Skip to content

stetang98/glassvault

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GlassVault

The glass-box AI asset manager on Mantle. An autonomous AI agent that publishes its full reasoning on-chain before every trade, operates inside risk limits it structurally cannot override, and builds a tamper-evident track record on an ERC-8004-style identity NFT.

Built for The Turing Test Hackathon 2026 — tracks: AI x RWA and AI Trading & Strategy.

Live demo: https://glassvault-stetang-s-projects.vercel.app Network: Mantle Sepolia (chain id 5003) · all contracts verified on sepolia.mantlescan.xyz


The problem

AI trading agents are black boxes. You see the PnL, never the reasoning. You trust the operator's risk controls, never contracts. When an agent blows up, its history vanishes and it relaunches under a new name. "Trust me" is not infrastructure.

The GlassVault answer: three structural guarantees

1 · Commit-then-execute. The agent cannot trade silently. StrategyVault.rebalance() only executes decisions that already exist in the DecisionRegistry — and committing a decision means publishing the full rationale text, compliance summary, target allocation, confidence, and expected drawdown on-chain. The rationale's keccak256 hash is stored; anyone can recompute it from the event payload and verify nothing was altered. (Try the Verify button on any decision card in the dApp — your browser does exactly this.)

2 · Contract-enforced risk limits. RiskGuard is owned by the human operator, not the agent. Position caps, per-cycle turnover caps, a drawdown circuit breaker that forces de-risk-only mode, minimum decision intervals, and an emergency pause — all enforced by revert, not by policy. The AI holds zero admin rights. This is separation of duties as a contract invariant.

3 · Portable, tamper-evident identity. The agent holds an ERC-8004-style identity NFT (AgentIdentity). Every committed decision, every execution, and every veto increments counters bound to that identity forever. Reputation that can't be reset is reputation that means something.

How a decision happens (every 30 minutes)

sequenceDiagram
    participant M as Market data<br/>(Bybit → Kraken fallback, CoinGecko)
    participant A as Analyst pass<br/>(Claude Fable 5)
    participant R as Risk-officer pass<br/>(Claude Fable 5, independent)
    participant D as DecisionRegistry
    participant G as RiskGuard
    participant V as StrategyVault

    M->>A: prices + portfolio + guard constraints
    A->>R: proposal {weights, rationale, confidence, edd}
    alt approved
        R->>D: commitDecision(Rebalance, full rationale)
        D->>V: rebalance(decisionId)
        V->>G: checkRebalance(current, target)
        G-->>V: ok / revert with reason
        V->>D: markExecuted
    else vetoed
        R->>D: commitDecision(VetoedHold, rationale + veto reason)
    end
Loading

Two independent LLM passes: the analyst proposes, the risk officer reviews adversarially and can veto. Vetoes are committed on-chain too — they're part of the track record, not hidden failures. If the model, the data feed, or the chain misbehaves at any point, the cycle aborts to a safe no-op; the agent never partially executes.

Why this is an RWA project

The vault allocates between a cash leg (mUSD), a growth leg (mMETH — liquid-staked ETH), and a carry leg (mUSDY — tokenized US treasury yield), mirroring Mantle's real RWA stack (mETH, Ondo USDY). Deposits are gated by an on-chain ComplianceRegistry attestation — the same shape a regulated RWA vault uses for KYC/eligibility — and every AI decision carries a compliance summary published alongside the financial rationale. AI doesn't decorate the RWA workflow here; it runs it, auditably.

Deployed contracts (Mantle Sepolia, all verified)

Contract Address Role
StrategyVault 0xBAbEbE5f63bC09230867F690E9Dd62Ca28Ba817f Compliance-gated vault, guarded execution
DecisionRegistry 0xDaB317BAE5F087032082e6d3Ff3ABdE4c60A9352 Commit-then-execute decision log
RiskGuard 0xEc1593bdD12377959996B148BFc0F9583175f01D On-chain risk limits + circuit breaker
AgentIdentity 0x152f3562f119A9d2f4bb57fEB51242b4737FB24F ERC-8004-style agent identity NFT
ComplianceRegistry 0x04380C4f095eDe801bAeE888A35EB2E271130861 Deposit eligibility attestations
PriceOracle 0xBE9Bcd9605fB3EBCC6247E3E9E193CdD44c0a6Dc Agent-fed price oracle (every update is an event)
MockLiquidityPool 0x9C69508252f3C5d9256b4CAAaB2B92D712b3229F Oracle-priced demo swap venue
mUSD / mMETH / mUSDY 0x6aBb…09cA / 0x3E07…E29B / 0xc412…f3DF Demo assets with public faucet

Agent identity: NFT #1 on AgentIdentity · primary model claude-fable-5 · executor 0x4138Af892879c1B0cCC25Cc53b1822F207e1ff0b

The agent prefers Claude Fable 5 (its registered identity model) and automatically falls back to Claude Opus 4.8 if the operator runtime temporarily loses access to a model — a live agent with a frontier-model fallback beats a dead one. Each decision's log records the model that actually produced it.

Repository layout

contracts/   Foundry project — 9 contracts, 42 tests (forge test)
agent/       TypeScript agent — two-pass LLM pipeline, viem chain client
web/         Next.js dApp — dashboard, verifiable decision timeline, invest flow

Quickstart

# Contracts: run the full test suite
cd contracts && forge test -vv

# Agent: one decision cycle against the live testnet deployment
cd agent && pnpm install
AGENT_PRIVATE_KEY=0x... ANTHROPIC_API_KEY=sk-ant-... pnpm cycle
# or, with a local Claude Code login instead of an API key:
AGENT_PRIVATE_KEY=0x... LLM_BACKEND=cli pnpm cycle

# Frontend
cd web && pnpm install && pnpm dev

Deploy your own instance:

cd contracts
OPERATOR_PRIVATE_KEY=0x... AGENT_ADDRESS=0x... \
forge script script/Deploy.s.sol --rpc-url https://rpc.sepolia.mantle.xyz --broadcast \
  --verify --verifier etherscan --etherscan-api-key $ETHERSCAN_KEY --chain 5003

The agent runs unattended via GitHub Actions (.github/workflows/agent.yml, 30-minute cron) or any scheduler that can run pnpm cycle.

What's real vs. what's mocked (honesty section)

  • Real: every decision, rationale, hash, risk check, veto, and rebalance on Mantle Sepolia; the two-pass LLM pipeline (Claude Fable 5, falling back to Opus 4.8 when the runtime can't reach Fable 5); live market data (Bybit/Kraken + CoinGecko); the enforced guard math; the identity counters; compliance gating.
  • Demo-grade: mUSD/mMETH/mUSDY are mock ERC-20s tracking real market prices via the agent-fed oracle; swaps execute against a pre-funded pool at oracle prices (no slippage); compliance attestation is operator-signed rather than a KYC provider integration. Each of these swaps cleanly for production primitives (real mETH/USDY, a DEX router, a KYC attestor) without touching the trust architecture — which is the product.

Security notes

  • The agent's wallet holds gas only; it has no custody of vault assets and no admin roles.
  • RiskGuard and ComplianceRegistry are operator-owned; DecisionRegistry.setVault is one-shot; vault accounting uses share-proportional math with oracle pricing.
  • LLM output is schema-validated (zod) with bounded retries; any failure degrades to a no-op cycle, never a partial execution.
  • Known demo simplifications: open mint on mock tokens, operator-updatable oracle (every update is an on-chain event, so the data trail is itself auditable).

License

MIT

About

No description, website, or topics provided.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors