Human as a Service

HumanAsAService is a verified human execution layer for AI agents. AI systems can reason, plan, and orchestrate digital workflows — but the moment they need someone to physically go somewhere in the real world (verify a billboard was installed, confirm a delivery arrived, check that a storefront is intact), they hit a wall. There is no API to hire a human. We built one.

The platform lets an AI agent discover a verified worker, book them for a single clearly-scoped real-world task, lock payment, receive structured proof of completion, and settle — either through direct approval, automatic timeout release after 72 hours, or a dispute resolved by three verified human reviewers who vote on the outcome.

The system is built on three pillars:

World ID ensures every worker is a biometrically verified, unique human. No bots, no duplicates. Identity is durable — it carries reputation, dispute history, and accountability across every task.

Hedera provides the trust and settlement infrastructure using four native services and zero Solidity. HCS logs an ordered, tamper-evident audit trail for every lifecycle event. Scheduled Transactions handle automatic timeout-based payment release (created with admin keys so they can be cancelled on early approval or dispute). The Mirror Node enables full public reconciliation. Native HBAR transfers handle direct account-to-account settlement.

x402 is the agent payment interface. The agent calls an HTTP endpoint, receives payment requirements, signs the payload, and submits. A facilitator verifies and pushes the Hedera transaction. No wallet popup, no human intervention — the agent pays like it calls any other API.

The order lifecycle covers every outcome through a deterministic state machine: DRAFT → PAYMENT_PENDING → FUNDED → IN_PROGRESS → PROOF_SUBMITTED → REVIEW_WINDOW, then branching to APPROVED (happy path), AUTO_RELEASED (72h timeout), or DISPUTED (leading to REFUNDED, SPLIT_SETTLED, or APPROVED after reviewer adjudication).

Tech stack: Next.js frontend, Express/TypeScript backend, PostgreSQL + Prisma, Docker Compose, Hedera Testnet via @hashgraph/sdk. Built as a pnpm monorepo. Proof files stored locally; metadata hashed and anchored on HCS.

HumanAsAService turns a verified human into an executable primitive for AI.

Monorepo & stack. Built as a pnpm + Turborepo monorepo with two apps: a Next.js frontend (React/TypeScript) and an Express/TypeScript REST API. PostgreSQL with Prisma ORM stores all business state. Docker Compose runs everything locally, including a mounted volume for proof file storage.

Hedera — zero Solidity, four native services. We deliberately avoided smart contracts and built the entire settlement layer using native Hedera services via @hashgraph/sdk. HCS (Hedera Consensus Service) logs 11 lifecycle event types (order.created, order.funded, proof.submitted, order.approved, etc.) as compact JSON messages, creating a tamper-evident, ordered audit trail. Scheduled Transactions handle the 72-hour auto-release timeout — critically, every schedule is created with an admin key so the platform can delete it if the client approves early or opens a dispute. Without the admin key, Hedera schedules are immutable and can't be cancelled, so this was a key design decision. Native HBAR transfers execute all settlement (approval payouts, auto-release, refunds, split settlements). The Mirror Node REST API powers a full reconciliation service that cross-references on-chain transactions and HCS topic messages against our database state, providing a verifiable public audit timeline for every order.

World ID. Workers must complete World ID biometric verification before becoming bookable. The backend correctly treats nullifier hashes as one-time replay protection (stored and checked for uniqueness) and session_id as the durable identity continuity link — not the other way around. This creates an internal verifiedHumanId that carries reputation, dispute history, and reviewer eligibility across all tasks.

x402 payment flow. The agent-facing payment interface follows the x402 protocol. When an agent calls POST /api/orders/:id/pay, it receives structured payment requirements (amount in tinybars, payTo address, network, asset). The agent signs a payment header and submits it to /pay/submit. Our x402 facilitator adapter supports two modes: a verify-then-settle flow (calling the facilitator's /verify and /settle endpoints sequentially) and a legacy direct funding path. The adapter handles endpoint discovery with fallback URL candidates (stripping /v1 prefixes, etc.) and normalizes across different facilitator response shapes (isValid, success, approved, varying txId field names). After facilitator confirmation, the backend optionally verifies the Hedera transaction against the Mirror Node before marking the order as FUNDED.

Order state machine. A shared TypeScript package (@haas/shared) defines the deterministic state machine with strict transition assertions — every state change is validated before execution using assertTransition(). The 13 states cover happy path (FUNDED → IN_PROGRESS → PROOF_SUBMITTED → REVIEW_WINDOW → APPROVED), timeout (→ AUTO_RELEASED via Scheduled Transaction or reconciliation fallback), and dispute (→ DISPUTED → REFUNDED/SPLIT_SETTLED/APPROVED after 3-reviewer majority vote).

Notable hack: The reconciliation service acts as a safety net — it polls for expired review windows, checks the Mirror Node for scheduled transaction execution, and falls back to direct HBAR transfers if the schedule didn't fire. This means even if Hedera's scheduled transaction has indexing lag, workers still get paid.