Would you give an AI agent your brokerage password? With Terminal 3, you don't have to.
An autonomous trading agent that generates calibrated probability signals (via Google Gemini) and executes trades under user-defined mandate constraints — all without the agent ever seeing your brokerage API credentials.
Built for the Terminal 3 ADK Bounty Challenge (Launch Ed).
AI trading agents need your brokerage API key to execute trades. That means:
- Your key lives in the agent's memory (exploitable)
- Every prompt injection could leak it
- You must trust the AI platform with your financial access
Terminal 3's TEE infrastructure lets you seal your API key into hardware and delegate bounded execution rights to the agent — without exposing the key.
You → store API key in T3N (hardware-encrypted, never leaves TEE)
You → set mandate: allowed symbols, conviction threshold, max size, daily loss limit
Agent → generates calibrated signal (Gemini)
Agent → submits trade intent to T3N TEE contract
TEE → validates mandate constraints
TEE → calls Alpaca via http-with-placeholders (key injected inside enclave)
Agent ← receives sanitized confirmation (no credentials in response)
The agent never touches the API key — ever.
┌─────────────────────────────────────────────────────────────┐
│ T3 Conviction Agent │
│ │
│ ┌──────────────┐ Signal ┌─────────────────────────┐ │
│ │ Gemini AI │ ──────────► │ TypeScript Agent │ │
│ │ (Gemini │ conviction │ (agent.ts) │ │
│ │ Flash) │ score 0-1 │ │ │
│ └──────────────┘ └────────────┬────────────┘ │
│ │ execute-trade │
│ ▼ │
│ ┌──────────────────────────┐ │
│ │ T3N TEE Contract │ │
│ │ (Rust/WASM) │ │
│ │ │ │
│ │ 1. Load mandate from KV │ │
│ │ 2. Validate constraints │ │
│ │ 3. http-with-placeholders│ │
│ │ → API key NEVER seen │ │
│ │ 4. Return order result │ │
│ └────────────┬─────────────┘ │
│ │ │
│ ┌────────────▼─────────────┐ │
│ │ Alpaca Paper Trading │ │
│ │ (brokerage API) │ │
│ └──────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
| T3 Primitive | How We Use It |
|---|---|
tenant.claim() |
Agent gets a verifiable DID identity on T3N |
tenant.maps.create() |
Create secrets and mandate KV maps |
kv-store (TEE) |
Read API keys and mandate constraints inside enclave |
http-with-placeholders |
Execute Alpaca trades without API key ever entering WASM |
tenant.contracts.publish() |
Deploy the mandate TEE contract |
tenant.contracts.execute() |
Agent calls TEE contract per trade decision |
tenant_context::tenant_did() |
TEE contract reads its own tenant DID for namespace isolation |
The TEE contract enforces four gates before any trade:
- Symbol whitelist — only pre-approved instruments (e.g. BTC/USD, ETH/USD)
- Conviction threshold — minimum calibrated probability required (e.g. ≥ 0.65)
- Position size — maximum notional USD per trade (e.g. ≤ $500)
- Daily loss limit — agent auto-halts if cumulative loss exceeds limit
Every decision is logged with a cryptographic audit trail via T3N.
- Node ≥ 18, Rust +
wasm32-wasip2target - T3N testnet API key (claim here)
- Google Gemini API key (get here)
- Alpaca paper trading account (free signup)
cd agent
npm install
npx ts-node demo.ts# 1. Set up env
cp .env.example .env
# Fill in T3N_API_KEY, GEMINI_API_KEY, ALPACA_API_KEY, ALPACA_SECRET_KEY
# 2. Build TEE contract
rustup target add wasm32-wasip2
cargo build --release --target wasm32-wasip2
# 3. One-time setup: seal keys + publish contract + set mandate
cd agent && npm install && npm run setup
# 4. Run the agent
npm start═══════════════════════════════════════════════════════════════════
T3 Conviction Agent — Delegated Trading Mandate Demo
═══════════════════════════════════════════════════════════════════
🔐 Mandate stored in T3N TEE (hardware-encrypted, never leaves TEE):
{
"allowed_symbols": ["BTC/USD", "ETH/USD"],
"min_conviction": 0.65,
"max_position_usd": 500,
"daily_loss_limit_usd": 200,
"daily_pnl_usd": 0
}
🔑 Brokerage API keys: SEALED IN T3N — agent has zero knowledge of them
─────────────────────────────────────────────────────────────────
✅ Strong BTC signal — should EXECUTE
Trade: buy 0.00149 BTC/USD @ conviction=0.78 ($97.5)
✅ TRADE EXECUTED by T3N TEE contract
📋 Order ID: mock-1749123456-a3f8b2
(API call made inside enclave — agent never saw the key)
─────────────────────────────────────────────────────────────────
❌ Weak signal — should REJECT (conviction too low)
❌ REJECTED by mandate gate: conviction 0.520 < required 0.65
...
t3-conviction-agent/
├── src/
│ ├── lib.rs # TEE contract entry point + WIT bindings
│ ├── mandate.rs # Mandate read/write via kv-store
│ └── trade.rs # Trade execution via http-with-placeholders
├── wit/
│ └── world.wit # WIT interface: execute-trade, get-mandate, set-mandate
├── agent/
│ ├── agent.ts # TypeScript AI agent (Gemini signals + T3N execution)
│ ├── demo.ts # Offline demo (no credentials needed)
│ ├── package.json
│ └── .env.example
└── Cargo.toml
Ruiyang Zhang — ruiyang.co | @ryonzhang
Background in quantitative finance (passed all three CFA Program exams, FRM Level 1) and agentic AI systems. Previously built calibrated-conviction — an ML system for calibrated trading probability signals, which this agent integrates.