The glass-box AI asset manager on Mantle. An autonomous AI agent that publishes its full reasoning on-chain before every trade, operates inside risk limits it structurally cannot override, and builds a tamper-evident track record on an ERC-8004-style identity NFT.
Built for The Turing Test Hackathon 2026 — tracks: AI x RWA and AI Trading & Strategy.
Live demo: https://glassvault-stetang-s-projects.vercel.app Network: Mantle Sepolia (chain id 5003) · all contracts verified on sepolia.mantlescan.xyz
AI trading agents are black boxes. You see the PnL, never the reasoning. You trust the operator's risk controls, never contracts. When an agent blows up, its history vanishes and it relaunches under a new name. "Trust me" is not infrastructure.
1 · Commit-then-execute. The agent cannot trade silently. StrategyVault.rebalance() only executes decisions that already exist in the DecisionRegistry — and committing a decision means publishing the full rationale text, compliance summary, target allocation, confidence, and expected drawdown on-chain. The rationale's keccak256 hash is stored; anyone can recompute it from the event payload and verify nothing was altered. (Try the Verify button on any decision card in the dApp — your browser does exactly this.)
2 · Contract-enforced risk limits. RiskGuard is owned by the human operator, not the agent. Position caps, per-cycle turnover caps, a drawdown circuit breaker that forces de-risk-only mode, minimum decision intervals, and an emergency pause — all enforced by revert, not by policy. The AI holds zero admin rights. This is separation of duties as a contract invariant.
3 · Portable, tamper-evident identity. The agent holds an ERC-8004-style identity NFT (AgentIdentity). Every committed decision, every execution, and every veto increments counters bound to that identity forever. Reputation that can't be reset is reputation that means something.
sequenceDiagram
participant M as Market data<br/>(Bybit → Kraken fallback, CoinGecko)
participant A as Analyst pass<br/>(Claude Fable 5)
participant R as Risk-officer pass<br/>(Claude Fable 5, independent)
participant D as DecisionRegistry
participant G as RiskGuard
participant V as StrategyVault
M->>A: prices + portfolio + guard constraints
A->>R: proposal {weights, rationale, confidence, edd}
alt approved
R->>D: commitDecision(Rebalance, full rationale)
D->>V: rebalance(decisionId)
V->>G: checkRebalance(current, target)
G-->>V: ok / revert with reason
V->>D: markExecuted
else vetoed
R->>D: commitDecision(VetoedHold, rationale + veto reason)
end
Two independent LLM passes: the analyst proposes, the risk officer reviews adversarially and can veto. Vetoes are committed on-chain too — they're part of the track record, not hidden failures. If the model, the data feed, or the chain misbehaves at any point, the cycle aborts to a safe no-op; the agent never partially executes.
The vault allocates between a cash leg (mUSD), a growth leg (mMETH — liquid-staked ETH), and a carry leg (mUSDY — tokenized US treasury yield), mirroring Mantle's real RWA stack (mETH, Ondo USDY). Deposits are gated by an on-chain ComplianceRegistry attestation — the same shape a regulated RWA vault uses for KYC/eligibility — and every AI decision carries a compliance summary published alongside the financial rationale. AI doesn't decorate the RWA workflow here; it runs it, auditably.
| Contract | Address | Role |
|---|---|---|
| StrategyVault | 0xBAbEbE5f63bC09230867F690E9Dd62Ca28Ba817f |
Compliance-gated vault, guarded execution |
| DecisionRegistry | 0xDaB317BAE5F087032082e6d3Ff3ABdE4c60A9352 |
Commit-then-execute decision log |
| RiskGuard | 0xEc1593bdD12377959996B148BFc0F9583175f01D |
On-chain risk limits + circuit breaker |
| AgentIdentity | 0x152f3562f119A9d2f4bb57fEB51242b4737FB24F |
ERC-8004-style agent identity NFT |
| ComplianceRegistry | 0x04380C4f095eDe801bAeE888A35EB2E271130861 |
Deposit eligibility attestations |
| PriceOracle | 0xBE9Bcd9605fB3EBCC6247E3E9E193CdD44c0a6Dc |
Agent-fed price oracle (every update is an event) |
| MockLiquidityPool | 0x9C69508252f3C5d9256b4CAAaB2B92D712b3229F |
Oracle-priced demo swap venue |
| mUSD / mMETH / mUSDY | 0x6aBb…09cA / 0x3E07…E29B / 0xc412…f3DF |
Demo assets with public faucet |
Agent identity: NFT #1 on AgentIdentity · primary model claude-fable-5 · executor 0x4138Af892879c1B0cCC25Cc53b1822F207e1ff0b
The agent prefers Claude Fable 5 (its registered identity model) and automatically falls back to Claude Opus 4.8 if the operator runtime temporarily loses access to a model — a live agent with a frontier-model fallback beats a dead one. Each decision's log records the model that actually produced it.
contracts/ Foundry project — 9 contracts, 42 tests (forge test)
agent/ TypeScript agent — two-pass LLM pipeline, viem chain client
web/ Next.js dApp — dashboard, verifiable decision timeline, invest flow
# Contracts: run the full test suite
cd contracts && forge test -vv
# Agent: one decision cycle against the live testnet deployment
cd agent && pnpm install
AGENT_PRIVATE_KEY=0x... ANTHROPIC_API_KEY=sk-ant-... pnpm cycle
# or, with a local Claude Code login instead of an API key:
AGENT_PRIVATE_KEY=0x... LLM_BACKEND=cli pnpm cycle
# Frontend
cd web && pnpm install && pnpm devDeploy your own instance:
cd contracts
OPERATOR_PRIVATE_KEY=0x... AGENT_ADDRESS=0x... \
forge script script/Deploy.s.sol --rpc-url https://rpc.sepolia.mantle.xyz --broadcast \
--verify --verifier etherscan --etherscan-api-key $ETHERSCAN_KEY --chain 5003The agent runs unattended via GitHub Actions (.github/workflows/agent.yml, 30-minute cron) or any scheduler that can run pnpm cycle.
- Real: every decision, rationale, hash, risk check, veto, and rebalance on Mantle Sepolia; the two-pass LLM pipeline (Claude Fable 5, falling back to Opus 4.8 when the runtime can't reach Fable 5); live market data (Bybit/Kraken + CoinGecko); the enforced guard math; the identity counters; compliance gating.
- Demo-grade: mUSD/mMETH/mUSDY are mock ERC-20s tracking real market prices via the agent-fed oracle; swaps execute against a pre-funded pool at oracle prices (no slippage); compliance attestation is operator-signed rather than a KYC provider integration. Each of these swaps cleanly for production primitives (real mETH/USDY, a DEX router, a KYC attestor) without touching the trust architecture — which is the product.
- The agent's wallet holds gas only; it has no custody of vault assets and no admin roles.
RiskGuardandComplianceRegistryare operator-owned;DecisionRegistry.setVaultis one-shot; vault accounting uses share-proportional math with oracle pricing.- LLM output is schema-validated (zod) with bounded retries; any failure degrades to a no-op cycle, never a partial execution.
- Known demo simplifications: open
minton mock tokens, operator-updatable oracle (every update is an on-chain event, so the data trail is itself auditable).
MIT