-
-
Sovereign Deposit Agent built with Cursor: AGENTS.md, hackathon rules, and FastAPI backend in isolated repo on port 8098.
-
Chutes LLM API integration (llm.chutes.ai/v1): on-chain inference in Auditing and HITL_Review deposit validation stages.
-
Platform Scorecard 8/8: Chutes LLM, Sign in with Chutes, 4-stage webhook, sovereign gates, MongoDB audit, WhatsApp HITL, tests.
-
Case list in MongoDB (chutes_deposit_audit): Malaysia scenarios, stage, gate findings, and HITL/Completed status per deposit.
-
TechMalaya Solutions happy path: automated Intake and Auditing, Chutes analysis, paused at HITL_Review for finance approval.
-
Sign in with Chutes (OAuth 2.0 + PKCE): Chutes authorization screen before callback to the deposit agent dashboard.
-
Dashboard with active Chutes session (@rafagye): authenticated finance reviewer ready for HITL approve/reject decisions.
-
Borneo Data Core blocked at Intake: anti_fraud_duplicate gate stops repeat transaction before credits are issued.
Inspiration
Malaysian and APAC enterprises buying Chutes compute credits still lose days to manual finance review: missing bank transfer PDFs, duplicate transactions, and forged receipts block legitimate top-ups. Centralized SaaS billing tools often move sensitive payment telemetry outside the operator’s perimeter. We wanted a sovereign agentic operations layer — Chutes Sovereign Deposit Agent (SDA) — that keeps validation rules and audit history under the administrator’s control, sends deep receipt analysis to Chutes decentralized LLM (llm.chutes.ai/v1), and lets finance reviewers authenticate with Sign in with Chutes so AI usage can bill to their Chutes account instead of the platform owner’s.
What it does
InnerOS Cloud Copilot / Chutes SDA is a corporate productivity agent for Chutes credit top-ups. It exposes an async FastAPI webhook (POST /api/v1/chutes-deposit-webhook) and a jury dashboard with four Malaysia demo scenarios. The pipeline runs Intake → Auditing → HITL_Review → Completed:
- Intake: local gates —
pdf_compulsory,verified_hash,anti_fraud_duplicate,document_integrity_gate - Auditing: Chutes on-chain LLM analyzes receipt evidence and fraud signals
- HITL_Review: Chutes LLM summary + human approval; reviewer logs in with Sign in with Chutes (OAuth 2.0 + PKCE)
- Completed: deposit marked ready; full case persisted in MongoDB
chutes_deposit_audit
Four live scenarios: techmalaya_happy (happy path → credits), kl_ai_labs_pdf (blocked: missing PDF), borneo_duplicate (blocked: duplicate tx), malaysian_creative_fraud (blocked: document fraud).
Judge links: Dashboard · Status — Chutes LLM reachable · GitHub repo
How we built it
Core backend: Python 3.10+ and FastAPI with async webhooks. Chutes LLM (25% mandatory) via chutes_client.py → llm.chutes.ai/v1 (e.g. Qwen/Qwen3-32B-TEE) in Auditing and HITL_Review. Sign in with Chutes: OAuth app + PKCE at /api/v1/auth/chutes/login. Gates: tools/deposit_gates.py. Audit trail: MongoDB chutes_deposit_audit. HITL alerts: Evolution API → WhatsApp. Isolation: port 8098; public ngrok path /chutes-deposit/. Built with Cursor AI agents.
curl -X POST "https://sworn-profusely-alongside.ngrok-free.dev/chutes-deposit/api/v1/scenarios/techmalaya_happy/run-full"
curl -s "https://sworn-profusely-alongside.ngrok-free.dev/chutes-deposit/status"
## Challenges we ran into
**Network and port isolation:** our lab host runs many live microservices; we mapped SDA to **8098** and published via ngrok **`/chutes-deposit/`** without disrupting existing **`/uipath/`** routes.
**Mandatory Chutes inference:** early flows could fall back to local Ollama — we enforced **Chutes** in **Auditing** and **HITL_Review** and expose `chutes_llm.reachable` on **`/status`** for async jury review.
**Sign in with Chutes:** OAuth registration returned HTTP **409** (_application name already exists_); we recovered credentials via Chutes IDP list + secret regeneration.
**Async judging (no live pitch):** we optimized for _one-click evidence_ — scorecard, four scenarios, OAuth session in dashboard log, public URLs.
## Accomplishments that we're proud of
We shipped a **complete 4-stage corporate deposit agent** with real anti-fraud gates and **Chutes on-chain LLM** inference.
**Sign in with Chutes** works end-to-end (reviewer session e.g. `@rafagye` in live dashboard log).
All **four Malaysia scenarios** pass E2E from the panel.
**Platform scorecard** verifies integrations via live API.
The system keeps **data sovereignty**: gates + audit stay on operator **MongoDB**; only targeted LLM tasks go to **Chutes**.
Open-source repo: [Rafa-Innerchispa/chutes-deposit-agent](https://github.com/Rafa-Innerchispa/chutes-deposit-agent)
## What we learned
**One `cpk_` API key** covers all Chutes models via OpenAI-compatible **`/v1/chat/completions`**.
**Sign in with Chutes** separates _platform inference_ (server key) from _user-billed inference_ (reviewer OAuth) — critical for sustainable B2B finance tools.
**Deterministic local gates + probabilistic Chutes audit** is faster and safer than sending every deposit straight to an LLM.
Decentralized **Chutes compute** fits **high-value agentic background tasks** (receipt audit, HITL summaries) as well as chat use cases.
## What's next for InnerOS Cloud Copilot: Sovereign Agentic Operations
Expand SDA into a full **InnerOS sovereign operations plane**:
- **Auto-credit Chutes wallets** after HITL approval
- **Multi-tenant Sign in with Chutes** per corporate customer
- **PDF Document Understanding** before gates
- **Active-passive HA** with MongoDB replication and stateless FastAPI replicas
- **Automated recovery hooks** so the agent not only diagnoses deposit anomalies but triggers secure sandboxed actions — billing webhooks, rollback commands, and container orchestration — while keeping telemetry and audit history fully inside the administrator’s perimeter
Built With
- docker
- fastapi
- postgresql
- python
- sql
Log in or sign up for Devpost to join the conversation.