add covenant-bento: screen via Bento's firewall + a labeled on-chain reputation signal#110
Open
mizuki0x wants to merge 1 commit into
Open
add covenant-bento: screen via Bento's firewall + a labeled on-chain reputation signal#110mizuki0x wants to merge 1 commit into
mizuki0x wants to merge 1 commit into
Conversation
bento.screen runs an intent through bento's protect() via a node sidecar (real @bentoguard/sdk, agent key stays in the sidecar, mirrors the x402 signer) and returns the verdict, failing closed if the guard is down. bento.reputation reads an agent's on-chain bento standing into a labeled soft signal, blocked only on bento publishing the program id and account layout (the one seam). both off by default behind COVENANT_BENTO_ENABLED; screening needs COVENANT_BENTO_PROTECT_ENABLED plus a guard binary, reputation needs COVENANT_BENTO_PROGRAM_ID.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this adds
A
covenant-bentocrate that consumes Bento Guard from inside the Covenant daemon, as two MCP tools, both off by default.bento.screenruns yourprotect()over a natural-language intent and returns the verdict. It goes through a Node sidecar running your real@bentoguard/sdk, not a reimplementation, so the MagicBlock encryption and signing stay in your SDK. The agent key never reaches the daemon: it forwards a keypair file path, and only the sidecar reads it. Every screen has a hard timeout and fails closed (blocks) on any guard failure.bento.reputationreads an agent's on-chain Bento standing (strikes, lock state) into a labeled soft signal, sitting alongside Covenant's audit-derived reputation, never blended into it.Lane discipline
Covenant honors your verdict; it does not re-score intent or rebuild the firewall. A screen result is labeled a third-party firewall verdict, a reputation read a third-party soft signal. We consume your verdict and your on-chain record, we do not reproduce either.
What's verified
@bentoguard/sdk1.2.8 installs from public npm and the sidecar imports resolve;package-lock.jsonis committed.protect()call, which needs a Bento-registered agent.What we need from you
pendingstatus until you publish the Action PDA program id, seeds, and account layout. ThegetAccountInfofetch underneath is built and tested, so it is a small change on our side once the layout lands.protect()screening goes from stub-verified to live.Scope
We consume Bento as a firewall and reputation source. Setup, including the sidecar and every env var, is in
docs/integrations/bento.md.