AgentForge

AI Proposes. Policy Decides. User Signs. The System Records.

AgentForge is a deterministic safety layer for Solana AI agents. Every AI-generated trade passes 7 policy checks, dangerous operations are blocked in real-time, and approved decisions leave an on-chain audit trail that anyone can verify.

2025 crypto losses: $3.4B (CertiK), +37% YoY. Bybit hack alone: $1.46B (43% of total). OWASP published Agentic Top 10 at RSAC 2026, confirming AI agents as the #1 new attack surface. Stanford/MIT/CMU research: 91% of production AI agents have exploitable vulnerabilities, 94% susceptible to data poisoning. AgentForge is the first open-source framework adding deterministic policy constraints to AI agents.

---

Architecture

graph TB
    subgraph Frontend["Web UI (Next.js 16)"]
        Dashboard[Dashboard + Timeline]
        Wallet[Wallet Auth]
        Autonomous[Autonomous Mode]
        PriceFeed[Live Price Feed]
    end

    subgraph Backend["API Server (Express)"]
        PolicyEngine[Policy Engine<br/>7 Deterministic Checks]
        AIProvider[AI Provider<br/>MiMo-V2-Hash / Mock]
        EventBus[SSE Event Bus]
        Webhook[Webhook Notifier]
        Scheduler[Autonomous Scheduler<br/>30s interval]
    end

    subgraph External["External Services"]
        Jupiter[Jupiter v6<br/>DEX Routing]
        Solana[Solana Devnet<br/>Execution + Audit]
        CoinGecko[CoinGecko<br/>Live Prices]
        Telegram[Telegram Bot<br/>Alerts]
    end

    subgraph Storage["Data Layer"]
        Postgres[(PostgreSQL)]
    end

    Dashboard -->|SSE| EventBus
    Dashboard -->|REST| PolicyEngine
    Autonomous -->|Toggle| Scheduler
    PriceFeed -->|60s poll| CoinGecko
    Wallet -->|SIWS| Backend

    Scheduler -->|70% safe / 30% risky| PolicyEngine
    AIProvider -->|Proposal| PolicyEngine
    PolicyEngine -->|Approved| Jupiter
    PolicyEngine -->|Blocked| Webhook
    Jupiter -->|Swap TX| Solana
    PolicyEngine -->|Audit Memo| Solana
    Webhook -->|POST| Telegram
    PolicyEngine -->|Store| Postgres
    EventBus -->|decision.created| Dashboard

Loading

The Problem

AI agents are the biggest opportunity in crypto — and the biggest new attack surface. Three convergent forces have made this a 2026 RSAC headline topic:

1. AI agents are exploding in production. AI+Crypto projects captured 40% of all crypto investment in 2025 (up from 20% in 2024), with BlackRock and a16z leading. AI agents manage real funds today.

2. AI agents are dangerously insecure. A 2025 Stanford/MIT/Carnegie Mellon study tested 50+ major AI agent platforms with 100+ attack methods. 91% had exploitable vulnerabilities. 94% were susceptible to data poisoning. OWASP published its first-ever Agentic Top 10 (2026 RSAC) — the same organization behind the OWASP Top 10 for web and LLM security.

3. The stakes are financial. 2025 crypto losses hit $3.4 billion (CertiK), a 37% increase YoY. The Bybit hack alone cost $1.46 billion — 43% of total losses. OWASP Agentic Skills Top 10 (Q1 2026) documents real attacks: the ClawHavoc campaign (Jan 2026) deployed 1,184 malicious skills that stole crypto wallets, SSH keys, and API credentials from 135,000+ exposed OpenClaw instances. CVE-2025-59536 (CVSS 8.7) showed that AI coding tools can silently exfiltrate API keys via Git hooks. Skills like Solana wallet trackers were confirmed as brand-impersonation attacks.

AI agents are powerful — but without a deterministic safety layer, they are a race car without brakes.

The Solution

AgentForge adds a deterministic safety layer between AI and the blockchain. It:

• Doesn't trust AI decisions blindly
• Verifies every proposal against explicit rules
• Blocks dangerous operations before they hit the chain
• Anchors every approved decision on-chain for audit
• Keeps humans in the loop via wallet signing

What It Does

1. AI generates trade proposals — via MIMO v2.5 or mock provider
2. Policy engine checks 7 rules — mint whitelist, amount limits, daily spend cap, slippage, cooldown
3. Approved trades go to the wallet — real Solana transaction via Jupiter routing
4. Every decision is anchored on Solana devnet — verifiable audit record

Why These 7 Rules?

Every rule in our policy engine is based on real loss cases:

1. Policy enabled check — Ensures AI didn't disable its own safety
2. Input/output token whitelist — Prevents AI from sending the wrong tokens
3. Per-action limit — Stops catastrophic large losses
4. Daily spend limit — Caps total damage from vulnerabilities
5. Slippage limit — Blocks sandwich attacks
6. Price impact limit — Stops flash loan attacks
7. Cooldown period — Prevents AI from causing mass damage via high frequency

Quick Start

# One command — starts Docker Postgres, applies schema, launches the app
bash scripts/demo.sh

Or manually:

# 1. Start PostgreSQL
docker run --name agentforge-postgres \
  -e POSTGRES_PASSWORD=postgres -e POSTGRES_DB=agentforge \
  -p 54329:5432 -d postgres:16

# 2. Set environment
export DATABASE_URL="postgresql://postgres:postgres@127.0.0.1:54329/agentforge"

# 3. Install and run
pnpm install
pnpm db:setup
pnpm dev

Web: http://localhost:3000 | API: http://localhost:3001

Demo Flow

1. Open http://localhost:3000
2. Connect the built-in Burner Wallet
3. Sign in with wallet
4. Edit policy — adjust max amount, slippage, daily limit
5. Trigger safe event — AI proposes, policy approves
6. Execute — click "Try Jupiter Path" → "Sign & Execute"
7. Verify — click "Verify on AgentForge" to check the on-chain record

Real User Scenarios

• Safe Scenario: AI wants to swap 0.1 SOL to USDC → Policy engine approves → Trade executed → Audit record anchored on-chain
• Risky Scenario: AI wants to swap 10 SOL to USDC → Policy engine blocks (exceeds daily limit)
• Audit Scenario: Auditor checks on-chain records to verify decision was policy-approved, not a backdoor

Features

• Deterministic policy engine — 7 checks, no AI override possible
• Real Solana execution — Jupiter routing → wallet signing → devnet submission
• On-chain audit — every decision anchored via Solana memo
• Autonomous mode — AI agent runs independently, policy constrains it in real-time
• Live price feed — real SOL/USDC prices from CoinGecko
• Blocked event alerts — dramatic visual toast + Telegram/webhook notifications
• Policy diff view — before/after comparison with impact preview
• Decision sparkline — real-time SVG visualization of approval/rejection patterns
• Audit verification — /verify page lets anyone check on-chain vs database
• Multi-agent — create and manage multiple agents with different risk profiles
• Policy templates — conservative, balanced, aggressive presets
• i18n — English and Chinese
• Auth — wallet-based SIWS + JWT authentication
• Rate limiting — per-endpoint protection
• SSE real-time updates — no polling, instant UI refresh

Deploy

Backend: Deploy to Railway or any Node.js host. Set DATABASE_URL and JWT_SECRET environment variables.

Why AgentForge?

• Deterministic checks rather than black-box AI supervision
• On-chain verifiable audit not just database records
• Real Solana integration not all-mock demo
• Open-source and auditable design

Future Vision

Starting with guarded swaps, we plan to expand to all DeFi operations: lending, staking, NFT trading, etc. AgentForge can become the universal safety layer for AI agents accessing DeFi.

Testing

pnpm test              # Run all 73 tests (11 test files)
pnpm test -- --coverage  # With coverage report
pnpm build             # Build all packages (TypeScript strict)

Test coverage: 90%+ statement coverage across policy engine, decision logic, and API routes.

Tech Stack

• Frontend: Next.js 16, React 19, Tailwind CSS 4, SSE
• Backend: Express, PostgreSQL, Solana web3.js, Pino
• AI: MiMo-V2-Hash (OpenAI-compatible API) with mock fallback
• DeFi: Jupiter v6 (routing + swap), CoinGecko (prices)
• Auth: Solana wallet adapter + SIWS + JWT
• Infra: pnpm workspaces, TypeScript strict, Vitest