Your AI conversations should belong to you.

The 30-second version

Most AI today runs through a small handful of large companies. You sign up with your email or phone, they tie your conversations to your account, they store everything on their servers, and — depending on the policy of the moment — some of what you said becomes training material for the next model. Their account, their rules, their copy of your conversation.

Node Neo is a different shape. There's no account. There's no central server holding a copy of your prompts. The AI runs on a public network of independent providers. Instead of buying a monthly subscription, you hold a small amount of a crypto token called MOR — you lock a tiny piece of it to start each chat session, and that piece is returned to your wallet when the session ends. The same MOR funds session after session, indefinitely. Your conversation history lives, encrypted, on your own device.

The Signal moment, again

In 2014, almost nobody had Signal. iMessage was “encrypted enough.” SMS was just what you used. Then Snowden, then the Apple-vs-FBI fight, then a cascade of breaches that made everyone realize their entire texting history was a few subpoenas away from being printed in a courtroom. Today Signal has hundreds of millions of users. Not because it's prettier than iMessage — it isn't — but because once you understood what was at stake, you couldn't go back.

We think the same shift is starting with AI. The first wave of users won't care that their ChatGPT history is sitting on OpenAI servers. The second wave will, and they'll want somewhere else to go. Node Neo is somewhere else to go.

The architecture, in one paragraph

Node Neo is a Flutter UI on top of an embedded Go module — specifically the proxy-router/mobile SDK from the upstream Morpheus consumer-node project. The SDK is compiled as a c-shared library and called via dart:ffi on the same process. There is no separate proxy-router daemon, no HTTP hop, and no Node Neo-operated server in the consumer hot path. Wallet, chain RPC, model browsing, session open/close, and prompt streaming all run inside the user's app, talking to two things: a Base RPC node and the provider that bid for the session.

• Chain: Base mainnet, chain ID 8453. Multi-endpoint round-robin across public RPCs (Base public, publicnode, drpc.org, blockpi, plus an optional build-time premium RPC).
• Wallet: a single hex private key. Generated locally on first launch, stored in the platform secure enclave (iOS Keychain / Android Keystore / macOS Keychain). No mnemonic UI — the legacy mnemonic vault auto-migrates to PK on cold start, then is wiped.
• Local store: SQLite per-wallet (database path is nodeneo_{fp}.db where fp is a fingerprint of the wallet). All message content is AES-256-GCM encrypted with a key derived as SHA-256(privateKey). Backups are signed encrypted .nnbak archives.
• Source: Node Neo is MIT, on github.com/absgrafx/nodeneo. The Morpheus consumer node and contracts live under github.com/MorpheusAIs.

How a session works on-chain

The whole protocol turns on a Diamond contract on Base (0x6aBE…030a). Two facets do the heavy lifting: SessionRouter and ProviderRegistry. The token is plain ERC-20 MOR (0x7431…b8e3). The numbers below are read from the contracts.

Open: a stake, not a fee

openSession(amount, …) calls safeTransferFrom(user, diamond, amount) — your MOR is moved into escrow inside the Diamond, not paid to the provider. The amount is collateral that buys a stipend via:

stipend = (amount × computeBalance) / (totalMORSupply × 100)

The stipend then pays the provider at pricePerSecond (set by the provider's bid) for as long as the math holds, up to a network-wide max session duration. Minimum session length is 5 minutes (MIN_SESSION_DURATION). The pre-session confirmation modal in Node Neo shows you the exact MOR stake required before you confirm; nothing happens silently.

Close at expiry: the entire stake comes back, in one transaction

The contract checks one boolean on close: isClosingLate = closedAt >= endsAt. If close happens at or after the planned end of the session, that flag is true and _rewardUserAfterClose takes the simple path:

• No on-hold entry pushed. userStakeToLock_ = 0.
• The entire stake is transferred back to the user immediately via IERC20.safeTransfer(user, stake).
• The provider is paid (endsAt - openedAt) × pricePerSecond from the central fundingAccount (in the default indirect-payment mode).

This is true whether you actively close the session at the moment it expires, you let it sit expired-but-unclosed for a week and close it then, or you simply leave Node Neo running. Same result every time: full stake back in one transaction, zero cooldown.

Node Neo doesn't actually require you to remember any of this. The embedded SDK runs a session-maintenance loop on a 15-minute ticker (DefaultMaintenanceInterval = 15 * time.Minute in proxy-router/mobile/sdk_maintenance.go) that paginates through your unclosed sessions on-chain, finds any whose endsAt has passed, and submits closeSession for each of them automatically. The home screen still surfaces expiredUnclosedCount as a backstop in case the app hasn't been launched for a while, but for any user who opens the app at least once a quarter, expired sessions effectively close themselves and the stake reappears in the wallet without a second thought.

Close early: a proportional slice is held for up to 24 hours

If you close before the planned endsAt — you opened a 10-minute session and bailed at minute 5 because you were done — isClosingLate is false and the contract takes a different branch:

• It computes userInitialLock = (closedAt - openedAt) × pricePerSecond — the MOR-stipend value of the time you actually used during the closing day.
• It converts that back to a stake amount via stipendToStake(userInitialLock).
• That stake amount is pushed onto userStakesOnHold with an unlock timestamp of startOfTheDay(closedAt) + 1 day.
• The remainder (stake − locked) is transferred back to your wallet immediately, in the same transaction.

For a normal same-day chat session, the math collapses to a simple proportion: the locked fraction equals the fraction of planned time you actually used. Concrete example, indirect payment mode:

• You stake 1 MOR for a planned 10-minute session.
• You close it at minute 5 (early close, 50% used).
• ~0.5 MOR is returned to your wallet immediately in the closeSession transaction.
• ~0.5 MOR is locked until startOfTheDay(closedAt) + 1 day and shows up under on-hold in Node Neo's home screen and the "Where's My MOR?" scan.
• Once unlocked, you call withdrawUserStakes(address, 1) (selector 0xa98a7c6b) to pull it into your wallet.

The cooldown clock is 0–24 hours, not 24–48. Because the unlock timestamp is anchored to the start of the day you closed in, closing at 11:55pm UTC unlocks ~5 minutes later, while closing at 12:05am UTC unlocks ~23h 55m later. The maximum you ever wait is one full day from the close time.

Why the early-close lock exists

The stipend that funds the provider is sliced from a daily emission window. Without the lock, a user could open and immediately close a session, harvesting the day's stipend slice without doing the corresponding work. The 1-day-from-day-start lock makes that economically pointless without penalising users who simply let their session run out and close honestly.

That's why the Node Neo home screen splits MOR into three buckets: wallet balance (spendable now), active stake (locked in currently-open sessions, returns on close), on-hold (locked from an early close, claimable after the day rolls over). For users who only ever close at expiry, the on-hold bucket stays at zero indefinitely.

Provider side: stake = earning cap

A provider registers via ProviderRegistry with a MOR stake. From ProviderStorage.sol: PROVIDER_REWARD_LIMITER_PERIOD = 365 days. On every payout the contract enforces:

providerClaimLimit = provider.stake − provider.limitPeriodEarned

In plain English: a provider can earn at most their stake amount in MOR per rolling year. Stake 100 MOR → headroom to earn up to 100 MOR before the limiter resets at limitPeriodEnd. Want to earn more? Stake more. The limiter is enforced before the transfer regardless of whether the session is funded from the central pool (the default) or directly from the user's stake (the rare isDirectPaymentFromUser branch) — both paths go through _claimForProvider which subtracts from the same providerClaimLimit_.

Token supply, emission curve, and the L1 distribution contract that funds the computeBalance term are out of scope for this page — for the canonical numbers see mor.org.

TEE attestation, in plain technical language

"MAX Privacy" mode in Node Neo restricts the bid set to providers whose model is running inside a Trusted Execution Environment — an Intel TDX or AMD SEV-SNP enclave on the provider's hardware. The provider's chip generates a cryptographic attestation that the running image matches a known good build, and the attestation is verified through Sigstore against the Morpheus secure-build pipeline. (The Sigstore TUF cache is configured to live in the app's writable data dir — see attestation_config.go for the iOS-sandbox-friendly path.)

What this gives you: the model operator cannot read your prompt — the chip prevents it by hardware design. Your conversation runs entirely inside the enclave; not even the machine's own root user can pull it out.

What this doesn't give you: a guarantee that the model you asked for is the model you got. TEE attestation proves the running image is the published image; it doesn't, by itself, prove that a malicious provider didn't substitute a different attested image. For the threat model, the trust assumptions, and the chip-level details, see tech.mor.org/tee.html.

Verify it yourself