agent_fabric

The system employs a robust security model centered around delegated session keys. Session key private keys are generated client-side, encrypted using a server's public RSA key, and stored in the database. Decryption for transaction signing occurs on the MCP server using the `SERVER_PRIVATE_KEY` environment variable. This establishes a centralized trust point for session key operations, which is an intentional design tradeoff for enabling AI agent automation with limited permissions, rather than exposing users' primary private keys. The smart contract (`AgentDelegator`) enforces on-chain scoping (allowed targets, selectors, time bounds) for these session keys. Furthermore, the `proxyFormSchema` actively blocks requests to localhost, loopback, and private IP addresses for user-defined `targetUrl`s, effectively mitigating Server-Side Request Forgery (SSRF) vulnerabilities. No 'eval' or direct hardcoding of critical secrets were found. Overall, the security architecture is well-considered for its purpose.