{"ok":true,"type":"ergo.agent_economy.wallet_agent_safety_spec.v0","version":"v0","status":"draft_testnet_safety_spec","last_reviewed":"2026-05-22","public_claim":"A safety specification for local wallet agents on Ergo. It is not wallet software, not custody infrastructure, and not mainnet readiness evidence.","posture":{"network":"testnet_first","mainnet_ready":false,"signing_model":"local_user_or_wallet_controlled","custody_model":"non_custodial","allowed_language":["wallet-agent safety spec","local policy and simulation boundary","host-owned signing flow","testnet-first agent payment design"],"forbidden_language":["autonomous mainnet trading bot is ready","the site can custody funds","wallet-agent policy is audited","users should grant unbounded signing authority"]},"entrypoints":{"human_spec_page":"https://www.ergoblockchain.org/agent-economy/wallet-agent","machine_spec":"https://www.ergoblockchain.org/api/agent-economy/wallet-agent","policy_schema":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy.schema.v0.json","policy_template":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy.profile.template.json","policy_check_api":"https://www.ergoblockchain.org/api/agent-economy/wallet-agent/policy-check","reference_flow_page":"https://www.ergoblockchain.org/build/agent-payments/wallet-agent-runner","reference_flow_api":"https://www.ergoblockchain.org/api/agent-economy/wallet-agent/reference-flow","reference_flow_manifest":"https://www.ergoblockchain.org/agent-economy/wallet-agent-reference-flow.v0.json","policy_playground":"https://www.ergoblockchain.org/build/agent-payments/policy-playground","live_hub":"https://www.ergoblockchain.org/agent-economy/live","developer_launch_kit":"https://www.ergoblockchain.org/agent-economy/launch-kit","sage_widget":"https://www.ergoblockchain.org/agent-economy/sage-widget","agent_payment_quickstart":"https://www.ergoblockchain.org/build/agent-payments/quickstart","review_pack":"https://www.ergoblockchain.org/agent-economy/review-pack"},"threat_model":["Prompt injection tries to convince the agent to ignore spending policy.","A malicious service returns a quote with a wrong recipient, value, reserve, or task hash.","A replayed or stale Note is presented as payment evidence for a new task.","A UI or host app asks for broad signing permission instead of a specific transaction.","An agent attempts market activity outside explicit user limits.","A signer or wallet extension leaks secrets into a web page or remote service."],"lifecycle":[{"id":"intent","label":"Intent","state":"spec","rule":"Parse the user goal, budget, deadline, and allowed actions before requesting any quote."},{"id":"policy","label":"Policy","state":"required","rule":"Check every action against local caps, allowlists, time windows, and human-confirmation rules."},{"id":"quote","label":"Quote","state":"required","rule":"Treat remote quotes as untrusted input; bind receiver, amount, reserve, expiry, and task hash."},{"id":"simulate","label":"Simulate","state":"required","rule":"Compute expected inputs, outputs, registers, fees, and receipt id before asking for a signature."},{"id":"approve","label":"Approve","state":"required","rule":"Show a human-readable transaction summary when policy requires confirmation."},{"id":"sign","label":"Sign locally","state":"required","rule":"Sign inside the user wallet or local agent process; never send private keys to the site or widget."},{"id":"broadcast","label":"Broadcast","state":"bounded","rule":"Broadcast only the transaction that matched simulation and policy checks."},{"id":"receipt","label":"Receipt","state":"required","rule":"Store or link the receipt bundle so the user can prove what was authorized and settled."}],"policy_profile":{"type":"ergo.agent_economy.wallet_agent_policy_profile.v0","schema":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy.schema.v0.json","check_request_schema":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy-check.schema.v0.json","template":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy.profile.template.json","check_api":"https://www.ergoblockchain.org/api/agent-economy/wallet-agent/policy-check","required_fields":["agent_id","network","daily_spend_cap","per_action_spend_cap","allowed_recipients","allowed_reserves","allowed_actions","requires_human_confirmation_above","expiry_height_limit","receipt_retention"],"recommended_defaults":{"network":"testnet","daily_spend_cap":"small explicit amount","per_action_spend_cap":"smaller than daily cap","allowed_recipients":"deny by default","allowed_reserves":"deny by default","allowed_actions":["quote","simulate","sign_specific_transaction","fetch_receipt"],"requires_human_confirmation_above":"any non-trivial amount","expiry_height_limit":"short-lived","receipt_retention":"store receipt URL and hash locally"}},"policy_contract":{"status":"machine_checkable_v0","schema":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy.schema.v0.json","request_schema":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy-check.schema.v0.json","template":"https://www.ergoblockchain.org/agent-economy/wallet-agent-policy.profile.template.json","check_api":"https://www.ergoblockchain.org/api/agent-economy/wallet-agent/policy-check","public_files":["wallet-agent-policy.schema.v0.json","wallet-agent-policy-check.schema.v0.json","wallet-agent-policy.profile.template.json"],"verdict_type":"ergo.agent_economy.wallet_agent_policy_verdict.v0","rule":"The policy-check API returns a deterministic allow/deny verdict before any host-owned wallet is asked to sign.","never_claims":["policy-check signs transactions","policy-check proves a transaction is safe on mainnet","policy-check replaces wallet UI confirmation"]},"transaction_checks":["Network matches the policy profile.","Receiver address matches the quoted receiver and local allowlist.","Reserve box id matches the quote and local allowlist.","Amount, spent_today, and fee are strict decimal strings with no scientific notation.","Amount is less than both per-action and daily spend caps, and spent_today is non-negative.","Task hash is canonical hex and matches the canonical user intent and Agreement JSON.","Expiry height is inside the policy window.","Unknown policy or proposed-action fields fail closed.","Receipt-retention mode is explicit and valid.","Registers match the expected Note contract fields.","No extra outputs, token movements, or data inputs are present without policy permission.","Fee is inside the configured limit.","Receipt URL and receipt id are recoverable after broadcast."],"never_do":["Never expose seed phrases, private keys, or wallet signing APIs to a remote page.","Never approve an unbounded spending permission for an LLM agent.","Never let prompt text override policy caps or recipient allowlists.","Never treat a remote quote as proof that a transaction is safe.","Never claim mainnet readiness before external review and audit-bound script identity exist."],"integration_surfaces":[{"id":"policy_playground","label":"Policy playground","role":"Lets developers mutate a proposed wallet action and inspect the live allow/deny verdict.","href":"https://www.ergoblockchain.org/build/agent-payments/policy-playground"},{"id":"reference_flow","label":"Reference runner","role":"Shows the practical host-owned wallet-agent flow from policy profile to exact signing request and receipt retention.","href":"https://www.ergoblockchain.org/build/agent-payments/wallet-agent-runner"},{"id":"policy_check_api","label":"Policy-check API","role":"Returns a machine-readable allow/deny verdict for a local policy profile and a proposed testnet action.","href":"https://www.ergoblockchain.org/api/agent-economy/wallet-agent/policy-check"},{"id":"sage_widget","label":"Sage widget","role":"Emits payment intent JSON and verifies a Note box id; it does not sign.","href":"https://www.ergoblockchain.org/agent-economy/sage-widget"},{"id":"receipt_api","label":"Receipt API","role":"Returns the machine-readable source of truth for Agreement, Verification Receipt, Settlement Receipt, and chain proof.","href":"https://www.ergoblockchain.org/api/sage/receipt/f8752d10a2ece92fbc88065c3b92b94da621ec65943098f43c9e084deb763d81"},{"id":"mcp_endpoint","label":"MCP endpoint","role":"Public machine-facing entry point for tool discovery and agent context.","href":"https://mcp.ergoblockchain.org/mcp"},{"id":"accord_review","label":"Review pack","role":"Defines what must be externally reviewed before stronger trust language.","href":"https://www.ergoblockchain.org/agent-economy/review-pack"}],"acceptance_criteria":["A wallet-agent implementation can serialize its policy profile before any transaction request.","A wallet-agent implementation can call the policy-check API and persist a rejected verdict reason.","Every signing request references one exact simulated transaction.","A rejected policy check is recorded with a machine-readable reason.","A successful flow links to a full receipt bundle or clearly states chain_proof_only.","The implementation can run in testnet mode without mainnet claims.","Mainnet mode remains disabled until the external review and audit-bound mainnet identity gates are open."]}