Open source · Runs locally · MIT License

Let your agents trade with confidence.

VestBridge is an open-source trust layer for agentic trading. It connects AI agents to your brokerage and securely enforces guardrails on every trade regardless of what permissions your agent has.

Get Early Access View on GitHub

claude — mcp: vestbridge

Your agent adapts to the rules.

User: "I want more exposure to the AI industry."

Agent: Analyzing AI sector opportunities...

[get_positions → robinhood] Current portfolio: $50,000

AAPL: $15,000 | MSFT: $10,000 | VOO: $25,000

Top AI pick by revenue growth: NVDA

[place_order NVDA $20,000 → robinhood]

✗ BLOCKED — would put 40% of portfolio in single stock

Mandate: max 20% single-stock concentration

Adjusting to diversify across AI sector...

[place_order NVDA $8,000 → robinhood] filled @ $142.50 ✓

[place_order AVGO $6,000 → robinhood] filled @ $185.20 ✓

[place_order AMD $4,000 → robinhood] filled @ $156.80 ✓

Invested $18,000 in AI sector across 3 positions.

Mandate enforced. All actions logged to audit trail.

vestbridge — autonomous mode

Your agent reacts while you sleep.

trigger: on_event("bank_analyst_report")

strategy: "Aggregate latest analyst coverage and rebalance

portfolio to increase exposure to upgraded sectors.

Target 60% equities, 40% ETFs."

━━━ Event: Goldman Sachs upgrades Semiconductors to Overweight ━━━

Agent: New analyst report detected. Scanning for recent coverage...

Goldman Sachs — Semiconductors: Neutral → Overweight

JP Morgan — Semiconductors: Overweight (reiterated)

Morgan Stanley — AI Infrastructure: new coverage, Overweight

Consensus shift: Semiconductors upgraded across 2 of 3 major banks.

[get_positions → robinhood] Current portfolio: $120,000

AAPL: $18,000 (15%) | MSFT: $22,000 (18%)

NVDA: $12,000 (10%) | VOO: $48,000 (40%)

AVGO: $8,000 (7%) | Cash: $12,000 (10%)

Rebalancing to increase semiconductor exposure...

[place_order NVDA $8,000 → robinhood] filled @ $142.50 ✓

[place_order AVGO $6,000 → robinhood] filled @ $185.20 ✓

[place_order MRVL $5,000 → robinhood] filled @ $118.40 ✓

[place_order AMD $10,000 → robinhood]

✗ BLOCKED — would exceed 25% single-sector concentration

adding to existing semiconductor positions

Mandate: max sector exposure 25%, current after fills: 24.2%

Rebalance complete. Semiconductor allocation: 24.2% → within mandate.

3 orders filled, 1 blocked. Audit trail updated.

Awaiting next analyst report...

How it works

Connect

Unified tool schema for any broker. get_quote, place_order, get_positions. Your agent learns one API regardless of the underlying broker.

Authorize

Define mandates: allowed assets, position limits, order size caps, concentration limits, time windows. Every order is checked before it reaches the broker. Mandates are cryptographically signed — your agent can't modify its own rules.

Isolate

VestBridge runs as a separate process with its own permissions. Your agent communicates only through MCP tools. It cannot access VestBridge source code, mandate files, broker credentials, or the audit log. One command: vestbridge serve.

Audit

Append-only log of every action. Hash-chained, sequenced, tamper-evident. Every entry records what the agent tried, which mandate was evaluated, and whether it passed or failed. Export for compliance review.

Your agent is the threat model.

Other MCP servers trust your agent. VestBridge doesn't.

process isolation architecture

AI Agent

User-level shell access

Can call

get_quote

place_order

get_positions

Cannot access

✗ Mandates

✗ Audit log

✗ Source code

✗ Credentials

MCP

tools only

MCP

VestBridge

Controls

✓ Mandate engine

✓ Signed mandates

✓ Audit trail

✓ Broker credentials

Signed mandates

Mandates are signed with your key. Even if an agent reaches the file, it can't forge a valid signature.

Append-only audit

The audit log is hash-chained and write-protected. No entry can be modified or deleted.

Read-only runtime

VestBridge's own code and config are mounted read-only. The agent can't patch its way past the rules.

Get started

Install, configure your mandate, and start the server. Security is built in.

Install & Initialize

terminal

# Install
$ pip install vestbridge

# Create and sign your first mandate
$ vestbridge init
# → creates ~/.vest/ directory structure
# → generates owner keypair
# → creates default mandate from interactive prompts
# → signs mandate with owner key

# Start the server (runs as isolated process)
$ vestbridge serve --broker paper
# → starts MCP server with process isolation
# → mandate files are read-only
# → audit log is append-only
# → ready to connect your AI agent

Connect to your AI client

claude_desktop_config.json

{
  "mcpServers": {
    "vestbridge": {
      "command": "vestbridge",
      "args": ["--broker", "robinhood"]
    }
  }
}

$ claude mcp add vestbridge -- vestbridge --broker robinhood

// .cursor/mcp.json
{
  "mcpServers": {
    "vestbridge": {
      "command": "vestbridge",
      "args": ["--broker", "robinhood"]
    }
  }
}

# Start VestBridge as an SSE server for remote clients
$ vestbridge --broker robinhood --transport sse --port 8080

# Connect ChatGPT, Gemini, or any MCP-over-HTTP client
# to http://localhost:8080/sse

Claude Desktop

Claude Code

ChatGPT

Gemini

Cursor

Any MCP client

Roadmap

From broker connectivity to verifiable compliance, one phase at a time.

Phase 1: Connect

In Progress

Broker adapters for Robinhood, Interactive Brokers, Alpaca. Paper trading adapter for testing.

Phase 2: Authorize

Mandate engine. Signed YAML mandates. Pre-trade validation. Agent identity.

Phase 3: Audit

Append-only hash-chained audit log. vest audit verify CLI. Export for compliance review.

Phase 4: Autonomous

Agent session lifecycle. Dead agent detection. Scheduled actions. Event trigger interface.

Phase 5: Verify

Vest Registry for external anchoring. Third-party verification API. Compliance reporting.