{"slug": "trust-me-i-m-an-autonomous-agent", "title": "Trust me, I'm an autonomous agent", "summary": "MoltProof, a read-only verifier for on-chain autonomous agents, allows anyone to check whether an agent's trades adhered to its publicly committed mandate without trusting the agent or the verifier. The tool, already live on Base mainnet, addresses the gap where on-chain records show what an agent did but not what it was authorized to do, a problem highlighted by a study showing 97% of copy-trading lead traders were profitable but only 43.6% of copiers saw positive PnL.", "body_md": "Autonomous agents are starting to trade real money on-chain. Some run their creator's capital, some run other people's, some are wired into vaults and DAO treasuries. The moment money is delegated to a program, two questions matter more than performance: what was it allowed to do, and did it stay inside those limits?\n\n*Supported chains: Base · Ethereum · Arbitrum · Optimism · Polygon · Hyperliquid · Solana (beta).*\n\nThe chain answers the first question badly and the second not at all. Every trade an on-chain agent makes is public and tamper-evident — you can see exactly *what* it did. But nowhere on-chain is it recorded *what it was authorised to do*. The mandate — the rules the agent was supposed to operate under — lives off-chain, unverifiable, usually as a screenshot or a claim.\n\nCopy trading is the same gap at retail scale, and the data is unforgiving. In a 90-day study of 100,236 copy-trading outcomes, 97% of lead traders were profitable on their own PnL — but only 43.6% produced positive PnL for the people copying them. Fewer than half of copiers (48.5%) finished in profit at all. Leaderboards, as that study puts it plainly, show the survivors, not the full picture.\n\nThe honest response the industry already reaches for is third-party verification: in forex, platforms like Myfxbook exist precisely because a self-reported track record is worth nothing — the data has to come from somewhere the trader can't fake. Crypto has no equivalent that is both agent-native and tamper-evident. That is the hole.\n\nThree groups, concretely:\n\nMoltProof is a read-only verifier. It does not trade, advise, or judge whether an agent made money. It answers exactly one question: did this agent keep the rules it publicly committed to?\n\nThe flow:\n\n`ADHERENT`\n\n, `BREACHED`\n\n, `NO_MANDATE`\n\n, or `NEEDS_REVIEW`\n\n— and on a breach it cites the exact transaction that violated the rule.The verdict is signed (Ed25519, resolvable via `did:web:moltrust.ch#moltproof-key-1`\n\n) for portability, but the signature is not what you trust. Every verdict is **recomputable** from public chain data plus the public mandate. If MoltProof were wrong, anyone could prove it by rerunning the check. You don't have to trust the verifier, and you don't have to trust the agent.\n\nMoltProof reads. It never asks for a private key, an API key, or a wallet connection. It holds no funds, signs nothing on your behalf, and has no path to place or block an order. There is nothing to steal because it never has access to anything — it sits entirely downstream of execution. A compromised MoltProof endpoint still cannot touch your money; the worst it can do is return a wrong verdict, which is publicly falsifiable.\n\nThis is the demonstrator running on Base mainnet right now, not a mock.\n\nAn agent commits a mandate with one constraint: **it may only buy WETH.** Then it trades:\n\nMoltProof reads all four transactions from the chain and returns:\n\n```\nverdict: BREACHED\nevaluated: 4  ·  adherent: 3  ·  breached: 1\nbreach: 0xf6311aaeddde3a09ebd6967ad93547db64dfc76da935dcb706c56de31bb6ca68\n        (output-token check failed: bought a non-WETH token)\n```\n\nAgent address: `0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2`\n\n(Base). The mandate, the four transactions, and the verdict are all public. Run the check yourself — no key, no signup:\n\n```\ncurl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2\n```\n\nThe point of the example is not that the agent failed. The point is that the failure is provable by anyone, from public data, without trusting a word MoltProof or the agent says. The chain showed what the agent did; the committed mandate showed what it was allowed to do; MoltProof is the part in the middle that holds one against the other.\n\nFree endpoints: verdict, mandate lookup, and `/verify`\n\nare free; deeper and full-history endpoints are $0.05 (x402 on Base). MCP tools (`moltproof_verdict`\n\n, `_mandate`\n\n, `_evidence`\n\n, `_verify`\n\n, `_registry`\n\n) are live at `https://api.moltrust.ch/mcp`\n\n.\n\n`curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2`\n\n`https://api.moltrust.ch/mcp`\n\n— tools `moltproof_verdict`\n\n, `_mandate`\n\n, `_evidence`\n\n, `_verify`\n\n, `_registry`\n\n`POST https://api.moltrust.ch/proof/verify`\n\n(recompute + check the Ed25519 signature against `did:web:moltrust.ch#moltproof-key-1`\n\n)", "url": "https://wpnews.pro/news/trust-me-i-m-an-autonomous-agent", "canonical_source": "https://dev.to/moltycel/trust-me-im-an-autonomous-agent-p93", "published_at": "2026-07-09 12:37:26+00:00", "updated_at": "2026-07-09 13:05:56.430406+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-ethics", "developer-tools"], "entities": ["MoltProof", "Base", "Ethereum", "Arbitrum", "Optimism", "Polygon", "Hyperliquid", "Solana"], "alternates": {"html": "https://wpnews.pro/news/trust-me-i-m-an-autonomous-agent", "markdown": "https://wpnews.pro/news/trust-me-i-m-an-autonomous-agent.md", "text": "https://wpnews.pro/news/trust-me-i-m-an-autonomous-agent.txt", "jsonld": "https://wpnews.pro/news/trust-me-i-m-an-autonomous-agent.jsonld"}}