Zero-trust corporate treasury for autonomous AI agents — MetaMask ERC-7715 scoped permissions, Venice fail-closed audits, and CFO EIP-712 approvals on Sepolia.
Citadel is a zero-trust corporate treasury control plane for autonomous AI agents.
The problem: AI agents are already making financial decisions, but corporate treasuries still rely on manual approvals and hot-wallet keys with no scoped policy boundaries. Finance teams cannot reconstruct why a payment was approved or blocked.
Citadel solves this with a layered pipeline:
1. Register — CFO registers an agent via a 5-step wizard and grants ERC-7715 Advanced Permissions through MetaMask (scoped USDC limits, time-bound mandate).
2. Run — A server-side agent cycle observes treasury state, proposes actions via Venice AI, and runs a fail-closed compliance audit on every spend.
3. Deliver — High-value spends route to a CFO approval queue. The CFO signs EIP-712 typed approvals from an allowlisted wallet. Approved spends execute on Sepolia via ERC-7710 delegation — agents never hold the treasury key.
Key integrations:
• MetaMask Smart Accounts Kit — requestExecutionPermissions + sendTransactionWithDelegation
• Venice AI — agentThink, enhanced audit (pattern analysis, vendor risk, on-chain verify, tx simulation), x402 billing, CFO reports
• Production-oriented stack — Postgres + Redis scheduler, Slack alerts, Playwright E2E, 18 unit tests
Built for the Best Agent hackathon, Best use of Venice, Best feedback track. Full SDK feedback with code evidence: feedback.md (24 items — MetaMask + Venice).
Week 1 — Foundation
• Next.js 16 monorepo with agent registration wizard, server-authoritative store (Postgres/file), and MetaMask Flask integration on Sepolia
• ERC-7715 permission grant flow + ERC-7710 delegated USDC execution via @metamask/smart-accounts-kit
• Permission normalization layer for grant/redeem persistence (permissionContext + delegationManager)
Week 2 — Agent runtime + Venice AI
• Server-side agent cycle: observe → think → audit → autonomy → execute (lib/agent/server-cycle.ts)
• VeniceService gateway with fail-closed audit — no Venice verdict = no spend
• Enhanced compliance: spending patterns, vendor risk, Venice Crypto RPC, Tatum malicious-address check, ERC-20 simulation
• Agent brain with x402-first inference + API key fallback, decision cache, second-pass risk critique
Week 3 — CFO controls + production hardening
• EIP-712 wallet-signed approval queue with CFO allowlist verification
• Agent lifecycle UI (stop loop, emergency stop, revoke, remove)
• Redis ZSET cron for distributed agent ticks, Slack webhooks for approvals + permission expiry
• Server-first dashboard reads (stats, budget, permissions, systems)
• Playwright E2E pipeline test, Vitest unit tests (18 passing), production env validation
Deliverables shipped:
✅ End-to-end flow: /register-agent → /agent-dashboard → /dashboard → /audit-log
✅ One-click demo: /demo → Run Live Pipeline
✅ Comprehensive feedback.md (14 MetaMask + 10 Venice issues with GitHub evidence)
✅ Full README with Venice integration proof links
Not currently fundraising. Citadel is an open-source hackathon MVP (MIT license) built to demonstrate zero-trust autonomous treasury patterns with MetaMask Smart Accounts and Venice AI. Post-hackathon: exploring enterprise pilots and KMS-based session signer hardening before any production deployment.