Vela

Vela is a verifiable AI fund manager — a premier DeFi agent whose decisions are cryptographically provable, policy-enforced at the EVM level, and hardware-attested by decentralized compute.

The problem with AI agents in DeFi isn’t capability — it’s trust. Today, there’s no way to verify that a model actually produced a decision, that it wasn’t tampered with before execution, or that it respected user-defined risk constraints. Most systems rely on optimistic challenge windows, slashing, or bonding — mechanisms that manage trust, but never eliminate it.

Vela removes the trust assumption entirely with three load-bearing layers:

1. Policy Enforcement at the EVM Level Users express investment intent in plain English (“grow my ETH steadily, never more than 25% per pool, stop if I lose 15%”). This is compiled once into typed PolicyConstraints, Merkle-hashed, and committed on-chain. A Uniswap v4 beforeSwap() hook enforces these constraints on every trade — policy-violating swaps are rejected at execution time. The agent cannot violate policy. It is architecturally impossible.

2. Verifiable Decision Integrity via TEE + DA Every trade decision runs inside a Intel TDX enclave via 0G Sealed Inference. The enclave produces a hardware attestation proving that a specific model, with specific inputs, generated the output. This decision + attestation is stored on 0G DA, with its CID committed on-chain. Anyone can independently verify the agent’s reasoning and provenance.

3. Real-Time Watchtower + Circuit Breaker A Rust watchtower continuously verifies each decision against the registered enclave key. If verification fails, it triggers an on-chain circuit breaker that halts execution immediately — within the same block. The user is notified with the full decision record for independent audit.

Result No challenge windows No slashing assumptions No hidden execution paths

Bad trades are prevented, not punished. Tampered decisions are caught in real time, not disputed later.

Stack

Solidity / Foundry · Uniswap v4 Hooks · ERC-4626 Vault 0G Sealed Inference (TEE) · 0G DA / Storage Rust (tokio, ethers-rs) Watchtower TypeScript Agent + NLP Policy Engine Next.js + wagmi / viem · Farcaster Frames v2 Deployed on Base Sepolia

Vela is built as a four-layer system — each layer independently verifiable, composed into a single trustless pipeline.

Smart Contracts (Solidity / Foundry)

Four contracts define the execution boundary:

PolicyRegistry — stores Merkle-hashed PolicyConstraints, manages tiers, tracks compliance, and exposes the circuit breaker VelaVault (ERC-4626) — extended with commitDecision() and markAttested(); every decision gets a hash + 0G CID before execution AttestationContract — registers enclave keys and verifies TEE signatures via ECDSA.recover VelaHook — a Uniswap v4 beforeSwap() hook that enforces execution constraints

On every swap, the Hook checks:

Agent is active Circuit breaker is clear Trade value ≤ NAV ceiling (derived from slot0) Pool is allowlisted

If any check fails → swap reverts at the EVM level

Key design insight: The NAV ceiling and execution both use the same slot0 price source — no oracle, no drift, no manipulation surface.

Policy Engine (TypeScript)

User intent is compiled once at setup:

Parsed via Kimi into structured PolicyConstraints Validated by a deterministic conflict engine (10+ rule checks) Merkle-hashed (OpenZeppelin double-hash pattern) Committed on-chain as a policyRoot

After this step:

No more AI in the control loop

Execution becomes fully deterministic.

Agent Runtime + 0G Integration

Each decision is generated inside a TEE:

Runs in Intel TDX via 0G Sealed Inference Produces decision + hardware attestation Uploaded to 0G DA → CID committed on-chain via commitDecision()

Execution order is enforced:

No CID → no execution path

This guarantees:

decision provenance immutability before execution Watchtower (Rust / tokio)

A background verifier that:

Listens to DecisionCommitted events Fetches corresponding 0G records Verifies enclave signatures against on-chain keys

On mismatch:

triggerCircuitBreaker() → vault locked in the same block

User receives a Farcaster DM with the full record for independent verification.

Frontend (Next.js + wagmi/viem)

End-to-end flow:

Intent → compile → validate → Merkle root → on-chain registration

Also deployed via Farcaster Frames (Warpcast):

intent input compiled policy preview one-tap deploy

No browser required.

Key Insight

The Hook derives NAV directly from Uniswap’s internal slot0.

This means:

The agent cannot observe a different price than execution uses.

No oracle. No lag. No manipulation surface.

You’re using Uniswap’s own internals as a security primitive.

Result Policy violations are impossible, not punishable Decisions are provably generated, not claimed Tampering is caught in real time, not challenged later Stack

Solidity / Foundry · Uniswap v4 Hooks · ERC-4626 0G Sealed Inference · 0G DA Rust (tokio, ethers-rs) Watchtower TypeScript Agent + Policy Engine Next.js + wagmi/viem · Farcaster Frames Deployed on Base Sepolia