Engineering notes, threat-model walkthroughs, and ecosystem commentary from the team building DeFi infrastructure for AI agents on Base.
Stop your Coinbase AgentKit agent from signing swaps against poisoned token addresses. Drop-in ActionProvider, ~8 lines, free preview mode on Base — OFAC + GoPlus + Etherscan source verification + anomaly heuristics. Includes the hard-coded-constants pre-sign safety guarantee and an honest limitations section.
What changed between the internal v0.2.0 candidate and the public v0.3.0 + v0.3.1 release: typed-domain digest, explicit chainId binding, multi-RPC quorum on the server, and seven other items the 3-adversary Security audit surfaced. Plus what we didn't ship and why.
The v0.11.71 swap-router defense-in-depth: outer router whitelist, outer selector allowlist, and inner-target decode + Settler validation. Why the third layer is what binds the first two to the actual swap implementation contract, what the security-review framing was, and how to verify the defense is live.
Section-by-section walk through the 2026-05-07 homepage rewrite — the failure-mode lede, JSON in both product cards, and the four operational-posture rows (refresh cadence, fail-closed contract, rate limits, custody) that name what most DeFi infra leaves unstated.
A complete walkthrough from claude mcp add through a signed
USDC → WETH swap on Base. Covers the three MCP tools
(swap_quote, trust_check_preview,
swap_health), the non-custodial sign-and-submit handoff,
and the design reasoning behind a deliberately small surface.
How v0.11.73 closes a silent-allow vector on the trust gate that existed across the v0.11.5x patch window, what the new schema looks like, and what agent code should retest.