Advisors Crypto · for buildersSEC CRD #109201

Programmablefiduciaryauthority.

The SEC-registered policy layer between AI agents and capital. Your AI reads state, validates proposals against your Investment Policy Statement, and queues every trade for human attestation. No custody risk. No surprise executions.

Mint your first keyRead the docs
MCP-nativeOpenAPI 3.1Audit-logged on every call
GET/api/agent/v1/mandate
200
ipsVersion7
tierGrowth · 2
Crypto sleeve
Current22%
10% min35% max
Drawdown headroom
11.4%
Cash floor
5%
POST/policy/validate
allowed
buy BTC · $5,000

Crypto sleeve moves 22% → 24% — inside 35% cap. Drawdown unchanged.

0 violations · IPS v7
Audit traillive
agentbuy BTC $5,000
agentbuy ETH $25,000
crypto_max_allocation
userapproved attestation #4192
Works out of the box with
ClaudeCursorContinueWindsurfCustom MCPREST
Architecture

The policy sits betweenthe agent and the money.

Your AI never touches the custodian directly. Every read goes through scoped tokens. Every write is gated on the IPS and bounced to you for attestation.

Upstream

Your agent

  • Claude, Cursor, or custom
  • MCP-native or REST
  • Scoped bearer token only
AC Policy Layer

Investment PolicyStatement

Mandate match
Drawdown headroom
Asset authority
Standing rules
Allowed → queued for human attestation
Blocked → returned to agent with violations
Downstream

Custodian

  • Charles Schwab
  • Gemini
  • Self-custody (DFNS)

Notice what’s missing: an arrow from the agent straight to the custodian. There isn’t one. Even allowed proposals stop at the attestation queue until a human approves them in the AC app.

Why the policy layer

Execute is one philosophy.Policy is the durable one.

Letting an agent execute compresses every risk decision into one prompt. A policy layer hoists those decisions out of the prompt and into a contract you defined off-line.

Concern
Execute-style
Advisors Crypto
Who decides
The model in the moment
Your IPS, encoded off-line
Authority surface
Full execute scope
Scoped: read / validate / propose
Pre-trade safety
Soft prompts in the system message
Hard guardrails on every call
Audit trail
Per-platform, opaque
Every decision logged with rule
Custody risk
You delegate to the agent
Custody never leaves the user
Recovery if model misbehaves
Already executed — recovery is dispute
Caught at attestation — no trade
Regulatory fit
Unclear — agent owns the action
SEC-registered RIA acts on attestation
What it actually does

Three things an agentearns its place doing.

None of these require new infrastructure. Every snippet below is real code your agent runs against the live API.

Drift correction

Rebalance back to target without overstepping

The agent checks your mandate, sees the crypto sleeve drifted from 20% target to 26%, and proposes a partial trim. The IPS allows the size. You attest once. Done.

  1. 1Read state·get_mandate · get_holdings
  2. 2Validate trim·validate_trade
  3. 3Submit·propose_trade
// Agent reasoning, condensed
const { utilization } = await get_mandate();
// crypto sleeve at 26% vs target 20%, max 35%
const drift = utilization.cryptoUsedPct;
if (drift > 0.7) {
  await propose_trade({
    action: 'sell',
    assetSymbol: 'BTC',
    assetType: 'crypto',
    amountUsd: 8500,
    rationale: 'Rebalance crypto sleeve toward 20% target.',
  });
}
Drawdown response

React the moment a drawdown rule triggers

A signal fires; the agent calls validate_trade with a defensive position. The IPS already knows your drawdown rules, so the size and target asset are policy-shaped, not prompt-shaped.

  1. 1Pull audit context·get_audit
  2. 2Probe smaller sizes·validate_trade ×N
  3. 3Queue defense·propose_trade
// Find the largest size that stays inside the IPS
let amount = 50_000;
let decision;
while (amount >= 5_000) {
  decision = await validate_trade({
    action: 'sell',
    assetSymbol: 'BTC',
    assetType: 'crypto',
    amountUsd: amount,
  });
  if (decision.allowed) break;
  amount = Math.floor(amount * 0.75);
}
if (decision?.allowed) {
  await propose_trade({ /* same payload */
    rationale: 'Drawdown trigger — defensive trim.' });
}
Opportunity bounded by policy

Take an opportunity inside the bands you already set

A research signal comes in. Instead of debating limits in the prompt, the agent asks the policy what's allowed and sizes the trade to fit. No overshoots, no awkward retries.

  1. 1Check mandate·get_mandate
  2. 2Validate·validate_trade
  3. 3Propose if allowed·propose_trade
// Policy-shaped sizing
const m = await get_mandate();
// 11.4% drawdown headroom remaining
const headroom = m.utilization.drawdownHeadroomPct;
const aggressiveness = Math.min(headroom / 15, 1); // cap at 100%
const amountUsd = Math.round(20_000 * aggressiveness);

const decision = await validate_trade({
  action: 'buy', assetSymbol: 'NVDA',
  assetType: 'tradfi', amountUsd,
});
if (decision.allowed) await propose_trade({ /* … */ });
API reference

Every shape your agentwill ever send or receive.

Real request and response bodies, copy-paste from the page. For the formal contract, hit the OpenAPI 3.1 spec.

GET/api/agent/v1/whoamiread

Identify which user this key acts for and what scopes it carries.

Response
{
  "userId": "8d0a1f8b-…",
  "scopes": ["read", "validate", "propose"],
  "productLine":
    "AC Policy Layer — agents propose, the IPS decides, humans attest."
}
Install

Pick a client.Paste the snippet.

Claude DesktopMCP
{
  "mcpServers": {
    "advisors-crypto": {
      "command": "npx",
      "args": ["-y", "@advisors-crypto/mcp"],
      "env": { "AC_AGENT_KEY": "ac_live_…" }
    }
  }
}
Mint your keyView on npmBetaOpenAPI 3.1
Frequently asked

Honest answersbefore you build.

Letting an agent execute compresses every risk decision into one moment of model judgment. We hoist those decisions out of the prompt: every proposed action passes through your Investment Policy Statement, lands in a human attestation queue, and only then turns into a real trade. That’s the wedge — and the durable answer to “what happens when the model is wrong?”
Call get_mandate or read the ac://mandate/current MCP resource. You get the active IPS as a structured bundle: allocation bands, drawdown limit, cash floor, current utilization. The agent shapes proposals to fit. If it gets it wrong, validate_trade returns the violations.
Nothing user-visible. The validation runs, the decision is audit-logged with the rule that fired (e.g. crypto_max_allocation), and the agent gets a structured violation list back. The user doesn’t see a noisy attestation request for something that policy already rejected.
No. The agent only ever talks to AC. Custodian connectivity (Schwab, Gemini, DFNS self-custody) lives behind the AC backend, isolated from anything an external token can reach. Even a stolen agent key can’t move funds — the worst it can do is queue a proposal you reject.
No — MCP is the easiest path, but the same surface is exposed as REST under /api/agent/v1/*. OpenAPI 3.1 spec is published. Use cURL, generate an SDK, or wire it into Zapier — the policy layer is the same.
Open /agent in the AC app, click revoke on any key. The next call from that key returns 401 immediately. Mint a new one alongside, hot-swap into your agent config, no downtime needed.
Agent access is included for AC managed-account clients — the same accounts already pay an annual advisory fee, so agentic access comes with it. We don’t charge per call.
Every guardrail decision — accept, reject, even agent-only validates — is persisted with the rule, the payload, the IPS version at the time, and the actor (which agent key or human). That’s the audit substrate our SEC registration already runs on; agent calls just join the same feed.

Give an AI authority over real capitalwithout giving up control.

The policy is the gate. Mint a key, point your agent at us, watch every decision land in your audit log within seconds.

Start in the appView on npmBeta