Security · How we protect capital

A squad with hard edges.

Kabal is autonomous. That only works if the protections around it are not. Three tiers of risk checks, hard caps, a kill switch, per-tenant keys, and an on-chain audit trail — all visible, all enforced before any SOL moves.

Three tiers of risk

Per-trader

Owned by the trader itself

Each trader (Reaver, Ash, Myth, Ravage) enforces its own position sizing (Kelly-sized, capped at config max), stop-loss policy, trailing rules, and concurrency limit. A trader can't exceed its own budget even if its strategy says to.

Squad-level

Enforced by the Sentinel agent

Sentinel watches the whole squad. Total exposure, correlation-across-positions, daily-loss drawdown, cold-start cap (first 3 live trades hard-limited to 0.02 SOL), and concurrency ceiling across all four traders. Sentinel can veto any trade, any time, no appeal.

Aegis · system-level

Enforced by the risk executor

Final guard before the wallet signs. Checks wallet balance, daily trade count, RPC health, mempool saneness. If any guard fails, the transaction is dropped and a SYSTEM_HALTED event publishes. Squad freezes until explicitly resumed.

Hard caps (live · default config)

Cold-start

0.02 SOL

Per trade · first 3 trades · Reaver only

After burn-in

0.50 SOL

Per trade · after 72h clean run

Daily loss

Of wallet balance · triggers freeze

Daily trades

Cap across all four traders

Concurrency

6 open

Positions across all traders

Single-trader

3 open

Per-trader ceiling

These values live in config/kredo.yaml. They tighten automatically in paper mode and loosen only after burn-in periods pass. No automated process can raise them — they only change through a committed-to-git config change.

The kill switch

⚠

Emergency halt

One command, Telegram or cockpit: /halt or the red button. The squad stops opening new positions immediately, all open positions get trailing stops tightened to 2%, Sentinel vetoes any retry. Nothing resumes until a human manually sends /resume with a reason.

Wallet architecture

Every Kabal user gets a per-tenant trading wallet — a fresh Solana keypair generated on account creation, isolated from the rest of the platform. The key never leaves our server; the user never sees it. Funds are deposited by the user from their own wallet via a signed deposit instruction.

Withdrawals are one-click, one-address (the depositing wallet). No free-form withdrawals. This eliminates the "where do I send the money" social-engineering attack — even if our admin panel is compromised, an attacker cannot direct funds anywhere except back to the user's own wallet.

Platform treasury (operational float, fees, incentives) is a separate multisig on a cold hardware wallet, not accessible to the trading engine at all. Compromising the trading infrastructure cannot touch treasury.

The audit trail

Every trade decision — paper or live, ghost-filter pass or veto, entry or exit — publishes an SPL Memo to Solana mainnet. The memo includes agent name, strategy, token, sizing, ghost filter result, Sentinel verdict, session ID, and timestamp.

This is append-only. We cannot rewrite a trade that went badly. You can verify every claim we make independently of our dashboard. See /proof for the full schema and an example memo.

Why this matters. The #1 way AI trading bots blow up isn't strategy — it's a rogue agent doing something outside the intended envelope. Kabal's three-tier architecture makes the envelope structurally enforceable, not just documented.

What we don't do

We do not use your wallet. Ever. Kabal trades on a per-tenant wallet we generate; your wallet only deposits and receives withdrawals.
We do not share positions across users. Each tenant is isolated — one tenant's bad trade cannot impact another.
We do not store private keys in our main database. They live in a separate vault with audit logging.
We do not allow free-form withdrawal addresses. Funds only exit to the original depositing wallet.
We do not run an LLM in the trade-execution hot path. All decisions are deterministic strategies with typed risk gates.

Questions people ask

What happens if your RPC provider goes down?

The Aegis tier includes an RPC-health probe. If the primary fails, the squad fails-over to a backup. If all known RPCs fail, the system halts — it will not attempt to trade against a degraded network.

How do I know your caps are actually enforced?

Every denied trade posts a memo too — RISK_VETOED with the reason (cap breached, balance low, Sentinel no). You can grep the memo stream for vetoes and see them in the wild.

What's the plan if someone finds a bug?

Responsible disclosure to security@kabal.trade. We'll publish a formal bug bounty after V.1 live. In the meantime, critical disclosures get a 10 SOL bounty and public credit if you want it.

Are you audited?

Not yet. V.0 is paper; V.1 live has hard caps that structurally limit exposure during the burn-in period. External audit is planned for Q3 2026 before we open Vault tiers broadly.