System Overview
One System. Total Control.
VaultAgent merges two codebases into a single Node.js process — AgenticVault (authorization infrastructure) with AutonomousAgent (intelligent execution engine). Every action is authorized, logged, and human-approved.
AgenticVault
Auth · RBAC · Blockchain · MCP
+
AutonomousAgent
HITL · Multi-LLM · Banking · Spawning
=
VaultAgent ◈
ONE PROCESS · TWO SERVERS
Process Architecture
Single Node.js runtime — Express :3000 + Fastify :8443 + Bridge Layer
RUNNING
EXPRESS HTTP
:3000
Auth0 OAuth Login
HTML Dashboard
REST API (RBAC)
MCP SSE Endpoint
FASTIFY HTTPS
:8443
JWT + API Key Auth
Autonomous Agent API
HITL Endpoints
Agent Spawning
BRIDGE LAYER db (PostgreSQL) redis (cache) permissions security / KMS SQLite (agent state)
CAPABILITIES — CLICK ANY TO DEMO
🔔
HITL Approval
All financial actions require human approval via Telegram inline buttons before execution
🧠
Multi-LLM Brain
Claude (primary) + DeepSeek API + Ollama local with automatic fallback routing
🔐
Fine-grained RBAC
Per-user, per-agent, per-API-key permissions. Auth0 JWT for humans, API keys for machines
Crypto / Blockchain
ETH wallet management, send/receive, NFT, DeFi tokens via ethers.js v6 + Alchemy
🏦
Banking
Read Plaid balance & transactions. Send payments via Stripe. All HITL-gated.
🤖
Agent Spawning
Spawn sub-agents, A2A message bus, team coordination with persistent SQLite memory
📋
Audit Logs
Tamper-evident chained SHA-256 log entries. Every action traceable forever.
📊
MCP Protocol
DeepSeek MCP, Ollama MCP, filesystem MCP, memory MCP — model context protocol
Business Presentation
VaultAgent — Authorized to Act
The AI agent infrastructure platform that lets you deploy autonomous agents that can take real-world actions — safely, auditably, and with human oversight.
01 / PROBLEM
AI agents are powerful but ungoverned
Today's AI agents can write code, send emails, move money, and interact with APIs — but there's no standard way to authorize, audit, or control what they're actually allowed to do. Enterprises need agents they can trust.
❌ Without VaultAgent
No permission boundaries on agent actions
No human oversight for high-risk operations
No audit trail — who did what, when
Single LLM failure = total system failure
Auth bolted on as afterthought
✅ With VaultAgent
Fine-grained RBAC per user, agent, API key
HITL gates every financial/sensitive action
Tamper-evident SHA-256 chained audit log
Claude → DeepSeek → Ollama auto-fallback
Auth0 JWT + API keys + agent identities
02 / SOLUTION
One process. Two servers. Total coverage.
VaultAgent merges AgenticVault (authorization infrastructure) with AutonomousAgent (execution intelligence) into a single deployable Node.js process. Express :3000 handles the human-facing dashboard and OAuth. Fastify :8443 handles the agent API and HITL. A bridge layer connects both.
2
SERVERS IN 1 PROCESS
3
LLM PROVIDERS
100%
FINANCIAL ACTIONS HITL-GATED
AUDIT CHAIN DEPTH
03 / HUMAN-IN-THE-LOOP
Agents act. Humans approve.
Every financial action — wire transfers, crypto sends, Stripe payments, DeFi interactions — generates a real-time Telegram message with inline Approve / Reject buttons. The agent waits. The human decides. The system executes. Full audit trail created automatically.
HITL Flow
Agent requests: "Send 0.5 ETH to 0xABCD..."
System holds — creates pending approval record
Telegram bot pushes notification with context
Human taps Approve or Reject inline button
Action executes (or is cancelled) + logged
Covered Actions
ETH / token sends and DeFi swaps
Stripe payment initiation
Plaid-linked bank transfers
Spawning new sub-agents
Any action marked sensitive in RBAC
04 / MULTI-LLM
Claude first. Never stuck.
The agent brain uses Claude (Anthropic) as primary, with automatic fallback to DeepSeek API and then Ollama running locally. If any provider is down or rate-limited, the system reroutes transparently. MCP protocol (Model Context Protocol) connects DeepSeek, Ollama, filesystem, and memory as tools.
LLM Stack
Claude (Anthropic) — primary reasoning
DeepSeek API — fallback + cost optimization
Ollama local — air-gapped / private data
Auto-fallback with zero configuration
MCP Servers
DeepSeek MCP — extended capabilities
Ollama MCP — local model tools
Filesystem MCP — file read/write/search
Memory MCP — persistent agent context
05 / AUTHORIZATION
Three identity types. One permission system.
VaultAgent handles three distinct actors: humans (Auth0 JWT/JWKS OAuth), machines (API keys with scoped permissions), and agents (agent identities with task-specific grants). Every API call checks the requester's identity type and permission set before execution.
Identity Types
Humans → Auth0 OAuth + JWT
Machines → Scoped API keys
Agents → Agent identities
Admin → Full permission grants
Permission Scopes
blockchain:read / blockchain:write
agent:run / agent:spawn
banking:read / banking:transfer
admin:users / admin:permissions
06 / AUDIT + COMPLIANCE
Every action. Forever traceable.
Every event in VaultAgent creates an audit log entry chained with SHA-256 — each entry includes the previous entry's hash, making tampering immediately detectable. The chain can be verified at any time. PostgreSQL stores the permanent record; Redis caches for real-time queries.
Log Entry Contains
Timestamp (ms precision)
Actor ID + identity type
Action + parameters
SHA-256 of (payload + prev_hash)
Tamper Detection
Any modified entry breaks the chain
Deletions are detectable by gap in chain
Real-time chain integrity verification
Export-ready for compliance audits
07 / DEPLOYMENT
Deploy once. Run everything.
Single Node.js process deploys to Render via render.yaml. PostgreSQL and Redis are provisioned as managed services. Secrets managed in environment variables. The entire platform — both servers, all agents, all integrations — runs from one deployment.
Infrastructure
Node.js (Express + Fastify in one process)
PostgreSQL — user data + audit logs
Redis — session cache + rate limiting
SQLite — agent memory + state
Integrations
Auth0 — OAuth / JWKS
Alchemy — Ethereum node
Plaid — bank account read
Stripe — payment processing
Telegram Bot — HITL notifications
Twilio SMS — alerts
Human-in-the-Loop
Agents ask. You decide.
Every financial or sensitive action triggers a Telegram approval request. The agent is blocked until you respond. Try the demo — create a pending action and approve or reject it.
Trigger an Agent Action
System Log
0 PENDING
00:00:00HITL system ready
TELEGRAM BOT — VaultAgent Approvals
🤖
VaultAgent Bot
online · awaiting approvals
LIVE
🔒 VaultAgent HITL System Active
All financial actions require your approval
Multi-LLM Brain
Claude first. Never stuck.
The agent routes to Claude by default. If Claude fails or is rate-limited, it auto-falls to DeepSeek API, then Ollama local. Try simulating failures to watch the router work.
Claude Sonnet
PRIMARY · ANTHROPIC
Status: ACTIVE
Latency: ~1.2s
DeepSeek API
FALLBACK #1
Status: STANDBY
Latency: ~2.1s
Ollama Local
FALLBACK #2 · PRIVATE
Status: STANDBY
Latency: ~3.8s
Agent Prompt Router
ROUTING → Claude
Routing trace will appear here
Response will appear here...
MCP Tool Connections
Connected MCP Servers
mcpdeepseek-mcp connected · /mcp/sse
mcpollama-mcp connected · localhost:11434
mcpfilesystem-mcp connected · /data
mcpmemory-mcp connected · SQLite
Available Tools
web_search read_file write_file remember recall eth_balance plaid_accounts run_python
Authorization / RBAC
Who can do what.
Three identity types — humans (Auth0 JWT), machines (API keys), agents (agent identities). Every API call checks permissions. Click users to view and toggle their grants.
API Endpoint Checker
Create API Key
IDENTITIES
A
Alice
ADMIN · human
B
Bob
ANALYST · human
α
agent-alpha
AGENT · bot
C
Carol
READ-ONLY · human
🔑
api-key-xyz
MACHINE · apikey
Alice
Role: Admin · Auth0 JWT · Full access
Blockchain / Crypto
ETH wallet. Agent-controlled.
Ethereum wallet management via ethers.js v6 + Alchemy. Agents can read balance, check gas, and send ETH — but sends require HITL approval first.
SLOW GAS
12 gwei
STANDARD
18 gwei
FAST
28 gwei
NETWORK
Ethereum
BLOCK
19,847,221
AGENT WALLET ADDRESS
0x742d35Cc6634C0532925a3b8D4C9b6e2F4C8F4e2
4.2847 ETH
≈ $13,641.22 USD
Transaction History
7 transactions
TX HASHFROM/TOAMOUNTSTATUS
Banking — Plaid + Stripe
Read balance. Send payments.
Plaid reads your bank accounts and transactions. Stripe initiates payments. All transfers are HITL-gated — the agent requests, you approve via Telegram.
Recent Transactions — Plaid
Jan 15+$8,500.00 — Client payment ACH
Jan 14-$2,100.00 — AWS invoice
Jan 13-$450.00 — Anthropic API
Jan 12+$12,000.00 — Client retainer
Jan 11-$890.00 — Server hosting
Jan 10-$299.00 — Auth0 plan
Jan 9+$3,200.00 — Consulting invoice
Stripe Payment
HITL GATED
Agent Spawning
One agent. Many agents.
The master agent spawns sub-agents for parallel tasks. Sub-agents communicate via A2A message bus, coordinate, and report back. Memory persists in SQLite.
Spawn Sub-Agent
HITL GATED
A2A Message Bus
mastersystemA2A bus initialized
AGENT NETWORK MAP
MASTER AGENT
VaultAgent
● orchestrating
Tamper-Evident Audit Logs
Every action. Forever.
Every event creates a chained SHA-256 log entry. Each entry hashes the previous entry's hash — making tampering immediately detectable. Try tampering with a log entry to see the chain break.
SHA-256 Hash Chain
✓ CHAIN INTACT
⚠️ CHAIN INTEGRITY VIOLATION — Entry #? hash mismatch detected. Audit trail compromised.
Audit Log
TIMESTAMPACTORACTIONENTRY HASH
Tamper Simulation
Select an entry to modify — watch the chain break.
Chain Stats
8
ENTRIES
SHA-256
ALGORITHM