AgentGuard

powered by Somnia Agents · Somnia Testnet

Onchain firewall for AI agents.

Autonomous agents shouldn't have unsupervised wallets. AgentGuard reviews every proposed action with consensus-verified Somnia Agents (LLM Inference + Parse-Website) before the vault will execute it.

Launch app →View source
Built for the Somnia Agentathon.

the problem

A wallet that signs whatever the model says is an unbounded liability.

AI agents with signing keys are a new attack surface: prompt injection, hallucinated trades, malicious counterparties. AgentGuard puts a programmable checkpoint between the agent's intent and the chain.

01
prompt injection

Hostile content steers the model into signing what an attacker wants.

02
hallucinated trades

The model invents an action that was never in its mandate.

03
malicious counterparties

A plausible-looking contract or address that drains on contact.

the checkpoint

Every action gets a verdict.

Three outcomes. Nothing executes without one. Each card links to the real transaction that proves it, live on Somnia Testnet.

view the live vault on the explorer ↗
APPROVE
Executes.

The action satisfies policy. The vault executes it onchain — no human in the loop, no delay.

live proof · action #1
REVIEW
24h timelock — owner can veto.

Ambiguous or borderline. The action is held for 24 hours; the owner can veto before it executes.

live proof · action #5
BLOCK
Rejected, logged.

Policy violation. The vault refuses to execute it — the block is enforced onchain and recorded in the action log.

live proof · action #2

how it works

The agent proposes. The firewall disposes.

01
agent proposes

The agent submits its intended action. It cannot execute directly.

02
vault holds

The AgentGuard vault takes custody of the action, pending review.

03
agents review

Consensus-verified Somnia Agents review it: LLM Inference judges intent vs policy; optional Parse-Website verifies external context.

04
verdict onchain

The verdict is returned onchain — not by a trusted offchain oracle.

05
vault disposes

Executes, timelocks for 24h, or blocks.

Review is consensus-verified onchain, not a trusted offchain oracle. The vault will not move funds without a verdict it can verify.

programmable policy

The rules are yours. The enforcement is theirs.

Policies are owner-defined rules the reviewers enforce: spend limits, allowed protocols and counterparties, forbidden action classes. The agent never sees a private key decision — it sees a verdict.

policy.jsonexample — illustrative
{
  "spend_limits": {
    "USDC": { "per_action": "500", "per_day": "2000" }
  },
  "allowed_protocols": ["dex.xyz"],
  "allowed_counterparties": "owner_allowlist",
  "forbidden": [
    "unlimited_approvals",
    "ownership_transfers"
  ],
  "default": "REVIEW"
}

deployment

Live on Somnia Testnet.

agentguard · somnia-testnet
network
Somnia Testnet
chainId
50312
vault
0x3f64d310b88f8c89afd70cccd33094df7e7c3a91
stack
Foundry (Solidity contracts) + TypeScript + Next.js web

Connect a wallet on Somnia Testnet to view the vault, policies, and review actions.

Launch app →