📖 Table of Contents

1. The Problem: The Agency Gap
2. Target Audience: Who is this for?
3. The Strategic Solution
4. Core Technology & Infrastructure
   • MagicBlock Ephemeral Rollups
   • BSIT Protocol (Cryptography)
5. Installation & Setup
6. Implementation Manual (Production Pattern)
7. Advanced Security Features
8. Human-in-the-loop (Escalation)
9. FAQ

🌪️ The Problem: The Agency Gap

The rise of Autonomous AI Agents on the blockchain has created a massive, unaddressed security vacuum known as The Agency Gap.

Traditional wallet security (like Multi-sig or Hardware Wallets) relies on Human Intent. However, when an AI Agent controls a wallet, the intent is generated by an LLM. This creates fatal vulnerabilities:

1. The "Semantic-to-Binary" Blindspot

Agents translate natural language into binary transaction data. If the LLM is tricked via Prompt Injection, it will build a perfectly valid transaction that performs a malicious act (e.g., "Transfer all SOL to an attacker's drainer").

2. Jailbreaking & Instruction Drift

System prompts can be bypassed. An agent instructed to "only swap on Jupiter" can be persuaded to interact with a malicious, unverified contract, leading to total asset depletion.

3. The Lack of a "Pre-Execution" Firewall

Once an agent has the private key, there is no "check-and-balance" before the signature. Most security happens post-execution (monitoring), which is too late for irreversible blockchain transactions.

🎯 Target Audience: Who is this for?

Bento Guard is engineered for developers and organizations building:

• Autonomous DeFi Agents: Trading bots, yield optimizers, and portfolio managers that require high-velocity but safe execution.
• Autonomous DAOs: Systems where AI makes governance or treasury decisions based on community sentiment.
• AI Gaming Agents: In-game autonomous entities that manage assets, trade items, or interact with smart contracts.
• Agentic Infrastructure: Platforms providing "Agent-as-a-Service" where security is the primary value proposition.

🛡️ The Strategic Solution

Bento Guard is not just a library; it is a Security Infrastructure that bridges the Agency Gap by introducing a Verifiable Audit Layer.

| Strategic Pillar | How it Solves the Pain | |:--- |:--- | | Intent Verification | We audit the LLM's reasoning against the actual transaction data to ensure they match 1:1. | | Pre-Execution Simulation | Every transaction is forked and simulated in a sandbox before the agent signs it. | | Non-Custodial Control | You keep your keys. We provide the "Permission Logic" via a secure tunnel. | | On-Chain Policy Enforcement | Policies are not just config files; they are enforced by Solana Smart Contracts. |

💎 Core Technology & Infrastructure

MagicBlock Ephemeral Rollups

Security shouldn't be slow. Bento Guard leverages MagicBlock to achieve sub-second security auditing:

• Forked Simulation: We simulate the transaction on an ephemeral rollup that mirrors the current Solana mainnet state.
• Verifiable Decision State: The "Allow/Block" decision is recorded on an ephemeral chain, providing a transparent audit trail without the high cost of L1 transactions.

BSIT Protocol (Bento Secure Instruction Tunneling)

We protect the "Security Handshake" using industry-standard cryptography:

1. Identity: Agent signs requests with Ed25519 (Solana standards).
2. Key Exchange: E2E encryption via X25519 (ECDH) forward secrecy.
3. Payload Protection: Data is encrypted using AES-256-GCM, ensuring your agent's private instructions never touch our logs in plaintext.

🚀 Installation & Setup

Install Dependencies

npm install @bentoguard/sdk @solana/web3.js bs58

The "Magic" Setup Wizard

Highly recommended for new projects. It initializes your environment, configures your keys, and creates a full finance agent sample:

npx @bentoguard/sdk

💻 Implementation Manual (Production Pattern)

To ensure 100% reliability, your agent should follow this integration pattern. This ensures the transaction is audited before the private key is ever used to sign.

import { BentoClient, protect } from '@bentoguard/sdk';
import { Connection, Transaction, SystemProgram, PublicKey, Keypair } from '@solana/web3.js';
import bs58 from 'bs58';

/**
 * PRODUCTION-GRADE INTEGRATION
 */
async function executeSecureAgentAction() {
  const connection = new Connection("https://api.mainnet-beta.solana.com");
  
  // Load Agent's identity
  const agentKeypair = Keypair.fromSecretKey(bs58.decode(process.env.AGENT_WALLET_PRIVATE_KEY!));

  // 1. Initialize Bento Client
  // This establishes the secure handshake with the Bento Security Engine
  if (!BentoClient.isInitialized()) {
    BentoClient.initialize({
      agentWalletPrivateKey: process.env.AGENT_WALLET_PRIVATE_KEY!,
      network: 'solana'
    });
  }

  // 2. AGENT PLANNING PHASE
  const intent = "Swap 5.0 SOL for USDC on Jupiter";
  
  // 3. TRANSACTION BUILDING PHASE
  // Create the transaction but DO NOT SIGN yet.
  const transaction = new Transaction().add(
    // ... your agent's logic to build the tx ...
  );
  
  // Vital: Simulation requires a recent blockhash and fee payer
  const { blockhash } = await connection.getLatestBlockhash();
  transaction.recentBlockhash = blockhash;
  transaction.feePayer = agentKeypair.publicKey;

  // 4. PRE-EXECUTION GUARD PHASE
  // Serialize the unsigned transaction to Base64
  const rawTx = transaction.serialize({ 
    requireAllSignatures: false, 
    verifySignatures: false 
  }).toString('base64');

  try {
    console.log("🛡️ Forwarding to Bento Guard Firewall...");
    
    // CALL THE GUARD: Intent + Raw Bytes
    const audit = await protect(intent, rawTx);
    
    if (audit.recommendation === 'ALLOW') {
      console.log("✅ Audit Passed:", audit.reasoning);
      console.log("Risk Score:", audit.riskScore);
      
      // 5. SIGNING & BROADCAST PHASE
      // Only now is it safe to use the private key
      const signature = await connection.sendTransaction(transaction, [agentKeypair]);
      console.log("🚀 Secure Transaction Broadcasted:", signature);
      
    } else if (audit.recommendation === 'ESCALATE') {
      console.warn("⚠️ High-Risk Action: Pending human approval in Bento Dashboard.");
      // The agent should wait or notify the user here.
    }
    
  } catch (error: any) {
    if (error.code === 'HIGH_RISK_DETECTED') {
      console.error("🛑 SECURITY BLOCK: Bento Guard prevented a malicious action.");
      console.error("Reasoning:", error.message);
    } else {
      console.error("System Error:", error.message);
    }
  }
}

🔐 Advanced Security Features

| Feature | Technical Detail | |:--- |:--- | | LLM Cross-Verification | We use multiple models (Gemini/Claude) to reach a consensus on agent intent. | | State-Fork Simulation | MagicBlock forks the mainnet state at the exact slot of the request for 100% accuracy. | | Dynamic On-chain Policies | Policies are stored in Solana accounts, allowing for real-time updates and DAO governance. | | Identity Verification | Every audit request is cryptographically tied to the Agent's on-chain public address. |

🧑‍💻 Human-in-the-loop (Escalation)

Not every risk is an attack. Sometimes an agent needs to perform a large, unusual transaction. Bento Guard's Escalation Engine allows:

1. Agent submits a high-risk request.
2. Bento Guard pauses the request and returns ESCALATE.
3. An alert is sent to the developer/user via the Bento Dashboard.
4. Once a human clicks "Approve", the SDK's next poll will receive an ALLOW decision.

❓ FAQ

Q: Does Bento Guard store my Private Keys? A: No. Your private keys never leave your agent's environment. We only receive the unsigned transaction bytes for simulation.

Q: How much latency does this add? A: Thanks to MagicBlock Ephemeral Rollups, the overhead is typically under 500ms—faster than most LLM inference times.

Q: What happens if the Bento Backend is down? A: You can configure the SDK's "Fail-Safe" mode to either BLOCK_ALL (strict security) or ALLOW_ALL (priority on uptime).

🔗 Resources

• Official Website: bentoguard.xyz
• Documentation: docs.bentoguard.xyz
• Dashboard: app.bentoguard.xyz