A provably honest black-box trading agent for Sui.
Hadal lets a trading strategy stay private while its execution, risk limits, and track record stay publicly verifiable. The strategy runs inside an attested TEE, its experience is stored as encrypted memory on Walrus, and every trade settles through Sui contracts and DeepBook so outside observers can verify what happened without seeing the alpha.
Strategy is secret. Execution and track record are provable. Rationale is secret-then-disclosed.
Built for Sui Overflow 2026 — Walrus track.
- What Hadal is: a confidential autonomous fund manager whose strategy cannot be copied, but whose behavior can be audited.
- Why it matters: it replaces "trust me, my private strategy works" with a cryptographic trust path: attested code, on-chain mandates, verifiable fills, encrypted memory, and time-locked rationale.
- Why Walrus matters: memory is not a side log. The agent recalls prior market regimes before deciding, then writes back outcomes and rationale so experience becomes both the agent's edge and the investor's audit trail.
- What to inspect: the Sui Move contracts in
apps/contract, the enclave cycle inapps/enclave, the bridge inapps/bridge, and the verifier-focused UI inapps/web.
Trading systems usually force a bad choice:
- If the strategy is public, it can be copied and front-run.
- If the strategy is private, investors must trust reported returns, custody, and operational honesty.
Autonomous agents add a second problem: they are often stateless. They can make a decision, but they cannot carry verifiable experience across cycles, restarts, or model upgrades.
Hadal targets both gaps. It keeps the strategy private, makes execution verifiable, and gives the agent persistent encrypted memory that is useful before the trade and auditable after the trade.
- Capital enters a closed-end vault. LPs deposit during a subscription window and receive vault shares. The vault owns the trading capital; the operator never receives withdrawal authority.
- The strategy runs inside an enclave. The agent boots in AWS Nitro / Nautilus, registers its attested code identity on-chain, and keeps its strategy logic, parameters, reasoning, and signing key inside the TEE.
- Every cycle uses memory. The enclave ingests market state, recalls similar prior regimes from encrypted Walrus / MemWal memory, decides, signs the DeepBook transaction, and writes back checkpoint, episodic, and insight memory.
- Execution is gated on-chain. A single Sui transaction path composes attestation verification, mandate checks, DeepBook execution, and ledger recording. If the proof or policy check fails, the trade does not count.
- The public can verify the track record. Observers see the mandate, trades, fills, attestations, and running P&L on-chain. They do not see the strategy.
- Rationale unlocks only after it is safe. Per-trade rationale is Seal time-locked, preventing real-time leakage while still enabling post-close review by LPs, auditors, and the broader community.
Walrus is load-bearing in Hadal because the product is about memory, not only storage.
| Memory space | Purpose |
|---|---|
| Episodic memory | One entry per closed trade: regime, decision, rationale pointer, outcome, and P&L. |
| Insight memory | Distilled lessons from past regimes that the agent recalls before future decisions. |
| Checkpoint memory | Open positions and recovery state so the agent can resume safely after restarts. |
The same memory layer gives the agent its edge and gives reviewers the audit trail. Hadal's long-term vision is a fleet of sealed agents sharing selected encrypted regime memory through Walrus and Seal policies, while keeping alpha protected.
Confidentiality is mapped to depth: execution descends from the public surface through the bridge into a sealed enclave in the hadal zone, settles on the seafloor, and only proof rises back — verifiable on-chain state and time-locked rationale surface to the public deck, the strategy never does.
- An enclave identity registered against approved PCRs.
- A mandate showing the agent's allowed pools, budget, expiry, and revocation boundary.
- A vault where LP capital is custodied on-chain and cannot be withdrawn by the operator.
- An attested DeepBook trade recorded into the performance ledger.
- A dashboard that reads verifiable P&L from on-chain state.
- A time-locked rationale reveal after a position closes.
| Area | What it contains |
|---|---|
apps/contract |
Sui Move modules for enclave registration, mandate enforcement, performance ledger, LP vault, Seal policy, and bootstrap. |
apps/enclave |
Bun TypeScript runtime for the confidential cycle: boot, register, ingest, recall, decide, sign, attest, reconcile, and write memory. |
apps/bridge |
Cloudflare Worker + Hono bridge for admission, registration relay, sponsored submission, heartbeat/status, and settlement watching. |
apps/web |
React Router app for the public trust surface: landing, dashboard, vault, mandate, admission, trade detail, rationale reveal, and attestation viewer. |
apps/docs |
Static documentation site for operators, LPs, auditors, and public visitors. |
apps/infra |
Pulumi infrastructure for Nitro hosting, Workers, Cloudflare bindings, GitHub environment sync, and model distribution. |
| Layer | Technology |
|---|---|
| Coordination / settlement | Sui Move |
| Confidential compute | Nautilus on AWS Nitro Enclaves |
| Encryption / access control | Seal |
| Storage | Walrus |
| Agent memory | MemWal / Walrus Memory |
| Execution venue | DeepBook spot |
| Bridge / orchestration | TypeScript, Bun, Hono, Cloudflare Workers |
| Frontend | TypeScript, React Router, Vite |
| Infrastructure | Pulumi |
The strategy — signals, parameters, model reasoning, order-construction logic, and signing key — must never be observable by anyone except the attested enclave: not the operator, not on-chain observers, not host infrastructure. Memory at rest is Seal-encrypted; per-trade rationale is disclosed only after positions close. Every implementation decision is subordinate to this boundary.
Build with