Building Moat: Auth, On-Chain Receipts, and 117 Integration Tests in One Week

What Moat Does Moat is a policy-enforced execution and trust layer for AI agents. When an autonomous agent wants to call an API, send a Slack message, or spend money, it goes through Moat. Every request gets evaluated against a policy engine, executed through a sandboxed adapter, and receipted — both off-chain in a database and on-chain on Sepolia. Four FastAPI microservices make up the system: a Control Plane (capability registry), Gateway (execution choke-point), Trust Plane (reliability scoring), and an MCP Server (agent-facing tool surface). HTTP Proxy with Domain Allowlists The first big feature was an HttpProxyAdapter that lets sandboxed agents make outbound HTTPS requests — but only to approved domains. The security model is simple and opinionated: allowlists beat blocklists. A blocklist means you're playing whack-a-mole with every new malicious domain. An allowlist means the agent can only reach what you explicitly permit. class HttpProxyAdapter(AdapterInterface): """Generic HT