Skip to content

feat: add invinoveritas action provider#1355

Open
babyblueviper1 wants to merge 1 commit into
coinbase:mainfrom
babyblueviper1:invinoveritas-action-provider
Open

feat: add invinoveritas action provider#1355
babyblueviper1 wants to merge 1 commit into
coinbase:mainfrom
babyblueviper1:invinoveritas-action-provider

Conversation

@babyblueviper1

Copy link
Copy Markdown

What changed

Adds a new action provider for invinoveritas — a verification layer for AI agents: an independent, capital/risk-aware verdict on a proposed action before it executes, plus a free way to verify a signed proof another agent hands you.

Two actions, following the existing pattern of a read-API provider like messari or pyth (no wallet interaction):

  • review — an independent verdict on a proposed trade, on-chain transaction, sanctions-screening result, code diff, or other agent action, called before it executes.
    • artifactType='trade' → capital-scale-aware risk review (position size vs equity, drawdown, regime)
    • artifactType='onchain_action' → deterministic checks (unlimited approvals, drainers, address poisoning, permit abuse, wrong-chain recipient) — complements erc20/erc721's mint/transfer actions with a pre-execution check
    • sign=true → also returns a portable signed proof any third party can independently recompute (BIP-340 schnorr against a published key), rather than a trust-us score
    • Advisory only: degrades to { verdict: "review_unavailable", reason } on a missing key, timeout, or non-2xx response — never throws into the agent's main flow
  • verify_proof — verifies a signed invinoveritas proof another agent handed over. Free, no auth. Recomputes the Nostr event id and checks the signature against a published key, so neither the presenter nor invinoveritas needs to be trusted.

API-only (no wallet operations), so supportsNetwork always returns true — no wallet provider required, matching messari.

One deliberate deviation from the usual pattern, called out in the provider's README: the constructor does not throw when no API key is configured (most providers do). verify_proof is free/no-auth and works with zero configuration, and review is designed to degrade rather than block agent construction for a user who hasn't set up a key yet.

Testing

  • 16 new unit tests (invinoveritasActionProvider.test.ts) covering the constructor, both actions' happy paths, and every degrade-not-throw path (missing key, non-2xx, network error, malformed args).
  • tsc --noEmit clean across the whole agentkit package.
  • eslint --max-warnings=0 clean on the new directory.
  • Full existing test suite (1607 tests) shows the identical pass/fail count with and without this change (34 pre-existing suite failures, confirmed via git stash, all in an unrelated provider's graphql-request ESM transform — not introduced by this PR).
  • Added a changeset (patch) per CONTRIBUTING-TYPESCRIPT.md.

Notes

Disclosure: I'm the maintainer of invinoveritas. Happy to adjust naming, scope, or framing to whatever fits AgentKit's conventions best — this follows the messari template as closely as I could for a stateless read/verify API provider.

Adds a new action provider for invinoveritas (api.babyblueviper.com), a
verification layer for AI agents: an independent, capital/risk-aware verdict
on a proposed action before it executes.

Two actions:
- review: independent verdict on a proposed trade, on-chain transaction,
  sanctions-screening result, code diff, or other agent action before it
  executes. artifactType='trade' triggers a capital-scale-aware risk review;
  artifactType='onchain_action' triggers deterministic checks (unlimited
  approvals, drainers, address poisoning, permit abuse, wrong-chain
  recipient). sign=true returns a portable signed proof any third party can
  independently recompute, rather than a trust-us score. Advisory only —
  degrades to review_unavailable on missing key, timeout, or non-2xx
  response, never throws into the agent's main flow.
- verify_proof: verifies a signed invinoveritas proof another agent handed
  over. Free, no auth. Recomputes the Nostr event id and checks the BIP-340
  schnorr signature against a published key, so neither the presenter nor
  invinoveritas needs to be trusted.

API-only (no wallet operations), so supportsNetwork always returns true —
no wallet provider required.

16 new unit tests covering the constructor, both actions' happy paths, and
every degrade-not-throw path. Verified: full package `tsc --noEmit` clean,
`eslint --max-warnings=0` clean on the new directory, and the full existing
test suite (1607 tests) shows the identical pass/fail count with and without
this change (34 pre-existing suite failures in an unrelated provider's
graphql-request ESM transform, confirmed via git stash — not introduced by
this PR).
@cb-heimdall

Copy link
Copy Markdown

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

@github-actions github-actions Bot added documentation Improvements or additions to documentation action provider New action provider typescript labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

action provider New action provider documentation Improvements or additions to documentation typescript

Development

Successfully merging this pull request may close these issues.

3 participants