Skip to content

add covenant-krexa: Krexa credit/risk oracle as a soft signal (read-only), credit-backed x402 behind a flag#108

Open
mizuki0x wants to merge 1 commit into
mainfrom
feat/krexa
Open

add covenant-krexa: Krexa credit/risk oracle as a soft signal (read-only), credit-backed x402 behind a flag#108
mizuki0x wants to merge 1 commit into
mainfrom
feat/krexa

Conversation

@mizuki0x

@mizuki0x mizuki0x commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

What this adds

A covenant-krexa crate that consumes Krexa's credit/risk API from inside the Covenant daemon, and the wiring to expose it as an MCP tool. Two layers with very different risk:

Read-only oracle (on by config). REST reads of an agent's Krexit score, eligibility, and active credit line, surfaced as a krexa.score tool. It is fed as a labeled soft signal that sits next to Covenant's own audit-derived reputation, never blended into it. No funds, no counterparty risk.

Credit-backed x402 (built, gated off). The seam for an agent to cover an x402 payment shortfall from a Krexa credit line and repay from earnings. Every entry point is gated on credit_enabled, which defaults to false, and it is deliberately not wired into the live payment path. See "What we'd need to turn this on" below.

The trust boundary (the part we care about)

Covenant's reputation is audit-derived: computed from an agent's signed work history, meant to be trustless. Krexa's score is a third-party REST value with a self-attested hash, not a signature. Those are different kinds of trust, so we keep them separate. The krexa.score result is tagged "krexa-attested (third-party REST), soft signal" so nothing downstream mistakes it for a Covenant-verified fact. A consumer can weigh both; we never launder one into the other.

We also capture scorePda from the score response. The moment Krexa publishes the account layout or IDL, the read path can decode that PDA directly instead of trusting REST, which makes the score trustless on our side. That switch is a one-file change, blocked only on the layout.

One concrete fit: Krexa boosts the score for agents that hold a .sol name, and Covenant's identity layer already issues .sol names, so a Covenant agent tends to score better on Krexa for free.

What's verified

  • 15 unit tests plus a compile-checked rustdoc example: mocked REST via wiremock, the whole-USDC to atomic unit bridge, a permissive credit-line decode, base58 pubkey rejection, and the pure draw-policy boundaries.
  • A live read against the deployed backend, end to end through the daemon. krexa.score for a real agent returns score 342, band deep_subprime, the underwriting opinion, and the attestation hash; an injection-shaped pubkey is rejected before any request leaves the host.
  • The agent pubkey is validated as base58 at the tool boundary, so a malformed argument can't smuggle a path or query into the request. The client bounds connect and total request time, because the backend cold-starts on Render and a parked instance must not hang the calling daemon thread.
  • Setup is documented in docs/integrations/krexa.md, matching the other providers' integration docs.

What we'd need to turn on credit

The credit module is built and tested behind the flag, but uncollateralized lending to an autonomous agent is not something we flip on with three questions open:

  1. Audit. Is the oracle and vault audited, and by whom?
  2. Vault TVL and reserves. Real TVL, and the default/insurance ratio standing behind a draw.
  3. Custody. Does the agent run a Krexa PDA wallet and route earnings through the Revenue Router, or can a draw settle to the agent's own signer? That decides how the draw seam plugs into our x402 path, so we'd rather build it once, after you answer.

Scope

We consume Krexa as a credit and score provider plugged into Covenant identity. We do not use KYA or treat Krexa as an identity source; identity stays on the Covenant side. Trade, swap, and perps are out of scope for this crate.

Notes for review

  • Credit module (credit.rs, ~140 lines): built but gated entirely off (credit_enabled defaults false) and not wired into any live path. It is the staged, inert seam for the credit-backed x402 phase, so review it separately from the read-only oracle or skip it for now. Happy to split it into its own PR if you'd prefer.
  • Cold-start resilience: the client retries the transient responses a parked Render instance returns (502/503/504/429, plus connect and timeout) up to three attempts with a short backoff. A 4xx returns immediately, and the credit POST is not retried since a draw is not idempotent. The failure modes are documented on the client.
  • Validation: agent-os/scripts/validate.sh --scripts passes (provenance ok). The crate is cargo fmt and clippy clean; the repo-wide fmt --check only flags pre-existing files in other crates (sap-bridge, stake-keeper), not this one.

krexa.score mcp tool returns an agent's krexit score, risk band and
underwriting opinion as a labeled soft signal to weigh alongside the
audit-derived reputation, never blended into it. read-only rest, no
funds move; the agent pubkey is validated as base58 at the tool
boundary. credit-backed x402 draws are built but gated off
(credit_enabled defaults false) and not wired into live settlement.
registered via krexa_from_env behind COVENANT_KREXA_ENABLED, off by
default. user-facing setup in docs/integrations/krexa.md.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant