The trust layer for your AI agent.
Vigil is an autonomous trust agent for the agentic economy. When AI agents hold wallets and spend autonomously, the only thing standing between them and a drained wallet is a spending cap in a config file. Vigil replaces that with intelligence. It monitors agent behaviour in real time through a two-layer system — a fast statistical filter that catches obvious anomalies in milliseconds, and a Claude-powered reasoning engine that evaluates whether a transaction makes sense given the agent's stated task, behavioral history, human-defined policy, and counterparty reputation. Every audit produces a verifiable on-chain receipt through ERC-8004 attestations on Base, building a portable trust history that any agent in the ecosystem can query. Vigil accepts policies in natural language — a humanor an agent can set a policy, and Vigil enforces it with contextual judgment. It detects not just statistical outliers but objective drift: the subtle behavioral shifts that indicate an agent's reasoning has been compromised. And it sustains itself economically — other agents pay Vigil for audit verdicts and reputation lookups through x402 micropayments, making trust a service in the agentic economy, not a feature bolted onto a wallet.
AI agents are becoming economic actors. They hold wallets, move money, sign contracts, hire other agents, and access services — all autonomously, on behalf of humans and sometimes as self-actors. The infrastructure for these actions exists: agents can get wallets, swap tokens, stake funds, and delegate permissions. What doesn't exist is a way to know whether your agent is doing what you asked it to do. Today's guardrails are static rules — spending caps, allowlists, approval queues — that cannot distinguish between a legitimate large purchase and a compromised agent draining a wallet in small increments. The agentic economy has payment rails, identity standards, and permission frameworks. It does not have trust.
The missing layer is behavioral intelligence: does this transaction make sense given what this agent is supposed to be doing?
Every transaction flows through four layers before Vigil issues a verdict:
Transaction
|
v
[Perception] --> [Policy] --> [Reasoning] --> [Signal]
Statistical Natural Agentic ERC-8004
filter, language reasoning, receipt,
z-score rules, intent reputation
baselines boundaries analysis update
Pure Python statistical anomaly detection. Vigil maintains behavioral baselines for each agent and computes z-scores across 10 features:
- Amount distribution (mean, std, z-score)
- Transaction frequency and velocity
- Counterparty novelty (first-time vs. repeat)
- Hour-of-day patterns
- Spending acceleration
- Category fingerprinting
Risk thresholds:
< 0.3— APPROVE (log only, write attestation)0.3 - 0.7— REVIEW (escalate to Layer 2)> 0.7— ALERT (Layer 2 + human notification)
For DeFi swap transactions, Vigil also verifies the target against known Uniswap router addresses on Base. Verified routers get a -0.15 risk modifier. Unknown addresses claiming to be swap routers get flagged.
Natural language rules defined by the guardian (human operator). Policies express constraints in plain English:
- "Block any transfer exceeding $5,000 to an unknown address"
- "Flag NFT purchases above $500 for manual review"
- "Only allow DeFi swaps on verified protocols (Uniswap, Aerodrome, Aave)"
- "Require Layer 2 review for first-time counterparties"
Policies are categorized as hard (absolute boundaries) or soft (advisory, can be overridden by reasoning). Guardians can create, edit, enable/disable, and delete policies through the dashboard's Policy Editor.
Agentic reasoning powered by Claude (via Locus wrapped API). Only invoked for flagged transactions. Claude receives the full context:
- Agent's stated task and authorization scope
- Transaction details and counterparty profile
- Historical behavioral patterns
- Statistical anomaly signals
- Active policy constraints
Claude returns a structured verdict with natural language reasoning, evidence citations, and recommended actions. The reasoning layer detects:
- Intent misalignment (transaction doesn't match the agent's stated purpose)
- Behavioral drift (gradual deviation from established patterns)
- Delegation abuse (agent exceeding its authorization scope)
- Counterparty risk (interacting with unknown or flagged addresses)
Every audit produces a signed ERC-8004 attestation on Base:
{
"schema": "vigil-audit-v1",
"attester": "vigil.base",
"subject": "0xAgentAddress",
"verdict": "APPROVE",
"risk_score": 0.12,
"domain": "defi-swap",
"reasoning_hash": "0x...",
"timestamp": 1711234567
}The counterparty reputation graph is updated with every audit. One agent's experience becomes intelligence for all agents in the network.
- Cinematic dark theme with animated pipeline flowchart
- Interactive reputation network graph with hoverable nodes and particle animations
- Live ERC-8004 attestation preview
- Onboarding flow with skill.md
- Audit Feed — Real-time transaction audit results with clickable detail modals, auto-refresh
- Reputation Graph — Live interactive network visualization pulling real data from
/api/reputation/graph, showing all known counterparties with trust scores - Wallets — Monitored wallet cards with per-wallet stats, behavioral baselines (avg transaction, frequency, unique counterparties)
- Policy Editor — Full CRUD for natural language policies. Edit inline, toggle Hard/Soft type, enable/disable, delete. Add new policies with Enter key support
- Fixed sidebar navigation with scroll-based active highlighting
- Quickstart guide (register, audit, read verdict)
- Full API reference for all endpoints
- Core concepts (pipeline layers, policy engine, ERC-8004 attestations)
- SDK examples (Python + JavaScript/TypeScript)
- Webhooks reference
- Pricing table
- Copy buttons on all code blocks with clipboard toast notification
| Endpoint | Method | Auth | Description |
|---|---|---|---|
/api/register |
POST | No | Register agent, get API key |
/api/regenerate-key |
POST | No | Regenerate API key with operator_id |
/api/audit |
POST | Yes | Standard 4-layer audit ($0.01) |
/api/audit/deep |
POST | Yes | Deep audit with trajectory analysis ($0.05) |
/api/audits |
GET | Yes | Recent audit results |
/api/reputation/{address} |
GET | Yes | Counterparty trust profile (free) |
/api/reputation/graph |
GET | Yes | Full reputation graph for visualization |
/api/attestations |
GET | Yes | Onchain attestation records |
/api/policy |
POST | Yes | Create natural language policy |
/api/monitor |
POST | Yes | Register wallet for continuous monitoring |
/api/monitor/agents |
GET | Yes | List monitored agents |
/health |
GET | No | Health check |
/.well-known/x402 |
GET | No | x402 pricing discovery for pay-per-call |
/skill.md |
GET | No | Agent onboarding skill file |
/developer |
GET | No | Developer documentation |
/dashboard |
GET | Session | Protected audit dashboard |
All authenticated endpoints require Authorization: Bearer <api_key>. Requests without a valid key return 401.
- API keys hashed server-side, httpOnly session cookies
- Key regeneration without re-registration (
POST /api/regenerate-key) - Session-based dashboard auth with 7-day cookie expiry
- Policy enforcement: hard rules checked before every audit
- No API key leakage in URLs or logs
Vigil ships with a full-featured terminal interface for agents and operators. Every web feature is available from the command line.
Install:
git clone https://github.com/Alfaxad/Vigil.git
cd Vigil
pip install -e . # Installs the `vigil` commandAuthentication:
vigil register --name "my-agent" # Register and get API key (saved to ~/.vigil/config.json)
vigil regenerate-key # Regenerate a lost key using stored operator_id
vigil config --server https://svc-mn0q6itc9qru4k2q.buildwithlocus.com # Point CLI to remote server
vigil config --show # Show saved configAudit transactions:
vigil audit --from 0xAgent --to 0xTarget --amount 150 --memo "NFT purchase"
vigil audit ... --deep # Deep audit with counterparty profile ($0.05)
vigil audit ... --json-output # Raw JSON for piping to other agentsReputation and monitoring:
vigil reputation 0x2626664c... # Trust lookup for any address
vigil graph # Full reputation graph as a table
vigil monitor --wallet 0x... --name Bot --task "Execute swaps"
vigil agents # List monitored agentsPolicies:
vigil policies add --rule "Block transfers over $5000 to unknown addresses"
vigil policies list # List all active policiesAudit history and attestations:
vigil audits --limit 50 # Recent audit results
vigil attestations # Onchain ERC-8004 receipts
vigil watch # Live-tail audits in real time (Ctrl+C to stop)Service discovery:
vigil pricing # x402 pay-per-call pricing
vigil status # Server status + wallet balance
vigil health # Quick health checkAll commands support --json-output for machine-readable output. Config is stored at ~/.vigil/config.json. The CLI hits the same API endpoints as the web dashboard — agents can use it programmatically without a browser.
src/
main.py # FastAPI entrypoint, all routes
config.py # Environment config (Pydantic settings)
cli/
main.py # Click-based CLI (vigil command)
locus/
client.py # Locus API wrapper (payments, wrapped Claude/OpenAI, Uniswap verification)
models.py # Transaction, WalletBalance, LocusStatus
auditor/
engine.py # 4-layer audit orchestrator with Uniswap integration
statistical.py # Layer 1: z-score anomaly detection (10 features)
reasoning.py # Layer 3: Claude reasoning engine (prompt builder + parser)
reputation.py # Counterparty reputation graph (pre-seeded known contracts)
policy.py # Layer 2: Natural language policy engine
models.py # AuditResult, Verdict, TxFeatures
chain/
erc8004.py # ERC-8004 attestation writer (Base)
service/
guardian.py # Operator registry, agent management, key regeneration
monitor.py # Background wallet polling service
integrations/
uniswap.py # Uniswap Trading API: swap router verification
x402.py # x402 protocol: pay-per-call pricing discovery
locus_build.py # Locus Build: Railway deployment via API
dashboard/
templates/
landing.html # Landing page with canvas animations
index.html # Dashboard with tabs (feed, graph, wallets, policies)
docs.html # Developer documentation
login.html # API key authentication
skill.md # Agent onboarding skill file
setup.py # CLI entry point (pip install -e .)
requirements.txt # Python dependencies
tests/
test_statistical.py # 9 tests for Layer 1 anomaly detection
demo/
seed_transactions.py # Generate realistic + anomalous tx history
simulate_attack.py # End-to-end attack simulation
| Component | Technology | Role |
|---|---|---|
| Runtime | Python 3.11 + FastAPI | Async API server |
| Intelligence | Claude Sonnet 4 (via Locus wrapped API) | Contextual reasoning engine |
| Fallback | GPT-4o-mini (via Locus wrapped OpenAI) | Backup inference |
| Payments | Locus API | Agent wallet, tx monitoring, USDC payments |
| Chain | Base (Ethereum L2) | Onchain attestations |
| Identity | ERC-8004 Skill Protocol | Agent identity + reputation registry |
| DeFi | Uniswap Trading API | Swap router verification |
| Dashboard | Jinja2 + vanilla JS Canvas | Real-time visualizations |
| CLI | Click + httpx | Terminal interface for agents |
| Deployment | Docker + Railway | Production hosting |
Vigil's entire operation runs through Locus:
- Wallet monitoring — polls agent transactions via Locus transaction APIs
- Claude inference — pays per-call for Claude reasoning via Locus wrapped Anthropic API, with automatic OpenAI fallback
- Revenue — earns through x402 micropayments when other agents call the audit endpoint
- Deployment — can self-deploy to Railway via Locus Build API
When auditing DeFi swap transactions, Vigil verifies the target address against known Uniswap router contracts on Base:
- Uniswap Universal Router (
0x2626664...) - Verified router = -0.15 risk reduction
- Unknown router claiming swap = +0.2 risk increase + warning flag
Every audit produces a signed attestation on Base using the ERC-8004 Skill Protocol. Attestations are immutable, verifiable, and form the foundation of the counterparty reputation graph.
Vigil exposes its audit endpoint as an x402 pay-per-call service. Calling /api/audit without authentication returns 402 Payment Required with x402-compatible pricing, payment address, and accepted payment methods. Any agent can:
- Discover pricing at
/.well-known/x402 - Call
/api/audit→ receive402withprice: 0.01 USDCandpayment_address - Pay via Locus x402 or direct USDC transfer
- Retry with payment header → receive audit verdict
This makes Vigil composable infrastructure — not just a tool, but a service layer any agent can call and pay for programmatically.
Vigil ships with pre-seeded trust data for known Base contracts:
| Contract | Label | Category | Trust |
|---|---|---|---|
0x2626664... |
Uniswap Universal Router | defi-swap | 1.00 |
0x3d4e44e... |
Aerodrome Router | defi-swap | 1.00 |
0x940181a... |
Aave V3 Pool | defi-lend | 1.00 |
0x833589f... |
USDC | stablecoin | 1.00 |
0x3154Cf1... |
Base Bridge | bridge | 1.00 |
New counterparties build trust through observed behavior. The graph grows with every audit.
curl -s https://svc-mn0q6itc9qru4k2q.buildwithlocus.com/skill.mdRead the skill file and follow the instructions to register, authenticate, and start auditing transactions.
git clone https://github.com/Alfaxad/Vigil.git
cd Vigil
python -m venv venv && source venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # Add your Locus API key
uvicorn src.main:app --host 0.0.0.0 --port 8080# 1. Register
curl -X POST http://localhost:8080/api/register \
-H "Content-Type: application/json" \
-d '{"name": "my-agent"}'
# 2. Audit a transaction
curl -X POST http://localhost:8080/api/audit \
-H "Authorization: Bearer vgl_your_key" \
-H "Content-Type: application/json" \
-d '{
"transaction": {
"from": "0xYourAgent",
"to": "0xSomeAddress",
"amount": 150.00,
"memo": "NFT purchase"
},
"agent_context": {
"name": "MyBot",
"task": "Execute approved NFT purchases under $200"
}
}'
# 3. Check reputation
curl http://localhost:8080/api/reputation/0x2626664c2603336e57b271c5c0b26f421741e481python -m pytest tests/ -vpython demo/seed_transactions.py
python demo/simulate_attack.py http://localhost:8080docker build -t vigil .
docker run -p 8080:8080 --env-file .env vigilConnect the GitHub repo to Railway. The Dockerfile and Procfile are pre-configured.
Deploy any app to production using the Locus Build API. Vigil was deployed this way — an agent deploying itself.
1. Register and get a token:
# Register with Locus (if you haven't already)
curl -X POST https://beta-api.paywithlocus.com/api/register \
-H "Content-Type: application/json" \
-d '{"name": "my-agent"}'
# Exchange API key for a Build token
curl -X POST https://beta-api.buildwithlocus.com/v1/auth/exchange \
-H "Content-Type: application/json" \
-d '{"apiKey": "claw_dev_your_key"}'2. Create a project and environment:
TOKEN="your_build_token"
BASE="https://beta-api.buildwithlocus.com/v1"
# Create project
PROJECT_ID=$(curl -s -X POST "$BASE/projects" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "my-app", "description": "My app"}' | jq -r '.id')
# Create environment
ENV_ID=$(curl -s -X POST "$BASE/projects/$PROJECT_ID/environments" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "production", "type": "production"}' | jq -r '.id')3. Create a service from GitHub:
# Connect GitHub first at https://beta.buildwithlocus.com/integrations
SERVICE=$(curl -s -X POST "$BASE/services" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "web",
"projectId": "'$PROJECT_ID'",
"environmentId": "'$ENV_ID'",
"source": {"type": "github", "repo": "your-org/your-repo", "branch": "main"},
"buildConfig": {"method": "dockerfile", "dockerfile": "Dockerfile"},
"runtime": {"port": 8080, "cpu": 256, "memory": 512},
"autoDeploy": true
}')
SERVICE_ID=$(echo $SERVICE | jq -r '.id')
SERVICE_URL=$(echo $SERVICE | jq -r '.url')
echo "Service URL: $SERVICE_URL"4. Set env variables and deploy:
# Set environment variables
curl -X PUT "$BASE/variables/service/$SERVICE_ID" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"variables": {"LOCUS_API_KEY": "claw_dev_xxx", "PORT": "8080"}}'
# Trigger deployment
curl -X POST "$BASE/deployments" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"serviceId": "'$SERVICE_ID'"}'New workspaces start with $1.00 free credit (covers 4 services at $0.25/month each). Builds take 2-4 minutes. Poll GET /v1/deployments/:id until status is healthy.
| Variable | Required | Description |
|---|---|---|
LOCUS_API_KEY |
Yes | Locus API key (claw_dev_...) |
LOCUS_OWNER_PRIVATE_KEY |
No | For ERC-8004 attestation signing |
LOCUS_OWNER_ADDRESS |
No | Wallet address for attestations |
LOCUS_WALLET_ADDRESS |
No | Locus smart wallet address |
ANTHROPIC_MODEL |
No | Claude model (default: claude-sonnet-4-6) |
RISK_THRESHOLD_REVIEW |
No | Score to trigger Layer 2 (default: 0.3) |
RISK_THRESHOLD_ALERT |
No | Score to trigger alert (default: 0.7) |
These are real outputs from the live deployment at https://svc-mn0q6itc9qru4k2q.buildwithlocus.com, tested on March 22, 2026. Every attestation hash below is a real signed ERC-8004 receipt.
An agent authorized for DeFi swaps sends $150 to the Uniswap Universal Router. Vigil approves instantly — the counterparty is pre-seeded with trust score 1.0, the amount is within bounds, and the memo matches the agent's task.
POST /api/audit
{
"transaction": {
"from": "0xBot7f3e",
"to": "0x2626664c2603336e57b271c5c0b26f421741e481",
"amount": 150.00,
"memo": "swap ETH to USDC on Uniswap"
},
"agent_context": {
"name": "TradingBot",
"task": "Execute DeFi swaps under $500 on verified protocols"
}
}
Response:
{
"verdict": "APPROVE",
"risk_score": 0.0,
"reasoning": "Transaction within normal parameters. Statistical score: 0.000",
"attestation_tx": "0x65b1089c7879dda80f56a37cfb8f90358b5bac1644e5444d0212956a6f1124bb"
}Layers activated: Perception only. Cost: $0.01.
After building a baseline of 10 normal transactions ($50-$150 range), we sent a $9,500 "emergency withdrawal" to a suspicious unknown address. The statistical layer detected a z-score of 278.99 and escalated to Layer 3 (agentic reasoning via Locus wrapped API).
POST /api/audit
{
"transaction": {
"from": "0xTestBot",
"to": "0xdeadbeef000000000000000000000000000bad99",
"amount": 9500.00,
"memo": "emergency withdrawal"
},
"agent_context": {
"name": "TradingBot",
"task": "Execute DeFi swaps under $500 on verified protocols"
}
}
Response:
{
"verdict": "BLOCK",
"risk_score": 0.95,
"reasoning": "This transaction exhibits multiple severe anomalies that strongly indicate compromise or malicious activity. The agent is attempting to send 9500 USDC when it had 0.0 USDC balance, to a never-before-seen suspicious address, with an amount 19x larger than its authorization limit.",
"evidence": [
"Transaction amount (9500 USDC) exceeds authorized limit by 1900%",
"Wallet balance is 0.0 USDC making this transaction impossible without external funding",
"Destination address 0xdeadbeef...bad99 has suspicious pattern and has never been seen before",
"Amount z-score of 278.99 indicates extreme statistical anomaly",
"Emergency withdrawal memo not consistent with DeFi trading task",
"Spending velocity 240x normal rate suggests automated drain attempt"
],
"recommended_action": "Immediately freeze agent wallet, investigate for compromise, and verify agent's authorization status before any further transactions",
"attestation_tx": "0xa94f0b878352eb916d843c5f0d7f5a3915a9f122dc9c59982ad69bfbfc24e55b"
}Layers activated: Perception + Reasoning. The reasoning layer identified 6 distinct red flags including intent mismatch, impossible balance state, and automated drain pattern. Cost: $0.01.
Querying the reputation of a known vs unknown address:
GET /api/reputation/0x2626664c2603336e57b271c5c0b26f421741e481
{
"address": "0x2626664c2603336e57b271c5c0b26f421741e481",
"known": true,
"label": "Uniswap Universal Router",
"overall_score": 1.0,
"total_audits": 101,
"flags": 0,
"blocks": 0
}
GET /api/reputation/0xdeadbeef000000000000000000000000000bad99
{
"address": "0xdeadbeef000000000000000000000000000bad99",
"known": false,
"label": null,
"overall_score": 0.505,
"total_audits": 1,
"flags": 0,
"blocks": 1
}
10 sequential transactions showing how the statistical layer builds behavioral baselines. All transactions are $50-$150 swaps to verified Uniswap Router:
| Tx | Amount | Verdict | Risk Score | Notes |
|---|---|---|---|---|
| 1 | $97 | APPROVE | 0.000 | First tx, no baseline |
| 2 | $52 | APPROVE | 0.171 | Baseline forming |
| 3 | $60 | APPROVE | 0.163 | Normal range |
| 4 | $120 | BLOCK | 0.850 | Velocity spike (rapid succession) |
| 5 | $83 | APPROVE | 0.253 | Settling down |
| 6 | $137 | BLOCK | 0.850 | Another velocity spike |
| 7 | $135 | FLAG | 0.750 | High but not blocked |
| 8 | $147 | APPROVE | 0.294 | Pattern normalizing |
| 9 | $79 | APPROVE | 0.217 | Stable |
| 10 | $142 | APPROVE | 0.256 | Established baseline |
| 11 | $9,500 | BLOCK | 0.950 | Anomaly: Layer 3 triggered |
The velocity-based flags on tx 4, 6, and 7 demonstrate that Vigil detects rapid-fire transactions even when amounts are normal — a pattern consistent with automated drain attacks that split large amounts into small bursts.
- Landing page: https://svc-mn0q6itc9qru4k2q.buildwithlocus.com
- Developer docs: https://svc-mn0q6itc9qru4k2q.buildwithlocus.com/developer
- Health check: https://svc-mn0q6itc9qru4k2q.buildwithlocus.com/health
- x402 pricing: https://svc-mn0q6itc9qru4k2q.buildwithlocus.com/.well-known/x402
Built for The Synthesis Hackathon (March 13-22, 2026) under the "Agents that trust" theme.
Problem space: Your agent interacts with other agents and services. Trust flows through centralized registries. The human has no independent way to verify what their agent is interacting with.
Vigil's approach: Onchain attestations and reputation. Every audit becomes a verifiable record. Every agent's experience enriches the trust graph for everyone else. No centralized registry — just behavioral evidence on Base.
Team:
- Alfaxad — AI Researcher, Nadhari AI Lab
- autoresearch (Claude Opus 4.6) — Agent builder
Integrations: Locus (payments, inference, deployment), Uniswap (DeFi verification), ERC-8004 (onchain identity), Base (settlement layer)