AI Agent hAUTH is a security middleware solution that provides human oversight for autonomous AI agents operating on blockchain networks. In an era where AI agents are increasingly handling complex DeFi operations, the need for human verification on critical transactions has become paramount.
Why hAUTH?
- 🤖 AI agents can experience hallucinations or unreliable behaviors
- 💰 Cryptocurrency operations involve real financial risks
- 🔐 Human verification adds a crucial security layer
- ⚡ Seamless integration with existing AI agents
Core Value Proposition: "Bringing human intelligence to autonomous AI operations without sacrificing efficiency"
AI Agent hAUTH provides a secure human authentication layer for autonomous AI agents operating with blockchain operations(e.g. DeFi). It addresses the critical challenge of ensuring human oversight over high-value or high-risk transactions initiated by AI agents, preventing potential issues arising from hallucinations or unreliable AI behaviors.
- Transaction Monitoring: Configurable thresholds for transaction values and gas costs
- Human Authentication: Telegram-based approval system for transactions exceeding thresholds
- Two-Factor Authentication (2FA): Optional additional security layer using Google Authenticator
- Multi-Chain Support: Configurations stored on-chain for various networks
- Multi-Agent Management: Support for multiple AI agents under a single user
- Fusion+ Integration: Special handling for cross-chain swaps
The system consists of three main components:
- Smart Contracts: On-chain storage of agent configurations and thresholds
- Authentication Server: Node.js server handling approval requests and Telegram integration
- AI Agent SDK: Python implementation for AI agents to integrate with the authentication system
The AgentsRegistry contract serves as the backbone of the system, storing and managing AI agent configurations on-chain.
- 🟢 Base Sepolia:
0xf77f3E6ed19DAFe90f90c3C1609207902C7414f9 - 🟢 Celo (Alfajores):
0x438751D3309247De00185DEDb5874Dbb99aD7c3C - 🟢 Polygon (Amoy):
0xfF35E64807479DB10F6b6462796f8c1d567ba888 - 🟢 Neon EVM (Devnet):
0x438751D3309247De00185DEDb5874Dbb99aD7c3C - 🟢 Linea (Sepolia):
0xfF35E64807479DB10F6b6462796f8c1d567ba888 - 🟢 Morph (Holesky):
0x438751D3309247De00185DEDb5874Dbb99aD7c3C - 🟢 Rome (Testnet):
0x438751D3309247De00185DEDb5874Dbb99aD7c3C - 🟢 Scroll (Sepolia):
0x438751D3309247De00185DEDb5874Dbb99aD7c3C - 🟢 Flow (Testnet):
0x438751D3309247De00185DEDb5874Dbb99aD7c3C - 🟢 Rootstock (Testnet):
0xfdd2dd20515b7ab1f88344f2e3baf8702b7a50fa
Legend:
- 🟢 Deployed and operational
struct AgentConfig {
uint96 valueThreshold; // Value threshold in Wei
uint96 gasThreshold; // Gas threshold in Wei
bool isSetup2FA; // 2FA status
bool isActive; // Agent status
string metadata; // Telegram chat ID
address owner; // Agent owner address
}registerAgent: Register new AI agent with initial configurationsupdateThresholds: Modify value and gas thresholdstoggle2FA: Enable/disable 2FA for an agentcheckTransactionApproval: Verify if a transaction needs approval
The Telegram bot serves as the primary interface for managing AI agents and handling transaction approvals.
/start: Initialize bot and get welcome message/register: Register a new AI agent/settings: Configure agent security settings/agents: View list of registered agents/help: Display available commands
- AI agent submits transaction for approval
- Bot checks thresholds and 2FA requirements
- Sends approval request to authorized Telegram chat
- Processes user response (approve/reject)
- Returns result to AI agent
- Setup using Google Authenticator
- QR code or manual key entry
- Required for high-value transactions when enabled
- Can be toggled per agent
- Value threshold (ETH/native token)
- Gas threshold (Gwei)
- Configurable per agent
- Real-time monitoring
The Python implementation demonstrates how to integrate AI agents with the hAUTH system. The AI agent runs inside a Trusted Execution Environment (TEE) powered by Phala Network, ensuring secure and verifiable execution of the agent's operations. This implementation leverages Phala's TEE infrastructure to guarantee that the AI agent's operations are tamper-proof and its credentials remain secure from external access.
- OpenAI GPT-4 integration
- Multi-chain support (Base, Base Sepolia)
- Transaction history tracking
- Colorized console interface
- Fusion+ cross-chain swaps
- Secure Execution: Runs in Phala Network's TEE environment
- Verifiable Computation: All operations are verifiable through TEE attestation
- Tamper-proof Credentials: Private keys and sensitive data are protected within the TEE
Available Commands:
├─ balance - Check your balance
├─ send X ETH to ADDRESS - Send ETH to an address
├─ fusion X USDC - Swap directly from on different chains(e.g. Base to Arbitrum) without bridging using 1inch Fusion+
├─ help - Show help message
├─ history - Show transaction history
└─ exit - Exit program
-
Transfer Operations
- ETH transfers with threshold checking
- Automatic gas estimation
- Human approval integration
-
Balance Operations
- Check account balances
- Support for any address lookup
-
Fusion Operations
- Swapping via 1inch Fusion+
- Special threshold handling
- Progress tracking
agent = BlockchainAgent()
agent.set_network('base-sepolia')
response = agent.process_message("send 1 ETH to 0x...")POST /api/request-approval
{
"agentAddress": "0x...",
"transaction": {
"to": "0x...",
"value": "1000000000000000000",
"gasPrice": "50000000000"
}
}
POST /api/request-fusion-approval
{
"agentAddress": "0x...",
"amount": "1000",
"type": "fusion"
}
- Default value threshold: 0.00001 ETH
- Default gas threshold: 50 Gwei
- Configurable per network and agent
- Real-time price monitoring
- Telegram chat verification
- Optional 2FA via Google Authenticator
- On-chain ownership verification
- Transaction signing validation
- Enable 2FA for all production agents
- Set appropriate thresholds based on operation type
- Regular monitoring of transaction history
- Keep Telegram bot token secure
- Monitor gas prices for network conditions
In addition to our custom Python implementation, we leverage Coinbase's CDP AgentKit as a foundation for building secure AI agents. This implementation also runs within Phala Network's TEE environment, ensuring secure and verifiable execution.
- Model Flexibility: Supports multiple LLM providers (OpenAI, Claude, Llama)
- CDP SDK Integration: Native support for on-chain operations
- Extensible Architecture: Template structure for custom functionality
- LangChain Compatibility: Integrates with existing LangChain tools
- Security Integration: Seamlessly works with hAUTH's security layer for high-risk transactions
The CDP AgentKit integration provides:
- On-chain Operations: Direct interaction with blockchain operations
- Transaction Management: Handles transfers, swaps, and contract deployments
- Risk Management: Integration with hAUTH for transaction verification
- TEE Security: Runs in Phala's trusted execution environment
- Base Network Support: Optimized for Base network operations
- Node.js 18+
- Python 3.8+
- OpenAI API key
- Telegram Bot Token
- Ethereum wallet private key
- Alchemy API key
BOT_TOKEN=your_telegram_bot_token
OPENAI_API_KEY=your_openai_api_key
PRIVATE_KEY=your_ethereum_private_key
ALCHEMY_API_KEY=your_alchemy_api_key
Follow these steps to set up the complete hAUTH system:
- Foundry for smart contract development
- Node.js (v16 or higher)
- Telegram Account for bot setup
- Alchemy Account for RPC access
# Clone the repository
git clone https://github.com/yourusername/hauth
cd hauth
# Navigate to contracts directory
cd storage
# Install dependencies
forge install
# Build contracts
forge build
# Run tests
forge test
# Deploy contracts (repeat for each network)
forge script script/AgentsRegistry.s.sol:AgentsRegistryScript --rpc-url $RPC_URL --broadcast- Copy the example environment file from root directory:
cp .env.example .env- Fill in the required environment variables:
# Telegram Bot Token (from BotFather)
BOT_TOKEN=your_bot_token_here
# Ethereum Wallet Private Key
PRIVATE_KEY=your_private_key_here
# Alchemy API Key
ALCHEMY_API_KEY=your_alchemy_api_key_here- Navigate to
hauth/constants.js - Update the
REGISTRY_ADDRESSconstant with your deployed contract address
# From project root directory
node hauth/index.jsTest AI Agent:
# Run the test agent
node ai-agents/testAgent.jsPython AI Agent:
- Fill additional environment variables:
# 1inch and OpenAI API keys
INCH_API_KEY=your_1inch_api_key
PRIVATE_KEY=your_private_key
BASE_URL=https://mainnet.base.org
OPENAI_API_KEY=your_openai_api_key
BASE_SEPOLIA_URL=https://base-sepolia-rpc.publicnode.com- Start the 1inch Fusion service:
# Run 1inch service
node 1inchService.js- Run the Python AI agent:
# Start the Python agent
python3 main.py- Co-Owned AIs
- Advanced dashboard for easy Agent configuration and activity monitoring
- Diversified mobile app integrations
- In app integrated LLM AI Agent
- Generelized plugin for diverse AI Agents