The first Sentinel-gated agent execution system for crypto.
Define what your AI agent can and cannot do — before it runs. Every step validated. Every action logged. Nothing slips through.
npx @noelclaw/research@latestAI agents in crypto are powerful but unconstrained. A single hallucination or prompt injection can drain a wallet. Most "agent safety" solutions are just prompt engineering — trivially bypassable.
Noel Framework solves this with mechanical gates, not prompts.
User defines Task Packet (intent + constraints)
│
▼
Playbook runs step by step
│
┌─────▼─────┐
│ Sentinel │ ← mechanical gate, runs before EVERY step
│ 5 checks │
└─────┬─────┘
│
approved / warned / blocked
│
▼
Swarm Agent executes
(market-monitor / workflow-executor / risk-verifier)
│
▼
Noel Ledger — immutable audit trail
User-defined scope for any agent operation. Parsed from plain English.
create_task_packet task: "buy ETH when it drops 5%, max $20, don't touch my USDC"
Generates:
{
"name": "Buy ETH on dip",
"territory": ["defi", "market_data"],
"permissions": ["read_market", "swap_tokens"],
"doNotDo": ["send_token", "sell_usdc"],
"maxValueUsd": 20
}Multi-step agent workflows. 4 system playbooks included:
| Playbook | Steps | Roles |
|---|---|---|
| Daily Market Scan | 4 | Scout → Scout → Scout → Memory |
| DCA Setup | 4 | Scout → Scout → Skeptic → Tinker |
| Portfolio Rebalance Check | 4 | Scout → Scout → Scout → Skeptic |
| Swarm Intel Sweep | 4 | Tinker → Scout → Scout → Skeptic |
run_playbook playbook_name: "Daily Market Scan"
5-check mechanical gate. Runs before every playbook step. Cannot be bypassed via prompt.
DoNotDo — is this action explicitly forbidden?
Territory — is this action within the agent's domain?
Value limit — does this exceed the USD cap?
Grudge book — is this agent/user flagged for bad behavior?
Rate limit — too many actions in the last 60s?
Decision: approved | warned | blocked
If blocked → playbook halts immediately. Reason logged to Noel Ledger.
| Role | Maps to | Can do |
|---|---|---|
| Scout | market-monitor | Read market data, signals, portfolio |
| Tinker | workflow-executor | Execute swaps, automations, deployments |
| Skeptic | risk-verifier | Analyze, verify, review |
| Memory | memory-manager | Read/write/compress swarm memory |
Every Sentinel decision — approved, warned, or blocked — is logged with agent ID, action, reason, and duration. Full transparency on what agents are allowed to do.
get_noel_ledger
🚫 playbook:tinker → send_token
Blocked: send_token is in doNotDo list (450ms)
✅ playbook:scout → get_market_data
Approved: territory match (market) (12ms)
⚠️ playbook:tinker → swap_tokens
Warned: approaching value limit $18.50 / $20.00 (89ms)
{
"mcpServers": {
"noelclaw": {
"command": "npx",
"args": ["@noelclaw/research@latest"],
"env": {
"NOELCLAW_API_KEY": "noel_sk_xxx"
}
}
}
}create_task_packet task: "DCA $10 of ETH every day for 30 days. Never spend more than $15 in one day."
list_playbooks
run_playbook playbook_name: "DCA Setup"
get_noel_ledger
get_sentinel_rules
| Tool | Description |
|---|---|
create_task_packet |
Parse plain English into structured task scope |
list_task_packets |
List all your task packets |
list_playbooks |
List system + custom playbooks |
run_playbook |
Execute a Sentinel-gated playbook |
get_noel_ledger |
Full audit trail of Sentinel decisions |
get_sentinel_rules |
Rules for every agent role |
Market & Signals — get_market_data, get_token_data, get_latest_signal, get_signal_history, get_smart_money_alerts, get_daily_recap
Research & AI — research, get_insight, ask_noel
Wallet & DeFi — get_portfolio, swap_tokens, send_token, deploy_token, claim_fees, mint_nft
Automations — create_automation, list_automations, pause_automation, delete_automation
Swarm — start_swarm, stop_swarm, get_swarm_status, write_swarm_memory, get_swarm_memory, get_execution_scores
Framework — create_task_packet, list_task_packets, list_playbooks, run_playbook, get_noel_ledger, get_sentinel_rules
- npm: npmjs.com/package/@noelclaw/research
- Docs: docs.noelclaw.fun
- Platform: noelclaw.com