI inference in Phala enclaves).
Intents: Gates solver access to encrypted payloads, enabling private, AI-driven fulfillment (e.g., cross-chain swaps).
Shade Agents: Persists off-chain data for autonomous workers, resolving the "oracle problem" with verified inputs (e.g., prediction markets).
Integration Options
Choose the integration that best fits your use case:
π€ MCP Server - AI Assistant Integration
For AI-assisted workflows using Claude or other MCP-compatible assistants, integrate the publicly deployed https://nova-mcp.fastmcp.app/mcp as a custom connector in your mcp client.
You can also interact with NOVA directly from its multi-user interface at https://nova-sdk.com
Best for: Natural language file operations, AI agent workflows, conversational interfaces
Documentation: /mcp-server | GitBook
π¦ JavaScript SDK - Web & Node.js
For web applications, backend services, and Node.js environments.
Best for: Web dApps, API servers, browser applications, TypeScript projects
Documentation: /nova-sdk-js | GitBook
π¦ Rust SDK - System & Smart Contract Integration
For high-performance applications, blockchain integration, and system-level development.
Best for: Smart contracts, CLI tools, high-performance services, native applications
Documentation: /nova-sdk-rs | GitBook
Quick Start Examples
Web Interface
Visit nova-sdk.com to:
Login with email or social (Google/Apple/GitHub)
Create your NEAR account automatically (no wallet needed!)
Upload files through natural language chat
JavaScript/Typescript SDK
Rust SDK
π§ͺ Testnet Usage
β οΈ Testnet Mode: IPFS uploads are mocked on testnet - files are stored in-memory and not persisted to IPFS. Blockchain operations (group registration, member management) are real and use faucet tokens on nova-sdk-6.testnet.
For development, use testnet explicitly:
JavaScript:
Rust:
Architecture
Flow:
User authenticates via API key (get yours at nova-sdk.com)
SDK sends request to MCP server with session token (auto-managed)
MCP verifies JWT β retrieves encryption key from Shade TEE
SDK encrypts locally using AES-256-GCM (key never leaves client unencrypted)
MCP uploads encrypted data to IPFS and records transaction on NEAR
Shade Agent manages keys in TEE (never exposed on-chain)
IPFS stores encrypted files (ciphertext only)
NEAR records transaction metadata (CID, file hash)
Use Cases
π€ AI & Machine Learning
Dataset Sharing: Securely share training data between researchers
Model Fine-Tuning: Store and access sensitive data for AI agent training
TEE Integration: Encrypted inputs/outputs to confidential compute environments
π’ Enterprise & Collaboration
Document Sharing: Secure file sharing within organizations
Access Revocation: Remove member access and rotate keys automatically
Audit Trails: Immutable transaction logs on NEAR blockchain
π Privacy-Preserving Applications
Healthcare Records: HIPAA-compliant data sharing
Financial Data: Secure transmission of sensitive financial information
Identity Documents: User-controlled identity verification data
NEAR Token Requirements
Operations require small NEAR deposits:
Register group: ~0.1 NEAR
Add member: ~0.0005 NEAR
Revoke member: ~0.0005 NEAR
Retrieve file: ~0.001 NEAR
Upload file: ~0.01 NEAR
Ensure your NEAR account has sufficient balance before operations.
Documentation
Comprehensive documentation is available on GitBook:
π NOVA Documentation
Quick Links
Security Considerations
β οΈ Important Security Notes:
Private Keys - Never publish NEAR private keys to version control
Key Storage - Keys managed in TEEs; never handle plaintext in code
IPFS Privacy - IPFS content is addressable by CID; encryption is essential
Access Control - Always verify user authorization before operations
Key Rotation - Revoked members cannot decrypt content uploaded after revocation
Client-Side Encryption - Files are encrypted locally using AES-256-GCM; plaintext never transmitted to IPFS or MCP server
Token Ephemerality - Nonces and timestamps prevent replay; session tokens auto-refresh
API Key Security - Store API keys in environment variables; never commit to version control
Future Roadmap
Potential Enhancements
AI Metadata Extraction: Automate metadata extraction for optimized IPFS indexing.
Dataset Monetization: Add pricing for file access/downloads.
Per-user rights: So far all group members can upload files in the group. This could be controllable with per-member rights to be set at add member or later updated.
Chainlink Oracles: Dynamic fee calculation (NEAR/USD + IPFS storage costs)
Multi-Chain Support: Expand to other NEAR-compatible chains
NOVA account Backup: NOVA accounts are NEAR wallets stored in shade TEE. If Shade gets out-of-service, or even with hard updates, the DB in shade is wiped out. I need a backup solution to migrate accounts + group memberships and other indexed data (transaction history) from the shade in tee to another.
Contributing
Contributions are welcome! We accept contributions for:
Bug fixes and improvements
New SDK features
Documentation enhancements
Integration examples
Test coverage
How to Contribute
Fork the repository
Create a feature branch (
git checkout -b feature/amazing-feature)Add tests for new functionality
Ensure all tests pass
Commit your changes (
git commit -m 'Add amazing feature')Push to the branch (
git push origin feature/amazing-feature)Open a Pull Request
See individual SDK directories for specific testing instructions.
Resources
NOVA Resources
NEAR Resources
Storage Resources
AI Integration
Support
Need help? We're here for you:
Issues: GitHub Issues
Discussions: GitHub Discussions
Documentation: GitBook
License
MIT LICENSE - Copyright (c) 2026 CivicTech OΓ
Acknowledgments
Built with β€οΈ for the NEAR ecosystem, leveraging:
NEAR Protocol for decentralized access control
IPFS/Pinata for decentralized storage
Shade Agents & TEEs for verifiable key management
Model Context Protocol for AI integration
Ready to build privacy-first dApps? Choose your integration: MCP | JavaScript | Rust
Last updated