feat: add invinoveritas action provider#1355
Open
babyblueviper1 wants to merge 1 commit into
Open
Conversation
Adds a new action provider for invinoveritas (api.babyblueviper.com), a verification layer for AI agents: an independent, capital/risk-aware verdict on a proposed action before it executes. Two actions: - review: independent verdict on a proposed trade, on-chain transaction, sanctions-screening result, code diff, or other agent action before it executes. artifactType='trade' triggers a capital-scale-aware risk review; artifactType='onchain_action' triggers deterministic checks (unlimited approvals, drainers, address poisoning, permit abuse, wrong-chain recipient). sign=true returns a portable signed proof any third party can independently recompute, rather than a trust-us score. Advisory only — degrades to review_unavailable on missing key, timeout, or non-2xx response, never throws into the agent's main flow. - verify_proof: verifies a signed invinoveritas proof another agent handed over. Free, no auth. Recomputes the Nostr event id and checks the BIP-340 schnorr signature against a published key, so neither the presenter nor invinoveritas needs to be trusted. API-only (no wallet operations), so supportsNetwork always returns true — no wallet provider required. 16 new unit tests covering the constructor, both actions' happy paths, and every degrade-not-throw path. Verified: full package `tsc --noEmit` clean, `eslint --max-warnings=0` clean on the new directory, and the full existing test suite (1607 tests) shows the identical pass/fail count with and without this change (34 pre-existing suite failures in an unrelated provider's graphql-request ESM transform, confirmed via git stash — not introduced by this PR).
🟡 Heimdall Review Status
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
Adds a new action provider for invinoveritas — a verification layer for AI agents: an independent, capital/risk-aware verdict on a proposed action before it executes, plus a free way to verify a signed proof another agent hands you.
Two actions, following the existing pattern of a read-API provider like
messariorpyth(no wallet interaction):review— an independent verdict on a proposed trade, on-chain transaction, sanctions-screening result, code diff, or other agent action, called before it executes.artifactType='trade'→ capital-scale-aware risk review (position size vs equity, drawdown, regime)artifactType='onchain_action'→ deterministic checks (unlimited approvals, drainers, address poisoning, permit abuse, wrong-chain recipient) — complementserc20/erc721's mint/transfer actions with a pre-execution checksign=true→ also returns a portable signed proof any third party can independently recompute (BIP-340 schnorr against a published key), rather than a trust-us score{ verdict: "review_unavailable", reason }on a missing key, timeout, or non-2xx response — never throws into the agent's main flowverify_proof— verifies a signed invinoveritas proof another agent handed over. Free, no auth. Recomputes the Nostr event id and checks the signature against a published key, so neither the presenter nor invinoveritas needs to be trusted.API-only (no wallet operations), so
supportsNetworkalways returnstrue— no wallet provider required, matchingmessari.One deliberate deviation from the usual pattern, called out in the provider's README: the constructor does not throw when no API key is configured (most providers do).
verify_proofis free/no-auth and works with zero configuration, andreviewis designed to degrade rather than block agent construction for a user who hasn't set up a key yet.Testing
invinoveritasActionProvider.test.ts) covering the constructor, both actions' happy paths, and every degrade-not-throw path (missing key, non-2xx, network error, malformed args).tsc --noEmitclean across the wholeagentkitpackage.eslint --max-warnings=0clean on the new directory.git stash, all in an unrelated provider'sgraphql-requestESM transform — not introduced by this PR).patch) perCONTRIBUTING-TYPESCRIPT.md.Notes
Disclosure: I'm the maintainer of invinoveritas. Happy to adjust naming, scope, or framing to whatever fits AgentKit's conventions best — this follows the
messaritemplate as closely as I could for a stateless read/verify API provider.