zmanian

From Credential Proxy to Object-Capability Framework

How Endo Generalizes the Deno Sandbox Pattern for AI Agent Systems

---

The Starting Pattern: Deno's Credential-Binding Proxy

The Deno sandbox used in LLM tool-calling systems implements a simple but effective security pattern. LLM-generated code runs in a sandboxed subprocess. The sandbox has network access, but a separate privileged process sits between the sandbox and the outside world. This proxy intercepts outbound HTTP requests, matches the destination host against a configuration map, and rewrites the request headers to inject the appropriate API credentials.

zmanian

Endo llm Branch Analysis: Comparison with Theoretical AI Agent Architecture

Related: From Credential Proxy to Object-Capability Framework - How Endo generalizes the Deno sandbox pattern for AI agent systems

Executive Summary

The llm branch introduces @endo/chat, a web-based permission management UI for the Endo daemon. Contrary to what the branch name might suggest, this is not an LLM containment system. Instead, it provides a human-facing interface for managing capabilities through structured commands, with JavaScript evaluation as one of many features.

This contrasts significantly with the theoretical architecture document, which described a comprehensive LLM-specific containment model with compartment-per-tool isolation, attenuation chains, and sandboxed code execution.

zmanian

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title>Claude Code Insights</title>
  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
  <style>
    * { box-sizing: border-box; margin: 0; padding: 0; }
    body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif; background: #f8fafc; color: #334155; line-height: 1.65; padding: 48px 24px; }
    .container { max-width: 800px; margin: 0 auto; }

zmanian

Troubleshooting Guide: Zero Balance Issue

Issue

User test123@test.getpara.com expected to see 5 USDC balance on Solana at address 3SmuXS2mwhody9ezyMi7Kyg62ymteKkTGcQJ2nKJbUgK, but the portfolio showed zero.

Diagnostic Steps

Step 1: Check User's Solana Balances via API

zmanian

#!/bin/zsh

# Get bonded validators sorted by voting power (descending)
echo "Getting bonded validators sorted by voting power..."
validators=$(sommelier q staking validators --node https://sommelier-rpc.polkachu.com:443 --output json | \
    jq -r '.validators[] | select(.status == "BOND_STATUS_BONDED") | [.operator_address, .tokens, .description.moniker] | @tsv' | \
    sort -k2 -nr)

# Get total staking pool
echo "Getting total staking pool..."

zmanian

{
  "title": "ATOM Halving: Set the max. Inflation Rate to 10%",
  "description": "*This proposal seeks to reduce the max_inflation param from 20% to 10%, which would bring ATOM’s current inflation from ~14% to 10% and adjust the Staking APR from ~19% to ~13.4%. Adjusting the inflation schedule has been an important topic for the ATOM community over the past years which is why this proposal is being voted on.*\n\n## Context: Dynamic Inflation Model\n\nATOM currently implements a dynamic inflation rate that ranges between a floor of 7% and a roof of 20%. The rate is pegged to a bonded *or staked*-ratio of ⅔.\n\nIf less than ⅔ of all ATOMs are staked, the inflation rate increases in order to incentivize staking aka. securing the chain. The velocity at which the inflation rate adjusts on a block-by-block basis is set by the *inflation_change* param and based on the following formula: *(1 - [bonded ratio]% / 66% ) * 1 = [inflation rate change]% per year*\n\nAt the time of writing, the bonded ratio for ATOM is 65.

zmanian

{
    "title": "Slash for Equivocation on Neutron. Corrected Prop 818",
    "description": "Corrected Parameters for prop 818. ",
    "equivocations": [
       {
           "height": 16596292,
           "time": "2023-08-16T0:00:0.0",
           "power": 258567,
           "consensus_address": "cosmosvalcons10rca02th8lyjyuu7pgmstf72q6l2xzyru7zluq"
       },

zmanian

{
  "title": "Unity param change propsal",
  "description": "TBD",
  "changes": [
    {
      "subspace": "mint",
      "key": "InflationMin",
      "value": 0.01
    },
    {

zmanian

Liquid Staking Risks and Mitigations

Much has been made about the potential risks of liquid staking.

The work iqlusion has done in the staking module over the last year has been specifically designed to mitigate these risks. This work is covered under ADR-61

Risk of a depeg between ATOM and the liquid staked asset.

During the Three Arrows capital liquidation event, there was a substantial divergence between the price Lido’s staking derivative STETH. Many liquid staking protocols require substantial waits to process withdrawals and final settlement of the underlying stake token collateral. This enables a purely financial event like deleveraging to undermine the strategy tokens and subject liquidity providers to substantial loss.

zmanian

x# AuthZ for IBC ICS-20

Context

The Cosmos SDK provides send authorizations which can delegate the authority via AuthZ to send from an account to an allow list and with a limit. This specification describes a similar system for ICS-20.

Implementation Details

• This should be implemented as a pull request again IBC go by adding an new authz message type.