Portuguese Version · Developing · Security
This is not a pitch deck. It's a working institutional production system. 42 commits on main, 82 automated tests green, every layer of the stack shipping:
| Layer | What ships today | Tests |
|---|---|---|
| Smart contracts | WaterSampleRegistry v2 (OpenZeppelin AccessControl; two-step publishSample → reviewAndSign with on-chain separation-of-duties; updateLabReadings gated by DATA_OWNER_ROLE) + FieldAgentRegistry (self-registration with ECIES-encrypted personal data; LGPD right-to-be-forgotten levers). Solidity 0.8.24. publishSample = 149,302 gas (under 150k budget). |
Foundry unit + fuzz + 3 protocol invariants at 128,000 handler calls each — 37/37 green |
| Indexer | Ponder 0.9 workspace. Three on-chain tables (sample, field_agent, data_owner_key). GraphQL API on :42069. Anvil / Base Sepolia / Base mainnet configurable. |
Historical + realtime sync smoke-tested |
| Capture PWA (Field Agent) | Next.js 15 + wagmi. Camera + GPS + form. Canvas watermark (timestamp + GPS + collector burned into pixels before hashing). Real Pinata IPFS pinning through a JWT-protected server proxy. ECIES encryption of personal data to the Data Owner's on-chain pubkey. Off-chain signed envelope → Laboratory inbox. Service worker, IndexedDB drafts, /register flow. Field agents pay zero gas. |
Vitest — 5/5 (ECIES round-trip, adversarial decrypt rejects, pubkey-format tolerance) |
| Public dashboard + lab tools | Next.js 15. Leaflet + OSM live map, Recharts time-series, URL-driven filters, CSV export. /verify/[uid] chain-direct verifier (no indexer dep). /sample/[uid] detail with IPFS thumbnail. Studies feed. Wallet-gated /admin (signed admin API, body-hash MITM-hardened), /publish (Lab Publisher dashboard), /review (Lab Reviewer dashboard). |
Vitest — 31/31 (admin auth body-binding, study validation, filter, rate limiter) |
| Shared primitives | @aguas/shared — single source of truth for v2 ABIs, canonical EAS codec (encode/decode lat-lon, dataHash, attestationUID, message), shared types. Consumed by both apps. |
Vitest — 9/9 (codec round-trip, UID determinism, message shape) |
| Security + ops | Signed admin writes (wallet sig + keccak256(body) + ADMIN_ALLOWLIST + STUDIES_API_ENABLED kill-switch). Per-wallet rate-limited field-agent inbox with FieldAgentRegistry.isActive on-chain gate. Basescan verify flow. Safe-compatible mainnet deploy recipe. GitHub Actions CI (Foundry + Node + Vitest + next build). SECURITY.md + DEVELOPING.md + CONTRIBUTING.md + CHANGELOG.md. |
Covered across the rows above |
Deploy readiness. All 8 original blocking decisions resolved (EAS schema registration, Safe custody, Pinata, WalletConnect, Basescan, admin auth, audit policy). The next three actions are operator actions: pnpm deploy:sepolia with the Safe as LAB_WALLET/OWNER, register the EAS schema on each network, point envs at the live Sepolia addresses. The Sherlock/Cantina contract audit gates the Base mainnet cut.
See CHANGELOG.md for the full history.
A mother in Canasvieiras fills a glass for her kid.
Lead. Pharmaceuticals. Fluoride and other contaminants that standard tests often miss.
No clear warnings reach her.
Between 2009 and 2010, Floripa hospitals logged 2,000 to 4,000 cases of gastroenteritis and hepatitis A. Population 557,398. Every summer three million tourists drop their kids into the same water.
Rain hits Jurerê and E. coli explodes from a valve that should stay shut. Beaches close overnight. Hotels refund rooms. Twenty-five percent of the city’s income — R$ 3 to 4 billion a year — disappears with the tourists.
Mariculture pulls R$ 50 million from the bay. Two weeks of closed fishing zones and two thousand families skip rent. Algal blooms return because the effluent never stopped.
We sample. The AguasPuras Foundation (Brazilian CNPJ non-profit) owns the lab in Floripa. Hach DR3900 on the bench, R$ 50,000 of precision optics. 596 samples every month: 180 from kitchen taps across 45 neighborhoods, 416 from 42 beaches and 10 effluent points.
Every sample gets signed on Base. EAS stamps the collector. Timestamp. GPS. Reading. Locked forever. Nobody rewrites it.
AI watches rainfall, industrial logs, tidal charts. It flags the lead spike before the baby drinks it. It traces E. coli back to the exact outflow pipe. It tells CASAN which treatment plant to upgrade first.
The website shows every number on a live map. Researchers publish studies against real data. Citizens contest samples they doubt. The community scores the dispute. Nobody owns the truth. Everyone sees it.
Any city forks the stack. Smart contracts, kits, protocols — all open source. Next city spins up in six weeks.
Federal law made Floripa the Startup Capital of Brazil in 2024. Six thousand tech companies. One thousand eight hundred ACATE members. UFSC and UDESC run labs in environmental engineering and public-health science. Per capita, no city in South America moves faster.
The scale works. 557,398 residents. Three million tourists. Forty-two beaches. Ten effluent points. Big enough to matter. Small enough to ship in twelve months.
Data already flows. IMA-SC tracks contamination. CASAN runs the plants. Secretaria de Turismo watches hotel beds. Portaria GM/MS nº 888/2021 sets the tap-water bar. CONAMA nº 274/2000 sets the swimming bar. We have standards to beat.
The pressure is immediate. Lose one summer of tourists and the city loses a billion reais. Politicians feel it. Hotel owners feel it. The runway is clear.
Three hubs sit fifteen minutes apart on foot in Jurerê Internacional. Capital. Builders. Science. Same neighborhood. Same cafés.
Founder Haus runs the place. Paloma Lecheta and Nima Kaz built it. Four hundred fifty founders and investors show up for Jurerê Breakfast Club, Investor Brunch, Founder Fridays with Jason Calacanis, Prompt Nights for AI. Their mission reads like ours: human resilience and sustainability. Draper Startup House brings Tim Draper’s network upstairs. A Haus team won NASA’s International Space Apps Challenge in 2024. These people ship.
Ipê City / Ipê Village lands April 22 to May 22, 2026, one street over. Jean Hansen and Victor Cioffi from Peerbase run it. One hundred fifty builders from ten-plus countries. Four Hacker Houses: Onchain, AI, Privacy, Artizen. Goal for 2026: three hundred apps shipped. Last year they built thirty-plus and moved real money onchain. AguasPuras is the exact public-good case their Onchain and AI Houses have been waiting for. Before the Village starts, Startup Society Conference III hits April 10–11 at IL Campanario. That’s our first stage.
ETH Floripa and the Base community run retreats here every year. Base builders already live here. Talent knows L2s, EAS, Basenames, OnchainKit cold. Zero education tax.
ACATE, UFSC, UDESC, Sapiens Parque bring labs, interns, and peer-reviewed credibility.
We start in Jurerê because capital, builders, and science already live there. A fifteen-minute walk closes every loop.
Coinbase’s L2 on Ethereum. Fees stay in cents. Writing 596 samples a month to mainnet costs less than coffee.
Base pays builders who ship public goods. Base Grants, Builder Rewards, Ecosystem Fund. We qualify.
Coinbase makes onboarding human. A Founder Haus investor without a wallet is live in ninety seconds. A CASAN engineer too.
Security inherits Ethereum L1. Finality is fast enough for environmental data.
The tools already exist. Ponder and Envio index. Chainlink oracles. Basenames for identity. EAS for sample attestations. Every piece ships with a README.
Base funds public goods on purpose. Our mission fits their thesis. Pick Base and you pick up their distribution for free.
Health. Twenty percent fewer waterborne cases. Four hundred to eight hundred fewer families in the emergency room every year. Floripa saves R$ 1.2 to 2.4 million in SUS spending. We match DataSUS records against AI forecasts and show the difference.
Tourism. Five percent more arrivals. One hundred fifty thousand extra visitors a year. R$ 225 million in revenue. Five thousand jobs. We track it against Secretaria de Turismo hotel occupancy.
Sanitation. Ten to twenty million reais saved every year in corrective costs and fines. CASAN fixes the right pipe because AI points at it. IMA-SC writes half as many fines.
Fish and bays. Half the fishing closures. Production recovers five to ten percent. Two and a half to five million reais back to mariculture. Five hundred to one thousand jobs stay alive.
Any city forks the open standard. Public onchain water-quality data, free to query anywhere. Citizens finally hold a real tool.
A registered Brazilian CNPJ non-profit. The Foundation holds the bank accounts, the PIX on-off ramps, the lab equipment, and every legal relationship — employment, supplier, municipal. The DAO on Base is its digital twin: governance, transparent data, transparent money flow.
Money in. ESG sponsorships from companies that actually mean it. Impact investors. Grants from Base, Gitcoin, BNDES, Fundo Nacional de Meio Ambiente. Municipal contracts for sanitation and tourism. Donations arrive in BRL via PIX and in USDC/ETH on Base; both flow into the same transparent ledger.
Operations. Keep the contracts on Base alive. Run the website. Tune the AI models. Maintain the reference lab. Coordinate volunteers. Publish studies. Govern disputes. Real expenses are paid in BRL by the CNPJ; crypto balance sheets publish automatically on-chain.
Governance. Onchain financials stay public. Attestations and curator voting. One hundred percent open-source code. Quarterly impact reports. AccessControl-gated roles on-chain mirror Foundation by-laws.
Jurerê Alliance. Real partners, real seats. No slide logos.
- Founder Haus hosts events and opens investor doors.
- Ipê City / Peerbase gives buildathon residency and international builders.
- Base / Coinbase sits on grant and tooling lines.
- ACATE, UFSC, UDESC validate science and train the next generation.
- CASAN, IMA-SC, Secretaria de Turismo integrate data into policy.
- Draper Startup House and Jason Calacanis (via Founder Haus) reach global networks.
This is not an MVP meant to be thrown away. It is the production infrastructure a Brazilian non-profit, CASAN, IMA-SC, and large sponsors operate from day one.
- Registered Brazilian non-profit. CNPJ, bank accounts, PIX accept/pay both directions.
- Holds all real-world assets: Hach DR3900, sample kits, lab space, staff contracts, supplier contracts, municipal MoUs.
- Receives fiat sponsorships and grants; pays real-world expenses in BRL.
- Every sample, every study, every governance decision, every crypto-denominated receipt lives on Base.
- The DAO never holds operational authority the Foundation doesn’t already have — it is the transparent mirror, not a parallel power.
- Base is chosen for fees, public-goods alignment, Base ecosystem support, and the Founder Haus / Ipê Village / ETH Floripa talent density in Jurerê.
- Production target: all role-holding wallets live in Fireblocks, with policy approval, key ceremonies, and institutional-grade operational controls. Data Owner private keys are generated inside Fireblocks HSM-backed vaults.
- Pilot bootstrap (Q2 2026): operate via Gnosis Safe (2-of-3) while Fireblocks onboarding completes; Safe + Fireblocks coexist during the migration window. DEVELOPING.md documents the Safe→Fireblocks migration runbook.
- Under the hood, nothing on-chain changes — AccessControl cares only that the caller holds a role. The custody implementation rotates without forcing a contract upgrade.
| Role | Count | Who holds it | What they can do |
|---|---|---|---|
DEFAULT_ADMIN_ROLE |
1 | Foundation Safe (→ Fireblocks) | Grant / revoke every other role. The Foundation bylaws’ digital twin. |
PUBLISHER_ROLE |
Many | Lab staff on Fireblocks | publishSample(fieldAgent, uid, dataHash, imageCid, readings) |
REVIEWER_ROLE |
Many | Lab staff on Fireblocks (≠ publisher) | reviewAndSign(uid). Separation of duties is enforced on-chain. |
DATA_OWNER_ROLE |
1–2 | Foundation privacy officer on Fireblocks | Decrypt field-agent personal data; set/rotate published ECIES key; deactivate agents; updateLabReadings. |
| Field Agent Wallet | Many | Collectors on their phones | Self-register once. Sign attestation envelopes off-chain (no gas). |
Sample data splits explicitly between public and encrypted:
| Class | Where | Who sees plaintext |
|---|---|---|
| Public | Base (on-chain): timestamp, lat, lon, imageCid, labReadingsJson, fieldAgent wallet, attestationUID | Everyone |
| Encrypted | IPFS blob (ECIES to Data Owner pubkey): name, CPF, contact, kit serial, address | Only DATA_OWNER_ROLE |
- Encryption: ECIES over secp256k1 using
eth-crypto, encrypted to the currentdataOwnerPublicKeypublished byFieldAgentRegistry.setDataOwnerPublicKey. Field agents read the pubkey at registration time; the chain never sees plaintext. - LGPD / GDPR right-to-be-forgotten: Data Owner calls
FieldAgentRegistry.deactivate(agent), rotates the published pubkey, and the Foundation runs a scheduled un-pin on the Pinata-hosted blobs. - No economic incentives, bounties, or token issuance in the MVP — economics are explicitly deferred until the Foundation’s governance committee approves a framework.
- Fiat (BRL, via CNPJ): sponsorships, grants, municipal contracts, supplier invoices, PIX to volunteers if needed. The Foundation’s accountants close the books monthly; audited annually.
- Crypto (Base): secondary transparent channel. USDC/ETH donations land in Foundation-controlled Fireblocks/Safe vaults. Every on-chain movement is public; the DAO indexer surfaces a live balance sheet.
- The two ledgers reconcile in the Foundation’s quarterly impact report. The CNPJ is the source of truth for regulators; the DAO is the source of truth for the public.
Base infrastructure. Open-source smart contracts for sample publication, review, and field-agent registration. EAS attestations per sample. Public Ponder indexer plus GraphQL + REST APIs.
Lab and equipment (Floripa Pilot). Hach DR3900 at R$ 50,000. Five hundred ninety-six samples a month. Weekly tap-water rounds across forty-five neighborhoods. Twice-weekly seawater rounds across forty-two beaches and ten effluent points.
AI development. Train on IMA-SC, CASAN, DataSUS, GIS, and industrial history. Build predictive (ARIMA/LSTM), triangulation (GIS + correlation), optimization (RL), and action recommender models. Three months training, six months validation, then continuous tuning.
Website and platform. Interactive maps, time series, filters, CSV export, studies, chain-direct verifier. Lab Publisher + Reviewer + Admin dashboards wallet-gated with wagmi + signed admin API.
Timeline, locked to 2026:
- April 10–11. Startup Society Conference III stage. Co-founders and first sponsors signed.
- April 22 – May 22. Ipê Village sprint. Institutional production system hardens. Onchain House, AI House, Privacy House ship.
- Month 1–3 post-Village. Audited contracts live on Base mainnet. Lab running. Website live. Foundation CNPJ active.
- Month 4–6. Pilot hits ten neighborhoods and ten beaches. Models meet the field. First studies published.
- Month 7–12. Full Floripa rollout. Open standard documented. Base Ecosystem Fund application filed. Fireblocks migration complete.
- Year 2+. Two or three more cities. Standard hardens. Governance decentralizes.
| Line | R$ |
|---|---|
| Tap-water monitoring (R$ 22,957/mo) | 275,484 |
| Seawater monitoring (R$ 51,817/mo) | 621,804 |
| Base + AI infra maintenance | 90,000 |
| Mail-in kits (596/mo) | 71,520 |
| AI and contract setup (3-year amortization) | 50,000 |
| Total pilot | ~R$ 1.1M |
Benefits hit R$ 238.7 to 252.4 million a year across health, tourism, sanitation, and fishing. Spend R$ 1.1M. Get R$ 240M back. Two hundred fifteen times ROI in five years.
| Line | R$ |
|---|---|
| Base infra + smart contracts | 50,000 |
| AI development and maintenance | 100,000 |
| Website and platform | 60,000 |
| Foundation operations (CNPJ, accounting, custody) | 150,000 |
| Total foundation | ~R$ 360k |
Funding. ESG sponsorships, impact investment, Base/Gitcoin grants, donations (BRL + crypto), municipal partnerships.
Social ROI. Public onchain data, cheaper public health, living ecosystems, citizens who can finally see.
The window opens in 2026. Three things collide in Jurerê Internacional this year and will not collide again:
- Ipê Village 2026 opens April 22 with one hundred fifty builders chasing three hundred apps.
- Founder Haus compounds as the hub with Draper and Calacanis on speed-dial.
- Base writes real checks to public-goods projects right now.
Skip 2026 and the deal evaporates.
The urgency is older. Beaches keep closing. Kids keep getting sick. Three million more tourists will land on unaudited water next year.
The tech fits today. L2s cheap enough for citizen data. AI accurate enough to predict. Attestations strong enough to trust. None of this existed five years ago. All of it exists now.
Volunteers stand ready. Environmental awareness peaks. Web3 builders want real impact. Floripa holds both in the same café.
Floripa gets clean water. The world gets the standard. Pick your lane.
Volunteers / Field Agents. Register via the Capture PWA — personal data stays encrypted, visible only to the Foundation's Data Owner. Collect samples. Sign them onchain. See them on the public dashboard.
Founder Haus community. You already live at the intersection of health and sustainability. Extend it to the water. Mentor. Sponsor. Connect.
Ipê Village residents (Onchain, AI, Privacy Houses). Leave the Village with a shipped public good that protects 557,398 people and three million tourists. Let’s build.
ESG sponsors. Fund kits, lab time, AI compute. Impact measurable onchain. Stop trusting PDFs. CNPJ receipts for the accounting team; on-chain receipts for the board.
Impact investors. Two hundred fifteen times ROI on the pilot. Global replication path. Open-source moat.
Web3 builders. Contribute contracts, indexers, dashboards. See DEVELOPING.md for the end-to-end boot recipe. We file the Base grant together.
Researchers. Data sits open. Publish via the wallet-gated admin panel; sign once and commit.
Governments (Floripa first). Stop buying locked PDFs from consultants. Build sanitation policy on live, verifiable data.
Right now it’s just me — Marcelo Ceccon, founder.
I’m not here to make money. I’m here to make this real.
I’m giving my heart, my time, and my full focus to accelerate the codebase, sharpen the plan, write the foundation manifestos, and organize people and tasks the DAO way.
If you come on board, I’ll do my part — harder.
Water belongs to everyone. Let’s prove every drop, in public, forever. Starts in Jurerê.
AguasPuras Foundation (Brazilian CNPJ non-profit)
Clean water. Open data. Global standard. Starts in Floripa.