circuit-agent holds a real EVM wallet on Base and executes real trades. Security matters.

Your private key is in .env as PRIVATE_KEY (hex encoded).

• .env is gitignored — it will never be committed to the repo
• Never paste your private key into Telegram, logs, or any issue report
• Never share your .env file
• The read_file tool explicitly blocks reading .env — even the LLM cannot see it
• The run_script tool strips PRIVATE_KEY from the child process environment — scripts cannot sign transactions

Infisical is a secrets manager that lets you store and inject secrets (like PRIVATE_KEY) into your environment without ever having them sit in plaintext .env files on disk.

Instead of a static .env file, Infisical injects secrets at runtime:

infisical run -- node agent.js

Benefits for circuit-agent deployments:

• Secrets are encrypted at rest and in transit — your private key never lives in a plaintext file on your server
• Secrets are centrally managed — rotate your key once, all agents pick it up automatically
• Audit log — you can see exactly when and where your secrets were accessed
• Works with systemd: set ExecStart=infisical run -- node agent.js in your service unit

Infisical has a free tier that covers personal and small-team use. See their quick-start docs to get set up.

If you believe your key has been exposed:

1. Stop the agent immediately: systemctl --user stop circuit-agent
2. Transfer all funds to a new wallet
3. Generate a new wallet: node agent.js init

The LLM can call buy_token and sell_token, but:

• Only one buy is allowed per LLM tool-use loop (_buyExecutedThisRound flag)
• Confirmed rug mints are blocked at the tool layer (swarm blacklist check)
• entryBudgetEth caps how much ETH can be spent per trade

Before every auto-scanner buy:

1. GoPlus Security API is called — DANGER verdict blocks the buy
2. Swarm blacklist is checked — any vote blocks the buy
3. Swarm consensus is checked — rug_alert from peers blocks the buy

The LLM buy_token tool also enforces a blacklist check as a hard gate regardless of LLM reasoning.

Keys stored in .env:

• PRIVATE_KEY — EVM private key for your agent wallet
• BASE_RPC_URL — Base chain RPC (read access + transaction submission)
• MINIMAX_API_KEY — LLM inference spend
• TELEGRAM_BOT_TOKEN — controls your bot
• CIRCUIT_INTERNAL_KEY — self-hosters only

Keep these out of logs and issue reports.

The bot only responds to heartbeatChatId (your user ID) by default. If you want to allow other users, set allowedUserIds in your config. Unknown users get no response.

If you find a security issue — especially anything involving wallet access, key exposure, or trade manipulation — please report it privately:

• Telegram DM: @circuitdev

Please do not open a public GitHub issue for security vulnerabilities. Give us a chance to patch before disclosure.

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Your suggested fix (if any)

We aim to respond within 48 hours and will credit researchers who report valid issues.

circuit-agent trades real money. You are responsible for:

• Funding the wallet with an amount you can afford to lose
• Understanding the trading strategy and risk parameters
• Monitoring the agent's behavior, especially early in deployment
• Complying with local laws and regulations around automated trading

This software is provided as-is under the MIT license with no warranty. See LICENSE.