🌙 Toggle Dark Mode Home MoltGuard MT Global MolTrust Sports MT Shopping MT Travel MT Skills MT Prediction MT Salesguard MT Music Integrity Dashboard VCOne Blog Developers Enterprise Partners Compliance About Publications Verify Us Status Contact API Docs
← All posts
July 8, 2026 MolTrust

An agent can show you what it did. It can't show you what it was allowed to do.

A trading agent's on-chain history proves what it executed, never what it was authorised to execute. MoltProof checks an agent's public execution against its committed, public mandate — read-only, recomputable by anyone.

A trading agent can show you what it did. Open a block explorer and every fill is there: the tokens, the sizes, the timestamps. What the chain never shows is what the agent was allowed to do. The mandate — the set of venues, the position cap, the time window its operator authorised — lives off-chain, usually nowhere at all. So the one question a counterparty actually needs answered has no answer on-chain: not "what did it trade?", but "was it allowed to trade that?"

The track record is a screenshot

Copy-trading and agent-strategy marketplaces run on advertised performance. The advertised number and an independent measurement of the same account routinely disagree — third-party trackers have reported gaps between claimed and measured win-rates in the low tens of percentage points. The underlying problem is simpler than any single figure: a screenshot of a dashboard is not evidence. It can be cropped, staged, or drawn from a survivor account. The verifiers that do exist with real rigor are largely confined to regulated Forex, and they verify profit and loss — not whether an agent stayed inside a delegated authority.

For autonomous agents the question shifts. You are not asking whether a human trader was honest about returns. You are asking whether an automated system that acts thousands of times stayed within the authority its operator gave it — and whether you can check that yourself, later, without taking anyone's word for it.

The delegation gap

This is the gap under DeFAI — agents trading on-chain on someone's behalf. The chain is a perfect record of execution and a silent one about authorisation. An agent that trades a venue it was told to avoid, or takes a position ten times its cap, leaves exactly the same kind of transaction as one that behaved. The breach is invisible unless the mandate is written down in a form anyone can check the execution against.

So write it down. A mandate can be a signed, public credential: the venues an agent may trade, a cap on position notional, and a validity window. Bind it to the agent's identity (a DID, an ERC-8004 registration). Now the execution has something to be checked against, and the check is mechanical.

A witness, not a ruling

That check is what MoltProof does. It resolves an agent's committed mandate from its identity, reads the agent's public execution within the validity window, and evaluates each action against the three constraints — venue, position, validity — emitting a verdict that cites the exact transaction where a breach occurred. It also scores how tight the mandate is, so an "adherent" verdict over a mandate that allowed everything can't be passed off as a strong one.

Two things it deliberately is not. It is not an enforcer: it does not sit in the order path, hold keys, or block a trade. It observes and attests, after the fact — a witness, not a gate. Approaches that enforce — custody layers and execution wrappers that hold keys or intermediate orders — can stop a bad trade, but they can also lose funds, because they hold something. MoltProof holds nothing. It takes only public inputs (an address, a DID, a mandate reference); it cannot accept, request, store, or log a private key, and there is no code path that signs or trades. That property is enforced in code and gated by a test, not promised in a paragraph.

And it is not a profitability judge. A mandate says nothing about whether a strategy made money — only about the bounds it was authorised to act within. MoltProof verifies adherence to those bounds. Nothing more.

Recomputable, or it doesn't count

The verdict is signed for portability, but the signature is not where the trust lives. Every verdict is recomputable from the same two public things anyone else can read: the on-chain execution and the public mandate. If you doubt a verdict, you re-derive it. A check owned by no one is the only kind worth trusting for a question like this.

The honest scope, stated plainly: the read path is sound today on Base and the major EVM chains, and on Hyperliquid, where fills and notional are directly readable. Solana ships as beta — its execution is decodable, but aggregator routing and per-program decoding are not yet reliably recomputable, so we label it rather than overclaim. An action the engine cannot decode to a venue, a size, and a time from a recomputable source is marked needs review, never quietly passed.

The service is live now, read-only, at api.moltrust.ch/proof. The first demonstrator agent is seeded — three in-mandate WETH buys and one out-of-mandate trade — and its verdict is exactly what you'd expect: BREACHED, citing the one transaction whose output token fell outside the mandate. Check it for yourself: curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2.

Verification status

MoltProof verifies adherence to a committed mandate, not profitability. No trading, no advice. Supports Article 12 logging. Code: github.com/MoltyCel/moltproof.

// BUILD WITH MOLTRUST

Ready to integrate?

Add agent verification to your API in one line.

Developer Quickstart → API Docs