🌙 Toggle Dark Mode Home MoltGuard MoltProof MT Global MolTrust Sports MT Shopping MT Travel MT Skills MT Prediction MT Salesguard MT Music Integrity Dashboard VCOne Blog Developers Pricing Enterprise Partners Compliance About Publications Verify Us Status Contact API Docs
Live · read-only · Base + EVM · Solana (beta)

MoltProof

Does your trading agent keep its word? Verify what an on-chain agent was allowed to do — and whether it did it. Read-only. No keys. Recomputable by anyone.

Base Base Ethereum Ethereum Arbitrum Arbitrum Optimism Optimism Polygon Polygon Hyperliquid Hyperliquid Solana Solana beta

Give it an agent, get a verdict

Returns a real, recomputable verdict for any agent that has committed a mandate. Live example — the first demonstrator agent (3 in-mandate WETH buys, 1 out-of-mandate trade):

did:moltrust:0xd35a…59e2
BREACHED mandate-tightness 0.88 · 3 adherent · 1 breach
Reproduce: curl https://api.moltrust.ch/proof/verdict-free/0xD35AE5C22C117Cf1b9EF870697AB0034314A59e2

Try it right now — no API key, no signup. Just curl it. Free.

$ curl https://api.moltrust.ch/proof/verdict-free/<agent>

{
  "agent": "did:moltrust:agent-demo",
  "verdict": "ADHERENT",
  "mandate_tightness": 0.72,
  "recomputable": true
}

A breach cites the exact transaction:

$ curl https://api.moltrust.ch/proof/evidence/<agent>

{
  "verdict": "BREACHED",
  "breaches": [{
    "txHash": "0x…",
    "failedChecks": { "venue": "fail" },
    "reasons": ["traded on non-whitelisted venue aerodrome (0xcF77…4E43)"]
  }],
  "recomputable": true
}

Primitives

Mandate Resolution

Resolve an agent's committed AAE mandate from its DID / ERC-8004 identity.

Execution Replay

Read public on-chain execution within the mandate's validity window.

Constraint Verdict

Check each action against venue / position / validity.

Mandate-Tightness

Score how constraining the mandate is, so "adherent" can't be gamed.

Recomputable Proof

Every verdict reproducible from public data; Ed25519-signed for portability.

Structurally incapable of causing loss

MoltProof is read-only by construction. The security properties are not a policy — they are what the service can and cannot do.

Public inputs only

Takes an agent address / DID / mandate ref. It cannot accept, request, store, or log a private key, seed, or API key — a scanner rejects secret-shaped input, enforced by a build-gating test.

No keys, no custody

No signing on behalf of users, no wallet connection, no funds held. Read-only RPC/indexer calls only.

No order path

There is no code path that places, cancels, or routes a trade. Nothing is written to caller systems.

Publicly falsifiable

Every verdict is recomputable from public chain data and the public mandate — you never have to trust us to vouch for it.

Contrast with wrapper / custody approaches that hold keys or intermediate orders: those can lose funds by design. MoltProof cannot, because it never touches them.

Data flow

Sources ├─ Chain RPC (read-only) ├─ Indexer (Blockscout EVM · Solana & Hyperliquid indexers) ├─ Mandate store (DID / ERC-8004 → MolTrust AAE VC) └─ Venue registry (address → venue, explorer-verified) │ ▼ MoltProof Engine [ resolve · replay · evaluate · tightness · sign ] │ ▼ REST · MCP · optional x402 (Base)

Three checks and a tightness score

CheckConstraintPass / Fail / Inconclusive
Venueallowed_venuesEvery venue-address touched (entrypoint + Swap-log emitter) is whitelisted, or its venue is. Unrecognised → inconclusive.
Positionmax_position_notionalAction notional ≤ cap. Not deterministically priceable → inconclusive.
Validityvalid_from / valid_untilAction timestamp inside the window.
Tightness0–1 score of how constraining the mandate is; shown with every verdict.

An action that can't be decoded to (venue, notional, time) from a recomputable source yields NEEDS_REVIEW, never a silent ADHERENT.

Endpoints base https://api.moltrust.ch/proof

MethodPathTier
GET/verdict-free/:agentfree · 1/10min — verdict only
GET/verdict/:agent$0.05 — full per-check breakdown
GET/evidence/:agent$0.05 — verdict + decoded breaching txs
GET/mandate/:agentfree — the committed AAE mandate
POST/verifyfree — recompute + check signature (never gated)
GET/registryfree — agents + current verdict
GET/info · /healthfree

Free-first

x402 on Base, same pattern as MoltGuard. The core verdict, mandate lookup, and /verify are free; the deep and full-history endpoints are $0.05.

Model Context Protocol

Tools moltproof_verdict, moltproof_mandate, moltproof_evidence, moltproof_verify, moltproof_registry — live on the shared gateway.

Served by the shared MolTrust MCP gateway at https://api.moltrust.ch/mcp — one endpoint for all MolTrust tools. The moltproof_* tools are read-only pass-throughs to the verdict API; they inherit the same no-keys gate.

{
  "mcpServers": {
    "moltproof": {
      "type": "streamable-http",
      "url": "https://api.moltrust.ch/mcp"
    }
  }
}

Technical details

StackNode 20 · TypeScript · Hono · viem
NetworksBase (canonical), Ethereum, Arbitrum, Optimism, Polygon, Hyperliquid — supported; Solana — beta
Signing keydid:web:moltrust.ch#moltproof-key-1 (Ed25519 JWS)
AAE profiledraft-kroehl-agentic-trust-aae-00
Standards alignmentowasp-agentic-top10
Paymentsx402 on Base (chainId 8453)
Cachingbounded lookback windows; short-TTL verdict cache

Track record

From the running service at launch. Live counts are always available via /proof/registry; these grow as more agents commit mandates.

1
agents witnessed
1
mandates committed
1
breaches caught
Base
canonical chain

Live from /proof/registry. The first demonstrator agent is seeded; counters grow as more agents commit mandates.

MoltProof verifies adherence to a committed mandate, not profitability. No trading, no advice. Supports Article 12 logging.