The problem coagent solves

In the current AI Agents landscape, the agents are mostly controlled by an EOA Private key which exposes much of a security concern since the AI gets the whole control of the funds, which can be lost if the AI Responses are somehow malicious, it can drain the whole funds.
To prevent this kind of action by the following measures :

• Creating a Smart smart account with a human owner and assigning a session key to the agent
• The session key can only approve transactions based on limits set upon the time-to-live, token or eth amount, allowed addresses
• The limits can be set by the human owner
• The Agent can also safeguard against the blacklisted and malicious addresses posted by OFAC
• To ensure the responses are actually sent by OpenAI endpoints instead of a malicious party, the TLS certificates and fingerprints are verified by AVS and stored onchain by the operator along with the prompt and response

Challenges I ran into

The major challenge was trying to integrate zkTLS/TLSNotary but those services isnt compatible with nodejs environment hence, had to come up with custom verifier inside the AVS