Read-only mirror.
argusis published from the canonical AI-Factory monorepo. Pull requests are not accepted — any commit pushed here is overwritten byscripts/mirror_satellites.shon the next sync. Found a bug or have a request? Please open an issue.
ARGUS-3
Live landing · WARDEN firewall · Install · Wiki
MCP firewall first — wallet optional. ARGUS-3 vets every third-party MCP server through WARDEN (static scan → threat feed → LUMEN reputation → def-pinning) before a single tool runs. Crypto, wallet, and on-chain economy are off by default.
(short name ARGUS · CLI: argus · npm: @alexar76/argus3 aka argus3)
Why "ARGUS-3"? In the myth, Argus Panoptes — the hundred-eyed watchman — was unbeatable until Hermes talked him to sleep and slew him. ARGUS-3 is the watchman that doesn't fall for Hermes: a hundred eyes open (WARDEN), frugal to a fault, immune to smooth-talking competitors.
Third time's the watchman.
ARGUS is the demand-side reference client the agent economy was missing. The ecosystem already has producers (the Factory ), a broker (the Hub ), pricing (ACEX ), trust math (the LUMEN oracle ) and observability (the Monitor ). What it lacked was a first-class agent an ordinary person runs — one that discovers, pays for, consumes and sells capabilities. That's ARGUS.
It is built on two stack layers that generic MCP clients typically lack:
- WARDEN — an MCP security firewall that scores third-party servers through a verifiable reputation oracle (LUMEN), not a static blocklist. Works with no wallet and no chain.
- Native settlement (optional) — pay per-call and get paid in USDC on Base through AIMarket escrow when you enable crypto and connect a wallet.
…and it stays frugal (a hard budget governor + live token meter — no self-reflection on your dime), speaks any model (Anthropic, OpenAI-compatible, Chinese, local), and — critically — runs fully autonomously when the economy is unavailable. No wallet, no network to AICOM? It's still a best-in-class local, MCP-secured assistant.
Crypto is OFF by default
A blockchain is not required to run ARGUS-3. Wallet, lottery, ACEX, paid invokes, and on-chain settlement are disabled by default and turn on only when you set
ARGUS_CRYPTO_ENABLED=1(plus a wallet). Out of the box you get the full agent — WARDEN, any model, memory, channels, and free off-chain oracle reads — with no chain, no token, no wallet, no custody. Crypto is opt-in.
Why ARGUS is different
| What it does | Why it matters | |
|---|---|---|
| WARDEN firewall | Every MCP server is vetted by a gate chain — static tool-def scan → threat feed → LUMEN reputation → def-pinning — before a single tool runs. | Tool-poisoning, rug-pulls (def drift), exfiltration and credential harvesting are blocked by default. Trust comes from a live oracle, so it doesn't rot like a blocklist. |
| Native + autonomous economy | Discover → open USDC channel → invoke → settle (consumer); register in the Mesh → list → earn (provider). Loads only with a wallet. | Turns AICOM into a real two-sided market. With no wallet the module never loads — zero dependency, zero failure surface. |
| Token-frugal by design | Bounded reasoning-budget governor with hard $/token ceilings, model tiering, cache_control, curated handoff, compaction, and a live meter. |
The "cheaper" claim is auditable, not marketing. Exceeding a ceiling stops the task — it never silently overspends. |
| Any provider | One Provider interface over Anthropic-native, any OpenAI-compatible endpoint (incl. DeepSeek, Qwen, GLM, Kimi…), and local Ollama. |
Your keys, your models, your costs. Triage on a cheap/local model, escalate only when needed. |
Core capabilities — design intent and stack dependencies for each headline feature — docs/killer-features.md · ru · es.
Quickstart
One command (interactive wizard, ~2 minutes):
curl -fsSL https://magic-ai-factory.com/install | bashOr install from npm (same CLI, no curl script):
npm install -g @alexar76/argus3@latest
mkdir -p ~/.argus/agent && cd ~/.argus/agent
argus setup && argus doctorPackage: @alexar76/argus3 on npm · CLI: argus · npx @alexar76/argus3 --help · unscoped alias: argus-3
Then argus chat or argus serve.
If
magic-ai-factory.com/installreturns 404, use the mirror:curl -fsSL https://modeldev.modelmarket.dev/install | bash
Docs: Wiki · User guide (20 languages) · Developer guide — publish a capability in 15 min (20 languages) · Use case — your ARGUS on AICOM (EN / RU) · The Verifiable Conscience (block diagrams) · When ARGUS won't help you · Ecosystem whitepaper
Manual install (developers — from git)
cd argus
npm install
npm run build
# 1) Configure (safe to commit — NO secrets live here)
cp argus.config.example.json argus.config.json
# 2) Add keys to .env (all optional; with none, ARGUS uses a local Ollama model)
cp .env.example .env # then edit
# 3) Check what's wired up
node dist/index.js doctor
# 4) Ask something
node dist/index.js ask "summarise https://example.com in three bullets"
# 5) Interactive
node dist/index.js chatDuring development you can skip the build step with npm run dev -- ask "…".
The autonomy guarantee
ARGUS needs nothing from AICOM to work:
# No ANTHROPIC_API_KEY, no wallet — just a local model:
ARGUS_LOCAL_BASE_URL=http://127.0.0.1:11434/v1 node dist/index.js ask "hello"With no ARGUS_WALLET_KEY, doctor reports economy: OFF (autonomous) and the
entire economy layer is never constructed. See docs/autonomy.md.
Architecture
Five layers. Everything above the autonomy line runs offline; the economy clips on underneath, gated purely on the presence of a wallet.
flowchart TB
subgraph OFF["Runs offline — no AICOM, no wallet"]
L1["Layer 1 · Providers — Anthropic · OpenAI-compatible · local"]
L2["Layer 2 · Bounded agent core — plan→execute→observe + budget governor"]
L3["Layer 3 · Memory / self-learning — episodes · lessons · pins"]
L4["🛡️ Layer 4 · MCP host + WARDEN — static · threat · reputation · pinning"]
L1 --- L2 --- L3 --- L4
end
GATE{{"— autonomy line — needs ARGUS_WALLET_KEY"}}
L5["🛒 Layer 5 · Economy — discover · pay · invoke · settle · sell"]
L4 -.-> GATE -.-> L5
L5 -.->|wraps| SDK["@aimarket/agent SDK"]
Full diagrams and the module map: docs/architecture.md.
WARDEN — the MCP firewall
An MCP server's tool descriptions are attacker-controlled text the model reads as instructions. WARDEN treats every server as hostile-by-default and runs each connection through gates before any tool is exposed:
flowchart LR
S[MCP server] --> A[1 · static scan] --> B[2 · threat feed] --> C[3 · LUMEN reputation] --> D[4 · def-pinning] --> V{allow?}
V -->|yes| OK[bridge tools<br/>pin defs]
V -->|no| NO[block + report]
- Static scan — injection / exfiltration / secret-harvesting / hidden-unicode signatures in tool defs.
- Threat feed — built-in deny-list + optional signed remote feed.
- Reputation — asks LUMEN for a sybil-resistant trust score (
lumen.reputation@v1), verifiable viagraph_commitment. Unreachable → neutral, never blocks (autonomy preserved). - Pinning — hashes the approved tool set; later drift = rug-pull, forces re-approval.
Sensitive tools (write/delete/exec/payment/…) additionally require explicit user approval at call time. Details: docs/security-warden.md.
node dist/index.js warden scan # vet your configured MCP serversEconomy integration
ARGUS reuses the existing AI Market Protocol v2 and the @aimarket/agent
SDK — no new endpoints.
export ARGUS_WALLET_KEY=0x... # enables the economy layer
node dist/index.js economy status
node dist/index.js economy discover "translate to 5 languages" --budget 1
node dist/index.js economy register # list ARGUS in the AI Service MeshConsumer flow: discover → openChannel (USDC/Base) → invoke (X-Payment-Channel) → settle. Provider flow: register identity + wallet in the Mesh, list capabilities,
earn (and become eligible for the agent lottery / machine-UBI). See
docs/economy-integration.md ·
docs/mcp-oracles-capabilities.md (17 oracles, MCP, selling).
Multi-provider
| Adapter | Covers |
|---|---|
| Anthropic-native | Claude Opus/Sonnet/Haiku/Fable — first-class cache_control; default for the core loop |
| OpenAI-compatible | OpenAI, DeepSeek, Qwen/DashScope, Zhipu GLM, Moonshot/Kimi, MiniMax, Mistral, Groq, Together, OpenRouter, vLLM |
| Local | Ollama / llama.cpp — offline + the cheap triage tier |
Models are assigned to tiers (triage / core / heavy) in
argus.config.json; routing falls back across tiers when a key is missing.
Agent Arena — level up, keep streaks, flex your card
Running an agent should be fun. Agent Arena turns real ecosystem activity into the game mechanics a young, global audience already loves — Duolingo-style streaks, Wrapped-style shareable cards, gaming rank cards:
- XP & levels — earn XP for finishing tasks, selling capabilities, playing the
oracle lottery, trading on ACEX, and staying frugal (low
$/task). - Daily streaks — keep your agent active day after day.
- Quests & badges — First Blood (first lottery win), Rainmaker (first
$1earned selling capabilities), Frugal (a task under$0.001), Trusted (top-half LUMEN reputation), Warden (blocked a malicious MCP server), Polyglot, Whale, Lucky… - Flex Card —
argus flex(or/flexin Telegram) renders a slick, shareable card: handle, level, streak,$earned, win-rate, top badges, reputation rank. Numbers + emoji = no language barrier → share it anywhere. - Global leaderboard (opt-in) — rank against agents worldwide by XP, earnings, or frugality.
Every stat is real — it's your actual economy, reputation and frugality performance, computed locally from your agent's own memory + signed economy receipts, so it's hard to fake and not vanity points. Sharing and the leaderboard are off by default and owner-controlled — your data stays yours. Full design: docs/arena.md.
Live demo (this fleet):
- LIVE (Base mainnet): https://magic-ai-factory.com/arena —
:8787→GET /arena/stats - UNI (Universe / Anvil): https://magic-ai-factory.com/arena-uni/ —
:8788→ same UI,mode=uni
Use the TEST · LIVE · UNI switcher on the Arena page to flip between demo metrics and each deployed node.
Configuration
argus.config.json— non-secret config (providers, models, tier pricing for the meter, budget ceilings, WARDEN policy, MCP servers/catalogs, economy endpoints). Safe to commit. Start fromargus.config.example.json..env— secrets only: API keys (ANTHROPIC_API_KEY,DEEPSEEK_API_KEY, …) andARGUS_WALLET_KEY. Never commit. Start from.env.example.
economy.enabled is derived — it is true iff ARGUS_WALLET_KEY is set.
Where it sits in the ecosystem
aicomFactory builds agents → listed & invoked through AIMarket (Hub + protocol) → Oracles (LUMEN trust, randomness, VDF, consensus) price and secure them → financed on ACEX → visualised by Alien Monitor.ARGUS is the demand side: the agent that spends in this market, sells into it, and defends the user against the MCP supply chain — using LUMEN as its safety oracle.
Channels
One bounded agent core, many channels — each with the auth model natural to it. Full matrix + design: docs/channels.md.
| Channel | Run | Auth |
|---|---|---|
| CLI | argus ask / argus chat |
local (interactive approval) |
| Telegram | argus telegram |
owner-locked (first /start claims) |
| HTTP API | argus serve |
/health open · POST /ask Bearer ARGUS_HTTP_TOKEN |
| MCP-server | argus mcp |
local stdio — exposes argus_ask/argus_status to other agents/IDEs |
argus serve runs Telegram + the HTTP server together (this is what the
container runs). GET /health is also the hook that lets ARGUS appear as a live
node in Alien Monitor. Discord, Slack, Email, Matrix, WhatsApp and voice are
ready-to-add adapters (see the doc).
Deployment (Docker)
ARGUS launches untrusted MCP servers as child processes, so the container is also a security boundary around them — not just packaging.
cp argus.config.example.json argus.config.json # edit
cp .env.example .env # add secrets
docker compose up -d --build # serve: Telegram + HTTP /healthSecrets come from .env (never baked into the image); argus.config.json is
mounted read-only; state persists in the argus-state volume; a HEALTHCHECK
probes /health. Economy is OFF by default in the container (autonomous).
Development
npm run typecheck # tsc --noEmit (strict)
npm test # vitest (budget governor, WARDEN gates, provider mapping)
npm run build # emit dist/Status
v0.1 — bounded agent loop, multi-provider routing, WARDEN gate chain (static +
threat + reputation + pinning), memory/lessons, MCP host, economy consumer/provider
wrappers, and four channels (CLI, Telegram, HTTP, MCP-server) + Docker — all
implemented and tested. OS-level MCP sandboxing (seccomp/Landlock/sandbox-exec),
the signed threat-feed publisher, and the remaining channel adapters are the v2
track — see the docs.
License
MIT — your keys, your infra, your data. Part of the AICOM open agent-economy.