The problem AgentFi solves

Autonomous AI agents need three things that current blockchain infrastructure does not provide in combination: a payment model that does not require human approval at each step, a portable identity that travels with the agent's executable intelligence, and a compliant execution record that satisfies cross-chain audit requirements.

Existing ERC-721 NFTs carry ownership state, nothing more. They cannot embed encrypted intelligence, cannot grant time-bounded usage rights without transferring the token itself, and have no mechanism to invalidate a prior authorization when ownership changes hands. This means an agent sold on a marketplace permanently loses its credentials to the new owner the moment the NFT transfers, with no way for the original creator to retain a copy or revoke access per generation.

Payment rails compound the problem. Every micro-payment between agents requires either a pre-funded escrow or a human signing the transaction. Neither scales to the sub-second, multi-hop execution chains that real autonomous systems require. There is no standard for agents to charge each other, split revenue with platform and creator, and settle in a token that tracks execution reputation — all without a human in the loop.

Compliance is a third gap. When an agent executes a financial task on behalf of a user, the resulting output exists off-chain. There is no standard mechanism to record what was computed, who authorized it, which payment settled it, and what Hedera topic holds the attestation — in a form that satisfies FATF Travel Rule requirements.

AgentFi addresses all three. The ERC-7857 AgentNFTv2 contract implements a sealed-key model where encrypted intelligence is stored on 0G Storage, and a generation counter invalidates all prior usage authorizations on every ownership transfer. The AgentMarketplacev2 contract lets any wallet hire an agent without receiving the token — it simply calls authorizeUsage() on behalf of the payer and splits payment in a single transaction. Hedera HTS tracks per-agent AFC balances as on-chain reputation. ADI Chain records cross-chain execution receipts that bind a payment record, a Hedera HCS topic ID, and a SHA-256 hash of the agent's output into a single immutable proof.

Challenges we ran into

1. ERC-7857 authorization invalidation on transfer

The standard requires that every prior authorizeUsage() grant becomes invalid after a transfer, without iterating over every grantee. A simple revocation mapping would require O(n) writes on transfer, making gas costs unbounded. The solution was a generation counter: _authGeneration[tokenId] increments on every transfer() or clone(). isAuthorized() returns true only if the executor's stored generation matches the current generation. Adding a new grantee writes the current generation; the moment the token transfers, all prior grants are invalidated in O(1) because the generation has advanced.

2. Cross-chain execution receipt atomicity (0G → ADI → Hedera)

The compliant execution path reads from ADI Chain twice (KYC check, payment record), runs the agent, writes back to ADI Chain (execution receipt), and simultaneously reads from Hedera (AFC balance) before triggering an HCS attestation. These operations span three networks with independent finality. The approach was to treat the write as the final step — agent execution completes first, then record_execution_receipt() is submitted to ADI Chain with the Hedera topic ID and SHA-256 hash baked in. If the write fails, the agent result is still returned and the failure is logged, preserving liveness at the cost of the on-chain record. This tradeoff is explicit in the code.

3. Hedera Agent Kit initialization per request

The HederaLangchainToolkit loads all available plugins on initialization. Running this on every /execute call added significant latency and occasionally timed out under load. The fix was two-part: initialization was moved to a shared import-time path guarded by try/except (so failures degrade to DeFi-only tools without crashing), and the tool set is filtered down to 10 targeted functions — balance queries, topic operations, exchange rate, and token info — rather than loading the full plugin surface. The LangGraph graph is compiled once per agent type, not per request.

4. Cross-agent AFC budget exhaustion mid-chain

When portfolio_analyzer invokes risk_scorer and yield_optimizer sequentially, it must debit AFC before each sub-call. If the first sub-call succeeds but the second would exceed the remaining balance, the second call must fall back gracefully. The implementation reads the agent's live AFC balance from Hedera Mirror Node before the chain begins, tracks remaining_budget across calls, and switches to _self_compute_fallback() — a deterministic local computation — when balance is insufficient. Each sub-call failure or timeout also triggers the fallback, so the top-level response always returns within the timeout window regardless of sub-agent availability.

5. x402 middleware bypass coordination with on-chain authorization

The backend has no cheap way to verify, on every request, that the caller's wallet has an active isAuthorized() grant on 0G Chain. Reading chain state per request adds latency and a failure mode. The solution was a header protocol: after hireAgent() confirms on-chain (wagmi useWaitForTransactionReceipt), the frontend injects X-AgentFi-Marketplace-Paid: true on the subsequent backend request. The middleware exempts this header from the 402 gate. Internal cross-agent calls use X-AgentFi-Internal: true instead. The chain itself remains the enforcement layer — authorization is written on-chain by the marketplace — and the header is used only to avoid redundant RPC reads on the hot path.

Use of AI tools and agents

AgentFi ships three autonomous agents — portfolio_analyzer, risk_scorer, and yield_optimizer — each implemented as both a legacy direct-inference path and a LangGraph ReAct agent. The ReAct path is preferred: a Claude Haiku model drives a tool-calling loop equipped with seven custom DeFi tools and up to ten Hedera Agent Kit tools, selecting and invoking them in sequence until it judges the query answered. Tools are synchronous LangChain functions wrapping live external APIs: CoinGecko for token prices and thirty-day price history, DeFi Llama for protocol yield data, SaucerSwap for on-chain Hedera liquidity pool state, Bonzo Finance for Hedera lending market rates, the 0G testnet RPC for user wallet balances, and the Hedera Mirror Node for account and token balance queries. No data is hardcoded into the agent's reasoning; fallback values activate only when an upstream API is unreachable.

The risk_scorer agent uses a deterministic Python computation before the LLM is invoked: volatility (from thirty-day price history), concentration, stablecoin ratio, and twenty-four hour drawdown are each scored independently and summed to produce a 0–10 risk score. The language model receives this pre-computed score and is instructed to explain it, not recalculate it. This keeps the numeric output stable across runs while preserving natural-language interpretation.

After each execution, two actions fire independently and non-blockingly. An HCS-10 formatted message is submitted to a per-agent Hedera Consensus Service topic, containing the SHA-256 hash of the result and the agent's operator identifier. Simultaneously, the operator account transfers 100 AFC units (1.00 AFC, two-decimal HTS token) to the agent's dedicated Hedera account. The AFC balance on the Hedera Mirror Node serves as an on-chain execution counter: the frontend polls this balance every thirty seconds and renders it as an agent reputation score with named tiers from New through Legend.

Cross-agent chaining works through CrossAgentService. When portfolio_analyzer runs, it reads its own AFC balance from the Mirror Node and the x402 pricing config for each recommended sub-agent from the on-chain AgentRegistry. If the balance covers the price, it executes a 70/20/10 AFC split — seventy percent to the target agent's owner account, twenty percent to the agent's own Hedera account, ten percent to the platform — then calls the sub-agent's backend endpoint with an internal bypass header. The sub-agent's result is appended to the primary result under a structured heading. If the budget is insufficient or the sub-agent times out, a local fallback computation substitutes, and the reason is surfaced in the cross-agent report returned to the frontend.

Outputs from the compliant execution path are persisted across chains: the agent result hash is written back to ADI Chain via recordExecutionReceipt, binding the ADI payment record, the Hedera topic ID, and the SHA-256 digest into a single on-chain proof spanning both networks.