Intento

Intento is an agentic DeFi portfolio manager built on a single hard guarantee: an AI agent can never spend a cent beyond the budget you signed for - because the limit is enforced by a smart contract, not by application code.

THE PROBLEM

Agentic finance has one unsolved bottleneck. To let an AI agent act for you - rebalance, buy data, execute trades - you have to fund it. And the moment you fund it, you're trusting it. Every "autonomous DeFi agent" today answers this with a promise: trust our model, trust our guardrails, trust our prompt. That doesn't scale, and it's not how money should work. Trust should be structural, not aspirational.

THE ANSWER

You don't trust the agent. You trust the contract it runs inside.

In Intento, every agent holds a cryptographically scoped USDC budget - an ERC-7710 delegation - instead of a config value. The spending cap lives in MetaMask's DelegationManager. The reasoning layer cannot override it, route around it, or talk its way past it. If an agent attempts to overspend, the transaction reverts at the contract level.

HOW IT WORKS

1. You speak a goal in plain English: "Maximize USDC yield, keep risk low, never touch my ETH."

2. That parses into a structured permission spec — weekly budget, allowed protocols, excluded tokens, max single transaction, risk tolerance.

3. You sign ONCE in MetaMask. This creates a root delegation from your smart account to an orchestrator.

4. The orchestrator fans that single signature out into a hierarchy of scoped sub-delegations — a Risk agent, a Yield agent, an Execution agent — each capped at 20 USDC per cycle.

5. The agents go to work, and a strategy executes strictly within the enforced envelope.

ERC-7710 ATTENUATION — THE PART MOST DEMOS GET WRONG

A child delegation can only NARROW its parent's authority, never expand it. The coordination graph looks like this:

You (100 USDC/week)

└─ Orchestrator

├─ Risk Agent (20 USDC cap)

├─ Yield Agent (20 USDC cap)

└─ Execution Agent (60 USDC cap)

Every hop is enforced onchain. This is the A2A coordination story: one human signature, fanned out into a cryptographically bounded multi-agent system.

THE GAME-CHANGER: WE PROVE THE CAP IS REAL

Most ERC-7710 demos sign this delegation tree and stop there. Their "sub-agents" are placeholder addresses nobody controls - nothing is ever redeemed onchain, so nothing is ever actually enforced. It's a diagram, not a system.

Intento's sub-agents are real keypairs that redeem the full chain through MetaMask's DelegationManager, which walks the entire authority chain onchain. And we demonstrate the enforcement live on Base Sepolia:

• Redeem 1 USDC (within the 20 USDC cap) → SUCCEEDS onchain, real transaction hash.

• Attempt 40 USDC (2× the cap) → the contract REVERTS with:

ERC20TransferAmountEnforcer: allowance-exceeded

No prompt engineering. No guardrail in the codebase. The caveat enforcer rejects it at the contract level. That revert is the entire thesis in a single transaction: no amount of AI reasoning can exceed a budget the chain refuses to release.

THE NOVEL MECHANISM: DATA SPEND IS THE CONFIDENCE SIGNAL

Here's the idea I'm most excited about. Agents don't just declare confidence in a text field. Each agent buys market data iteratively - every purchase costs real USDC, capped onchain by its delegation and keeps buying until its evidence is sufficient or its budget runs out. The orchestrator then weights each agent's recommendation by how much capital it committed to gathering evidence.

Confidence becomes a costly signal, not a claimed number. An agent that's bluffing can't afford to look confident. This turns "the AI says it's 90% sure" into "the AI spent 18 of its 20 USDC budget proving it, and the chain has the receipts."

WHY IT MATTERS BEYOND A HACKATHON

Agents are about to hold budgets, sign transactions, and act on our behalf at scale. "Trust the model" is not a security model. Verifiable, contract-enforced economic boundaries are. Intento is a working demonstration of that primitive - autonomous agents you actually control, because the contract controls them.

Built for the MetaMask Smart Accounts Kit × 1Shot API × Venice AI dev cook-off.

Live demo: https://intento-xi.vercel.app

Source: https://github.com/Nidhicodes/Intento

Thread / walkthrough: https://x.com/0xnidhii/status/2061203816469745952

Stack: Next.js, Viem, MetaMask Smart Accounts Kit (ERC-7710), Venice AI / Groq (Llama 3.3 70B), Base Sepolia, deployed on Vercel as a single full-stack app.

We didn't start by writing code - we started by trying to break the idea.

PHASE 0 - VALIDATE BEFORE BUILDING

Before a single feature, we ran five integration tests to confirm the architecture was even possible, with the rule "if any fail, the architecture changes immediately":

1. Can MetaMask grant scoped permissions on Base Sepolia?

2. Can we create and redeem a redelegation chain (user → orchestrator → agent)?

3. Can 1Shot relay a delegated transaction?

4. Can Venice x402 payments be made from delegated accounts?

5. Can all of it combine in one flow?

This surfaced the constraints that shaped everything: 1Shot and Venice x402 are Base-mainnet-only, while delegation + redemption run free on Base Sepolia. We designed around that honestly instead of pretending it away.

PHASE 1 - THE DELEGATION CORE

Built the full ERC-7710 chain: user smart account → orchestrator → three sub-agents, each a real keypair with a narrowed onchain budget. Mid-hackathon we hit a wall: the user's MetaMask didn't support wallet_requestExecutionPermissions (ERC-7715). Rather than fake it, we pivoted to MetaMask Smart Account delegations signed via EIP-712 — which works with ANY MetaMask version. This kept the system real instead of demo-only.

PHASE 2 - THE AGENT LAYER

Built the orchestrator cycle and three agents (Risk, Yield, Execution). The critical fix here was the costly-signal mechanism: the first version had spend hardcoded as a constant, which made "confidence" meaningless. We rebuilt it so agents buy data iteratively (6 USDC/call, stop at sufficiency or budget exhaustion), making spend genuinely behavior-driven and confidence a real function of committed capital.

PHASE 3 - THE PROOF (THE CENTERPIECE)

Got the onchain enforcement working and confirmed it LIVE on Base Sepolia: a 1 USDC redemption succeeds with a real tx hash, and a 40 USDC overspend reverts with ERC20TransferAmountEnforcer: allowance-exceeded. This is the artifact the whole project is built to produce.

PHASE 4 - FRONTEND & EXPERIENCE

Built a full Next.js + Tailwind interface: landing page, plain-English onboarding, a dashboard with two live centerpieces (the costly-signal cycle visualizer and the enforcement proof panel), and an audit trail. Designed a coherent visual language (amber for financial/user, violet for agents, teal for success, rose for risk).

PHASE 5 - SHIP IT

Consolidated the standalone Express backend into Next.js API routes so the entire app - UI and backend - deploys as a single Vercel project on one origin. Verified every API route works in production against live Base Sepolia.

A REAL BUG WE CAUGHT AND FIXED

Late in testing, the dashboard's redeem reverted with "unknown reason." We diagnosed it onchain: the proof was depending on the user's freshly-minted smart account, which is counterfactual (never deployed) and held 0 USDC - so the DelegationManager couldn't validate its signature via ERC-1271. We rebuilt the proof to source from the deployed, funded orchestrator smart account, then re-verified live: redeem succeeds, overspend reverts. Documented in our commit history.

WHAT'S REAL VS. WHAT'S NEXT

We're deliberate about this. The delegation chain, the onchain redemption, and the enforcement revert are fully real on testnet. The costly-signal cost model is currently simulated turning one data purchase into a live x402 settlement is the highest-leverage next step, and we've scoped exactly how to do it. We'd rather ship something honest and verifiable than something polished and hollow.

Not currently fundraising - this is a hackathon build, and we're focused on proving the core primitive before anything else.

That said, here's the honest forward view, because we think the primitive is bigger than the demo.

WHAT WE'VE PROVEN

Contract-enforced budgets for autonomous agents work, today, on real infrastructure. The hard technical risk - can you give an AI agent money with a limit it physically cannot exceed is answered, and answered with an onchain transaction anyone can verify.

WHERE THIS GOES

The same primitive that caps a hackathon agent at 20 USDC is the missing safety layer for the entire emerging agent economy: AI agents that pay for compute, data, and services; treasury bots with hard spend ceilings; delegated DeFi strategies where users keep custody and contracts keep the agents honest. As agents start holding budgets and signing transactions at scale, "trust the model" stops being acceptable — and verifiable economic boundaries become table stakes.

WHAT WE'D NEED TO GET THERE

Not capital first - validation first. The immediate next steps are technical: a real x402 data settlement to make the costly-signal mechanism fully live, one real rebalance executed against a testnet lending protocol, and a security review of the delegation flows. We'd engage with grants or ecosystem support from the MetaMask Smart Accounts, Base, and Venice ecosystems to push those forward, since this work directly strengthens and showcases their stacks.

If you're a judge, builder, or ecosystem partner who thinks contract-enforced agent budgets are as foundational as we do, we'd love to talk.