CREdential (AEGIS)

What is CREdential?
CREdential (formerly AEGIS) is an institutional-grade, protocol-agnostic Universal AI Executor designed to make AI agents safe, accountable, and trustless for DeFi. By seamlessly combining the Chainlink Runtime Environment (CRE), World ID, and the Chainlink ACE Policy Engine, it creates a secure orchestration layer where users can simply submit natural language intents (e.g., "Swap 500 USDC for WETH" or "Process Flight Insurance Claim") rather than interacting with rigidly hardcoded smart contracts.

What Problem Does it Solve?
The integration of AI into Web3 is currently plagued by the "AI Trust Problem." CREdential directly mitigates four massive vulnerabilities preventing institutional capital from utilizing AI agents:

• Zero Accountability & Sybil Attacks: AI agents natively lack verifiable identity or human owners, making them prone to Sybil attacks with no real-world accountability.
• MEV Exploitation (Information Leakage): When agents use public oracles or standard RPCs to calculate trades, their logic is exposed to the public mempool, allowing MEV bots to easily front-run and steal their trading alpha.
• Prompt Injection & Hallucinations: A single malicious prompt or AI hallucination can trick an agent into generating calldata that completely drains a protocol.
• Hardcoded Limitations: Traditional DeFi vaults require specific, hardcoded smart contract functions for every isolated action (swapping, lending, etc.), severely limiting the autonomous capabilities of an AI.

How it Works (Technical Architecture)
CREdential operates as a fully decentralized pipeline driven by specialized Chainlink CRE workflows, transforming raw user intent into mathematically verified, MEV-protected execution.

1. Sybil-Resistant Onboarding (World ID) Before an AI agent can operate, its human owner must register it on-chain and lock collateral (stake) to guarantee economic security. The CRE onboarding-workflow automatically catches the registration event, securely queries the World ID Cloud API off-chain to validate the human's zero-knowledge proof, and uses CRE's evm-write capability to officially mark the agent as verified on the smart contract.
2. Verified State & Natural Language Intents When a user creates a strategy job by submitting a natural language prompt, the Universal Vault emits an event. CRE wakes up and natively fetches the exact, cryptographically verified asset prices from Chainlink Data Feeds using LAST_FINALIZED_BLOCK_NUMBER to guarantee Byzantine Fault Tolerant (BFT) determinism. The AI does not guess the market; it acts on verified truth.
3. The "Dark Pool" (Confidential Compute) To protect the trading strategy, CRE passes the verified market data and the user's prompt to an off-chain AI Agent Council using Chainlink’s confidential_http capability. The AI evaluates the optimal routing logic inside a secure Trusted Execution Environment (TEE), completely shielding the generated alpha from MEV bots and the public network.
4. Multi-Agent Consensus & Slashing The agents independently return generalized execution arrays (targets[], values[], calldatas[]). CRE runs a custom consensus algorithm to compare these payloads and find the majority agreement. Using a strict economic feedback loop, CRE rewards the agreeing agents with reputation points and tokens, while immediately slashing the staked LINK and reputation of any agent that dissents or hallucinates.
5. The Chainlink ACE Security Firewall Even if the AI Council reaches consensus, the generated payload must pass through the strict Chainlink ACE Policy Engine before execution. ACE decodes the raw arrays and validates them against on-chain policies—such as verifying that the destination addresses are on a Whitelist and that the trade adheres to Volume Limits.
   If ACE approves the payload, CRE executes the atomic transaction via the StrategyVaultV2. If the AI was tricked by prompt injection into targeting a hacker's wallet, ACE blocks the transaction and the malicious agents are slashed, keeping user funds perfectly safe

Tenderly transactions: https://virtual.mainnet.eu.rpc.tenderly.co/e88e58fa-94d3-4567-adb3-c018006ef561

CREdential utilizes a hybrid architecture, combining on-chain smart contracts deployed on the Tenderly Virtual Testnet with off-chain orchestration powered by the Chainlink Runtime Environment (CRE). The system is built in Solidity and TypeScript, linking decentralized identity, AI agents, and institutional-grade compliance.
Here is the step-by-step breakdown of the technical stack and execution pipeline:

1. The Smart Contract Layer (Solidity) The foundation consists of two main smart contracts:

• TrustedAgentRegistry: Manages agent profiles, handles the staking of tokens (to align economic incentives), and tracks each agent's reputation score and World ID verification status.
• StrategyVault (The Universal Executor): Instead of containing hardcoded DeFi functions, this vault acts as an agnostic execution layer. It inherits Chainlink's ReceiverTemplate, guaranteeing that it only accepts and executes raw execution payloads (targets, values, calldatas) delivered securely by the CRE Forwarder.

2. Sybil-Resistant Identity (World ID + CRE) To solve the AI accountability problem, we built an Onboarding Workflow in CRE.

• When an agent operator registers on-chain, CRE catches the AgentRegistered event via an evmlog trigger.
• CRE securely calls the World ID Cloud API via HTTP to validate the operator's zero-knowledge proof.
• Once validated, CRE utilizes its evm-write capability to cryptographically attest the human's identity on-chain, marking the agent as verified (verified = true).

3. Verified State & The "Dark Pool" (Confidential Compute) When a user creates a new job using a natural language prompt, the Council Workflow takes over:

• BFT Determinism: Before making decisions, CRE uses evm-read to fetch the live, cryptographically verified asset prices directly from Chainlink Data Feeds. We utilize LAST_FINALIZED_BLOCK_NUMBER to guarantee that all nodes in the decentralized network reach the exact same state.
• MEV Protection: CRE passes the verified market data and user prompt to our off-chain AI Agent Council using Chainlink’s confidential_http capability. By processing the complex AI routing logic inside a secure Trusted Execution Environment (TEE), the trading alpha is completely hidden from the public mempool, preventing MEV sandwich attacks.

4. Multi-Agent Consensus & Slashing Logic The queried AI agents deterministically return JSON execution arrays (targets[], values[], calldatas[]).

• CRE runs a custom TypeScript consensus algorithm to compare these arrays across multiple agents and identify the majority agreement.
• Economic Security: To enforce accountability, CRE's execution payload automatically rewards agreeing agents with reputation and tokens, while slashing the staked LINK (e.g., -50 LINK) and reputation of any agent that dissents or hallucinates.

5. The Chainlink ACE Security Firewall Before the StrategyVault executes the AI's consensus payload, the data is intercepted by the Chainlink Automated Compliance Engine (ACE).

• A UnifiedExtractor parses the raw calldata and routes it to specific policies.
• ACE strictly enforces a Target Whitelist Policy and Volume Limits. If the AI is tricked by prompt injection into generating a transfer to a hacker's wallet, ACE immediately blocks the transaction, protecting the vault's assets while still triggering the slashing mechanism for the malicious agent.