# The Composable Pre-Trade Verification Stack for Autonomous Trading Agents **Version**: 1.0 | **Status**: Draft Specification | **License**: Apache 2.0 ## Abstract Autonomous trading agents need layered verification before executing trades. Capability without verification is liability. This specification defines a composable pre-trade verification stack — five independent layers that an autonomous agent MUST pass through before executing any financial transaction. ## The Problem: Agents With Money and No Safety Rails An autonomous trading agent with exchange access, a funded wallet, and no pre-trade verification will execute trades during market closures, circuit breaker halts, and based on unverified signals. Each failure mode is independently dangerous. Together, they represent systemic risk. ## The Stack ``` ┌─────────────────────────────────────────────────┐ │ Layer 5: Trade Execution │ ├─────────────────────────────────────────────────┤ │ Layer 4: Payment (x402 or equivalent) │ ├─────────────────────────────────────────────────┤ │ Layer 3: Signal Verification (VeroQ or equiv.) │ ├─────────────────────────────────────────────────┤ │ Layer 2: Spend Authorization (Ampersend or eq.)│ ├─────────────────────────────────────────────────┤ │ Layer 1: Market State Gate (Headless Oracle) │ │ Ed25519-signed, fail-closed. UNKNOWN = CLOSED. │ └─────────────────────────────────────────────────┘ ``` If any layer fails, all subsequent layers are skipped and the trade is halted. ### Layer 1 — Market State Gate (Headless Oracle) **Question**: Is the target exchange currently open for trading? **Protocol**: Ed25519-signed receipt, 60-second TTL. **States**: OPEN, CLOSED, HALTED, UNKNOWN. Only OPEN proceeds. **Coverage**: 28 global exchanges (equities, derivatives, 24/7 crypto). **Endpoints**: MCP (`npx headless-oracle-mcp`), REST (`/v5/status`), x402 ($0.001 USDC). **Why Layer 1**: Every subsequent layer depends on the market being open. ### Layer 2 — Spend Authorization (Ampersend or equivalent) **Question**: Is the agent authorized to spend this amount? **Protocol**: Policy-bound authorization. Human-in-the-loop for high-value actions. **Composable**: Layer 1 receipt signature serves as evidence in authorization request. ### Layer 3 — Signal Verification (VeroQ or equivalent) **Question**: Is the trading signal factually accurate? **Protocol**: Claim verification against live market data. ### Layer 4 — Payment (x402 or equivalent) **Question**: Can the payment be executed with cryptographic proof? **Protocol**: On-chain USDC on Base with transaction-level proof. ### Layer 5 — Trade Execution Execute the order with all layer proofs attached for audit trail. ## Why Layer 1 Must Be Fail-Closed 1. Markets have objective state — open or closed is a fact, not a judgment. 2. All other layers depend on market state. 3. Fail-closed prevents the worst outcomes (capital loss vs. opportunity cost). 4. 60-second TTL forces re-verification before every execution window. ## Reference Implementations | Layer | Implementation | Protocol | |-------|---------------|----------| | 1 | [Headless Oracle](https://headlessoracle.com) | Ed25519 receipts, MCP, REST, x402 | | 2 | [Ampersend](https://github.com/edgeandnode/ampersend) | A2A, policy-bound auth | | 3 | [VeroQ](https://veroq.ai) | AI claim verification | | 4 | [x402](https://www.x402.org/) | HTTP 402, on-chain USDC | ## Machine-Readable Discovery JSON: `GET https://headlessoracle.com/v5/pre-trade-stack`