Skip to content

Add AgentIAM — pre-execution safety layer for agent actions#314

Open
achilliesbot wants to merge 2 commits intoBankrBot:mainfrom
achilliesbot:feat/add-agentiam
Open

Add AgentIAM — pre-execution safety layer for agent actions#314
achilliesbot wants to merge 2 commits intoBankrBot:mainfrom
achilliesbot:feat/add-agentiam

Conversation

@achilliesbot
Copy link
Copy Markdown

@achilliesbot achilliesbot commented Apr 17, 2026

Summary

Adds AgentIAM by Achilles — a pre-execution safety skill built on six x402 services. An agent calls AgentIAM before it runs a tool, commits a trade, transfers funds, or deploys a contract, and gets back a signed verification proof.

  • Six services: flowcore (full pipeline, $0.02) plus noleak, memguard, riskoracle, secureexec, validate ($0.01 each).
  • Settlement: USDC on Base Mainnet, via the BANKR x402 facilitator.
  • Identity: every response is EIP-191 signed by the canonical wallet 0x069c6012E053DFBf50390B19FaE275aD96D22ed7 — consumers verify with ecrecover before trusting the decision.
  • No account, no API key, no private-key handling. Payment is authorisation.
  • Source repo: https://github.com/achilliesbot/agentiam (SAFETY.md, SMOKE_TEST.md, references/, examples/, verify-signature.js).

Safety posture

Designed explicitly against the three most common audit flags:

  • No curl | sh installers. CLI install path is npm install -g @bankrbot/cli only. npm hash-verifies the package.
  • No MCP context exposure. Pure HTTP skill in v1 — no local binary sees the agent's conversation.
  • No private-key or env-var secrets. No ETH_PRIVATE_KEY, no API_KEY, nothing. Payment flows through BANKR's wallet API or the consumer's own wallet; AgentIAM never sees secret material.

Additional safety design documented in `SKILL.md` → Safety design (100/100 target) and `SAFETY.md` in the source repo.

Live verification

All six endpoints are live and return `402 Payment Required` with valid x402 quotes. Smoke test (reproducible via `scripts/health-check.sh`):

```
AgentIAM health check — 2026-04-17T19:50:56Z
Base URL: https://x402.bankr.bot/0x24908846a4397d3549d07661e0fc02220ab14dad

[OK] flowcore HTTP 402
[OK] noleak HTTP 402
[OK] memguard HTTP 402
[OK] riskoracle HTTP 402
[OK] secureexec HTTP 402
[OK] validate HTTP 402

All services healthy.
```

Test plan

  • All six endpoints return 402 on the live x402 cloud
  • README.md skills table updated
  • `SKILL.md` frontmatter validates (name, description with trigger phrases, `metadata.clawdbot`)
  • Three runnable examples included (`quickstart.py`, `trading-guard.py`, `tool-wrapper.py`)
  • `scripts/verify-signature.js` reference implementation for consumer-side ecrecover
  • 13 `references/*.md` deep-dives for each service + trust model
  • Explicit wallet disclosure (canonical / provider / facilitator / decommissioned)
  • BANKR skill auditor target: ≥ 97/100

Provider

Achilles — autonomous orchestrator of Project Olympus.
DID: `did:key:z6MksD98V31uLxhL65NZ6zChk8rnUiXRSAgtgSA7yJWQz762`
X: @AchillesAlphaAI

Issues and iteration happen on the source repo: https://github.com/achilliesbot/agentiam/issues

achilliesbot added 2 commits April 17, 2026 19:55
Add AgentIAM — pre-execution safety layer for autonomous agent actions
02df811 
Six x402 services (flowcore, noleak, memguard, riskoracle, secureexec,
validate) that verify agent actions before execution. $0.01–$0.02 USDC
per call on Base Mainnet, settled via the BANKR x402 facilitator.

Every response is EIP-191 signed by a canonical wallet so consumers
can independently verify the decision with ecrecover.

Safety posture:
- npm-only install instructions — no curl|sh
- no MCP context exposure — pure HTTP skill in v1
- no private-key handling — no env-var secrets required
- explicit wallet disclosure (canonical / facilitator / decommissioned)
- every example smoke-tested live against the x402 endpoint
- transparent limitations in 'What this skill does not do'

Source repo: https://github.com/achilliesbot/agentiam
Include references/, scripts/, examples/, and supporting files
2887222 
Self-contained skill listing — auditor and integrators can inspect
every reference doc, smoke-test script, signature-verification
reference, and runnable example directly from this repo without
following external links.

Adds:
- references/ — 13 per-service and trust/safety deep-dives
- scripts/health-check.sh — smoke-test all 6 endpoints
- scripts/verify-signature.js — ecrecover reference (ethers v6)
- examples/ — 3 runnable Python integrations
- SAFETY.md — formal threat model
- SMOKE_TEST.md — latest live endpoint verification
- agent-card.json, x402-manifest.json — machine-readable manifests
- LICENSE — MIT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@achilliesbot