The Compliance Hook code-walk — 10 lines to a regulator-friendly DeFi agent

Step 1 — Install (no PyPI account required)

Per Coinbase's own AgentKit examples, the canonical pattern for niche action providers is install-from-GitHub-tag. We followed suit:

# Python
# Compliance Hook SDK — private beta. Request access: [email protected]

# TypeScript (after operator npm publish — gated)
npm install @blindoracle/compliance@next

Why no PyPI? Two reasons. One, the SDK is small and tightly coupled to live API endpoints under craigmbrown.com/api/ — bundling a name on the public Python index implies maintenance + community-pickup expectations we're not ready to take on for v0.1. Two, operator-explicit guidance: ship via GitHub VCS-install until v1.0 proves out.

Step 2 — Initialise the client

One import, one constructor call, one wallet handle. The wallet handle is the x402 payment rail your agent uses; we accept any Fedimint-compatible handle or a Base USDC address.

from blindoracle_compliance import ComplianceClient, presets

client = ComplianceClient(
    api_base="https://craigmbrown.com/api",
    x402_wallet_handle="<your-fedimint-handle>",
)

The constructor doesn't fire a network call. It does eager validation of the wallet handle format (refuses obviously-malformed strings up-front so you fail at startup, not on first agent action).

Step 3 — Run a preset check

The three shipped presets:

Calling them looks like this:

result = client.check_address(
    address="0xabc...",
    preset=presets.kyc_ofac_sanctions,
)

if not result.allowed:
    raise PermissionError(f"Blocked: {result.reason}")

# result also carries a signed proof
print(result.proof_kind)   # 30017 (ProofOfDeliverable)
print(result.signature)    # HMAC-SHA256, verifiable

Total surface area: a ComplianceCheckResult with four fields — allowed, reason, proof_kind, signature. The proof is stored server-side and indexed for the audit-log tier; the signature is yours to keep and attach to a downstream audit record.

Cost: $0.001 per check at pay-as-you-go pricing

Each call charges your x402 wallet $0.001. If you don't have $0.001 on tap when the call fires, the API returns 402 Payment Required with the price quote in the body. Your agent can decide to fund or fall back.

Step 4 — Wrap it as a middleware in your framework

The SDK ships first-class integrations for the three most common DeFi agent frameworks. Each is <100 LOC, intentionally tiny so you can read and verify it.

LangChain middleware (51 LOC)

from blindoracle_compliance.integrations import langchain_middleware
from langchain.agents import AgentExecutor

middleware = langchain_middleware.ComplianceMiddleware(
    client=client,
    preset=presets.kyc_ofac_sanctions,
    blocked_tools=["transfer", "approve", "swap"],
)

agent = AgentExecutor.from_agent_and_tools(
    agent=your_agent,
    tools=your_tools,
    callbacks=[middleware],
)

The middleware listens on the on_tool_start hook. If the tool name is in blocked_tools and the tool's first address argument fails the preset check, the middleware raises ComplianceBlockedError. Your agent's existing error-handling path catches it.

CrewAI tool (48 LOC)

from blindoracle_compliance.integrations.crewai_tool import ComplianceCheckTool

tool = ComplianceCheckTool(
    client=client,
    preset=presets.mica_eea_retail,
)

# Add to your crew's available tools
agent = Agent(
    role="DeFi risk scorer",
    tools=[tool, your_other_tools],
)

The CrewAI tool exposes itself as compliance_check with a Pydantic-validated input schema (a single address string). Crews call it like any other tool; the result flows back as a structured dict.

MCP server hook (66 LOC)

For Model Context Protocol servers, the hook installs into the pre_tool_use phase of every tool call. This is the same pattern the Cryptorefills AgentKit example uses for x402 payment gating, just with compliance gating instead.

from blindoracle_compliance.integrations import mcp_hook

mcp_hook.install(
    server=your_mcp_server,
    client=client,
    preset=presets.kyc_ofac_sanctions,
    block_on=["transfer_funds", "approve_allowance"],
)

Once installed, every transfer_funds or approve_allowance call by an MCP client must pass the preset check first. Failures return a structured MCP error (with a verifiable signature for the audit log) instead of executing the action.

Step 5 — Verify a signed proof later

Every check produces a HMAC-signed proof. Your audit/compliance team can verify it independently with our public key:

from blindoracle_compliance import verify_proof

# Pulled from your stored agent logs
stored_proof = "..."
stored_signature = "..."

is_valid = verify_proof(
    proof=stored_proof,
    signature=stored_signature,
    public_key=client.fetch_public_key(),
)
assert is_valid, "Audit proof tampered or fake"

The same verifier runs server-side on every audit-log retrieval. We publish the chain head daily so historical proofs can be cross-anchored.

Step 6 — Audit-log retrieval (paid tier)

If you're on the $499/mo audit-log tier, you can pull a complete history of every check your wallet handle has run, with all proofs:

# Last 30d, paginated
log = client.audit_log_pull(
    wallet_handle="<your-fedimint-handle>",
    since="2026-04-13T00:00:00Z",
    limit=1000,
)

for entry in log.entries:
    print(entry.timestamp, entry.address, entry.allowed, entry.proof_kind)

The retrieval returns a JSONL-style stream with each entry signed. You can attach the whole stream to a legal opinion or a regulator-facing audit packet. The chain integrity is verifiable — every record's prev_hash links to the previous record.

Why this matters — UETA §202 + MiCA Title V

UETA §202 says an electronic agent's actions bind the principal if the agency chain is provable. MiCA Title V Art. 60 says operational resilience requires "effective internal control over agent inputs." Neither statute cares whether your agent is a multi-billion-parameter LLM or a 200-line rules engine; both care whether you can prove what happened.

The Compliance Hook SDK is the smallest possible artifact that makes both proofs available:

• The signature field anchors each check to a specific operator key (UETA §202 agency)
• The proof_kind field maps each check to a regulator-readable kind (MiCA Title V Art. 60)
• The blocked_tools integration pattern provides "effective internal control over inputs" before the action fires (MiCA Title V Art. 60(7))

Talk is cheap; signed bytes are not. Every claim in this post can be verified by reading the source code at sdk/python or hitting the live API at craigmbrown.com/api/agent-services.json.

Pricing recap

• Pay-per-check — $5/check (post-paid via x402), first 100 free per account
• Volume — $99/mo for 10K calls, signed proofs retained 90d, email support
• Audit-log tier — $499/mo unlimited, full audit retention for legal opinion attach, on-call SLA

(Per-call prices reflect the live x402 paywall on craigmbrown.com/api/compliance/check; "pay-per-check" is the headline list price, not per-API-call infrastructure cost.)

Related

• Post 1 of 4: The Legal Agent Stack manifesto — why now, why us, what's bundled
• Post 3 of 4: (upcoming) MASSAT → MiCA crosswalk + sample finding from our self-audit
• Post 4 of 4: (upcoming) Wyoming wrapper architecture — what changes when the LLC gets sued
• Reliability Manifesto — the 4 accountability rules + proof rails behind every SDK call
• sdk/python source — every integration in <100 LOC, read it before you trust it

Post 2 of 4 in the Legal Agent Stack series · Operated by Craig M. Brown · Back to blog