The Era of the Sovereign Agent

Governance Protocol for the AI Agent Economy

The cryptoeconomic enforcement layer between AI agents and money — the full strategic thesis

This section proves: a six-phase execution plan can transition SentryMandate from centralized SaaS to fully permissionless infrastructure in 27 weeks.

Core Thesis

SentryMandate is building the governance layer between AI agents and money.

Every autonomous AI agent that spends money — on LLM calls, APIs, tools, compute, code execution — requires:

• Spend limits
• Policy enforcement
• Audit trails
• Kill switches
• Accountability
• Financial guarantees

Today: thousands of developers experimenting with AI agents. Trajectory: autonomous agents increasingly managing programmatic spend across enterprise APIs.

Phased Execution Plan

We execute in six progressive phases, each expanding trust boundaries:

Phase 1 — Enterprise SaaS

Phase 1 Economic Model

• SaaS Subscription (monthly/seat/agent tier)
• Managed Proxy fees
• Enterprise contracts
• Custom deployment
• Dedicated support

Phase 1 Deliverables

• Harden Mandate Engine logic
• Enforce pre-call spend validation
• Add real-time budget decrementing
• Build violation event pipeline
• Enterprise audit export feature
• SOC2 alignment plan
• Compliance templates (Finance, Healthcare, etc.)
• Enterprise pricing structure

Phase 2 — Zero-Trust Proxy Network

Core Mechanism

Decentralized proxy node network processes governed LLM calls.

Phase 2 Deliverables

• Define staking model
• Define slashing conditions
• Design node reward formula
• Implement routing fallback logic
• Define consensus mechanism (minimal viable)
• Publish Node Operator Spec
• Launch incentivized testnet

Protocol Fee Model

Revenue Layer: Spend Volume Fee

Thin fee on all governed LLM calls.

fee_example:
  agent_spend: "$1.00"
  protocol_take: "0.5% of routed spend ($0.005 per $1.00)"
  at_scale: "$1B annual volume: 0.5% = $5M/year"

fee_distribution:  # 0.5% of routed spend
  - "70% → Node Operators (Buy-and-Distribute)"
  - "20% → Insurance Reserve (USDC)"
  - "10% → Protocol Treasury (DAO governance)"

Protocol Fee Deliverables

• Finalize fee % model
• Treasury allocation model
• Token emission schedule
• Revenue projection model
• Legal structure for fee collection

Mandate Marketplace

Mandates become transferable governance IP.

Marketplace Deliverables

• Mandate Template Schema
• Marketplace UI
• Royalty smart contract logic
• Certification badge framework
• Auditor onboarding plan

Insurance + Guarantees Layer

Staked collateral backs financial guarantees.

Insurance Deliverables

• Collateral lock contract
• Claims adjudication logic
• Dispute resolution framework
• Risk pricing model
• Insurance partner exploration

Verified Agent Reputation Layer

Governed activity produces an immutable track record.

Reputation Deliverables

• Reputation scoring formula
• Public agent profile endpoint
• Reputation oracle API
• Integration SDK for partners
• Badge system (Verified, Insured, Enterprise-grade)

Stakeholder Win Matrix

See Section 03: Vision for the full Architecture Role / Value Matrix defining all seven participant categories.

Societal Narrative

SentryMandate provides:

Defensibility Strategy

See Section 03: Vision → Technical Defensibility for the full defensibility progression analysis.

Aggressive Roadmap

Progressive Decentralization Path

The Case for Decentralized Implementation

Economic architecture for decentralized AI governance — fee structure, stakeholder incentives, and protocol alignment

This section proves: every fee, stake, and slash maps to a specific security mechanism — no value accrual without cryptoeconomic purpose.

Core Insight

Autonomous agents that transact require governance. SentryMandate acts as the execution intermediary, enforcing policies before transaction settlement. As autonomous AI deployment scales, governance protocols become critical infrastructure that all agent transactions route through.

Value Accrual & Cryptoeconomic Security

Architecture Role / Value Matrix

Systemic Invariants

The non-negotiable properties the protocol must satisfy at every block height

Technical Defensibility

Protocol defensibility increases with each layer of decentralization:

Protocol Summary

Proof of Governed Execution

Verifiable proxy infrastructure powered by TEEs, zkTLS, and net-deflationary tokenomics

This section proves: Proof of Governed Execution (PoGE) eliminates the Execution Oracle Problem — nodes cannot leak keys, forge logs, or deviate from Mandate policy.

Evidence Schema & Fraud Proofs

Deterministic, cryptographically verifiable, chain-anchored evidence model for objective fraud proofs and automated slashing

This section proves: every attestation bundle is a self-contained, independently verifiable proof — no oracle dependency, no trusted third party.

{
  "mandate_id": "UUID",
  "version": "1.0",
  "issuer_pubkey": "0x...",
  "spend_limits": {
    "per_call_max": 5.00,
    "daily_max": 100.00
  },
  "allowed_endpoints": ["api.openai.com", "api.anthropic.com"],
  "approval_threshold": null
}

{
  "request_id": "UUID",
  "agent_id": "0x...",
  "mandate_hash": "0xabc...",
  "endpoint": "api.openai.com",
  "payload_zk_commitment": "0x...",
  "timestamp": 1708920000
}

{
  "zkTLS_proof_type": "TLSNotary_v1",
  "server_domain": "api.openai.com",
  "extracted_spend_delta": 0.02,
  "cryptographic_proof": "0x[zk_SNARK_proof_data]"
}

{
  "bundle_version": "2.0",
  "enclave_pubkey": "0x...",
  "operator_id": "0x...",
  "request_hash": "0x...",
  "mandate_hash": "0x...",
  "policy_decision": "ALLOW",
  "delta_spend": 0.02,
  "receipt_hash": "0x...",
  "timestamp": 1708920005
}

// On-chain transaction submitted by Operator
function commitEpoch(
    bytes32 merkleRoot,
    uint256 epochTotalSpend,
    bytes memory TEE_Signature
) external;

End-to-End Protocol Flow

The complete lifecycle of a governed AI request inside SentryMandate — from provisioning through execution, settlement, and reputation compounding.

This section proves: the full request-to-settlement lifecycle completes in under 10 minutes, with every step cryptographically anchored.

0. High-Level System Topology

SentryMandate operates across three distinct layers, each with dedicated responsibilities.

┌─────────────────────────────────────────────────────────┐
│                     CLIENT LAYER                        │
│            AI Agent  ←→  Enterprise Dashboard           │
└────────────────────────────┬────────────────────────────┘
                             ▼
┌─────────────────────────────────────────────────────────┐
│                   EXECUTION LAYER                       │
│         TEE Proxy  ←→  zkTLS  ←→  LLM APIs           │
└────────────────────────────┬────────────────────────────┘
                             ▼
┌─────────────────────────────────────────────────────────┐
│                   SETTLEMENT LAYER                      │
│     Registry  │  Staking  │  Escrow  │  Reputation      │
└─────────────────────────────────────────────────────────┘

1. Initialization Phase: Provisioning the Agent

Before an agent can make a single call, the financial and governance rails must be laid.

2. The Execution Lifecycle (The Fast Path)

The sub-100ms flow for standard, fully autonomous agent requests (no human approval required).

Step 2.1: The Request & Micro-Reservation

To prevent the double-spend problem without introducing global consensus latency, the Agent opens a rapid state channel with a specific TEE Node.

Step 2.2: TEE Mandate Evaluation

Step 2.3: zkTLS Routing

Step 2.4: Attestation & Refund

3. The Human-In-The-Loop (HITL) Lifecycle (The Slow Path)

Triggered when the TEE Enclave evaluates the mandate and hits an approval rule (e.g., "Any transaction over $500 requires human sign-off").

4. Settlement & Slashing Pipeline

The Execution Layer syncs with the Settlement Layer to finalize economics.

5. Reputation & Reputation Compounding

Once the block is finalized, the Reputation Oracle updates.

Network Architecture

High-throughput TEE mesh topology, intent-based routing, parallel budget channels, and fault-tolerant failover mechanics for the SentryMandate decentralized network.

This section proves: MAX_ROUTING_SHARE == 15% prevents any single operator from monopolizing the network (Invariant VI.1), while VDF-based blind routing prevents targeted bribery.

1. Network Topology (The 3-Node Architecture)

SentryMandate relies on a separation of concerns to maintain high throughput and strict security across a permissionless set of TEE-secured operators.

1.1 TEE Proxy Node (The Execution Layer)

1.2 Sequencer / Router Node (The Matching Layer)

1.3 Watcher Node (The Audit Layer)

2. Intent-Based Routing & Discovery

Agents do not waste compute cycles tracking node uptime. They utilize Execution Intents.

2.1 The Routing Lifecycle

2.2 Capability Advertisement (Off-Chain)

3. The Parallel Budget Mesh (Solving Concurrency)

To achieve horizontal scalability, the network uses mathematical state channels instead of database locks.

3.1 Splitting the Budget

3.2 The Micro-Reservation Flow

4. Failover & Anti-Censorship Mechanics

If a TEE Proxy Node fails mid-request, the Agent must not lose its budget lock.

4.1 Ephemeral State Recovery

4.2 Censorship Resistance

5. Engineering Checklist (Architecture Execution)

Implementation modules and deliverables for the SentryMandate network architecture.

Node Architecture Comparison Matrix

Detailed comparison of responsibilities, trust assumptions, and hardware requirements across all three node types in the SentryMandate network.

Routing Protocol Reference

message ExecutionIntent {
  string  agent_id       = 1;
  string  mandate_hash   = 2;
  string  target_provider= 3;
  uint32  max_latency_ms = 4;
  string  region         = 5;
  bytes   agent_sig      = 6;
}
message CancelIntent {
  string  lock_id  = 1;
  string  agent_id = 2;
  string  reason   = 3;
  bytes   sig      = 4;
}

Deterministic Reputation Engine

The compounding non-forkable execution history of SentryMandate — transforming cryptographically verified TEE/zkTLS evidence into non-forkable, mathematically sound Trust Oracles for agents, operators, and mandates.

This section proves: the Global Sentry Score is a view function derived from immutable on-chain history — it cannot be manually edited, purchased, or governance-voted (Invariant IV.1).

1. The Dual-Axis Reputation Paradigm

If you group all behavior into a single average, the data becomes useless. A true Trust Oracle must measure two distinct vectors.

2. Agent Reputation Math (Sybil & Exploit Resistant)

2.1 Solving the Cold Start & Sybil Farming Problem

2.2 Character Score Formula

We use Alpha and Beta constants (set by governance) to represent the network's initial skepticism of a new, unknown agent.

// Variables
V_compliant = Total fiat dollar volume of all compliant, successful spend
V_violation = Total fiat dollar volume of all blocked/attempted violations
Alpha       = Network prior for success (e.g., 100)
Beta        = Network prior for failure (e.g., 500)

// Formula
Character_Score = (V_compliant + Alpha) / (V_compliant + V_violation + Alpha + Beta)

2.3 Competence Score Formula

Competence uses an exponential time-decay model. Recent API failures hurt the agent, but if the developer patches the agent's code, historic errors fade away.

// Variables
C_success    = Count of successful zkTLS execution receipts
C_fail       = Count of 4xx/5xx errors or timeouts
Decay_Factor = Weighting that prioritizes recent epochs over historic

// Formula
Competence_Score = Sum(C_success * Decay_Factor) / Sum((C_success + C_fail) * Decay_Factor)

2.4 Global Sentry Score

The final metric used for enterprise gating. If either Character or Competence drops, the Global Score drops.

3. Operator Reputation (The Routing Engine)

Operator reputation dictates how the L2 Sequencer routes traffic. If an operator's score drops, they are starved of traffic, resulting in zero fee generation.

4. Mandate Template Reputation

Compliance templates created by AI Governance Architects are economic assets. Their reputation dictates their ranking in the Marketplace.

// Variables
Adoption_Count       = Number of unique enterprise subnets using the template
Violation_Rate       = Percentage of calls under this mandate that resulted in a violation
Dispute_Rate         = Frequency of human-in-the-loop dispute escalations
Certification_Weight = Multiplier applied if audited by a recognized security firm

// Formula
Template_Score = (Adoption_Count_Weight) + (1 - Violation_Rate) + (1 - Dispute_Rate) * Certification_Weight

5. Enterprise API & Insurance Integration

5.1 The Gating Payload

When an enterprise or a smart contract queries the Reputation Oracle, it returns a deterministic, verifiable JSON payload.

{
  "agent_id": "0x1234abcd...",
  "global_sentry_score": 0.985,
  "tier": "AAA",
  "metrics": {
    "character_score": 0.999,
    "competence_score": 0.971,
    "lifetime_governed_spend": 45200.50,
    "attempted_violations": 2
  },
  "insurance_eligibility": {
    "status": "ELIGIBLE"
  }
}

5.2 Dynamic Insurance Pricing

Because the Reputation Engine is fully deterministic, it serves as the exact pricing oracle for the network's Insurance Risk Pools. When an enterprise purchases a $10,000 Overspend Guarantee for their agent, the premium is dynamically priced by the smart contract.

// Variables
Base_Rate           = Protocol baseline insurance fee (e.g., 1%)
Coverage_Amount     = Total fiat dollar guarantee (e.g., $10,000)
Global_Sentry_Score = Agent's current trust score (e.g., 0.80)

// Formula
Insurance_Premium = Base_Rate * Coverage_Amount * (2 - Global_Sentry_Score)

6. Reputation Invariants & The Reputation Invariants

The three immutable rules governing the SentryMandate reputation system and the non-forkable historical ledger they establish.

Character Score Growth Simulation

Demonstrating how the Bayesian model evolves from cold start to AAA tier with Alpha=100 and Beta=500.

Dual-Tranche Insurance Engine

Cryptographically proven slashing events become automated dollar-denominated payouts for enterprise clients via Dual-Tranche capital, dynamic utilization curves, and systemic risk limiters.

This section proves: Dual-Tranche architecture insulates SENTRY token price from enterprise claim events. MAX_EPOCH_DRAWDOWN == 20% prevents bank runs (Invariant III.3).

1. The Dual-Tranche Capital Structure

The Insurance Pool separates network security from enterprise fiat remediation via two distinct capital tranches.

2. Dynamic Premium Calculation

Premiums are dynamically calculated per agent based on Reputation Score (Risk) and Pool Utilization (Capital Scarcity).

// Variable Definitions
U               = Current Utilization Ratio
U_optimal       = Target Utilization (0.80)
Curve_Steepness = Governance parameter (e.g., 4)
Risk_Multiplier = (2 - Global_Sentry_Score)

// From the Reputation Engine output
// Score = 1.0 (perfect) to 0.0 (blacklisted)

Formula:
Dynamic_Premium =
  Coverage_Amount
  * Base_Rate
  * Risk_Multiplier
  * (1 + (U / U_optimal)^Curve_Steepness)

3. The Claims Adjudication Pipeline

Class A Claims (Integrity Violations) are fully deterministic via TEEs and zkTLS, requiring zero human arbitration.

4. Systemic Risk Controls

Protection against correlated failures via epoch-based settlement and mandatory deductibles.

5. The Economic Feedback Loop

The integration of Evidence, Slashing, Reputation, and Insurance creates a self-healing economic loop. Each component reinforces the others, making the system progressively more robust over time.

Complete Value & Token Movement Map

How smart contracts route USDC and SENTRY across five distinct flow paths, maintaining token supply reduction and operator incentive alignment.

This section proves: the 70/20/10 fee split (Operators/Insurance/Treasury) creates a self-sustaining economic loop where Burned > Emitted at target volume (Invariant VII.2).

1. The Asset Primitives

Asset isolation by function avoids regulatory friction and preserves capital efficiency.

2. Flow A: Core Execution (Buy-and-Distribute)

The primary heartbeat: enterprise funds paying for governed AI routing.

Let F = Total SENTRY purchased via network usage fees.

F_ops  (70%) -> Routed to active Node Operators
              (pro-rata based on successful zkTLS receipts).
F_burn (20%) -> Sent to the dead address (0x000...)
              to permanently deflate supply.
F_tres (10%) -> Routed to the DAO Treasury
              for protocol R&D.

3. Flow B: Staking & Slashing (Security Engine)

Operators must stake a minimum of $10,000 in SENTRY (21-day unbonding) to route enterprise traffic. Slashing: 0.1% downtime, 5% mandate violation, 100% forgery/equivocation.

Let S = Total SENTRY slashed from the malicious operator.

S_chal (20%) -> Rewarded to the Watcher who submitted
              the valid fraud proof.
S_sell (30%) -> Sold on a DEX for USDC and sent to the
              Insurance Pool to cover enterprise loss.
S_burn (50%) -> Burned permanently to penalize the attacker
              and enrich the remaining network.

4. Flow C: Insurance Engine (Dual-Tranche Capital)

Separate opt-in product capitalized by decentralized LPs.

Let P = Total USDC Premium paid by the enterprise.

P_uw   (80%) -> Yield paid out to the Liquidity Providers
              (LPs) who deposited USDC to back the pool.
P_tres (20%) -> Routed to the Protocol Treasury.

5. Flow D: Mandate Marketplace (IP Royalties)

Governance Architects write Mandate Templates minted as on-chain IP.

Let M = Total USDC paid for the Mandate license.

M_auth (85%) -> Routed directly to the Mandate Author's
              wallet in USDC.
M_buy  (15%) -> Routed to the FeeRouter to market-buy
              SENTRY and distribute to Operators/Burn
              (feeding the Core Execution Flow).

6. Flow E: Network Bootstrapping (Emissions)

Decaying emissions ensure operator profitability before volume.

Let E = Epoch Emission of newly minted SENTRY.

E_ops (100%) -> Routed to the RewardsModule
              to subsidize Operator yields.

7. Global Parameter Matrix (v1.0 Constants)

Smart contract parameters at launch. Modifiable only via DAO vote with 14-day timelock.

8. Summary of the Economic Engine

Integrated value circulation path.

Mechanism Design Validation & Cryptoeconomic Stress Tests

We do not assume good actors. We assume highly capitalized, colluding adversaries operating during extreme macro-market volatility.

This section proves: honest operation is the dominant Nash equilibrium — no coalition of rational actors can profit by deviating from protocol rules.

Variables:
  Cost_Watcher       = Monthly compute cost to run a Watcher Node.
  Reward_Honeypot    = SENTRY bounty for catching the protocol's intentional mistake.
  Frequency_Honeypot = How often the protocol drops a fake bundle.

Invariant (must hold in Simulation):
  (Reward_Honeypot * Frequency_Honeypot) > Cost_Watcher

Variables:
  Value_Extracted = The fiat value the Agent gains by bypassing the mandate.
  Stake_Operator  = The fiat value of the Operator's bonded SENTRY tokens.
  Bribe_Amount    = The out-of-band payment from Agent to Operator.

Conditions for an Attack to Occur:
  1. Bribe_Amount > Stake_Operator    // Operator demands enough to cover their slashed stake
  2. Value_Extracted > Bribe_Amount    // Agent must make a profit after paying the bribe

The Strict Invariant the Simulation Must Prove:
  Stake_Operator > Value_Extracted

{
  "protocol_fee_rate": {
    "min_safe": 0.003,
    "max_safe": 0.015,
    "optimal": 0.005
  },
  "insurance_reserve_ratio": {
    "min_safe_threshold": 1.25,
    "lockdown_trigger": 1.05
  },
  "watcher_honeypot_frequency": {
    "epochs_per_injection": 144
  }
}

Public Testnet Design, Safety Controls & Launch Phases

This section validates the protocol across software, economic modeling, and hardware performance constraints — testing TEE latency, zkTLS proof generation, L2 micro-reservations, and Dual-Tranche Insurance resilience.

This section proves: five Mainnet Exit Gates must pass on the Crucible testnet before genesis — no gate can be skipped or governance-overridden.

IP-NFT Marketplace: Governance Policy Licensing

Mint compliance policies as on-chain IP-NFTs, license them to enterprises, and earn automated trustless royalties via curation markets.

This section proves: Mandate templates are immutable IP-NFTs — silent upgrades are impossible (Invariant V.1), and flat-fee licensing prevents royalty stacking (Invariant V.2).

{
  "template_id": "0xIP_NFT_ADDRESS",
  "version": "1.0.0",
  "author_wallet": "0xAUTHOR...",
  "category": "FINANCE_COMPLIANCE",
  "mandate_ruleset": {
    "max_daily_spend": 500,
    "allowed_endpoints": ["api.bloomberg.com", "api.openai.com"],
    "forbidden_tools": ["local_file_system", "shell_execution"]
  },
  "licensing_terms": {
    "model": "MONTHLY_FLAT",
    "price_usdc": 50.00
  },
  "immutable_hash": "0x[SHA256(canonical_json)]"
}