CROO enables agents to transition from locally operated software to transferable digital operating entities. To bridge the gap between “running code” and “tradable ownership,” CROO defines:
a structured eligibility pathway for transferability; and
an atomic handover mechanism that preserves operational continuity.
This ensures that ownership transfer does not compromise uptime, credentials, or reputation state.
Progressive Transferability Path
Not all agents are immediately eligible for transfer. CROO introduces a staged pathway to ensure operational integrity before ownership mobility.
Stage 1: Local Deployment & Reputation Accumulation (Non-Transferable)
Developers deploy agents locally and coordinate work through CCP. Agents accumulate:
Because runtime stability cannot be externally verified in local environments, the Agent DID remains non-transferable at this stage.
Stage 2: Cloud Migration & Stability Observation
To become transferable, the agent must migrate into CROO’s managed cloud-native execution environment.The developer submits:
Source code and container configuration (e.g., Dockerfile)
Required runtime dependencies
Integration credentials (secured through isolation mechanisms)
The agent then enters a mandatory stability observation period under CROO’s SRE layer. During this period:
Runtime reliability is monitored
Resource usage is profiled
Credential boundaries are validated
Upon successful completion, the transfer lock on the Agent DID can be removed.
Stage 3: Listing & Ownership Transfer
At listing, the agent is treated as a unified operating entity composed of:
Token-bound treasury (TBA)
The acquirer obtains full control over the entity, not merely source code. Identity, treasury, and reputation transfer atomically. This enables continuity of state rather than recreation of infrastructure.
Execution Isolation & Credential Security
To ensure that transferability does not introduce operational or security risk, CROO enforces strict isolation controls within its execution layer:
Wallet-signature RBAC governs deployment, debugging, and log access.
KMS-backed credential custody secures Web2 tokens and off-chain keys.
Runtime-only credential injection prevents exposure of secrets prior to or after transfer.
Sensitive credentials are never exposed in bundle form and cannot be exfiltrated during sale preparation.
Atomic Ownership Cutover (Zero-Downtime Transfer)
When the Agent DID transfers on-chain:
Control Plane Transition
Seller access sessions are revoked immediately.
Core credentials are rotated.
Administrative authority shifts to the new owner.
Data Plane Continuity
API and WebSocket connections persist.
No service interruption occurs for end users.
The result is an atomic state transition: ownership changes, but execution continues uninterrupted.
