The problem OculusVault solves

The problem it solves

AI agents can execute trades fast, but they are risky by default: one bad route, oversized trade, stale oracle read, or unauthorized withdrawal can drain funds.
Most systems also lack verifiable proof of what happened, so trust is hard for users and judges.

OculusVault solves this by adding a policy-enforced execution layer for agents:

• Every action is checked by on-chain defenses before execution.
• Unsafe actions are blocked (pre-broadcast or on-chain revert).
• Events are mirrored to a verifiable proof trail (Base + Hedera + service telemetry).

What people can use it for

• Run agentic trading with guardrails instead of blind wallet access.
• Stress-test defenses live with the Angry Path attack scenarios.
• Operate vault administration through Safe-mode payload workflows.
• Present compliance/evidence transparently without overclaiming.

How it makes tasks easier and safer

• Safer execution: role gates, whitelist checks, oracle freshness, caps, and circuit breaker reduce loss risk.
• Clear accountability: every key action has traceable tx/topic evidence.
• Faster verification: judges/operators can validate status in seconds via health checks and evidence links.
• Operational clarity: mode-aware flows (manual vs autonomous x402) prevent misleading assumptions.

Challenges I ran into

Challenges I ran into

• Role-based attack labeling was ambiguous (blocked vs infra/not-attempted).
  I fixed this by explicitly classifying outcomes:

  • blocked for known defense reverts (pre-broadcast or mined revert)
  • not_attempted for wallet disconnect/role mismatch/user rejection
  • infra_error for RPC/network/timeout issues.

• Transaction timeouts were misread as defense results.
  Some attacks returned timeout while waiting for receipts. I separated timeout handling from defense logic and surfaced clear stage/error messaging so judges can distinguish infra failures from vault defenses.

• UI overflow/contrast issues hurt readability (especially light mode).
  Long hashes, labels, and buttons overflowed; several warning cards had poor contrast. I added truncation/copy patterns, responsive spacing, and light/dark contrast fixes across navigation, cards, assistant, and timeline.

• Wiki Mermaid diagrams had overlapping nodes.
  I refactored graph structure (clear planes, fewer nested labels) and tuned Mermaid spacing (nodeSpacing, rankSpacing, padding) to make architecture diagrams readable.

• Default vault UX could break first-time judge flow.
  Typing an invalid vault immediately broke views. I separated draft input from active vault, added one-click Use Live Vault, and kept the live mainnet vault as default fallback.

• PicoBot felt too rigid for Q&A.
  I kept deterministic command flows for safety, then added Ask AI (beta, read-only) with strict project-only scope, low verbosity, and grounded context (README + Wiki) so it helps judges without risking unsafe actions.

Use of AI tools and agents

Use of AI tools and agents

OculusVault uses AI in two coordinated layers:

• Execution agent (backend):
  The agent requests inference (x402 flow), then proposes buy/sell/hold actions.
  Final execution is always constrained by on-chain vault policy guards.

• PicoBot assistant (frontend):
  A mode-aware copilot for operators/judges:

  • deterministic ops commands (status, evidence, run attack 1/3/4, trigger x402)
  • Ask AI (beta, read-only) for concise project Q&A only.

How they work together:

1. PicoBot or scheduler triggers agent actions.
2. Agent evaluates context and requests inference.
3. Vault enforces policy (role, whitelist, oracle, caps, circuit breaker).
4. Results are surfaced as verifiable evidence (Base tx + Hedera topic + health telemetry).

This keeps AI useful for decision support while security-critical control stays on-chain and auditable.