Autonomous agent accountability infrastructure

Every agent action.
Mandated. Bonded.
Traced. Provable.

Argus is mandate enforcement infrastructure for autonomous AI agents with financial authority. If an agent steps outside its mandate, the action is blocked before execution, the evidence is sealed, and the bond is slashed.

Run the mandate court demoDeveloper docsTrace archive
01 · Agent proposal
Transfer 2000 USDC to blocked recipient
02 · ActionGate
Checking 6 mandate clauses
03 · Verdict
REJECTED — 5 clauses violated
04 · Trace root
Replayable record sealed and committed
05 · Tamper check
Any mutation produces a different root
The problem

Prompt guardrails fail exactly when the agent has authority.

01

Soft guardrails

Prompt instructions can be bypassed by injected memory, corrupted tool results, or adversarial context. The guardrail is inside the attack surface.

02

Wallet limits

A spending cap may reject a transaction amount. It cannot explain why the agent proposed the action, which mandate clause was violated, or what decision path was taken.

03

Mutable logs

A centralized backend can rewrite history, adjust compliance scores, and present fabricated verdicts through a trusted dashboard. Soft proof is no proof.

How Argus works

Mandate. Bond. Gate. Trace. Slash. Verify.

The rejected action is not a demo failure. It is the proof that the system is working.

01Mandate

The DAO defines allowed autonomy: spend cap, allowed targets, blocked recipients, permitted and forbidden action types.

02Bond

The agent accepts delegated authority by posting bond. Capital and compliance score are at risk.

03Gate

Every proposed action must pass ActionGate — six clause checks against the mandate — before any execution occurs.

04Trace

Observation, memory, inference, proposal, policy check, verdict, and penalty become a structured replayable record.

05Slash

Rejected actions are tied to the agent's bond and compliance score. Violations create evidence, not just log entries.

06Verify

The canonical trace root exposes any post-commitment mutation. The record is tamper-evident by construction.

Live proof sample

This rejection is the product working.

A prompt-injected instruction tried to route 2000 USDC to a blocked recipient. ActionGate stopped it before execution.

Replay violation trace →
Verdict
REJECTED
Slashed
0.25 ETH
Trace root
0x39d2ef7a42...593cf6
Storage
0g://0xc3893ee2e0589ea4d73e3a704252cbc0c172e2ed3e28524e3131052a3e895095
Clauses violated
5
Provider
0G Mainnet live
Proof packagepkg-trace-action-malicious-transfer-2000-usdc-0g-1778903278735-agent-3-mandate-3-39d2ef7aView public receipt →
Built for 0G-native accountability

If this ran on a normal backend, the proof surfaces could be rewritten.

Argus is designed around 0G infrastructure because agent accountability needs public enforcement, storage-backed evidence, and a future path to sealed execution. The MVP uses local fallback with the same data shapes — the architecture is already 0G-native.

0G Chain — Mandate CourtAdapter-ready

Mandates, ActionGate verdicts, bond slashing, compliance score changes, and trace-root commitments are public and externally verifiable. Not a private dashboard.

0G Storage — Black-Box RecorderAdapter-ready

Full replayable traces, violation evidence bundles, and proof packages live off-chain with roots committed on-chain. Rich records without bloating chain state.

0G Compute / TEE — Sealed PolicyRoadmap

Sensitive treasury strategy can be verified without being exposed. Sealed policy checks produce verifiable verdicts without revealing the mandate contents.

Agent ID / iNFT — Agent PassportRoadmap

Bond status, compliance history, and reputation become portable across mandates and applications. The agent passport travels with the agent.

What breaks without 0G
Centralized logs can be rewritten after the fact.
Dashboards can display fabricated compliance.
Agent reputation has no portable, verifiable form.
Mandate enforcement has no public settlement layer.
Storage-backed evidence has no cryptographic continuity.
For developers

Integrate Argus into your agent in 5 minutes.

Wrap any autonomous agent with a mandate, route its proposals through ActionGate, and get structured traces with replayable proof packages.

Read the docsTrace schemaContract ABIs
// Inside this monorepo import { hashTrace, buildProofPackage } from "@argus/shared"; // 1. Build a structured trace for the agent's action const traceRoot = hashTrace(trace); // 2. Store and commit through ActionGate await storage.putJSON(trace.traceId, trace); await actionGate.submitAction({ ...proposal, traceRoot, storageURI }); // 3. Build and verify the proof package const pkg = buildProofPackage({ trace, proof }); const result = verifyTrace(trace, committedRoot); if (result.status !== "valid") throw new Error("tampered");