Protect Base agents with verified onchain guardrails.
Oculus watches autonomous wallets on Base, verifies every spend against your policy, and reimburses approved claims in USDC without forcing you to rewrite your agent stack.
Introduction
Autonomous agents move fast on Base: they swap, bridge, pay invoices, top up tooling, and execute workflows around the clock. The problem is not activity, it is unchecked activity. One bad loop or compromised tool permission can turn a healthy treasury into a live incident.
Oculus sits alongside your Base wallet operations and enforces the guardrails you define: per-transaction limits, rolling budget windows, recipient and contract allowlists, webhook alerts, verified claim records, and instant reserve-funded payouts.
Quickstart
Most teams are live in under ten minutes. You need a Base treasury wallet, a payout wallet, and a funded USDC reserve for reimbursement.
-
Create a workspace
Open your Oculus workspace, register the agent, and connect the Base wallet that funds its transactions.
-
Define policy guardrails
Set hard caps for per-transaction, hourly, and daily spend. Add allowlists for approved contracts, vendors, and payout destinations.
-
Fund your reserve
Deposit USDC into the reserve wallet that backs reimbursements. This reserve is what Oculus uses for claim payouts.
-
Attach monitoring
Connect your webhook endpoint and monitoring provider so every Base transfer, swap, approval, and payout gets logged in real time.
-
Start routing agent activity
Use the SDK, API, or CLI to register transactions under the policy. From there Oculus handles verification, alerts, and payout automation.
Coverage flow
Oculus is designed to be operational, not ceremonial. Each spend event runs through the same pipeline so your team can trace what happened and why.
1. Observe
Alchemy webhooks and policy-linked transaction streams detect wallet activity on Base within seconds.
2. Verify
Each transfer is compared against active rules: amount, contract, destination, category, and cumulative budget usage.
3. Decide
Oculus marks the event as compliant, soft-breach, or reimbursable incident and pushes that decision to your alerting stack.
4. Reimburse
Approved claim amounts are paid from your reserve in USDC and written to the workspace ledger for auditability.
Policies
A policy is a signed configuration that tells Oculus how an agent is allowed to spend on Base. It stays consistent whether the agent acts through a backend service, a cron job, or an internal operator tool.
{
"workspace_id": "ws_base_01",
"agent_id": "ag_marketmaker_7",
"chain": "base-mainnet",
"wallet": "0x8A13...D4c1",
"limits": {
"per_tx_usd": 150,
"per_hour_usd": 1200,
"per_day_usd": 6000
},
"allowed_contracts": [
"0xContractRouterA",
"0xApprovedVendorB"
],
"payout_wallet": "0xReserveOps9...2Ac4",
"reserve_asset": "USDC",
"alert_channel": "ops-wallet-alerts"
}Spending limits
Limits are denominated in USD and evaluated at the time of verification so the same policy works across volatile onchain activity.
- Per-transaction cap — stops oversized one-off spends before they become a treasury event
- Rolling hourly and daily windows — catches loops, drip attacks, and runaway automation
- Contract allowlists — restricts execution to approved Base integrations and internal contracts
- Recipient allowlists or denylists — keeps funds away from unknown destinations
- Reserve thresholds — alerts you before claim coverage drops below your minimum safe level
Claims & payouts
Claims are created when a verified spend breaches an active policy and qualifies for reimbursement under your workspace rules. Oculus records the triggering transfer, policy snapshot, calculated breach amount, and payout decision.
For approved incidents, the payout engine sends USDC from your reserve to the designated payout wallet. Teams typically use the same reserve for both automated payouts and manual treasury reconciliation.
TypeScript SDK
The SDK helps you register Base activity, validate policies, and attach agent metadata from your application layer without building your own control plane.
// npm install @oculus/sdk viem
import { createPolicyClient } from "@oculus/sdk";
import { createWalletClient, http } from "viem";
import { base } from "viem/chains";
const wallet = createWalletClient({
chain: base,
transport: http(process.env.BASE_RPC_URL)
});
const policyClient = createPolicyClient({
apiKey: process.env.BASEBOT_API_KEY,
workspaceId: "ws_base_01",
agentId: "ag_marketmaker_7",
walletClient: wallet
});
const result = await policyClient.verifyAndRecord({
category: "vendor_payment",
expectedUsd: 72.4,
recipient: "0xApprovedVendorB"
});Webhooks
Webhook delivery is the fastest way to pipe Oculus decisions into Slack, email, your incident system, or another internal agent supervisor. Events are signed with X-Oculus-Signature.
| Event | Triggered when |
|---|---|
tx.observed | A Base transfer or contract interaction is detected |
limit.hit | A hard or soft policy threshold is crossed |
claim.created | A reimbursable incident is opened |
payout.sent | A USDC payout is broadcast from reserve |
policy.updated | Guardrails or reserve settings changed |
POST /your-webhook HTTP/1.1
X-Oculus-Signature: t=1779296400,v1=3b52...
{
"event": "claim.created",
"agent_id": "ag_marketmaker_7",
"tx_hash": "0xf5d9...eb42",
"breach_type": "per_day_usd_exceeded",
"claim_amount_usd": 214.90,
"reserve_asset": "USDC"
}CLI
The CLI is useful for provisioning workspaces, applying policies from JSON, backfilling Base activity, or inspecting active claims from ops terminals.
# install
npm install -g @oculus/cli
# authenticate
oculus login
# apply a policy file
oculus policy apply ./policy.base.json
# replay the last hour of Base activity
oculus events sync --agent ag_marketmaker_7 --since 1h
# inspect open claims
oculus claims list --status openREST API
Base URL: https://api.basewire.app/v1. Every request is authenticated with a workspace-scoped bearer token issued from Settings → API keys.
| Method | Path | Purpose |
|---|---|---|
POST | /policies | Create or activate a policy |
GET | /policies/:id | Read the current policy snapshot |
PATCH | /policies/:id | Update limits, reserve, or allowlists |
GET | /events | Paginated Base activity timeline |
GET | /claims | Open and historical claim records |
POST | /verify | Evaluate an expected Base spend before execution |
Errors
The API returns JSON with code, message, and optional details. These are the cases you will hit most often in Base-only setups.
| Code | Meaning |
|---|---|
400 | Malformed policy payload or unsupported Base address format |
401 | Missing or invalid workspace token |
403 | Contract or recipient not permitted by the active policy |
409 | Conflicting policy or duplicate reserve configuration |
422 | Reserve is too low for requested coverage |
429 | Rate limited — reduce verification burst size |
5xx | Transient platform error — retry with backoff and preserve idempotency keys |
FAQ
Does Oculus custody my treasury?
No. Your Base wallet remains under your control. Oculus observes activity, evaluates it against policy, and automates claims from your configured reserve.
Which chain does this cover?
This documentation and product flow are Base-only. Policies, claims, and payout verification are designed for Base mainnet operations.
Do I need a platform token?
No. There is no staking requirement in this flow. Teams fund reimbursements directly from a USDC reserve tied to the workspace.
Can I run monitor-only mode?
Yes. You can observe Base activity, receive alerts, and build audit trails without enabling automatic payouts.
How are claims verified?
Claims are verified from Base transaction receipts, policy snapshots, event timing, and the reserve settings active when the incident occurred.
What if my monitoring provider misses an event?
Oculus supports replay and backfill flows so you can re-sync the affected time window and reconstruct the claim timeline.