Metamux
MetaMux: A terminal Web3 workspace converting natural language to gasless on-chain actions. Venice AI parses intents, MetaMask Smart Accounts delegate limits a tool for devs building.
視頻
技術堆疊
描述
METAMUX
MetaMux is a terminal-native Web3 developer workspace that converts natural language into cryptographically scoped, gasless, on-chain execution via MetaMask Smart Accounts. Built on ERC-7715 delegation, EIP-7702 eoa to smart account upgrade and erc7710 delegation redemption, and Venice AI intent parsing, it gives developers a keyboard-first interface to their smart account and also gives developers easier ways of testing/developing x402 payment endpoints likewise a better way to interact with smart contracts right from the terminal for easy testing and hooking into with executing signed, caveat-enforced transactions directly from a TUI without touching a browser wallet for every action.
The Problem
Wallet UX for both AI agents and developers is binary: either you hold the keys and approve every single action yourself, or you hand over broad, standing access and hope nothing goes wrong. There’s no middle ground that’s actually usable.
For agents, this means most “AI + wallet” setups either require a human to confirm every transaction (defeating the point of automation) or give the agent a hot wallet with effectively unlimited reach — trusting a language model’s output to gate access to real funds, with no independent enforcement if the model hallucinates, gets prompt-injected, or simply misreads “10” as “100.”
calling arbitrary contracts read function on the fly leveraging venice ai for generating abi and extracting args
For developers, it means every smart contract interaction during development — checking a balance, sending a test transaction, calling a function on a contract you’re debugging — requires either the MetaMask UI (click through every confirmation) or a script (import the ABI, set up a client, write the call, run it, repeat for the next function). Neither is built for the rapid, exploratory back-and-forth of actually building something.
What MetaMux Does
MetaMux is a terminal-native workspace where natural language drives on-chain action, but the agent’s authority is explicitly scoped, enforced on-chain, and independently validated before every execution — not just trusted.
Input → Parse → Validate → Execute
Venice AI parses natural-language input into a typed intent — action, token, amount, target — against a schema built for on-chain operations. A local permission store is checked first: if a matching, unexpired delegation already covers the request, MetaMux skips straight to validation and execution. On a miss, MetaMux generates a delegation request link. Opening it prompts the user to sign via ERC-7715, which triggers the underlying EIP-7702 account upgrade automatically. The signed delegation comes back as an encrypted payload pasted into the session currently active to upgrade your agent capabilites in realtime.
This Is The Core Idea:
The LLM parses intent, but it doesn’t decide what’s allowed. The delegation — signed once by the user, enforced by on-chain caveat contracts, and re-checked by MetaMux on every request — decides that. The agent operates inside a boundary it cannot talk its way out of.
Arbitrary contract interaction. MetaMux isn’t limited to a fixed set of actions. Point it at any verified contract address; it pulls the function signature, and the agent describes what the function does and what arguments it expects in plain language. The user grants a scoped delegation for that specific call bounded the same way a token send is bounded and the agent executes it: sending via the delegated permission, and confirming on-chain. Any verified contract on Base Sepolia becomes something MetaMux can operate, with no per-contract integration code.
/revoke brings up a menu of every delegation the agent currently holds — each shown with its token, spend cap, and remaining validity window — and the user picks which one to revoke. Granting a new permission doesn't mean giving up an existing one; a developer might delegate ETH for gas top-ups and USDC for test payments separately, then revoke just the USDC permission mid-session while the ETH delegation stays active. Authority is managed at the granularity it was granted, not all-or-nothing.
/models switches between Venice-powered models mid-session, no restart, no config edit. Different models handle ambiguous shorthand (“send half my eth to vitalik.eth”) versus low-latency simple transfers differently — swap and retry in one command if a parse comes back malformed or slow. As Venice ships new models, MetaMux inherits them with zero code changes.
/x402 operates in
Two /x402 subcommands:
/x402 inspect <url> — read-only. Fetches the URL, and if it returns 402, decodes the PAYMENT-REQUIRED header and shows the full payment requirements (scheme, network, asset, amount, payTo, timeout, raw ect), plus whether MetaMux's delegated-pay flow erc7710Supported ) can handle it. Never spends, never prompts for permission. If the resource is freely accessible (non-402), it says so. If the fetch itself fails (network/DNS), it reports that.
*/x402 pay <url>** — does everything inspect does, then if erc7710Supported is true: checks the local cache agentX402Permissions.json) for an existing unexpired grant matching this asset/amount/payTo/network; if none, calls requestExecutionPermissions (via erc7715X402PaymentSchema, scoped to the exact amount + facilitator-restricted) to grant a fixed erc20-token-allowance from the agent's own account, then redelegatePermissionContextOpen to make it redeemable by the facilitator; caches the result; builds the PAYMENT-SIGNATURE payload { x402Version: 2, accepted, payload: { delegationManager, permissionContext, delegator } }, base64-encoded); retries the original request with that header; returns the resource's data on success. If erc7710Supported is false, refuses with a reason instead of proceeding.
Why This Matters as a Developer Tool
MetaMux started as something its own builder uses during smart contract development: link a dev wallet, and check balances, send test transactions, or call a function on a contract under test — all from natural language in a terminal, without writing a throwaway script for every one-off interaction. The same safety architecture that protects an end user’s funds also protects a developer from their own mistakes during iteration — a delegation scoped to “send up to 1 USDC for the next hour” means a typo in a test script can’t drain a dev wallet.
The arbitrary-contract-interaction capability extends this directly: point MetaMux at whatever contract you’re testing, on whatever address it’s deployed to, and interact with it conversationally — no ABI imports, no boilerplate client setup, no redeploying a test harness every time a function signature changes. Combined with /revoke, a developer can grant broad-but-bounded authority for a debugging session and cleanly revoke it the moment they’re done — a pattern that matches how development sessions actually work: focused, time-boxed, and over when you close the terminal.
TRACK ALIGNMENT
Best Use of Venice AI
Venice AI operates at two distinct, high-value layers in MetaMux — neither is a chatbot.
First, as the intent parser: Venice receives raw natural language and produces a typed, schema-constrained JSON object that maps directly into the ERC-7715 permission request structure — action, token, amount, target. The output is deterministic by design: low temperature, strict output schema, validated before execution. Five Venice models are hot-swappable in the TUI via /models
implementation link here:
https://github.com/LawrenceKU03/Metamux/blob/main/metamux_cli/cli/src/components/ModelDialogList.tsx
, this also providing both reliability failover and user-controlled model selection — different models handle ambiguous shorthand versus low-latency simple transfers differently, and switching takes one command with no restart.
Second, as the validation judge: before any transaction executes, Venice receives the resolved delegation — token, period cap, time window, justification — alongside the requested action, and determines whether the request falls within what was actually authorized. Numeric checks (amount vs. cap, time vs. expiry) are computed in code and handed to Venice as facts; Venice’s role is judging whether the action type matches what the delegation’s justification permits. A request that exceeds scope is rejected with the specific rule that failed, not a generic error.
implementation link here:
Both roles are live, demoable, and running against the Venice API — intent parsing on every request, validation on every execution attempt.
implementation here:
https://github.com/LawrenceKU03/Metamux/blob/main/metamux_cli/cli/src/providers/ModelProvider.tsx
Best Agent
MetaMux’s agent has real, bounded, on-chain execution authority — not suggested transactions, not simulated actions. The capability stack:
• Venice AI parses natural-language intent into typed permission requests.
implementation link:
https://github.com/LawrenceKU03/Metamux/blob/main/metamux_cli/cli/src/providers/ModelProvider.tsx
• A local permission store checks for an existing, unexpired delegation before prompting a new signature
• ERC-7715 delegation scopes authority cryptographically at signing time — token, spend cap per period, and validity window
implementation link:
https://github.com/LawrenceKU03/Metamux/blob/main/metamux_cli/cli/src/erc7715Schemas.ts
• EIP-7702 upgrades the account to a smart account automatically on first delegation.
implementation link:
https://github.com/LawrenceKU03/Metamux/blob/main/metamux_frontend/hooks/useUpgradeEOA.ts
• Before execution, MetaMux independently re-validates every request against the live delegation — token match, amount within cap, time within window, action matches justification — and rejects out-of-scope requests with the specific reason
• The agent’s relayer executes gaslessly on-chain
• Arbitrary contract interaction: point MetaMux at any verified contract address, and the agent describes the function’s purpose and arguments in plain language; the user grants a scoped delegation for that specific call, and the agent simulates, executes, and confirms it on-chain — extending bounded execution beyond token transfers to any contract function
• /revoke clears the agent’s active permission, immediately ending its ability to act on the user’s behalf for the remainder of the session
The security model does not rely on trusting the LLM. The caveat enforcers are the actual boundary — the agent cannot exceed what was signed at delegation time regardless of model output. Venice AI handles intent and judgment; the contract-level enforcers handle guarantees. This is the correct split for autonomous on-chain agents: intent and validation at the application layer, enforcement at the contract layer.
Best x402 + ERC-7710
MetaMux’s execution layer is built on ERC-7710 delegation redemption — every send (native and ERC-20) is executed by redeeming a signed delegation against MetaMask’s Sepolia Delegation Framework contracts, with caveat enforcers checking spend caps and time windows at the contract level before the underlying call executes. This redemption path is the same one extended to arbitrary contract calls: any verified contract, any function, executed through a redeemed delegation rather than a direct signed transaction.
ERC 7710 implementation
https://github.com/LawrenceKU03/Metamux/blob/main/metamux_cli/cli/src/hooks/useAgentWallet.ts