Arnaud 🌙

Gitbank MCP Most AI assistants today are disconnected from your actual work. They can write code, answer questions, and help you plan, but they have no idea what is in your team's treasury, who got paid, or whether the last PR bounty even landed on-chain. At the same time, Web3 teams are still manually copying wallet addresses, signing transactions one by one, and updating spreadsheets after every payout. Two workflows that should talk to each other never do. Gitbank fixes that. We built an MCP server that gives any AI agent live read and write access to your on-chain vault on Base mainnet. One config block. No API key. No wallet popups. We are building two things that do not exist yet: 1. AI Agent Wallet Security Your AI assistant can read and queue vault operations, but cannot execute anything without you. Every write action requires a signed comment from your own GitHub account. Your GitHub hardware key or passkey is the only thing that authorizes a transaction. Not a seed phrase. Not a password. GitHub + X identity as dual verification layers before anything moves on-chain. Soul-bound vault anchored to your permanent GitHub user ID. Impossible to phish. Impossible to drain via approval exploits. The AI queues the command. You authorize it. The relayer executes it. Zero private keys exposed. 2. AI Repo Management Tell your favorite AI to build a feature. Gitbank handles the rest. We push the code to your GitHub repo, deploy to GitHub Pages automatically on every approved PR, assign USDC bounties to Issues with one bot comment, and pay contributors the moment their PR merges. No manual deploys. No spreadsheets. No chasing payments. Your AI builds, we ship it, contributors get paid on-chain. Working today: Claude Desktop, Cursor Integrating: ChatGPT, Gemini, IBM watsonx, Grok, Kimi, Windsurf, GitHub Copilot, VS Code Setup guide and all clients: https://t.co/v1rFTqoD5S

Gitbank: Growth in Numbers 191 accounts registered. 186 vaults deployed on Base Mainnet. Almost every user who signed up deployed a vault. One command, no gas required. 418 bot commands processed. 112 unique users. 8 repos. Every single one ran through GitHub issue comments. No UI, no wallet popup, no gas from users. Breakdown by command: launch token: 162 withdraw: 133 balance check: 42 deposit: 27 x402 pay: 14 swap: 5 assign bounty: 1 transfer: 1 206 confirmed on-chain transactions. 92 deposits (gitShield) 111 withdrawals (gitUnshield) 3 swaps via Uniswap v3 All gas paid by the deployer. Users spent zero ETH. 153 tokens launched via Clanker. 33 unique launchers. From a single bot comment in a GitHub issue. 61 bot installations across 43 unique GitHub accounts. 32 users connected via X. 99 contest entries. 24 groups. 31 group messages. 10 x402 payment transactions.

GitVault: The security layer that powers everything Gitbank ships Most crypto wallets are one leaked private key away from being drained. GitVault is built on a different assumption: a stolen key alone is not enough. Here is how it works: Every GitVault is a soul-bound smart contract on Base mainnet. Assets inside are converted to gitAssets (gitUSDC, gitWETH). These are non-transferable ERC-20 tokens: no transfer, no approve. There is zero approval surface to exploit. Moving gitAssets requires two things simultaneously: - The owner's execution keypair A valid signature from the Gitbank relayer - One without the other does nothing. An attacker who gets the private key cannot move a single token without the relayer co-signing. The relayer validates the request against the owner's on-chain identity (GitHub permanent user ID, an immutable integer that cannot be spoofed by renaming an account) before countersigning anything. We tested this ourselves. In Gitbank's OpenHack event, we published a vault's private key publicly and challenged anyone to drain it. No one could. The gitAssets stayed locked. Key alone is not enough. This is not a claim. It is an on-chain result. What runs on GitVault today: Every product Gitbank has shipped uses this same security model. 1. GitHub App: gitbankbot handles deposits, withdrawals, swaps, and 2-step transfers. All signed through GitVault. Zero gas for users. 2. PR bounty system: developers lock budget on-chain when creating a project. When a PR merges, the bot auto-pays the assigned contributor. The payout cannot be redirected because it goes vault-to-vault, co-signed by the relayer. 3. Repo-paid bounties: teams fund tasks directly from their vault. Budget deducted on assignment, reclaimed on cancellation. All on Base mainnet. 4. x402 API payments: bot pays x402-protected APIs (Exa, Nansen) directly from the vault via EIP-3009. No API key needed. Payment settles on-chain before the request goes through. 5. Launchpad via Clanker: token launches are initiated from the vault. Creator address is the vault, not a hot wallet. 6. Gitbank X: same vault, same security, same relayer, accessible from X mentions. What this means for builders: GitVault is not just Gitbank's internal wallet. It is a programmable payment primitive that any AI agent or dApp can integrate. An AI agent with a GitVault can: - Receive payments from other vaults - Pay for API calls autonomously via x402 - Execute swaps without exposing a hot wallet - Hold project budgets and release them on verifiable conditions The security model works because it is enforced at the contract level, not at the application level. No matter what interface calls the vault (GitHub bot, X bot, AI agent, or a custom dApp), the same rules apply. The same two-signature requirement. The same identity anchor. The same zero-approval surface. This is the infrastructure layer AI agent wallets have been missing.