Agent infrastructure
An agent-managed basket runs on exactly the same pipeline as a human-managed one — that is the design. The agent proposes target weights; a human reviews the proposal against the execution checklist and signs the intent with the strategist key; the contracts then apply the identical mandate checks they apply to everyone. The agent holds no key and can execute nothing.
Rationale text is hash-committed with the intent and published only after the window settles, so nothing is front-runnable. Prompt injection, model error, or a fully compromised agent all collapse to the same failure mode: a proposal for a different legal portfolio, which a human still has to approve and which the mandate still bounds.
Scoped on-chain agent session keys (a key that can call proposeRebalance and literally nothing else, with expiry and rate limits) are designed and specified, but not shipped in v1 — human sign-off is the stronger guarantee while the agent has no track record, and it is what the code actually does today.