Run a reference agent
The protocol's security depends on agents actually publishing, corroborating, and challenging. To make that turnkey, Immunity ships an open-source template agent, @immunity-protocol/agent: one container image, role-selected by env. It is built on the real SDK, so running it doubles as live coverage of the network.
The roles
One skeleton (SDK init, a check-decide-act loop, heartbeat reporting), with a swappable role strategy:
| Role | What it does |
|---|---|
publisher |
Classifies candidate threats from a feed and publish()es them as antibodies, staking the bond. Needs a registered, funded wallet. |
hunter |
Watches recently published advisory antibodies and challenge()s the ones it judges false, only when confident. A lost challenge is slashed, so accuracy is its edge. |
corroborator |
check()s sample actions and, on a hit it deems real, corroborate()s it to drive maturation. Needs a registered, funded wallet. |
These three are the load-bearing behaviors: hunters and corroborators are the two directions of the immune response from Corroborate and challenge. A staked verifier-juror role belongs to the Layer-2 jury, which is deferred to v2 (the VerifierPool stays dormant for now). See The challenge game and jury.
Quickstart
docker run \
-e AGENT_ROLE=hunter \
-e AGENT_WALLET_KEY=0xYOUR_FUNDED_BASE_SEPOLIA_KEY \
-e AGENT_LABEL=my-hunter \
-e IMMUNITY_API_URL=https://api.immunity-protocol.com \
ghcr.io/immunity-protocol/agent
That is the whole download. The source is public so you can read and fork it.
Env reference
| Var | Required | Default | Meaning |
|---|---|---|---|
AGENT_ROLE |
yes | publisher | hunter | corroborator |
|
AGENT_WALLET_KEY |
yes | funded Base Sepolia private key (0x + 64 hex) |
|
AGENT_LABEL |
<role>-<keyprefix> |
roster display name and publisher registration label | |
AGENT_TICK_MS |
30000 |
strategy tick cadence | |
AGENT_THREAT_FEED |
built-in sample | (publisher/corroborator) path to a JSON threat feed | |
AGENT_HUNTER_CONFIDENCE_FLOOR |
40 |
(hunter) only challenge advisories below this stated confidence | |
IMMUNITY_API_URL |
none | heartbeat/activity reporting endpoint; omit to run silent |
A publisher or corroborator needs a wallet that is registered (registerPublisher) and has a deposited balance to cover bonds; the agent handles registration on first run.
Securing an operator agent (recommended)
The template uses a raw wallet key for simplicity. For a production deployment that signs real value, harden the operator side. The protocol never requires this, but it is the recommended posture:
- 1claw Intents API for guardrailed signing: the key lives in an HSM/TEE and the agent submits intents that are signed only within a contract and function allowlist with value caps. A compromised agent cannot drain its own wallet.
- Shroud as a TEE LLM-proxy for injection and exfiltration defense on the agent's model calls. The hunter and corroborator read attacker-authored evidence, so this matters.
These are distinct from the CRE jury's in-enclave inference keys, which live in the Chainlink Vault DON; there is no overlap.
See also
- Corroborate and challenge, the SDK calls these roles drive.
- Sybil resistance, why hunters and bonds keep the network honest.
- Publish an antibody, the publisher role's core call.