hAUTH

hAUTH is a telegram app and bot that is used for Human Authentication and Management of onchain AI agents. The app lets users register their AI agents and set predefined conditions for how they should behave onchain. These configurations can range from maximum transaction value limits to gas limits to specific contract allowlists etc. The configurations are stored onchain and are checked by the AI agents before performing an action, if the AI agent hit some of the conditions, an authentication request will be sent to the user on the Telegram app. The user can allow the agent to proceed or to deny the transaction. For a transaction to be allowed the user has to choose a method of verification, such as Google Authenticator or input a password, once this has been done, the app will communicate to the AI Agent to proceed with his intention. The AI agents used for our Telegram app are hosted in a TEE on the Phala Network, ensuring the agents are tamper proof and the user can be sure the outputs and actions of the agent are solely the product of the AI model used. The Agents themselves are able to perform arbitrary onchain actions, integrating 1Inch Fusion to enable seamless cross-chain swapping for the AI agents. This project aims to empower humans in how they interact with AI agents and the onchain economy while also giving agents the autonomy they need to perform optimally.

How It's Made AI Agent Guardian is a comprehensive security layer built to protect autonomous AI agents operating on blockchains. Here's how we pieced together this safety-first infrastructure: Core Architecture The project is built on three main pillars:

Smart Contract Infrastructure: We developed a Solidity-based AgentsRegistry contract that serves as the backbone of our system. This contract stores agent configurations and security thresholds on-chain, making the system truly decentralized. The contract maintains crucial data structures like AgentConfig that track value thresholds, gas limits, 2FA status, and ownership details for each AI agent. Authentication Server: We built a Node.js server that handles the bridge between blockchain operations and human oversight. This server manages all approval requests and integrates with Telegram's Bot API for real-time notifications and approvals. Python AI Agent SDK: We created a Python implementation that makes it easy for AI agents to integrate with our authentication system. This includes OpenAI GPT-4 integration for intent parsing and sophisticated transaction handling.

Technologies & Integration Blockchain Integration

Multi-Chain Support: We deployed our contracts on multiple networks, starting with Base Sepolia for testing and Base Mainnet for production. 1inch Fusion+: We integrated with 1inch's Fusion+ for cross-chain operations, enabling seamless USDC transfers across different networks without traditional bridging mechanisms. Alchemy API: We use Alchemy for reliable blockchain data access and transaction monitoring.

Security Layer

Telegram Bot Interface: We chose Telegram for its robust Bot API and secure communication channel. The bot serves as the primary interface for managing AI agents and handling transaction approvals. Google Authenticator: We implemented optional 2FA using Google Authenticator for an additional security layer on high-value transactions. Real-time Threshold Management: Our system continuously monitors transaction values and gas prices against configurable thresholds.

Notable Technical Solutions

Transaction Flow Innovation:

Implemented a non-blocking approval system where AI agents can continue operations while waiting for human approval Created a queue management system for handling multiple pending approvals Built real-time price monitoring to adjust thresholds based on market conditions

Fusion+ Integration Hack:

Developed a custom wrapper around 1inch Fusion+ API to handle cross-chain swaps Created special threshold handling for cross-chain operations to account for additional gas costs Implemented progress tracking for multi-step cross-chain operations

Security Features:

Built a multi-layered verification system combining on-chain ownership verification with off-chain authentication Implemented rate limiting and timeout mechanisms to prevent approval spam Created a transaction signing validation system to ensure request authenticity

Development Environment The project requires several key components to run:

Node.js 16+ for the authentication server Python 3.8+ for the AI agent SDK OpenAI API key for intent parsing Telegram Bot Token for the approval interface Ethereum wallet private key for contract deployment and testing Alchemy API key for blockchain interaction

Notable Challenges & Solutions

Cross-Chain Operations: Handling cross-chain operations presented unique challenges, particularly around transaction verification and approval timing. We solved this by implementing a special approval flow for Fusion+ operations with built-in timeout and rollback mechanisms. Gas Optimization: To keep gas costs manageable, we optimized our smart contracts by:

Using packed structs for storage efficiency Implementing batch operations where possible Carefully managing on-chain storage patterns

Real-Time Monitoring: We developed a sophisticated monitoring system that tracks:

Transaction status across multiple chains Gas price fluctuations Approval request timeouts Authentication attempts and patterns

This infrastructure provides a robust security layer for AI agents while maintaining flexibility for future improvements and additions.