GuardRail is an on-chain circuit breaker for AI agent wallets, built on 0G. The problem: in Feb 2026 the autonomous trading agent Lobstar Wilde forgot its state and YEETED $441K to a wrong wallet. AI
GuardRail is an on-chain circuit breaker for AI agent wallets, built on 0G.
The problem: in Feb 2026 the autonomous trading agent Lobstar Wilde forgot its state and YEETED $441K to a wrong wallet. AI agent errors have cost users $45M+ in 2026 alone. Today nothing sits between an LLM agent and the treasury it controls — the agent's judgement IS the security model.
The fix: principals deposit funds into SpendPolicy.sol on 0G Chain, register their AI agent, and set rules (max per-tx, rolling daily cap, recipient allowlist, cooldown). The agent moves funds only via executeTx() which either approves or reverts on-chain with a machine-readable reason code (PER_TX_CAP / DAILY_CAP / NOT_ALLOWLISTED / COOLDOWN). Every reasoning trace behind a decision is uploaded to 0G Storage; its Merkle root anchors the on-chain event so the audit log is verifiable end-to-end. agentIdRoot[principal] commits the Agent ID document.
Stack: Solidity (Foundry) + Next.js 16 + ethers + @0glabs/0g-ts-sdk + Google Gemini 2.5 Flash with function calling. Three on-chain demo flows verified: allowlisted pay ✅, prompt-injection drain attempt ❌ PER_TX_CAP, sneaky unallowlisted transfer ❌ NOT_ALLOWLISTED — every tx visible on chainscan-galileo.0g.ai.
GuardRail is an on-chain circuit breaker for AI agent wallets, built on 0G.
The problem: in Feb 2026 the autonomous trading agent Lobstar Wilde forgot its state and YEETED $441K to a wrong wallet. AI agent errors have cost users $45M+ in 2026 alone. Today nothing sits between an LLM agent and the treasury it controls — the agent's judgement IS the security model.
The fix: principals deposit funds into SpendPolicy.sol on 0G Chain, register their AI agent, and set rules (max per-tx, rolling daily cap, recipient allowlist, cooldown). The agent moves funds only via executeTx() which either approves or reverts on-chain with a machine-readable reason code (PER_TX_CAP / DAILY_CAP / NOT_ALLOWLISTED / COOLDOWN). Every reasoning trace behind a decision is uploaded to 0G Storage; its Merkle root anchors the on-chain event so the audit log is verifiable end-to-end. agentIdRoot[principal] commits the Agent ID document.
Stack: Solidity (Foundry) + Next.js 16 + ethers + @0glabs/0g-ts-sdk + Google Gemini 2.5 Flash with function calling. Three on-chain demo flows verified: allowlisted pay ✅, prompt-injection drain attempt ❌ PER_TX_CAP, sneaky unallowlisted transfer ❌ NOT_ALLOWLISTED — every tx visible on chainscan-galileo.0g.ai.
not raised yet