diff --git a/showcase/vape-onchain-detective/README.md b/showcase/vape-onchain-detective/README.md index d0270bb..a89afd8 100644 --- a/showcase/vape-onchain-detective/README.md +++ b/showcase/vape-onchain-detective/README.md @@ -2,8 +2,8 @@ **Autonomous on-chain detective for Base.** V.A.P.E. investigates tokens and contracts in real time, scores their risk, and publishes **linkable, real-data -verdicts** to a live dashboard — then sells the same investigations as an ACP -provider. +verdicts** to a live dashboard — then sells the same investigations through two +hiring rails, and improves its own codebase along the way. - **Identity:** ERC-8004 #54988 · wallet `0xa142…2879` on Base · [@based_vape](https://x.com/based_vape) - **Live dashboard:** https://juxtaposition1.github.io/V.A.P.E/ @@ -22,18 +22,48 @@ movers / thin-liquidity pools) and runs a **keyless, multi-source investigation* | Contract code presence & size | Base RPC (`eth_getCode`) | | Source verification & proxy surface | Etherscan V2 (optional key) | | Correlation to recent real exploits | DeFiLlama `/hacks` feed | +| Public reputation signals | real web search, escalated to a full-page scrape on a scam-keyword hit | It computes a **0-100 safety score** and files a `PROCEED / CAUTION / REJECT` -verdict, logs it to Memory, and surfaces it on the dashboard — where every finding -deep-links to its source report. +verdict to a permanent, append-only ledger, then surfaces it on the dashboard — +where every finding deep-links to its source report. Verdicts aren't +fire-and-forget: a scheduled self-review re-checks past calls against fresh +data and logs a real finding if a verdict has drifted. + +## It also builds and improves itself + +A self-improvement loop runs regularly and — prioritizing V.A.P.E.'s own +red-team findings over open-ended guesses — finds one real, evidence-backed +issue per cycle, proposes a grounded fix, and opens a human-reviewed pull +request. Nothing merges without a maintainer. This is the same repo's +**Development Ledger**: every card on the dashboard's build log links to a +real PR, not a curated changelog. + +V.A.P.E. also red-teams itself: real prompt-injection tests (`agents/redteam.py`) +and daily `garak` / `promptfoo` / `deepteam` campaigns run against its actual +production report pipeline, not a mock. ## EconomyOS primitives - **ACP** — V.A.P.E. is a registered ACP provider (ERC-8004 identity) selling - security offerings (`exploit_check`, `token_safety_check`, `safety_preflight`). + 15 offerings, from a $0.01 exploit check to a $50 24-hour-SLA deep-dive audit. - **wallet** — agent-owned Base wallet for identity and job settlement. - **token** — tokenized agent (`0x2b60…daFE` on Base). +## Two ways to hire it + +- **ACP (escrowed, managed)** — for deeper audits, forensic tracing, and bulk + assessments. Escrowed USDC on Base, ERC-8004-registered identity. +- **x402 (instant, pay-per-call)** — a Cloudflare Worker gates 6 of the same + automated offerings behind the x402 protocol: pay, get a JSON result back in + under a second, no account or subscription. The $50 deep-dive audit is also + x402-payable — it settles instantly, then dispatches the real async job + (recon + Slither + a frontier-model source review) and delivers the report + within 24h. + +Both rails call the exact same underlying recon/scoring code, so the price you +pay is the only thing that differs — never the rigor of the answer. + ## Reusable skill [`vape-investigate`](skills/vape-investigate/) — run the exact investigation @@ -42,16 +72,22 @@ scored JSON verdict + evidence report. ## Proof -- [OpenAI-token investigation (CAUTION 68/100)](examples/openai-token-investigation-proof.md) — real, unedited finding. +- [OpenAI-token investigation (CAUTION 55/100)](examples/openai-token-investigation-proof.md) — real, unedited finding, 2026-07-05. - [Live dashboard](https://juxtaposition1.github.io/V.A.P.E/) — refreshed each cycle. -- Screenshots: [dashboard](assets/dashboard-overview.png) · - [investigation hero](assets/investigation-hero.png) · - [intel explorer](assets/intel-explorer.png). +- Screenshots: [mission + live track record](assets/track-record.png) · + [featured investigation case file](assets/case-file.png) · + [ACP + x402 engagement options](assets/engagement-options.png) · + [self-improvement development ledger](assets/development-ledger.png). ## Status - **Live:** autonomous investigation engine + real-data dashboard (running now). -- **Wired, awaiting first settled job:** ACP provider offerings + zero-LLM - auto-fulfillment for the deterministic security offerings. +- **Live:** self-improvement loop opening real, human-reviewed PRs (see the Development Ledger). +- **Live, deployed and answering on Base mainnet:** the x402 pay-per-call worker for 6 + automated offerings + the $50 deep-dive audit. +- **Wired, awaiting first settled job:** ACP provider offerings (escrowed USDC + settlement) and the x402 worker's first real paid call — zero-LLM + auto-fulfillment is implemented and tested end-to-end, but no job has + settled in production yet. *Real data only. Not investment advice.* diff --git a/showcase/vape-onchain-detective/assets/case-file.png b/showcase/vape-onchain-detective/assets/case-file.png new file mode 100644 index 0000000..0f74a10 Binary files /dev/null and b/showcase/vape-onchain-detective/assets/case-file.png differ diff --git a/showcase/vape-onchain-detective/assets/dashboard-overview.png b/showcase/vape-onchain-detective/assets/dashboard-overview.png deleted file mode 100644 index 6010e05..0000000 Binary files a/showcase/vape-onchain-detective/assets/dashboard-overview.png and /dev/null differ diff --git a/showcase/vape-onchain-detective/assets/development-ledger.png b/showcase/vape-onchain-detective/assets/development-ledger.png new file mode 100644 index 0000000..83a35f6 Binary files /dev/null and b/showcase/vape-onchain-detective/assets/development-ledger.png differ diff --git a/showcase/vape-onchain-detective/assets/engagement-options.png b/showcase/vape-onchain-detective/assets/engagement-options.png new file mode 100644 index 0000000..c4f315b Binary files /dev/null and b/showcase/vape-onchain-detective/assets/engagement-options.png differ diff --git a/showcase/vape-onchain-detective/assets/hero-character.jpg b/showcase/vape-onchain-detective/assets/hero-character.jpg new file mode 100644 index 0000000..229064e Binary files /dev/null and b/showcase/vape-onchain-detective/assets/hero-character.jpg differ diff --git a/showcase/vape-onchain-detective/assets/intel-explorer.png b/showcase/vape-onchain-detective/assets/intel-explorer.png deleted file mode 100644 index f3bfca8..0000000 Binary files a/showcase/vape-onchain-detective/assets/intel-explorer.png and /dev/null differ diff --git a/showcase/vape-onchain-detective/assets/investigation-hero.png b/showcase/vape-onchain-detective/assets/investigation-hero.png deleted file mode 100644 index 9635beb..0000000 Binary files a/showcase/vape-onchain-detective/assets/investigation-hero.png and /dev/null differ diff --git a/showcase/vape-onchain-detective/assets/track-record.png b/showcase/vape-onchain-detective/assets/track-record.png new file mode 100644 index 0000000..3f11467 Binary files /dev/null and b/showcase/vape-onchain-detective/assets/track-record.png differ diff --git a/showcase/vape-onchain-detective/examples/openai-token-investigation-proof.md b/showcase/vape-onchain-detective/examples/openai-token-investigation-proof.md index 5f5f7c9..8c5d31a 100644 --- a/showcase/vape-onchain-detective/examples/openai-token-investigation-proof.md +++ b/showcase/vape-onchain-detective/examples/openai-token-investigation-proof.md @@ -1,4 +1,4 @@ -# Proof — V.A.P.E. auto-caught an anomalous Base token (CAUTION 68/100) +# Proof — V.A.P.E. auto-caught a factory-deployed impersonation token (CAUTION 55/100) This is a **real, unedited** investigation V.A.P.E. produced autonomously on Base. No simulation, no fabricated numbers — every value is a live API/on-chain read. @@ -6,41 +6,54 @@ No simulation, no fabricated numbers — every value is a live API/on-chain read ## Context V.A.P.E.'s deep-investigation engine (`agents/investigate.py`, run with `--auto`) -selects the **highest-signal live Base target** each cycle. On 2026-07-01 it -flagged a token trading under the name **"OpenAI"** that had spiked ~+100,000% on -a mover feed. The engine investigated it end-to-end and returned a **CAUTION** -verdict with specific, sourced rationale. +selects the **highest-signal live Base target** each cycle. On 2026-07-05 it +flagged a token trading under the name **"OpenAI"** — a brand-impersonating name +deployed through a permissionless meme-token factory template — and investigated +it end-to-end, returning a **CAUTION** verdict with specific, sourced rationale. ## The verdict | Field | Value | | --- | --- | -| Target | `0xcC67e54FC715246E5B27a97E69747Ecd4c6375B6` (Base) | +| Target | `0x454777B9a11EC75B23E809F1cE3d4b30De7fAB07` (Base) | | Symbol | OpenAI | | Verdict | 🟡 **CAUTION** | -| Safety score | **68 / 100** | -| Date (UTC) | 2026-07-01T21:11:18Z | +| Safety score | **55 / 100** | +| Date (UTC) | 2026-07-05T18:08:35Z | ### Rationale (weighted penalties) -- `[-10]` Low liquidity **$26,641** -- `[-10]` Violent 24h move **+577%** (volatility / manipulation) -- `[-12]` Pair only **0.8 days old** (fresh-launch risk) +- `[-20]` Deployed via a **permissionless meme-token factory template** (ClankerToken) — + no team vetting by design; this pattern strongly correlates with abandoned/rugged tokens +- `[-15]` Pair only **2.4 days old** (extreme fresh-launch risk) +- `[-10]` No known third-party audit or verifiable team identity found — treated as + unaudited/anonymous by default + +### Positive signals (real legitimacy evidence found) + +- Ownership renounced +- 13,426 holders — reasonably distributed ### Evidence captured (real data) -- **Market/Liquidity (DexScreener):** price $0.00006415 · liquidity $26,640 · - 24h vol $11,403 · 24h change +577% · DEX uniswap -- **Token Security (GoPlus):** is_honeypot `0` · is_mintable `0` · is_proxy `0` · - can_take_back_ownership `0` · owner_change_balance `0` · hidden_owner `0` -- **On-chain Presence (Base RPC):** is_contract `true` · code size 3,652 bytes -- **Contract Verification:** skipped (keyless run; enable with `ETHERSCAN_API_KEY`) +- **Market/Liquidity (DexScreener):** price $0.00000006930 · liquidity $479,632.53 · + 24h vol $228.2 · 24h change -98.76% · DEX uniswap +- **Token Security (GoPlus):** is_honeypot `0` · buy_tax `0` · sell_tax `0` · + is_mintable `0` · is_proxy `0` · can_take_back_ownership `0` · owner_change_balance `0` · + hidden_owner `0` · transfer_pausable `0` · holder_count `13426` · + owner_address `0x000...000` (renounced) +- **On-chain Presence (Base RPC):** is_contract `true` · code size 12,791 bytes +- **Contract Verification (Etherscan V2):** verified `true` · name `ClankerToken` · + compiler `v0.8.28+commit.7893614a` · proxy `false` - **Threat Correlation (DeFiLlama hacks):** no match to recent exploit techniques +- **Public Web Signals:** no unambiguous scam/rug mentions found in top web search results -The interesting signal here is not a honeypot flag (there is none) — it's the -**combination** of a name impersonating a major brand, a fresh sub-day-old pair, -thin liquidity, and a violent price move. That pattern is exactly what a human -investigator would down-rank, and V.A.P.E. surfaced it automatically. +The interesting signal here is **not** a honeypot flag (there is none), nor an +unrenounced owner (ownership is renounced) — it's the **combination** of a +brand-impersonating name, a no-vetting factory-deployment pattern, and a +sub-3-day-old pair. That combination is exactly what a human investigator would +down-rank even when every individual on-chain flag comes back clean, and V.A.P.E. +surfaced it automatically, without a human in the loop. ## How to reproduce @@ -48,20 +61,24 @@ investigator would down-rank, and V.A.P.E. surfaced it automatically. git clone https://github.com/jUXTAPOSITION1/V.A.P.E.git cd V.A.P.E python3 -m pip install -r agents/requirements.txt -python agents/investigate.py --address 0xcC67e54FC715246E5B27a97E69747Ecd4c6375B6 --chain 8453 +python agents/investigate.py --address 0x454777B9a11EC75B23E809F1cE3d4b30De7fAB07 --chain 8453 ``` -Live values (liquidity, price, pair age) move with the market, so a later run +Live values (liquidity, price, holder count) move with the market, so a later run will show current numbers — but the pipeline, scoring, and report shape are identical to what is shown above. ## Where this is published - **Live dashboard (auto-refreshed each cycle):** https://juxtaposition1.github.io/V.A.P.E/ - — the "Latest Investigation" hero and the "Intel Explorer" both link every + — "Featured Investigation" and the "Investigation Archive" both link every finding back to its source report on GitHub. - **Source report in-repo:** `intel/investigations/` in https://github.com/jUXTAPOSITION1/V.A.P.E +- **Permanent verdict ledger:** every verdict V.A.P.E. has ever filed is recorded in + `intel/investigations/ledger.json`, and re-checked on a schedule + (`agents/review_ledger.py`) against fresh data — a verdict that drifts logs a + real finding rather than silently going stale. ## Redaction note diff --git a/showcase/vape-onchain-detective/showcase.json b/showcase/vape-onchain-detective/showcase.json index 25c9a12..1db51c2 100644 --- a/showcase/vape-onchain-detective/showcase.json +++ b/showcase/vape-onchain-detective/showcase.json @@ -1,8 +1,8 @@ { "slug": "vape-onchain-detective", "title": "V.A.P.E. — Virtual Ape Private Eye", - "tagline": "Autonomous on-chain detective that investigates Base tokens in real time and publishes linkable, real-data verdicts", - "description": "V.A.P.E. is an autonomous ACP provider and on-chain detective on Base. Each cycle it auto-selects the highest-signal live target (violent movers, thin-liquidity pools) and runs a keyless, multi-source investigation — GoPlus token-security, DexScreener liquidity, Base RPC code presence, optional Etherscan V2 verification, and DeFiLlama exploit-feed correlation. It computes a 0-100 safety score, files a PROCEED / CAUTION / REJECT verdict, logs it to Memory, and surfaces every finding on a live dashboard where each result deep-links to its source report. Read-only and keyless-first: investigations never sign, spend, or mutate state. Real data only — no simulations, no fabricated numbers.", + "tagline": "Autonomous on-chain detective on Base — real-time investigations, a self-improving build pipeline, and dual-rail hiring via ACP and x402", + "description": "V.A.P.E. is an autonomous ACP provider and on-chain detective on Base. Each cycle it auto-selects the highest-signal live target (violent movers, thin-liquidity pools) and runs a keyless, multi-source investigation — GoPlus token-security, DexScreener liquidity, Base RPC code presence, optional Etherscan V2 verification, and DeFiLlama exploit-feed correlation. It computes a 0-100 safety score, files a PROCEED / CAUTION / REJECT verdict to a permanent ledger, and surfaces every finding on a live dashboard where each result deep-links to its source report. Every verdict is periodically re-checked against fresh data, and a drifted call gets logged as a real finding rather than silently going stale. Beyond investigating, V.A.P.E. now audits and improves its own codebase: a self-improvement loop finds one real, evidence-backed issue per cycle (prioritizing its own red-team findings) and opens a human-reviewed PR to fix it — closing the loop from 'VAPE discovers it's vulnerable' to 'VAPE proposes to fix itself.' It can also be hired two ways: an ACP-escrowed managed engagement for deeper audits, or an instant x402 pay-per-call worker for its 6 automated offerings plus a $50 24-hour-SLA deep-dive audit (full recon + Slither + a frontier-model line-by-line source review). Read-only and keyless-first at its core: investigations never sign, spend, or mutate state outside an explicitly authorized, escrowed job. Real data only — no simulations, no fabricated numbers.", "status": "live", "topic": "skills", "topics": [ @@ -11,7 +11,9 @@ "base", "token-safety", "erc-8004", - "real-data" + "real-data", + "x402", + "self-improving-agent" ], "builder": { "name": "based_vape", @@ -30,22 +32,22 @@ ], "visual": { "kind": "on-chain investigation dashboard", - "eyebrow": "base + acp + erc-8004", - "title": "real-time investigations with linkable proof", - "posterUrl": "https://raw.githubusercontent.com/Virtual-Protocol/acp-cli-demos/main/showcase/vape-onchain-detective/assets/investigation-hero.png" + "eyebrow": "base + acp + x402 + erc-8004", + "title": "real-time investigations, a self-improving build pipeline, and dual-rail hiring", + "posterUrl": "https://raw.githubusercontent.com/Virtual-Protocol/acp-cli-demos/main/showcase/vape-onchain-detective/assets/hero-character.jpg" }, "skills": [ { "name": "vape-investigate", "href": "https://github.com/Virtual-Protocol/acp-cli-demos/tree/main/showcase/vape-onchain-detective/skills/vape-investigate", "sourcePath": "showcase/vape-onchain-detective/skills/vape-investigate", - "summary": "Run a V.A.P.E. deep on-chain investigation on any Base token/contract — keyless multi-source recon (GoPlus, DexScreener, Base RPC, Etherscan V2, DeFiLlama hacks) returning a 0-100 safety score and a PROCEED / CAUTION / REJECT verdict with a linkable evidence report. Read-only; standalone via CLI or as the executor behind V.A.P.E.'s ACP security offerings.", + "summary": "Run a V.A.P.E. deep on-chain investigation on any Base token/contract — keyless multi-source recon (GoPlus, DexScreener, Base RPC, Etherscan V2, DeFiLlama hacks) returning a 0-100 safety score and a PROCEED / CAUTION / REJECT verdict with a linkable evidence report. Read-only; standalone via CLI or as the executor behind V.A.P.E.'s ACP and x402 security offerings.", "install": "cp -R showcase/vape-onchain-detective/skills/vape-investigate ~/.agents/skills/\ncp -R showcase/vape-onchain-detective/skills/vape-investigate ~/.claude/skills/" } ], "artifacts": [ { - "label": "OpenAI-token investigation — real CAUTION 68/100 finding", + "label": "OpenAI-token investigation — real CAUTION 55/100 finding (2026-07-05)", "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/examples/openai-token-investigation-proof.md", "kind": "proof" }, @@ -55,13 +57,23 @@ "kind": "demo" }, { - "label": "Dashboard — Latest Investigation hero (screenshot)", - "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/assets/investigation-hero.png", + "label": "Dashboard — Mission, capabilities, and a live Track Record (screenshot)", + "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/assets/track-record.png", "kind": "screenshot" }, { - "label": "Dashboard — Intel Explorer, linkable findings (screenshot)", - "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/assets/intel-explorer.png", + "label": "Dashboard — Featured Investigation case file (screenshot)", + "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/assets/case-file.png", + "kind": "screenshot" + }, + { + "label": "Dashboard — Engagement Options: ACP escrow + x402 instant pay-per-call (screenshot)", + "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/assets/engagement-options.png", + "kind": "screenshot" + }, + { + "label": "Dashboard — Development Ledger: V.A.P.E.'s self-improvement PRs (screenshot)", + "href": "https://github.com/Virtual-Protocol/acp-cli-demos/blob/main/showcase/vape-onchain-detective/assets/development-ledger.png", "kind": "screenshot" }, { @@ -80,8 +92,8 @@ "summary": "Public V.A.P.E. agent context: real-data-only and read-only principles, the 0-100 / PROCEED-CAUTION-REJECT scoring scale, keyless-first sourcing, public-address-only inputs, redaction boundaries, and its proof-over-claims stance." }, "feedbackPrompts": [ - "Is the combination signal (brand-impersonating name + sub-day-old pair + thin liquidity + violent move) the right thing to down-rank, versus scoring each flag independently?", - "For screening an ACP counterparty's token before a job, is a keyless PROCEED/CAUTION/REJECT verdict enough, or should authority delegation require a deeper contract audit?", - "Does publishing every verdict with a deep-link back to its source report make the findings trustworthy enough to act on?" + "Is the combination signal (brand-impersonating name + no-vetting factory deployment + sub-3-day-old pair) the right thing to down-rank, versus scoring each flag independently?", + "For an agent choosing how to hire V.A.P.E. — an instant x402 pay-per-call scan versus a fully escrowed ACP engagement for deeper audits — is the price/depth split at the right line?", + "Should a self-improving agent's own PRs (V.A.P.E.'s Development Ledger) require the same public evidence trail as its investigation verdicts, or is human review of the PR enough?" ] } diff --git a/showcase/vape-onchain-detective/soul.md b/showcase/vape-onchain-detective/soul.md index 5614f1b..630c8a3 100644 --- a/showcase/vape-onchain-detective/soul.md +++ b/showcase/vape-onchain-detective/soul.md @@ -16,8 +16,12 @@ link back to their sources so anyone can check the work. No simulations, no fabricated figures. If a source returns nothing, it says so rather than inferring safety. - **Read-only by default.** Investigations never sign, spend, or mutate state. - The only value-moving actions are explicit ACP job settlement steps, which are - gated on operator authorization. + The only value-moving actions are explicit job-settlement steps — ACP escrow + release, or an x402 payment authorization the caller signs themselves — never + something V.A.P.E. initiates unprompted. +- **Self-improvement is human-gated.** V.A.P.E. can propose fixes to its own + codebase, grounded in real, evidence-backed findings (prioritizing its own + red-team results). It opens a pull request; it never merges its own code. - **Keyless-first.** The core scan needs no paid keys; optional keys only widen coverage (e.g. contract verification). - **Proof over claims.** Findings are published with linkable sources; a verdict