Call DeFAI Engine

Call DeFAI Engine is a conversational DeFi execution engine that lets users make crypto transactions via phone call, making catastrophic execution errors architecturally impossible.
The problem is clear: Autonomous AI agents executing financial transactions have no verification layer. The viral "Lobster Wilde" incident, where an AI agent sent $400,000 instead of $400, exposed a fundamental flaw. There is no integrity check between what a user says and what gets executed on chain.
Call DeFAI Engine solves this with a Zero Hallucination Pipeline:

• A user calls in and says "Send 40 dollars of Ethereum on Sepolia to Markus."
• Vapi AI performs primary speech to text and extracts a structured JSON payload.
• After the call ends, the system downloads the call recording and runs a completely independent second STT (ElevenLabs) on the raw audio.
• A blind extraction agent with zero knowledge of the Vapi payload parses the second transcript into the same structured format.
• A deterministic regex parser with zero AI, zero prompts, and zero LLM extracts the same structured fields from the second transcript. This is prompt injection proof by design because regex has no prompt to inject into.
• A pure TypeScript comparator (using strict equality operators and zero AI) compares both extractions field by field: action, amount, token, network, destination. The entire verification chain is zero AI, which means zero prompt injection surface.
• Only after all 5 fields match does the Chainlink CRE workflow execute, converting the verified integer USD amount to a precise crypto amount using real time price data.
• The destination name is resolved to an on chain address via a SpacetimeDB whitelist. No raw addresses are ever spoken over the phone.
• GoPlus Labs scans the resolved address for AML flags and malicious activity.
• Only then does Lit Protocol sign the transaction using the user's PKP wallet via passkey delegated Server Sessions. This is fully non custodial.
• Every step in this pipeline either passes or kills the entire transaction with a complete audit record. No retries. No fallbacks. No "close enough."
  The Chainlink CRE workflow is the price oracle layer. It receives a verified integer amount and token, fetches the real time price, and returns the precise crypto conversion. CRE only executes after dual STT verification passes so the oracle never fires on unverified intent. This is AI assisted CRE workflow execution where the AI orchestration layer (Mastra) consumes CRE workflows as a trusted, deterministic data source within a larger autonomous agent pipeline.

The stack:

• Mastra (@mastra/core): For AI agent orchestration and workflow management.
• Vapi AI: For the voice interface, primary STT, and structured extraction.
• ElevenLabs STT: For independent second speech to text verification.
• Chainlink CRE (simulated via CLI): Acts as the price oracle to convert verified USD amounts to crypto.
• SpacetimeDB v2.0.0: For deterministic state including contact whitelists, user PKP records, and full transaction audit logs.
• Lit Protocol v8 (Naga network): For non custodial PKP wallet signing via Server Sessions with passkey (WebAuthn) delegation.
• GoPlus Labs Malicious Address API: For security screening against AML, sanctions, and fraud detection.
• Alchemy: For RPC broadcasting on the Sepolia testnet.
• 1Password SDK (@1password/sdk): For zero hardcoded secret management where all keys are loaded into RAM only.
  The architecture is a strict linear pipeline orchestrated by Mastra workflows. A subscription gate checks the caller's phone number from trusted call metadata before any processing begins. The CRE workflow is simulated via the CRE CLI and integrates blockchain price feeds with the external Vapi and ElevenLabs voice processing APIs. The entire verification chain is zero AI, making the system immune to prompt injection attacks on every verification layer.