Back to Home
Technical Specification

Sentry Protocol v1.0

The definitive technical specification for autonomous treasury guardrails, circuit breaker logic, and AI agent risk mitigation.

Version 1.0March 2026Draft

Abstract

As autonomous AI agents gain control over increasingly large treasuries, the risk of catastrophic loss due to hallucination, prompt injection, or runaway execution grows exponentially. The Sentry Protocol introduces a middleware architecture that intercepts, validates, and enforces policy constraints on every agent-initiated transaction.

This whitepaper defines the circuit breaker state machine, proposer permission model, and integration patterns for elizaOS, AI16z, and Squads Multisig environments.

Contents

1Introduction: The Agentic Capital Problem

The emergence of autonomous AI agents capable of executing financial transactions represents a paradigm shift in digital asset management. Frameworks like elizaOS and AI16z enable agents to analyze markets, formulate trading strategies, and execute swaps without human intervention.

However, this autonomy introduces systemic risk. A single hallucinated market signal, a prompt injection attack, or a misconfigured parameter can trigger cascading losses. Traditional security models designed for human operators are insufficient for entities that operate at machine speed with machine-scale capital.

AgentSentry addresses this gap by introducing the concept of"agentic capital circuit breakers" — programmable guardrails that operate between the AI agent and the blockchain.

2Threat Model

LLM Hallucination

Agent acts on fabricated market data or non-existent trading signals.

Prompt Injection

Malicious input manipulates agent behavior to drain treasury.

Runaway Execution

Feedback loop causes agent to execute unlimited transactions.

Key Compromise

Agent credentials are extracted and used for unauthorized transfers.

3Architecture Overview

Three-Tier Security Model
Agent LayerelizaOS / AI16zDecides & proposes transactions
Sentry MiddlewareRust + TypeScriptIntercepts, verifies, enforces
Governance LayerSquads V4 MultisigFinal approval & execution

Every transaction must traverse all three layers before touching the blockchain. The agent has zero direct chain access — it communicates exclusively through the Sentry API, which holds only ephemeral session keys that auto-rotate on each epoch.

4Circuit Breaker State Machine

CLOSEDSAFE

Normal operations. All valid transactions execute.

HALF_OPENTEST

Recovery mode. Only micro-transactions allowed for validation.

OPENBLOCK

Lockdown. All agent transactions blocked until manual reset.

The circuit trips to OPEN after 3 consecutive rule violations within an epoch window (default: 60 minutes). This triggers immediate alerts via Telegram and Discord webhooks. The circuit automatically transitions to HALF_OPEN after the cooldown epoch expires, allowing test transactions to validate recovery before full restoration.

Sections 5-9

Full Whitepaper Coming Soon

The complete Sentry Protocol specification, including Policy DSL, integration guides, and security audit results.

Join the Waitlist