An oracle, not a bot.
VIGIL ORACLE is an autonomous AI agent framework built for one audience — crypto traders — and one job: watching markets that never close. It borrows its architecture from AEON's self-evolving agent design: a GitHub Actions runtime, skills written as plain markdown, and a memory layer that lives in version control. Where AEON is a general-purpose agent, VIGIL is a vertical agent — every skill, every default, every output format is tuned for trading intelligence.
The framework ships with a free, open-source core. Eight production
skills — whale-watch, liquidation-radar,
funding-arb, narrative-scanner and others —
run on a public cron and cast structured beacons to Telegram, Discord
or Slack. Holding $VGL, the project's Solana token,
unlocks a second tier of twenty-four prophecy-* skills:
deeper, heavier, edge-grade watchers gated by an on-chain balance
check performed at runtime.
VIGIL holds no funds, signs no transactions, and runs no private servers. It is a reasoning layer that sits beside the market and reports what it sees. Every execution is a public Actions log; every memory mutation is a git commit. The result is an agent a trader can fork, audit line by line, and trust — because nothing about it is hidden.
This document describes the protocol in full: the problem it addresses, the six-component architecture, the runtime and skill model, the shared memory design, the economics of the $VGL token, and the path from a simple holder-gated launch to community governance.
Markets never close.
Crypto is the only major market with no bell. Liquidity moves at 03:00 as readily as 15:00; a narrative can form on a Sunday and be priced in by Monday. The structural opportunity is permanent coverage. The structural problem is that no human can provide it.
A trader sleeps roughly a third of every day. The remaining two thirds are not free either — attention is finite, and the cost of watching twelve dashboards is that you watch none of them well. The moves that matter most — a whale repositioning, a funding rate flipping, an unlock landing into thin books — are precisely the ones that happen while attention is elsewhere. This is the alpha gap: the distance between what the market reveals and what any one person can observe.
Existing tools do not close that gap. Centralized trading bots — the 3Commas-style platforms — are custodial: they ask for API keys with trade permissions, run on servers you cannot inspect, and monetize by standing between you and your own execution. They automate action, which is the part a trader should keep, and leave observation, the part that should be automated, mostly untouched.
General-purpose AI agents have the opposite failure. They can reason about anything, which means they are tuned for nothing. Ask a generic agent to watch on-chain flow and you spend more time describing the domain than you save. It has no built-in sense of what a meaningful transfer size is, what a CEX router looks like, or why a funding-rate divergence is worth a message at 04:00.
VIGIL exists in the space those two categories leave open: an agent that is non-custodial like good open-source software and domain-tuned like a specialist desk. It does not trade for you. It watches, continuously, and tells you what it found.
Six parts, nothing hidden.
VIGIL is assembled from six stateless components. None of them keeps a long-running process; each wakes, does one job, and exits. There are no private servers in the loop, no custody of funds, and no transaction signing anywhere in the pipeline. The system can only ever read and report.
The heartbeat is GitHub's own scheduler. A cron trigger wakes the Scheduler, which reads every skill's YAML frontmatter and dispatches only those whose schedule is currently due. The Skill Runner gathers on-chain state and shared memory, hands the assembled context to the reasoning engine, and formats whatever it returns into a structured beacon. The Output stage pushes that beacon to your channels and the run terminates.
┌──────────────────────────┐ │ GITHUB ACTIONS · CRON │ └────────────┬─────────────┘ ▼ ┌──────────────────────────┐ │ SCHEDULER │ └────────────┬─────────────┘ ▼ ┌──────────────────────────┐ │ SKILL RUNNER │ └──────┬────────────┬──────┘ ▼ ▼ ┌───────────┐ ┌───────────┐ │ REASONING │ │ SKILLS/MEM│ │ ENGINE │◄│*.md·*.json│ └─────┬─────┘ └───────────┘ ▼ ┌──────────────────────────┐ │ OUTPUT │ │TELEGRAM · WEBHOOK · SLACK│ └──────────────────────────┘
Because every component is stateless and the only durable state is committed JSON, the entire system is portable. The reference deployment runs on GitHub Actions, but the runner is ordinary Node.js — it relocates to Railway, Render or Fly with a config change and no code change. And because each run is a public Actions log, anyone can audit exactly what the agent saw, when it ran, and what it decided to send. There is no opaque box to trust.
A thin runner, by design.
The runtime is deliberately small — a few hundred lines of Node.js whose entire purpose is to be unsurprising. It is not a framework you extend with plugins; it is a loop you can read in one sitting. Keeping the runner thin is what keeps the attack surface small and the skills, not the engine, the place where intelligence lives.
Each invocation follows the same path. The cron trigger fires, the scheduler resolves which skills are due, and the runner executes them one at a time. For each skill it loads the markdown definition, assembles a context object — on-chain data, relevant memory, the skill's own prompt body — runs a single reasoning pass, validates the structured result, and dispatches the beacon. Nothing is held between runs except what the skill explicitly writes back to memory.
// each due skill — stateless, one reasoning pass async function runSkill(skill) { const def = parseMarkdown(skill.path); // frontmatter + prompt const memory = await loadMemory(def.reads); const chain = await pullChainState(def.chains); const beacon = await reason({ prompt: def.body, context: { chain, memory }, schema: beaconSchema }); if (beacon.findings.length) { await dispatch(beacon, def.outputs); // telegram / slack await commitMemory(beacon.memory); // git-tracked JSON } return { skill: def.name, ran_at: now(), beacon }; }
State is never held in process memory. Anything a skill needs to remember — a flagged wallet, a watched ticker, the last value of a metric — is written to a JSON file and committed to the repository. The next run reads it back. This makes every run reproducible from git history alone, and it means a crashed or cancelled run can never leave the system in a corrupt state: the worst case is simply that a beacon was not sent.
A skill is one file.
A VIGIL skill is a single markdown file: a block of YAML frontmatter followed by a prompt written in plain English. There is no SDK to learn, no class to subclass, no build step. The frontmatter declares the operational contract — schedule, chains, thresholds, output channels — and the markdown body is the instruction the reasoning engine receives.
Adding a skill means dropping a SKILL.md file into the
skills/ directory. The scheduler discovers it on the
next run; nothing else is registered. Removing a skill means deleting
the file. Skills can read each other's memory — whale-watch
cross-checks tickers against what narrative-scanner has
recorded — so the library composes into something larger than any one
watcher.
--- name: whale-watch tier: free schedule: "0 */4 * * *" # every 4h chains: [solana, ethereum] threshold_usd: 250000 outputs: [telegram, slack] --- # Whale Watch You are a whale-tracking analyst. Each run: 1. Pull transfers above threshold_usd from the indexer, last 4 hours. 2. Drop known CEX wallets and routers via memory/known-wallets.json. 3. Cluster remaining flows by entity. Flag wallets moving decisively in one direction. 4. Cross-check tickers against the narrative-scanner memory. ## Output Emit one beacon per cluster: address, net USD, direction, one-line read. Stay terse. No advice. Signal only.
Skills ship in two tiers. The free core is eight skills, MIT-licensed
and unrestricted. The prophecy-* tier is twenty-four
additional skills — pre-market hunting, on-chain anomaly detection,
cross-venue flow analysis — that check the runner's wallet for a
$VGL balance before executing. The gate is the only difference
between the tiers; the skill format, the runtime, and the audit trail
are identical.
Memory is a commit.
VIGIL's memory is a set of JSON files committed to the repository.
There is no database in the reference design. Keys are namespaced by
skill — whale-watch/known-wallets,
narrative-scanner/active-themes — so skills can read
across each other's namespaces while ownership of each key stays
unambiguous.
Putting memory in git is not a limitation; it is the audit trail. Every change to what the agent believes is a commit with a timestamp, a diff, and a run that produced it. You can replay the agent's state at any point in its history, and you can see exactly which run flagged a wallet and why. Memory is bounded by convention: skills are written to prune their own stale entries each run, so the files stay small and the diffs stay readable.
For deployments that outgrow file-based memory — high-frequency skills, or operators running large skill libraries — an optional Postgres or Supabase adapter is on the roadmap. It is strictly opt-in. The default, and the recommendation for every individual trader forking the repo, remains committed JSON: it has no infrastructure cost, no credentials to leak, and no state the git history cannot reconstruct.
One token, one job.
$VGL is a Solana token launched through pump.fun. It
has exactly one function: it gates the prophecy-* skill
tier. There is no second utility bolted on, no governance theatre at
launch, and no promise that the token is anything other than an
access key for the deep watch.
Supply is fixed at 1,000,000,000 $VGL. There is no mint authority, no inflation schedule, and no mechanism to create more — the supply that exists at launch is the supply that exists forever. Distribution is a 95% fair launch on pump.fun with no presale and no private allocation, and 5% reserved for development under a 12-month on-chain timelock.
Utility is verified on-chain at runtime. When a prophecy-*
skill is due, the runner performs a read-only RPC call to check the
configured wallet's $VGL balance against the skill's threshold. If
the balance clears, the skill runs. The token is never spent, never
staked, and never transferred by the framework — holding is the
entire mechanism.
There is deliberately no staking, no emissions, and no yield. VIGIL does not pay you to hold its token, because a token that pays you to hold it is selling something other than the product. $VGL is worth holding if, and only if, the prophecy skills are worth running. The one forward-looking commitment is a community skill marketplace — described in the next section — where $VGL may curate which community-authored skills enter the canon.
| Parameter | Value |
|---|---|
| Total supply | 1,000,000,000 $VGL |
| Distribution | 95% fair launch · 5% dev (12mo timelock) |
| Utility | Unlocks 24 prophecy-tier skills |
| Launch venue | pump.fun · Solana |
| Transfer tax | 0% |
| Mint authority | Revoked — supply is fixed |
$VGL is an access token for software, not an investment contract. It carries no claim on revenue, no entitlement to returns, and no guarantee of value. Hold it to run prophecy skills — nothing else is promised.
Soft now, fuller later.
VIGIL launches with the simplest governance that works: none. The core team maintains the repository, the skill canon is curated by merge review, and $VGL does exactly one thing — gate the prophecy tier. Shipping a working product to real watchers matters more than shipping a voting contract no one has used yet.
In Q3 2026 the model widens. A community skill marketplace opens, letting anyone publish a skill for others to fork; $VGL holders gain a curation vote over which submitted skills are promoted into the official library. This is soft governance — it shapes the canon, not the treasury or the code — and it is the first point at which holding the token does something beyond unlocking skills.
The 2027+ horizon is a full prophecy DAO: holder-directed funding of new skill development, a community-managed treasury seeded by the timelocked dev allocation, and on-chain proposals for protocol direction. That destination is stated plainly so it can be planned toward — but it is earned by adoption, not assumed by whitepaper. Governance expands only as fast as there is a community to exercise it.
Small surface, by default.
VIGIL's strongest security property is architectural: there is almost nothing to attack. The framework holds no funds, signs no transactions, and has no custody of anything. The only on-chain action it ever performs is a read-only RPC call to check a $VGL balance. An attacker who fully compromised a running VIGIL instance would gain the ability to send misleading Telegram messages — and nothing more. The blast radius is, by construction, a notification.
Each skill executes inside a sandboxed container with no write access beyond its own memory namespace and no network access beyond the declared data sources. Because skills are plain markdown, a fork's full behaviour is reviewable by reading the files — there is no compiled binary, no minified dependency, and no hidden execution path. Secrets such as RPC keys and channel tokens live in the deployment's encrypted environment, never in the repository.
The core runtime is open-source and auditable today; the line-by-line readability of the runner is itself a security feature. A formal independent audit of the runtime and the on-chain balance check is scheduled for 2027, ahead of the prophecy DAO and treasury work — the point at which the system first touches funds and the stakes of a vulnerability rise. Until then, the honest security claim is the architectural one: VIGIL cannot lose what it never holds.
The watch ahead.
The roadmap below mirrors the public landing-page timeline with the engineering detail behind each milestone. Dates are targets, not guarantees; skills ship when they are reliable, not when a quarter ends.
- Q2 2026 — Foundation · in progress. Fair launch of $VGL on pump.fun on 18 May 2026. Eight free-tier skills live on a public cron. Backend API and live beacon feed online. Telegram and Slack outputs shipped.
- Q3 2026 — Expansion · planned. Full 24-skill prophecy tier released. Community skill marketplace opens with $VGL curation voting. Discord output and webhook adapter added. Optional Postgres/Supabase memory layer.
- Q4 2026 — Reach · planned. Mobile companion app for beacon delivery and skill management. Hosted one-click deploy for non-technical traders. Cross-skill correlation engine linking whale, funding and narrative signals.
- 2027+ — Autonomy · planned. Prophecy DAO with holder-directed skill funding and a community treasury. Independent security audit of runtime and balance check. Self-evolving skills that propose their own threshold tuning.
Stand watch.
VIGIL is the watch that never closes. It does not predict the market and it does not trade it — it observes the market continuously, in the hours a human cannot, and reports what it finds in a format a trader can act on. The framework is small enough to read in an afternoon, open enough to audit completely, and specialized enough to be useful the moment it is forked.
There are three ways in. Fork the repository and run the free core tonight. Write a skill — it is one markdown file — and watch the thing you care about. Hold $VGL to unlock the deep watch. None of it asks for custody, a signup, or your trust on faith. The Oracle that never sleeps. Stand watch.