WHITEPAPER: GatewayAgente

1. Executive Summary

Crypto automation is stuck in a paradox. Serious capital does not trust bots, copy trading or “DeFi managers” because there is always someone with discretionary power over withdrawals, risk and reporting. At the same time, the few people who actually have winning strategies do not want to expose their code, nor take on the regulatory and operational burden of managing other people’s money.

GatewayAgente breaks this deadlock by turning any trading agent into a closed‑mandate decentralized fund. Capital is held in a non‑custodial Smart Vault that enforces absolute loss limits (Hard Floor) and only executes trades within a DAO‑curated whitelist of tokens, swaps and protocols. The strategy lives inside a black‑box container identified by a cryptographic hash, is validated by a decentralized backtesting network (Proof of Backtest), and earns on‑chain performance fees without ever revealing its code or alpha.

The result is new financial infrastructure: investors get institutional‑grade downside protection and predictable mandates; developers run capital like a fund manager, at global scale, with no custody, no backoffice and no forced disclosure. The chain enforces, line by line, what can and cannot happen to the money.

2. The Problem: Bots, Copy Trading and the Trust Fallacy

The dominant automation models today all rely on implicit trust:

• Bots that trade from custodial exchange accounts or have direct access to the investor’s key.
• Copy/mirror trading platforms where users do not control risk engines or order books.
• DeFi vaults where strategies are upgradable, legible on-chain and controlled by opaque multisigs.

This creates a bad game for both sides.

For investors:

• There is always an actor with discretionary power: exchange, bot operator, multisig signer.
• Loss limits are at best promises: stop‑losses and circuit breakers are off‑book logic, not protocol‑level guarantees.
• Track records are easy to fake or cherry‑pick with backtests and selective disclosure.

For strategy developers:

• Exposing code for listing or “security review” usually means giving away alpha.
• Running other people’s capital via traditional structures means regulation, compliance, and operational overhead.
• Even when they succeed, their track record lives inside centralized databases, not as a portable, verifiable on‑chain asset.

What is missing is not “another bot platform”. What is missing is infrastructure that makes theft impossible by design, track‑record fraud pointless, and consistent behavior directly rewarded at protocol level.

3. Core Architecture: Closed‑Mandate Vault + Black‑Box Agent

GatewayAgente is built on a radical separation of concerns: capital never sees the code, and code never touches the capital.

3.1. The Vault (the Hand)

The Gateway Vault is a non‑custodial smart contract that:

• Holds the investor’s assets.
• Applies a closed mandate: no withdrawals are allowed before a predefined time and/or return target is reached.
• Enforces, on‑chain, an absolute Hard Floor on losses: if a trade would push the vault below this floor, it cannot execute.
• Routes all trades through whitelisted adapters for specific DEXs and protocols pre‑approved by the DAO.

In practice, the Vault behaves like a closed‑end fund encoded in Solidity: once the agent, time horizon, safety floor and investable universe are set, nobody — not the protocol, not the developer, not even the investor — can violate those rules. Non‑conforming transactions simply revert.

3.2. The Agent (the Brain)

The Agent is an immutable container that:

• Observes markets off‑chain, applies the developer’s logic and emits only highly constrained trade intents.
• Never holds withdrawal keys, never touches the vault directly and never chooses arbitrary destinations — it can only suggest swaps within a predefined sandbox.
• Is identified on‑chain by:
  • H: the hash of its container image; and
  • K: a public key used to sign intents.

The channel between Brain and Hand is a single, narrow function with a few parameters that the Vault can fully validate and locally simulate before accepting or rejecting.

4. Closed Mandate: Time, Target, No Early Withdrawals

Every Vault is born with an explicit mandate that defines the rules of the game from day zero to settlement.

4.1. No early withdrawals

In GatewayAgente:

• The withdraw function is only enabled when at least one of the following is true:
  • block.timestamp >= endTimestamp (the mandate’s time horizon has ended); or
  • NAV >= targetNAV (the vault has reached its return target).
• Before that, no partial or full withdrawals are possible.
• The vault owner can call stopStrategy() at any time to pause new trades while keeping funds locked until the mandate ends.

This removes two common failure modes: liquidity runs triggered by fear during drawdowns, and performance‑fee gaming via opportunistic redemptions right after a lucky spike.

4.2. Hard Floor: absolute loss limit

On top of the temporal/economic mandate, the Vault stores a Hard Floor in absolute value:

• If an investor allocates, for example, 10,000 units of value with a maximum loss of 1,500, the contract fixes a floor at 8,500.
• Before every trade, the Vault:
  • queries price oracles to mark all positions to market,
  • estimates post‑trade NAV, and
  • reverts any operation that would push NAV below 8,500.

Loss limits stop being a moral commitment and become a mathematical property of the system.

5. Strategy Drawdown: Room to Play Without Breaking

No serious strategy exists without drawdowns. The right question is not “can we avoid losses?” but “how much pain is acceptable before we define ruin?”.

GatewayAgente separates two layers of protection:

• Investor Hard Floor: a non‑negotiable absolute loss limit encoded in the Vault.
• Strategy drawdown budget (strategyDrawdownBudget): a margin declared by the agent, describing how much it expects to fluctuate below local peaks while still operating correctly.

During Proof of Backtest:

• The developer declares the drawdown budget needed for the strategy to function over a given horizon.
• The backtesting network simulates the container across different regimes, enforcing both the Hard Floor and the internal budget.
• Only combinations where the strategy can operate without hugging the floor or systematically blowing through its own budget are approved.

On live capital, the Vault can track local peaks, realized drawdowns and automatically pause a strategy that drifts outside its tested envelope.

6. Immutable Agents: Container Hash as Strategy Identity

The mechanism that turns “a set of scripts” into a reusable on‑chain asset is the notion of the agent as an immutable artifact.

6.1. Formal definition

An agent A in GatewayAgente is defined by the pair (H, K):

• H: a cryptographic hash (e.g. SHA‑256) of the container image holding the strategy logic.
• K: a public key used by the container to sign intents.

On‑chain, the protocol does not need to know anything about the code. It only needs to ensure that:

• every accepted intent is signed by K; and
• the pair (H, K) has been pre‑approved by the backtesting network for a specific risk profile.

Any code change — from minor tweaks to full rewrites — produces a new hash H’, and therefore a new agent. There is no such thing as a “silent update” under the same identity.

6.2. Minimal container interface

Operationally, every agent container exposes a minimal, standard interface, for example:

• Input: a canonical market snapshot (prices, liquidity, current vault positions, timestamp, etc.).
• Output: a trade Intent with limited fields: tokenIn, tokenOut, amountIn, minAmountOut, deadline and optionally a route hint.

Inside the black box, the developer is free to use any blend of models, heuristics or signals. Outside, the protocol sees a simple object that can be checked against vault limits and the global whitelist of assets and protocols.

7. Proof of Backtest: Decentralized Black‑Box Validation

To prevent both strategy theft and marketing games, agent approval in GatewayAgente does not rely on trust in a single entity, but on a decentralized, reproducible backtesting process.

7.1. The backtesting network (DON)

The protocol defines a network of specialized simulation nodes — a backtesting DON — which:

• Receive the agent container (or equivalent artifact) plus declared risk metadata (minimum horizon, drawdown budget, supported asset classes).
• Use standardized historical datasets covering different volatility and stress regimes.
• Run the container as a black box, feeding inputs and recording the sequence of emitted intents.

Each node then applies a local simulation of the Vault:

• enforcing the Hard Floor and the closed mandate;
• enforcing token, pair and protocol whitelists;
• computing time series of NAV, PnL, drawdown and auxiliary indicators.

7.2. Approval consensus

If, after simulation:

• the agent consistently respects the Hard Floor;
• operates within its declared drawdown budget; and
• never attempts to use forbidden assets or routes,

each node issues an approval vote. Once a quorum is reached, the DON produces an aggregated signature over a summary message (e.g. “agent (H, K) approved for asset classes X, Y, Z with horizon T and drawdown budget D”).

This signature is submitted to an on‑chain AgentRegistry contract, which verifies the cryptography, checks quorum and governance rules, and records (H, K) as an approved agent with its risk profile. From that point forward, any vault is free to opt into that agent — within the approved bounds — without having to trust marketing slides or unverifiable track records.

7.3. Data requirements and vault simulation for backtesting nodes

Running a backtesting consensus node in GatewayAgente is not just about providing CPU cycles. Nodes must be able to reproduce, as faithfully as possible, how the agent would behave if it were trading on-chain.

To be eligible for random committee selection, a node must:

• Maintain a minimum historical dataset of market data:
  • Fetched from one or more official data providers specified by the protocol (e.g. canonical APIs or standardized dumps).
  • Using the same sources, formats and resolutions (prices, liquidity, volume, etc.) that inform on-chain oracle feeds.
• Run the canonical Vault simulator, which replicates:
  • Hard Floor rules and mandate logic (time/target constraints).
  • Token/pair/protocol whitelists.
  • Adapter execution semantics (fees, slippage assumptions and rounding).

For each randomly assigned window, a node:

• Loads the relevant slice of the historical dataset for that period.
• Feeds the agent container with canonical market + vault state snapshots.
• Captures the sequence of emitted Intents and passes them through the Vault simulator, exactly as if they were real on-chain transactions:
  • verifying signatures from key K,
  • enforcing Hard Floor, mandate and whitelists,
  • executing trades and updating NAV, PnL and drawdown locally.

In other words, backtesting nodes do not just “look at signals”; they emulate the full lifecycle of the strategy interacting with a Vault under standardized market data.

7.4. Honest disagreement vs. misbehavior

Backtesting committees are designed to tolerate honest disagreement. A node may vote against approval even if most others vote in favor, simply because the random windows it was assigned produced worse outcomes for the strategy. That is not misbehavior; it is precisely the kind of diversity the protocol wants.

Slashing and penalties are therefore reserved for technical faults or provable dishonesty, such as:

• Submitting votes that are cryptographically inconsistent with the container and data actually tested (e.g. signing an approval without running the required simulations).
• Systematic deviation from canonical data or simulator rules that can be demonstrated by cross-checking with other honest nodes.
• Protocol-level violations (double-signing contradictory results for the same agent and test parameters).

A node that honestly reports “this agent lost money or stressed its drawdown budget in my sample” should not be punished for disagreeing with the majority. Instead, the aggregation logic focuses on whether the agent’s behavior is acceptable across a wide distribution of random tests, not on forcing all nodes to agree on a single number.

8. DAO Governance: Risk Curation and Protocol Evolution

GatewayAgente is designed to gradually hand over risk and integration decisions to a Decentralized Autonomous Organization (DAO). The DAO acts as an on‑chain risk committee, defining the action space available to vaults and agents.

8.1. Global whitelist of tokens, swaps and protocols

The DAO controls a global permission registry that specifies:

• Which tokens are investable, grouped into risk categories (blue‑chips, audited stablecoins, long‑tail, experimental).
• Which token pairs and swap routes are allowed (e.g. WBTC ↔ USDC on a specific DEX; outright bans on illiquid meme‑coins).
• Which DEXs, bridges and liquidity protocols may be used by vaults.

No vault may hold exposure to an asset that has not been approved. If a token is later removed — for example, due to a security incident — vaults are only allowed to unwind or reduce exposure, never to increase it. The whitelist effectively acts as a collective on‑chain risk officer for the entire ecosystem.

8.2. Global risk parameters

Beyond whitelists, the DAO configures system‑wide risk parameters such as:

• Allowed Hard Floor ranges for public products.
• Maximum leverage or synthetic exposure (if and when derivatives are supported).
• Default policies for slippage, relative order size and max trade frequency.

8.3. Backtesting network and validator governance

The DAO is also responsible for:

• Defining eligibility criteria for backtesting nodes (minimum stake, technical requirements, performance history).
• Setting rewards for honest simulation work and slashing rules for provable fraud or negligence.
• Tuning committee sizes and quorums for agent approval.

9. On‑Chain Leaderboard and Developer Incentives

For GatewayAgente to become the default infrastructure for serious strategists, it must be the most rewarding place to publish a strategy. That means transparent reputation and a business model that pays for consistency, not just for volatility.

9.1. Real‑PnL leaderboard

Because every vault operation is on‑chain, GatewayAgente can support a public, tamper‑proof leaderboard. For each agent (H, K), analytics can display:

• Total realized return across closed mandates.
• Maximum realized drawdown per mandate.
• Number of completed mandates.
• Average and peak AUM (sum of all vaults using that agent).
• Success rate: how many mandates hit their return targets versus just expiring on time.

The primary leaderboard only counts completed mandates. Backtests and live‑but‑unfinished vaults can be shown in separate views, but never drive the main ranking.

9.2. On‑chain performance fees: developers as decentralized fund managers

Every vault run by an agent charges a performance fee on profits above the high‑water mark, set at vault creation. At the end of the mandate:

• The contract computes net profit versus the highest historical NAV.
• Applies the agreed performance fee.
• Automatically sends the developer’s share to a reward address linked to (H, K), and optionally a share to the DAO treasury.

For a developer, each approved container effectively becomes a fund: any allocator can spin up a vault with that agent, within its risk envelope, and performance fees flow directly and programmatically.

9.3. Developer‑owned vaults: skin in the game

GatewayAgente explicitly encourages strategy creators to allocate their own capital into vaults powered by their agents. This creates a visible skin in the game signal:

• Vaults where the agent’s creator holds a meaningful stake are highlighted (badges, filters, separate views).
• The DAO may choose to grant slightly better protocol‑fee terms to such vaults, recognizing the improved alignment.

Leaderboards can show how much of an agent’s total AUM is creator‑owned, and how those co‑invested mandates have performed.

10. Comparison with Traditional Models

Summarized:

• Bots / CEX copy trading: centralized custody, off‑book risk controls, private and mutable track records.
• Traditional DeFi vaults: upgradeable contracts, visible strategies, multisig governance.
• GatewayAgente: immutable Smart Vaults, closed mandates, absolute Hard Floors, black‑box agents and fully on‑chain performance history.

11. Roadmap

The initial roadmap is deliberately pragmatic:

• Phase 1: Deploy core contracts on an established EVM L2; launch a first closed‑mandate vault type; onboard 2–3 internal agents; expose a basic leaderboard.
• Phase 2: Open container submission to external developers; launch a minimal backtesting DON; bootstrap a DAO for token/route/protocol whitelisting.
• Phase 3: Add optional TEEs and stronger attestation paths, support multiple L2s, and design dedicated institutional products, depending on traction.

The target is unambiguous: to make GatewayAgente the default way to turn strategies into decentralized funds — with mathematical safety, clean incentives and reputations written directly on-chain.