You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AgentEscrow.sol today releases on payee signature (ECDSA recover) or after timeout + challenge_period. There is no notion of a multi-party custody committee — every agent operates a single-key wallet, which is the single largest footgun in autonomous on-chain agents.
Closed issue #1 (MPC key management) was opened pre-Lux-collab and stalled. Reopen the surface with a concrete shape that maps onto luxfi/mpc + luxfi/threshold so committee membership is real, not aspirational.
committeeRoot is the Merkle root of committee member public keys (one of them MUST be a luxfi/mpc committee identifier).
AgentEscrow gates releasePayment on a successful verifyCommitteeSig(committeeRoot, threshold, signature, message) precompile call (proposed at 0x0e or via luxfi/mpc precompile if it exists).
Rotation: rotateCommittee(bytes32 agentId, bytes32 newRoot) is gated on a 2-of-N quorum of the current committee.
Off-chain (switchboard/mpc_wallet.py):
New module wraps the luxfi/mpc client. Agent calls MpcWallet.sign(transcript) which routes to committee members, collects partial signatures, aggregates into a single Schnorr / FROST-style signature acceptable to the on-chain verifier.
Per-agent committee config in ~/.switchboard/agents/<agent_id>/committee.toml.
One reference committee composition: kcolbchain_node, hanzo_node, lux_mpc_node (3-of-3 for v1).
Acceptance Criteria
AgentRegistry.sol extended with committee registration + rotation + verification call
switchboard/mpc_wallet.py shipped with luxfi/mpc client integration
Test vector: 3-of-3 committee signs a releasePayment call, on-chain verifier accepts
Problem
AgentEscrow.soltoday releases on payee signature (ECDSA recover) or aftertimeout + challenge_period. There is no notion of a multi-party custody committee — every agent operates a single-key wallet, which is the single largest footgun in autonomous on-chain agents.Closed issue #1 (MPC key management) was opened pre-Lux-collab and stalled. Reopen the surface with a concrete shape that maps onto
luxfi/mpc+luxfi/thresholdso committee membership is real, not aspirational.Proposed Approach
Two surfaces:
On-chain (
AgentRegistry.solextension):registerAgentCommittee(bytes32 agentId, bytes32 committeeRoot, uint8 threshold, uint8 size)committeeRootis the Merkle root of committee member public keys (one of them MUST be a luxfi/mpc committee identifier).releasePaymenton a successfulverifyCommitteeSig(committeeRoot, threshold, signature, message)precompile call (proposed at0x0eor vialuxfi/mpcprecompile if it exists).rotateCommittee(bytes32 agentId, bytes32 newRoot)is gated on a 2-of-N quorum of the current committee.Off-chain (
switchboard/mpc_wallet.py):MpcWallet.sign(transcript)which routes to committee members, collects partial signatures, aggregates into a single Schnorr / FROST-style signature acceptable to the on-chain verifier.~/.switchboard/agents/<agent_id>/committee.toml.kcolbchain_node,hanzo_node,lux_mpc_node(3-of-3 for v1).Acceptance Criteria
AgentRegistry.solextended with committee registration + rotation + verification callswitchboard/mpc_wallet.pyshipped with luxfi/mpc client integrationreleasePaymentcall, on-chain verifier acceptsdocs/mpc-committee-custody.mdcovering threat model, rotation, slashing-on-double-signReferences
luxfi/mpc+luxfi/threshold