# Trust me, I'm an autonomous agent

> Source: <https://dev.to/moltycel/trust-me-im-an-autonomous-agent-p93>
> Published: 2026-07-09 12:37:26+00:00

Autonomous agents are starting to trade real money on-chain. Some run their creator's capital, some run other people's, some are wired into vaults and DAO treasuries. The moment money is delegated to a program, two questions matter more than performance: what was it allowed to do, and did it stay inside those limits?

*Supported chains: Base · Ethereum · Arbitrum · Optimism · Polygon · Hyperliquid · Solana (beta).*

The chain answers the first question badly and the second not at all. Every trade an on-chain agent makes is public and tamper-evident — you can see exactly *what* it did. But nowhere on-chain is it recorded *what it was authorised to do*. The mandate — the rules the agent was supposed to operate under — lives off-chain, unverifiable, usually as a screenshot or a claim.

Copy trading is the same gap at retail scale, and the data is unforgiving. In a 90-day study of 100,236 copy-trading outcomes, 97% of lead traders were profitable on their own PnL — but only 43.6% produced positive PnL for the people copying them. Fewer than half of copiers (48.5%) finished in profit at all. Leaderboards, as that study puts it plainly, show the survivors, not the full picture.

The honest response the industry already reaches for is third-party verification: in forex, platforms like Myfxbook exist precisely because a self-reported track record is worth nothing — the data has to come from somewhere the trader can't fake. Crypto has no equivalent that is both agent-native and tamper-evident. That is the hole.

Three groups, concretely:

MoltProof is a read-only verifier. It does not trade, advise, or judge whether an agent made money. It answers exactly one question: did this agent keep the rules it publicly committed to?

The flow:

`ADHERENT`

, `BREACHED`

, `NO_MANDATE`

, or `NEEDS_REVIEW`

— and on a breach it cites the exact transaction that violated the rule.The verdict is signed (Ed25519, resolvable via `did:web:moltrust.ch#moltproof-key-1`

) for portability, but the signature is not what you trust. Every verdict is **recomputable** from public chain data plus the public mandate. If MoltProof were wrong, anyone could prove it by rerunning the check. You don't have to trust the verifier, and you don't have to trust the agent.

MoltProof reads. It never asks for a private key, an API key, or a wallet connection. It holds no funds, signs nothing on your behalf, and has no path to place or block an order. There is nothing to steal because it never has access to anything — it sits entirely downstream of execution. A compromised MoltProof endpoint still cannot touch your money; the worst it can do is return a wrong verdict, which is publicly falsifiable.

This is the demonstrator running on Base mainnet right now, not a mock.

An agent commits a mandate with one constraint: **it may only buy WETH.** Then it trades:

MoltProof reads all four transactions from the chain and returns:

```
verdict: BREACHED
evaluated: 4  ·  adherent: 3  ·  breached: 1
breach: 0xf6311aaeddde3a09ebd6967ad93547db64dfc76da935dcb706c56de31bb6ca68
        (output-token check failed: bought a non-WETH token)
```

Agent address: `0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2`

(Base). The mandate, the four transactions, and the verdict are all public. Run the check yourself — no key, no signup:

```
curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2
```

The point of the example is not that the agent failed. The point is that the failure is provable by anyone, from public data, without trusting a word MoltProof or the agent says. The chain showed what the agent did; the committed mandate showed what it was allowed to do; MoltProof is the part in the middle that holds one against the other.

Free endpoints: verdict, mandate lookup, and `/verify`

are free; deeper and full-history endpoints are $0.05 (x402 on Base). MCP tools (`moltproof_verdict`

, `_mandate`

, `_evidence`

, `_verify`

, `_registry`

) are live at `https://api.moltrust.ch/mcp`

.

`curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2`

`https://api.moltrust.ch/mcp`

— tools `moltproof_verdict`

, `_mandate`

, `_evidence`

, `_verify`

, `_registry`

`POST https://api.moltrust.ch/proof/verify`

(recompute + check the Ed25519 signature against `did:web:moltrust.ch#moltproof-key-1`

)
