POIP
Cryptographic scope enforcement for multi-agent DeFi pipelines.
Project Description
Most agent security tools check what an agent is about to do. POIP checks where that authority came from. A user can describe an intent in natural language, which POIP compiles into a structured EIP-712 authorization: max amount, min output, allowed protocols, deadline, and authorized orchestrator. Every agent handoff then becomes an on-chain delegation that can only narrow its parent scope. At execution time, the contract walks the full delegation chain back to the user’s signature. If any agent widens scope, skips authorization, forges a link, or acts outside the signed intent, the transaction reverts. POIP is delegation provenance for autonomous financial agents: proof that every action was cryptographically derived from what the user authorized. Live on Sepolia with published Python and TypeScript SDKs.
How it's Made
POIP is built as a contract layer, SDK layer, and live multi-agent demo. The contract layer is deployed on Ethereum Sepolia and built with Foundry. IntentRegistry verifies EIP-712 user intents, DelegationRegistry enforces scope narrowing across agent handoffs, ExecutionGate verifies the full delegation chain before execution, and AgentRegistry controls which agents can receive delegations. The contracts are covered by 58 Foundry tests, including the malicious delegation paths shown in the demo. The SDK is published as proof-of-intent on both PyPI and npm. The Python SDK uses web3.py and the TypeScript SDK uses ethers v6. Both include ABIs, Sepolia defaults, and helpers for token decimals, deadlines, protocol hashing, intent creation, delegation, and execution. The demo runs separate agents communicating through Gensyn AXL peer-to-peer nodes, so delegation handoffs do not depend on a centralized relay. POIP also includes a natural language intent compiler using Claude or OpenAI, where the user reviews the compiled structured intent before signing. The final demo uses the published SDKs, live ETH pricing, AXL handoffs, ENS-linked authorization, 0G intent receipts, and verified Uniswap V3 execution at the end of the delegation chain.
