A collection of Verifiable Services (VS) deployed via GitHub Actions to Kubernetes, showcasing AI agents, credential issuers, and chatbots within the Hologram + Verana ecosystem.
Landing page: vs.hologram.zone
organization ← Trust anchor (ECS credentials, Trust Registry, schema)
├── avatar ← Issues credentials via DIDComm chatbot
├── passport ← Passport credential issuer (NFC + liveness)
├── github-agent ← AI-powered GitHub assistant with MCP integration
├── wise-agent ← AI-powered Wise assistant with MCP integration
└── playground ← Landing page (vs.hologram.zone)
organization is the trust anchor: it obtains Organization + Service credentials from the ECS Trust Registry, creates its own Trust Registry with a custom schema, and registers an AnonCreds credential definition.
Child services obtain a Service credential from organization, making their identity and permissions publicly verifiable on the Verana blockchain.
| Service | Role | Ingress | Chart |
|---|---|---|---|
organization |
Trust anchor | organization.vs.hologram.zone |
vs-agent-chart |
avatar |
Credential issuer (chatbot) | avatar.vs.hologram.zone |
vs-agent-chart |
passport |
Credential issuer (NFC + liveness) | passport.vs.hologram.zone |
vs-agent-chart |
github-agent |
AI agent + MCP | github-agent.vs.hologram.zone |
hologram-generic-ai-agent-chart |
wise-agent |
AI agent + MCP | wise-agent.vs.hologram.zone |
hologram-generic-ai-agent-chart |
playground |
Landing page | vs.hologram.zone |
— (raw K8s) |
hologram-verifiable-services/
common/ # Shared shell helpers
organization/ # Trust anchor (workflow 1)
avatar/ # Credential issuer chatbot (workflow 2)
github-agent/ # GitHub AI agent with MCP (workflow 3)
wise-agent/ # Wise AI agent with MCP (workflow 4)
passport/ # Passport credential issuer (workflow 5)
playground/ # Landing page (workflow 6)
Each service directory follows the same structure:
<service>/
config.env # Configuration for local dev and CI/CD
deployment.yaml # Helm chart values for K8s deployment
agent-pack.yaml # Agent pack definition (github-agent, wise-agent)
scripts/
setup.sh # Full local setup (deploy agent, get credentials)
start.sh # Start the service locally
docker/
docker-compose.yml # Local dev containers (VS Agent + dependencies)
Workflows are numbered to indicate deployment order. Run them in order when setting up a new ecosystem.
| # | Workflow | Steps |
|---|---|---|
| 1 | Deploy Organization | deploy · get-ecs-credentials · create-trust-registry · all |
| 2 | Deploy Avatar | deploy · get-credentials · deploy-chatbot · all |
| 3 | Deploy GitHub Agent | deploy · get-credentials · all |
| 4 | Deploy Wise Agent | deploy · get-credentials · all |
| 5 | Deploy Passport | deploy · get-credentials · deploy-chatbot · all |
| 6 | Deploy Playground | — (triggered on push to main) |
- Run workflows in order from GitHub Actions (manual dispatch on
mainbranch) - Each workflow validates the branch, deploys via Helm, and obtains credentials automatically
All services are deployed under the vs.hologram.zone domain:
organization.vs.hologram.zone— Organization Agentavatar.vs.hologram.zone— Avatar VS Agent + Chatbotpassport.vs.hologram.zone— Passport Issuer VS Agent + Chatbotgithub-agent.vs.hologram.zone— GitHub Agent VS Agent + Chatbotwise-agent.vs.hologram.zone— Wise Agent VS Agent + Chatbotvs.hologram.zone— Playground landing page
- Docker and Docker Compose
- ngrok (authenticated)
curl,jq
source organization/config.env
./organization/scripts/setup.shAvatar (credential issuer):
source avatar/config.env
./avatar/scripts/setup.sh
./avatar/scripts/start.shGitHub Agent (AI agent):
source github-agent/config.env
export OPENAI_API_KEY=sk-...
./github-agent/scripts/setup.sh
./github-agent/scripts/start.shPassport Issuer (credential issuer):
source passport/config.env
./passport/scripts/setup.sh
./passport/scripts/start.shWise Agent (AI agent):
source wise-agent/config.env
export OPENAI_API_KEY=sk-...
./wise-agent/scripts/setup.sh
./wise-agent/scripts/start.shNote: Only one ngrok tunnel can run at a time on the free plan. For local development with multiple services, deploy organization to K8s first, then point child services to its public URL via
ORG_VS_PUBLIC_URLandORG_VS_ADMIN_URL.
common/common.sh— Shared shell helpers (logging, network config, VS Agent API, schema discovery, credential issuance/linking, CLI account setup)