Agentic on-chain transaction safety / technical founder story
This project shows the other side of my profile: not only commercial fluency, but hands-on technical depth. I designed and developed a private LangGraph and Web3 project from scratch, where an agent interprets transaction intent while deterministic guardrails decide whether value is allowed to move.
6
architecture layers
10
LangGraph-style workflow nodes
3
decision paths: approve, confirm, block
100+
unit, integration and adversarial tests
The technical thesis
I built the page around Mermaid diagrams generated from the repository architecture notes: system architecture, LangGraph routing, transaction sequencing, policy controls, risk scoring, API surface, data models and recipient resolution.
01 / System architecture
This diagram comes from the repository architecture map and shows the full system I built: CLI and frontend surfaces, FastAPI, TransactionOrchestrator, LangGraph, specialized agent nodes, deterministic guardrails, Web3 execution and external services. It is the strongest proof that the project is not only a concept, but a full technical system.
02 / LangGraph state machine
I designed the workflow as a LangGraph state machine so every command has an explicit route: classify intent, answer queries, plan transactions, verify proposals, run guardrails, request human confirmation or execute. This makes the agent auditable instead of a black-box assistant.
03 / Processing sequence
This sequence shows the real execution thinking: the user sends a natural-language instruction, the orchestrator invokes the graph, the LLM classifies and plans, an independent verifier reviews, guardrails decide, the human approves when needed and Web3 returns the transaction hash and receipt.
04 / Guardrails decision flow
The safety layer is deterministic. PolicyEngine checks token whitelist, transaction limits, daily caps and frequency. RiskEngine scores gas, amount and conditions. DecisionEngine maps that evidence to BLOCK, CONFIRM or APPROVE. The LLM can propose; it cannot override this flow.
05 / Module structure
This package map shows how I separated the implementation into agents, NLP models, guardrails, blockchain execution, configuration and data modules. The value here is maintainability: each layer has a role, and safety-critical logic is not mixed into prompts.
06 / Data model
The data model is a key part of the safety design. StructuredIntent, TransactionProposal, TransactionResult, DecisionReport, PolicyConfig and RiskConfig make every step inspectable. That gives the system a clean boundary between language interpretation and transaction authorization.
07 / API surface
I exposed the system through FastAPI endpoints and a WebSocket path: health, command processing, wallet information, settings, address book and transaction history. This matters because it shows the project was designed as an application, not only a notebook or local script.
08 / Intent routing
The agent classifies Spanish or English commands into transaction, price, balance, gas, history, info or unknown intent. That lets the same interface answer safe informational queries while only transaction intents move into planning, verification and guardrail evaluation.
09 / Recipient resolution
Recipient resolution is part of the safety design. The system distinguishes raw 0x addresses from known aliases, checks whether addresses are authorized, handles ambiguous aliases and blocks inactive or unknown contacts before planning can continue.
01 / Why I built it
This project is intentionally technical. It shows that I can explain complex AI opportunities to executives, but also design and build the underlying architecture when the domain has real risk. The problem I chose is hard: agents that move assets on-chain from natural-language instructions.
The commercial story is clear: wallets and crypto apps need simpler UX. The engineering reality is harsher: transactions are irreversible, gas-sensitive and exposed to prompt injection, ambiguous intent and user mistakes. I built the project to show both sides together: product narrative, architecture, implementation and evaluation.
Signal
I can sell the idea and build the technical argument behind it
Domain
Natural-language wallet transactions and blockchain execution
Risk
Irreversible value movement requires stronger controls than a normal chatbot
Repository
Private GitHub project under AI-Explorers-Spain, available by invitation
02 / Problem framing
The research question behind the project is whether a multi-agent system can reduce unwanted or unsafe token transfers while preserving a usable natural-language interface. That tension is the point: too much autonomy is dangerous, too much friction kills the experience.
I scoped the project around token-to-token transfers where the destination is assumed to be known and trusted. That kept the focus on the critical path: understanding how much, which token, when, under what conditions and whether execution is safe.
UX goal
Let the user express transfers naturally in Spanish or English
Safety goal
Prevent unsafe, ambiguous or policy-breaking transfers
Scope
Simple token transfers on testnets, with destination identity out of scope
Research lens
Security improvement without unacceptable usability loss
03 / Architecture
The decisive architectural choice is the boundary between probabilistic reasoning and deterministic authorization. The LLM can classify intent and propose transaction parameters, but policy, risk and final authorization are handled by separate engines.
That boundary matters because prompt injection should not become financial authorization. Even if an LLM is confused, manipulated or overly helpful, it cannot bypass token whitelists, amount limits, daily caps, frequency constraints or risk thresholds.
Agent layer
Intent, planning and verification use language reasoning
Security layer
PolicyEngine, RiskEngine and DecisionEngine stay deterministic
Execution layer
EOA wallet and executor handle simulation, signing, sending and receipts
Design principle
The model proposes; the system authorizes
04 / Implementation detail
The repository is not a static concept deck. It includes the technical structure, the research framing, implementation modules, test strategy and a development plan for hardening the codebase after analysis.
The engineering plan covers data integrity, configuration wiring, RPC setup, async Web3 correctness, dead-code cleanup, type safety and adversarial test improvements. That is the part I want visible: I am comfortable moving from strategy to the messy engineering details that decide whether an AI system is trustworthy.
Implementation
Python, LangGraph, Web3 and structured policy/risk modules
Quality mindset
Tests cover unit, integration and adversarial behavior
Hardening
Development plan identifies concrete fixes and acceptance criteria
Candidate signal
I can discuss architecture and also review implementation risk
05 / Evidence
For this type of system, a successful transaction is not enough evidence. The relevant question is what happens when the instruction is ambiguous, hostile, too expensive, too frequent or outside the user policy.
The project evaluates prompt injection, policy bypass attempts, risky destinations, gas conditions and confirmation paths. I also document limits clearly: testnet-first, no broad mainnet claim, and no claim that application guardrails replace full wallet, network or operational security.
Security evidence
Adversarial cases try to bypass restrictions
Usability evidence
Adaptive HITL reduces unnecessary confirmation fatigue
Honesty
The page states scope and limits instead of overclaiming production readiness
Recruiter signal
This is hands-on AI safety, not only customer-facing language
What this proves
The strongest signal is the combination: I can explain why agentic wallet UX matters, then go into the architecture, implementation, evaluation and hardening work needed to make it credible.