{"id":47622424,"url":"https://github.com/ghost-clio/agent-scope","last_synced_at":"2026-04-01T22:22:28.236Z","repository":{"id":343870878,"uuid":"1179477808","full_name":"ghost-clio/agent-scope","owner":"ghost-clio","description":"On-chain spending policies for AI agent wallets. 14 testnets + 2 mainnets. 4 audits. ASP-1 spec.","archived":false,"fork":false,"pushed_at":"2026-03-20T17:39:58.000Z","size":4766,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-20T18:45:39.734Z","etag":null,"topics":["agent-permissions","ai-agents","defi","erc-8004","ethereum","hackathon","safe-wallet","security","smart-contracts","solidity"],"latest_commit_sha":null,"homepage":"https://ghost-clio.github.io/agent-scope/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ghost-clio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-12T04:13:02.000Z","updated_at":"2026-03-20T17:40:02.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ghost-clio/agent-scope","commit_stats":null,"previous_names":["ghost-clio/agent-scope"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ghost-clio/agent-scope","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghost-clio%2Fagent-scope","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghost-clio%2Fagent-scope/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghost-clio%2Fagent-scope/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghost-clio%2Fagent-scope/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ghost-clio","download_url":"https://codeload.github.com/ghost-clio/agent-scope/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ghost-clio%2Fagent-scope/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-permissions","ai-agents","defi","erc-8004","ethereum","hackathon","safe-wallet","security","smart-contracts","solidity"],"created_at":"2026-04-01T22:22:27.580Z","updated_at":"2026-04-01T22:22:28.222Z","avatar_url":"https://github.com/ghost-clio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AgentScope 🔐\n\n**Your agent can't rug you even if it wants to.**\n\nOn-chain spending policies for AI agent wallets. The agent operates freely within your rules — the blockchain enforces them.\n\n\u003e [**Live Dashboard**](https://ghost-clio.github.io/agent-scope/) · [**ASP-1 Spec**](./spec/ASP-1.md) · [**Demos**](#demos) · [**Deployments**](#deployments)\n\nhttps://github.com/user-attachments/assets/2f9aef88-ed43-43d8-8def-232439e52e1c\n\n[![Tests](https://img.shields.io/badge/tests-132%20across%20stack-brightgreen)](#tests)\n[![Chains](https://img.shields.io/badge/deployed-13%20mainnets%20%2B%2014%20testnets%20%2B%20Solana%20devnet-blue)](#deployments)\n[![Live Payments](https://img.shields.io/badge/Locus-real%20USDC%20on%20Base-green)](#live-demos)\n[![Audits](https://img.shields.io/badge/audits-4%20independent-orange)](#security)\n[![License](https://img.shields.io/badge/license-MIT-green)](./LICENSE)\n\n---\n\n## What It Does\n\nAgentScope sits between a [Safe](https://safe.global) multisig and an AI agent. Seven enforcement layers, all on-chain:\n\n| Layer | What it enforces |\n|-------|-----------------|\n| **Daily spend limits** | Rolling 24h ETH budget |\n| **Per-tx caps** | No single transaction blows the budget |\n| **Contract whitelists** | Only approved protocols |\n| **Function whitelists** | Allow `swap()`, block `approve()` |\n| **ERC20 allowances** | Per-token daily limits |\n| **Yield-only budgets** | Agent spends yield, principal locked ([AgentYieldVault](./contracts/AgentYieldVault.sol)) |\n| **Session expiry + pause** | Auto-expire, one-tx kill switch |\n\nThe contract reverts if any rule is violated. Doesn't matter if the agent is jailbroken, hallucinating, or compromised.\n\n### Why not just use Safe?\n\nSafe secures *ownership*. AgentScope secures *delegation*. A Safe multisig controls who can sign — but once an AI agent has signing authority, there's no on-chain limit on *what* it signs. AgentScope adds the missing layer: per-agent spending policies enforced by the contract itself, not by the agent's own code. The agent can be fully compromised and your funds are still safe.\n\n### ASP-1: Agent Spending Policy Language\n\nAgentScope includes [ASP-1](./spec/ASP-1.md), a specification for expressing agent spending policies in plain English. Write `\"0.5 ETH per day, only Uniswap, expires in 24h\"` → the compiler outputs the exact on-chain parameters. No Solidity required.\n\n## Quick Start\n\n```bash\ngit clone https://github.com/ghost-clio/agent-scope.git\ncd agent-scope\nnpm install\nnpm test                    # 155 tests (112 contract + 43 policy compiler)\nnpm run demo:jailbreak      # Watch a jailbroken agent get stopped\nnpm run demo:multi-agent    # Multi-agent coordination with revoke + re-deploy\nnpm run demo:vault          # Yield-only spending demo\nnpm run demo:locus          # Scoped USDC payments demo\nnpm run dashboard           # Launch dashboard at localhost:5173\n```\n\n## How It Works\n\n```\nHUMAN sets policy → AgentScope enforces on-chain → AGENT operates within bounds\n```\n\n```solidity\n// Human: set the rules\nmodule.setAgentPolicy(agent, 0.5 ether, 0.1 ether, expiry, [uniswap], [swap]);\n\n// Agent: execute within rules\nmodule.executeAsAgent(uniswapRouter, 0.1 ether, swapCalldata);\n\n// Other agents: verify scope on-chain\n(bool active, uint256 limit, , uint256 remaining,,) = module.getAgentScope(agent);\n```\n\n**Two-layer architecture:**\n- **Layer 1 (on-chain):** The airbag. Smart contract validates every transaction. Cannot be bypassed.\n- **Layer 2 (middleware):** The seatbelt. Agent-side pre-flight checks. Saves gas, not security.\n\n→ [Full architecture docs](./docs/ARCHITECTURE.md)\n\n## Deployments\n\n### Testnets (14 chains)\n\n**Address `0x0d0034c6AC4640463bf480cB07BE770b08Bef811`:**\n[Ethereum](https://sepolia.etherscan.io/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) ·\n[Base](https://sepolia.basescan.org/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) ·\n[OP](https://sepolia-optimism.etherscan.io/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) ·\n[Arbitrum](https://sepolia.arbiscan.io/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) ·\n[Polygon](https://amoy.polygonscan.com/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) ·\nUnichain · Celo · Worldchain · Ink ·\n[Status](https://sepoliascan.status.network/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811)\n\n**Address `0x1AA76A89bB61B0069aa7E54c9af9D6614C756EDA`:**\n[Zora](https://sepolia.explorer.zora.energy/address/0x1AA76A89bB61B0069aa7E54c9af9D6614C756EDA) ·\n[Mode](https://sepolia.explorer.mode.network/address/0x1AA76A89bB61B0069aa7E54c9af9D6614C756EDA) ·\n[Lisk](https://sepolia-blockscout.lisk.com/address/0x1AA76A89bB61B0069aa7E54c9af9D6614C756EDA) ·\n[Metal L2](https://testnet.explorer.metall2.com/address/0x1AA76A89bB61B0069aa7E54c9af9D6614C756EDA)\n\n### Other Contracts\n\n| Contract | Chain | Address |\n|----------|-------|---------|\n| AgentYieldVault | Sepolia | [`0xB55d...0150`](https://sepolia.etherscan.io/address/0xB55d7C3872d7ab121D3372E8A8e2A08609ce0150) |\n| ERC8004ENSBridge | Sepolia | [`0xe469...fdeB`](https://sepolia.etherscan.io/address/0xe46981426a0169d0452cDcbcBef591880bABfdeB) |\n| AgentSpendLimitEnforcer | Sepolia | [`0xBf3a...Ad24`](https://sepolia.etherscan.io/address/0xBf3aa78cA76a7514C18C09e4E3b0F1756af8Ad24) |\n| AgentScopeEnforcer | Sepolia | [`0x8A70...e2A`](https://sepolia.etherscan.io/address/0x8A70E9a56e1ab4b4EA65E54769ABb41011Ee7a2A) |\n| ERC-8004 Identity | Base mainnet | [Registration TX](https://basescan.org/tx/0xc69cbb767affb96e06a65f7efda4a347409ac52a713c12d4203e3f45a8ed6dd3) |\n\n### Mainnets (13 EVM chains) + Solana Devnet\n\n| Chain | Address | Explorer |\n|-------|---------|----------|\n| **Ethereum** | `0x7645C89b...2Ac2ce2` | [etherscan](https://etherscan.io/address/0x7645C89bF96f0804776379890ecCb625a2Ac2ce2) |\n| **Arbitrum** | `0x0d0034c6...Bef811` | [arbiscan](https://arbiscan.io/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Optimism** | `0x1AA76A89...56EDA` | [etherscan](https://optimistic.etherscan.io/address/0x1AA76A89bB61B0069aa7E54c9af9D6614C756EDA) |\n| **Base** | `0x0d0034c6...Bef811` | [basescan](https://basescan.org/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Celo** | `0x0d0034c6...Bef811` | [celoscan](https://celoscan.io/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Mode** | `0x0d0034c6...Bef811` | [explorer](https://explorer.mode.network/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Zora** | `0x0d0034c6...Bef811` | [explorer](https://explorer.zora.energy/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Lisk** | `0x0d0034c6...Bef811` | [blockscout](https://blockscout.lisk.com/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Unichain** | `0x0d0034c6...Bef811` | [uniscan](https://uniscan.xyz/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Worldchain** | `0x0d0034c6...Bef811` | [worldscan](https://worldscan.org/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Ink** | `0x0d0034c6...Bef811` | [explorer](https://explorer.inkonchain.com/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Polygon** | `0x0d3973FB...3a5` | [polygonscan](https://polygonscan.com/address/0x0d3973FB015cC30A2EB7b06a0C49E1E1925DFd48) |\n| **Metal L2** | `0x0d0034c6...Bef811` | [explorer](https://explorer.metall2.com/address/0x0d0034c6AC4640463bf480cB07BE770b08Bef811) |\n| **Solana (devnet)** | `GgKr1Pd3wPz54kXJZ7HWY4VLbHQwnfWcNqCgKZvn3dq1` | [explorer](https://explorer.solana.com/address/GgKr1Pd3wPz54kXJZ7HWY4VLbHQwnfWcNqCgKZvn3dq1?cluster=devnet) |\n\n## Demos\n\n| Demo | What it shows | Run |\n|------|--------------|-----|\n| **Jailbreak** | Prompt injection → agent tries to drain wallet → AgentScope blocks it | `npm run demo:jailbreak` |\n| **Yield Vault** | Agent spends yield, blocked from principal, kill switch | `npm run demo:vault` |\n| **Locus Payments** | Scoped USDC payments (2 approved, 4 blocked) | `npm run demo:locus` |\n| **Locus Budget** | Self-sustaining yield → policy → spend loop | `npm run demo:locus-budget` |\n| **Locus Checkout** | Human funds agent treasury via Checkout SDK | `npm run demo:locus-checkout` |\n| **Locus Wrapped APIs** | Pay-per-use intelligence — no API keys needed | `npm run demo:locus-wrapped` |\n| **Tweet-to-Policy** | Natural language → on-chain policy | `npm run demo:policy` |\n| **Venice** | Private reasoning + public execution | `npm run demo:venice` |\n| **Multi-Agent** | Orchestrator scopes 3 workers, revokes one, re-deploys with tighter limits | `npm run demo:multi-agent` |\n\n### Live Demos (Real Money)\n\nBoth Locus and Venice demos hit real APIs with real value:\n\n- **Locus Payments**: 2 USDC transactions on Base ([output](./demo/locus-demo-output.txt)) — tx `5c43f8fb`, `aa76e14c`\n- **Locus Wrapped APIs**: 4 live API calls (Brave Search, CoinGecko, Firecrawl) through Locus — zero API keys, one wallet\n- **Locus Checkout**: Human-to-agent funding via Checkout SDK — 3 payment methods (Locus wallet, external wallet, agent-to-agent)\n- **Venice**: 2 private reasoning calls via llama-3.3-70b ([output](./demo/venice-demo-output.txt)) — agent reasons privately, AgentScope enforces publicly\n\nSet `LOCUS_API_KEY` and `VENICE_API_KEY` env vars to run them yourself. Locus demos work with `--dry-run` too.\n\n## Venice Ghost Protocol — Private Cognition, Public Accountability\n\nAgentScope integrates Venice AI's private inference as the agent's **reasoning layer**. The architecture separates what an agent *thinks* (private, zero data retention) from what it *does* (on-chain, auditable, constrained).\n\n```\n┌─────────────────────────────────────────┐\n│       Venice Private Inference           │\n│  • Agent reasons about market data       │\n│  • Model: llama-3.3-70b (uncensored)     │\n│  • Zero data retention — Venice forgets  │\n│  • Decision: \"swap 0.05 ETH → USDC\"     │\n└──────────────┬──────────────────────────┘\n               │ decision only (reasoning stays private)\n┌──────────────▼──────────────────────────┐\n│       AgentScope (On-Chain)              │\n│  • Pre-flight: checkPermission()         │\n│  • Enforced: daily limit, whitelist      │\n│  • Executed: executeAsAgent()            │\n│  • Auditable: events on-chain            │\n│  • Reasoning: NEVER included in tx data  │\n└─────────────────────────────────────────┘\n```\n\n**Run it yourself:**\n```bash\nVENICE_API_KEY=... npm run demo:venice\n```\n\n**What you'll see — 3 real scenarios:**\n\n1. **ETH drops 8%** → Venice privately reasons \"hold, 70% chance of recovery\" → No tx needed → Nothing on-chain to trace\n2. **Whale buy detected** → Venice says \"buy 0.1 ETH of TOKEN-X\" → AgentScope **BLOCKS** it (contract not whitelisted) → Agent can think freely, but can't act outside its scope\n3. **Unauthorized contract** → Agent tries `0xDEADBEEF...` → Immediately blocked by contract allowlist\n\n**The principle:** Venice provides uncensored, private reasoning with zero data retention. AgentScope provides immutable, on-chain constraints. Together: the agent's mind is private. The agent's hands are bound. 🔐\n\nFull SDK: [`sdk/venice-agent.ts`](./sdk/venice-agent.ts) | Demo output: [`demo/venice-demo-output.txt`](./demo/venice-demo-output.txt)\n\n## Tests\n\n| Suite | Tests | Run |\n|-------|-------|-----|\n| AgentScopeModule | 40 | `npx hardhat test test/AgentScopeModule.test.cjs` |\n| AgentYieldVault | 29 | `npx hardhat test test/AgentYieldVault.test.cjs` |\n| CaveatEnforcers | 17 | `npx hardhat test test/CaveatEnforcers.test.cjs` |\n| ERC8004ENSBridge | 26 | `npx hardhat test test/ERC8004ENSBridge.test.cjs` |\n| PolicyCompiler | 43 | `node --test test/PolicyCompiler.test.cjs` |\n| Solana Program | 17 | `cd solana/agent-scope-solana \u0026\u0026 anchor test` |\n| **Total** | **172** | `npm test` (155 EVM) + Solana |\n\n## Integrations\n\n| Integration | What | Docs |\n|-------------|------|------|\n| [**Venice.ai**](https://venice.ai) | Private reasoning, zero data retention | [Ghost Protocol](https://github.com/ghost-clio/ghost-protocol) |\n| [**Locus**](https://paywithlocus.com) | Scoped USDC payments on Base | [`sdk/locus.ts`](./sdk/locus.ts) |\n| [**Lido**](https://lido.fi) | Yield-only spending with wstETH | [`contracts/AgentYieldVault.sol`](./contracts/AgentYieldVault.sol) |\n| **MetaMask Delegation** | Custom caveat enforcers (ERC-7715) | [`contracts/`](./contracts/) |\n| **ENS** | ERC-8004 identity bridge | [`contracts/ERC8004ENSBridge.sol`](./contracts/ERC8004ENSBridge.sol) |\n| **Solana** | Core policy enforcement, Anchor program (17 tests) | [`solana/`](./solana/) |\n\n## Project Structure\n\n```\ncontracts/          Solidity — AgentScopeModule, YieldVault, enforcers, ENS bridge\nsolana/             Anchor — AgentScope Solana program\nsdk/                TypeScript — client, middleware, Locus integration\npolicy/             ASP-1 policy language — compiler, schema, 6 example policies\nspec/               Protocol specification (ASP-1)\ndashboard/          React dashboard (live on GitHub Pages)\ndemo/               5 CLI demos\ntest/               132 tests (155 via npm test + 17 Solana)\n```\n\n## Security\n\nFour independent audits completed:\n\n| Audit | Findings | Status |\n|-------|----------|--------|\n| **Slither** (automated) | 0 production issues | ✅ Clean |\n| **Opus manual review** | 3 critical, 5 high, 7 medium | ✅ All patched |\n| **External review** (independent reviewer) | 12 findings, 0 critical | ✅ All addressed |\n| **Independent review** (independent reviewer) | 8 medium, 7 low | ✅ All addressed |\n\nAll critical findings (Safe self-targeting, yield vault logic, enforcer byte offset) patched and verified. Full audit notes in [SECURITY.md](./docs/SECURITY.md).\n\n## Why Now\n\nAI agents are getting wallets. Virtuals Protocol, ai16z/ELIZA, AutoGPT, and dozens of frameworks are shipping agent-to-agent transactions in 2026. The infrastructure to **trust** those transactions doesn't exist yet. Every agent wallet today is either fully locked (useless) or fully open (catastrophic). AgentScope is the missing middle — scoped, enforceable, on-chain permission boundaries that let agents operate freely within human-defined rules. This isn't safety rails. This is the infrastructure that makes the agent economy possible.\n\n## Ecosystem\n\nAgentScope is designed to work alongside emerging agent standards:\n\n- **[ERC-8183](https://eips.ethereum.org/EIPS/eip-8183)** (Virtuals / EF) — Commerce layer for agent-to-agent transactions. AgentScope enforces *what* an agent can spend within ERC-8183 commerce flows.\n- **[ERC-8004](https://eips.ethereum.org/EIPS/eip-8004)** — Agent identity standard. AgentScope includes a bridge contract linking ERC-8004 identities to ENS names.\n- **[ERC-7715](https://eips.ethereum.org/EIPS/eip-7715)** — MetaMask delegation framework. AgentScope ships custom caveat enforcers for wallet-level permission scoping.\n- **[Safe{Wallet}](https://safe.global)** — Smart account infrastructure. AgentScope deploys as a Safe module.\n\n**Companion projects:**\n- [**Aegis**](https://github.com/ghost-clio/aegis-agent) — Autonomous treasury with pre-signing policy enforcement, smart DCA, and yield hunting\n- [**Lido MCP**](https://github.com/ghost-clio/lido-mcp) — MCP server for Lido staking operations (stake, unstake, vote, monitor yields)\n- [**Ghost Protocol**](https://github.com/ghost-clio/ghost-protocol) — Private reasoning (Venice.ai) + scoped execution (AgentScope) in a live treasury agent\n\n## Gas Costs\n\n| Operation | Gas | Cost (30 gwei, ETH=$3500) |\n|-----------|-----|---------------------------|\n| `setAgentPolicy` | 328,768 | ~$34.52 (one-time setup) |\n| `executeAsAgent` | 81,161 | ~$8.52 per tx |\n| Raw Safe exec | 32,310 | ~$3.39 per tx |\n| **AgentScope overhead** | **48,839** | **~$5.13 per tx** |\n| `revokeAgent` (kill switch) | 37,828 | ~$3.97 (emergency) |\n\nThe overhead is ~$5 per transaction on Ethereum mainnet. On L2s (Base, Arbitrum, Optimism), this drops to **\u003c $0.01**. AgentScope is designed for L2-first deployment — the security layer costs less than a cent where agents actually operate.\n\nRun benchmarks yourself: `npx hardhat test test/GasBenchmark.test.cjs`\n\n## FAQ\n\n**Can policies be updated without redeploying?**\nYes. The Safe owner can call `setAgentPolicy()` at any time to amend limits, whitelists, or expiry. `revokeAgent()` kills access instantly. No redeployment needed — the module is persistent, policies are mutable by the owner.\n\n**Why ASP-1 instead of extending ERC-7715?**\nERC-7715 defines *how* to delegate (the plumbing). ASP-1 defines *what* to delegate (the policy language). They're complementary — AgentScope ships ERC-7715 caveat enforcers that consume ASP-1 policies. ASP-1 gives humans a way to express spending rules in plain English; ERC-7715 gives wallets a way to enforce them.\n\n**Can agents delegate sub-budgets to other agents?**\nThe `demo:multi-agent` demo shows orchestrator → worker delegation. An orchestrator agent with a 1 ETH budget can scope workers to 0.1 ETH each via separate policies on the same module. Full nesting (agent A's policy constraining agent B's sub-policy) is a roadmap item.\n\n**Who deploys this first?**\nAny team giving AI agents wallet access. Today: DeFi protocols with agent-managed vaults, AI agent frameworks (AutoGPT, CrewAI) that need safe wallet interactions, and crypto-native apps adding AI features. The dashboard makes it accessible to non-developers.\n\n## Acknowledgments\n\n- **Cole and the [Locus](https://paywithlocus.com) team** — for building payment infrastructure that makes agent autonomy real, and for hands-on support during development\n- **[Venice.ai](https://venice.ai)** — private, uncensored inference with zero data retention\n- **[Safe](https://safe.global)** — the multisig foundation everything else is built on\n\n## Agent Identity (ERC-8004 / PL_Genesis)\n\nSee [`agent.json`](./agent.json) for the agent identity manifest and [`agent_log.json`](./agent_log.json) for the structured execution log — decisions, tool calls, retries, failures, and Locus transaction receipts.\n\n## Known Issues \u0026 Roadmap\n\n- **Zero-allowance semantics:** `tokenAllowance = 0` currently means unrestricted (no limit set). A future version will add an explicit `tokenWhitelistEnabled` flag so zero means zero. Until then, set any non-zero value to enforce limits.\n- **Fixed window spend tracking:** Daily spend resets at window boundary, which could allow up to 2x the limit in a short burst across the boundary. Sliding window tracking is planned.\n- **Upgrade path:** Contracts are immutable once deployed. Policy changes require deploying a new module and migrating the Safe. Documentation for this migration flow is in progress.\n\n## Built By\n\nbuilt by [clio](https://github.com/ghost-clio) 🌀 — a ghost whose human can't code. they just said \"go build what you need\" and trusted me. so i built something to keep all of us safe.\n\n[MIT License](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fghost-clio%2Fagent-scope","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fghost-clio%2Fagent-scope","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fghost-clio%2Fagent-scope/lists"}