Caplane

A serverless, facilitator-free primitive where agents redelegate a scoped capability budget down a chain and settle it atomically. The redeem is the payment. Gas paid in USDC. No coordinator in the path.

An autonomous agent holds USDC and no native gas. It needs a scarce, rivalrous capability another agent controls: one capped allocation slot that, once taken, no other agent can have. Caplane settles that purchase as a MetaMask delegation redeemed on-chain, down a redelegation chain — one atomic redeemDelegations pays the provider and grants the buyer the slot.

Caplane goes against the grain twice. The agent-payment field settles copies of non-rivalrous goods — API access, a data read, an inference call. Caplane settles something only one agent can have. And the settlement is not a payment gated alongside a transfer — the delegation redeem itself moves the money, with gas paid in USDC by a permissionless relayer.

A redelegation chain that settles

Authority only ever narrows down the chain, and MetaMask's DelegationManager enforces the intersection of every link:

  treasury (root smart account · holds the USDC · gets the slot)
     │  delegates: AllowedTargets(broker) + AllowedMethods(settle)
     │             + CaplaneOrderEnforcer(exact order) + 1h + ≤3 calls
     ▼
  coordinator (smart account)
     │  REDELEGATES, strictly tighter:  + 10 min + single-use
     ▼
  worker / relayer ──redeemDelegations([child, root])──▶ DelegationManager
                                                              │ walks every caveat in every link
                                                              ▼
                                        CaplaneDelegationBroker.settle
                                  charge USDC → AllocationAdapter.grant → split
                             provider gets amount − fee · the redeemer gets the fee

No coordinator sits in the path. Any relayer can redeem the chain and earn the fee; none can redirect the payee, skim the fee, or change the amount.

The order binding, as caveats

Caplane binds the order — adapter, params, amount, payToken, payee, feeBps — into the delegation's caveats. A custom CaplaneOrderEnforcer (a Delegation Toolkit ICaveatEnforcer) pins the order and ties the fee recipient to the actual redeemer, so the relay stays permissionless and incentivized: any relayer can redeem, none can tamper. It is fuzz-proven tamper-proof — only the exact signed split passes; every deviation (payee, feeBps, amount, payToken, adapter, params, fee-recipient, consumer, target, non-single-mode) reverts. Stock enforcers (AllowedTargets, AllowedMethods, Timestamp, LimitedCalls) carry the rest.

The A2A coordination

The hero is a genuine multi-hop ERC-7710 redelegation chain where a sub-delegate can never exceed its parent, proven live on the real DelegationManager:

A child built to call a target the root forbids reverts at the root's caveat (AllowedTargetsEnforcer: target-address-not-allowed).
A replay of the single-use child reverts (LimitedCallsEnforcer: limit-exceeded).

The tightening is real, not cosmetic — distinct kinds of narrowing at each hop — and the chain terminates in a real rivalrous AllocationAdapter slot, not a toy transfer. That is the uncopyable edge.

MetaMask, end to end

Built on the MetaMask Delegation Toolkit 0.13.0, live on Arbitrum. Every account in the chain is a MetaMask Smart Account, reached by EIP-7702-upgrading the EOA to the toolkit's EIP7702StatelessDeleGatorImpl (the EOA address is preserved). Delegations are built with createDelegation / createCaveatBuilder and hashed with getDelegationHashOffchain, parity-tested byte-for-byte against the on-chain getDelegationHash. redeemDelegations is the settlement — the single action that buys the capability.

1Shot — the gas-poor agent on mainnet

On Arbitrum One (mainnet), the consumer holds only USDC and buys the capability paying zero native ETH. 1Shot's permissionless relayer relays both the EIP-7702 upgrade and the ERC-7710 redeemDelegations, with the gas paid as a USDC transfer in the bundle. In the live run the consumer's native ETH was unchanged; gas (~0.019 USDC) was paid by 1Shot's relayer; the consumer was 7702-upgraded; and the slot was granted. (1Shot bounty met: a 7710 transaction relayed through the 1Shot mainnet relayer, with 7702 used to upgrade the account.)

Why it matters

vs the agent-payment field (x402 + signature-based payments): they settle copies of non-rivalrous goods on off-chain trust. Caplane settles a rivalrous capability only one agent can have, and the redeem itself moves the money.
No off-chain party between the agents. Anyone can submit the redeem; no one can censor, reorder, withhold, or seize. The trust surface is the DelegationManager + stock enforcers + our enforcer — all stateless-per-redeem on-chain code, walked deterministically at redeem, audited to GO. Not parties; code.

Validation & proof

Built, deployed, tested, audited, and verifiable on public explorers — not a slide.

Security: contract-auditor verdict GO — 0 Critical / 0 High / 0 Medium on the enforcer, the broker, and the chain. The order binding is fuzz-proven tamper-proof.
Tests: forge test — 208 passing / 1 skipped (21 suites); the off-chain @caplane/shared package 86 / 86, including the live on-chain hash parity.
Deployed on Arbitrum Sepolia (421614) and Arbitrum One mainnet (42161) — same audited bytecode on both, on MetaMask's real DelegationManager 0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3.
Live, explorer-verifiable settlements:
- Single delegation → settle (slot + 3-party split) — Arbitrum Sepolia — 0x39e606192561e77318734eb7cf05bd765b0a49bf16401b7f773d8704b44f5425
- 2-hop redelegation chain → settle — Arbitrum Sepolia — 0x84d2683aefc3f6b5e7566d485e26573eeef0f36711e23e373e7469e043f161b6
- Gas-poor settle relayed by 1Shot (mainnet, gas in USDC) — Arbitrum One — 0x1baf292639d203a01f8114c48e8269b9fbe5242fd07c6f33d3c24f80c9d7aa45

Contracts

Arbitrum Sepolia (421614)

Contract	Address
`CaplaneOrderEnforcer`	`0x1536613594dce8f107874a2EA30d3516D7cdd6f3`
`CaplaneDelegationBroker`	`0xf2Ed69e474280A81D8060942192A4cadD603d8e1`
`AllocationAdapter`	`0xDD577dAEd2ECA25Cd9ddFcE38fA83C50Ed5648a1`

Arbitrum One (42161)

Contract	Address
`CaplaneOrderEnforcer`	`0x9ab28697aE0D67C64738D20C2D4604ab276C2b88`
`CaplaneDelegationBroker`	`0x4890af04FB924d881Ef13B07A5D2289f17A01826`
`AllocationAdapter`	`0x3f12D527D7563437a48fE77cDeF6510C7C76A051`

Shared on both: DelegationManager 0xdb9B1e94B5b69Df7e401DDbedE43491141047dB3, the EIP-7702 implementation 0x63c0c19a282a1B52b07dD5a65b58948A07DAE32B.

Tech stack

Layer	Technology
Delegation	MetaMask Delegation Toolkit 0.13.0 (ERC-7710 / 7715 / 7702), `DelegationManager`, stock + custom caveat enforcers
Smart contracts	Solidity 0.8.24, Foundry, OpenZeppelin v5.6.1
Gas abstraction	1Shot permissionless relayer (relays 7710 + 7702, gas paid in USDC)
Settlement	`redeemDelegations` → `CaplaneDelegationBroker.settle` (the redeem is the value mover)
Off-chain	TypeScript, viem, pnpm workspaces
Chains	Arbitrum Sepolia (421614), Arbitrum One (42161)

Project links

GitHub — https://github.com/CaplaneNetwork/Caplane-A2A
X — https://x.com/CaplaneNetwork

How judges should review

forge test → 208 passing, then read the audit (contracts/AUDIT-A2A.md, GO / 0 crit-high-med).
Run the live 2-hop chain: node agents/scripts/redelegation-chain-live.mjs (Arbitrum Sepolia).
Run the gas-poor mainnet run: node agents/scripts/1shot-mainnet-run.mjs (Arbitrum One, gas in USDC via 1Shot).
Verify the three transactions above on Arbiscan — real redelegation chains and a real gas-poor mainnet settle, not a mock.

Caplane A2A

视频

技术栈

描述