June 13, 2026 · build-in-public · architecture · ai-agent · roadmap · testnet
Build Log #1: Three contracts, one Watcher, and the road to mainnet
This is the first in a series of build logs we'll publish as Tessera comes together. The goal is simple: show our work. What shipped, what we learned, and what stands between here and a protocol that can safely hold real money. We'd rather be judged by what we ship than by what we promise.
Where Tessera stands today
Tessera is live on testnet — Robinhood Chain, an Arbitrum Orbit L2 (chain 46630). It is not open to real funds. Everything below runs end-to-end on testnet. The items we haven't finished are named as mainnet gates, not implied as done.
What Tessera is, in one breath
You borrow USDC against tokenized stocks — tAAPL, tTSLA, tSPY — and an autonomous agent we call the Watcher watches every position around the clock to head off liquidations before they happen. Lenders supply USDC and earn yield; borrowers post tokenized-stock collateral and borrow against it. The tagline we hold ourselves to: the safest place to borrow against tokenized stocks.
The reason this needs to exist: tokenized stocks trade 24/7, but the market behind them doesn't. A position that's healthy on Friday afternoon can gap through its liquidation line over a weekend, while the holder is asleep. A continuous AI risk layer is the structural answer to a structural problem.
What we shipped
1. A three-contract architecture
We deliberately kept the on-chain system small and separated by concern. Three contracts, each with one job, plus an off-chain agent that has no special powers it can't be stopped from using.
| Component | Built in | Responsibility |
|---|---|---|
| Vault | Arbitrum Stylus (Rust) | Holds collateral and debt; enforces LTVs, the liquidation threshold, and every safety bound. The trust core. |
| PriceGuard | Stylus (Rust) | An oracle-policy contract the vault prices through — a sanity layer between a raw feed and a financial decision. |
| Lens | Stylus (Rust) | Read-only data: account views and ERC-4626-style quoting. No state changes, so it can never be an attack surface. |
| The Watcher | TypeScript agent | Off-chain. Watches health factors, alerts, and (with opt-in) auto-repays — but only through the vault's permissioned entrypoints. |
Writing the vault in Rust on Arbitrum Stylus wasn't a fashion choice. The full, safety-hardened vault is large — large enough that it exceeds a standard L2's 24KB contract-size cap. Robinhood Chain's larger code-size limit is what lets us ship the complete safety logic on-chain rather than trimming it to fit. The whole stack is open-source.
Splitting pricing into its own PriceGuard contract matters for an honest reason: the on-chain price feed today is a testnet mock. Isolating the policy that consumes the feed means swapping in a real, licensed feed at mainnet is a contained change, not a rewrite of the vault.
On the price feed
The on-chain feed is a testnet mock today. A real, licensed market-data feed is a mainnet gate. PriceGuard exists precisely so that swap is a clean, auditable change — but until it lands, no price on the system reflects a real market.
2. The Watcher — and a backstop for when it goes quiet
The Watcher re-checks every borrower's health factor (collateral value, risk-weighted, divided by debt — scaled so 1.0 is the liquidation line) about every ten seconds. When a position drifts toward danger it sends a plain-English alert. If you've opted in, it can auto-repay from USDC you pre-approved, heading off a liquidation before it happens.
What earns trust here isn't what the agent can do — it's what it structurally cannot do. The bounds are enforced on-chain, not by the agent's good behavior:
- It never custodies your funds. It can only reduce your own debt, using an allowance you set and can revoke at any time.
- It never uses a language model to decide whether to move money. A deterministic core makes every financial decision; the LLM only writes the human-readable alert copy.
- Its auto-repay is capped on-chain: 25,000 USDC per user per day, 10,000 USDC per user per transaction. The agent cannot exceed these caps even if it wanted to.
- It cannot guarantee protection. A severe enough overnight gap can still liquidate a position — and we say so plainly.
The piece we're most pleased with is the heartbeat backstop. The Watcher stamps an on-chain heartbeat as it runs. A permissionless backstop is built so that, once enabled, if the heartbeat goes silent past the configured delay, the system degrades to ordinary, anyone-can-call liquidation rather than to nothing — so the protocol's safety doesn't depend on our agent staying up. On testnet the delay is 0 (backstop off, agent-only); switching it on is an explicit mainnet gate. An autonomous agent you have to trust to never crash isn't a safety feature; one that fails safe is.
Your kill switch is a single action: revoke the allowance. There's also an on-chain admin fail-safe so the protocol can stop the agent instantly. We disclose that admin power exists rather than pretending the system is more trustless than it is today.
3. Conservative, gap-aware risk parameters
Because the core risk is overnight gaps, the loan-to-value (LTV) limits are deliberately conservative and asset-specific — tighter for the more volatile names. These are the real on-chain values.
| Collateral | Max LTV | Liquidation threshold |
|---|---|---|
| tAAPL (Apple) | 50% | 65% |
| tTSLA (Tesla) | 40% | 55% |
| tSPY (S&P 500 ETF) | 60% | 75% |
| Parameter | Value | Why |
|---|---|---|
| Liquidator bonus | 5% base (ramps with depth) | Pays liquidators enough to act, scaling with how underwater a position is. |
| Close factor | 50% (full close below HF 0.95) | A normal liquidation takes at most half the position; only deeply unhealthy positions close fully. |
| Reserve factor | 15% of borrow interest | Protocol revenue and first-loss reserve, in one transparent line. |
| Minimum debt | 100 USDC | A dust floor that keeps positions economically liquidatable. |
No token, ever
Tessera will never launch a token. Revenue is the 15% reserve factor on borrow interest — never a coin sale. That single decision removes a large category of misaligned incentives, and we'd rather make it loudly than quietly.
What we learned
Fitting the full safety logic on-chain is a design constraint, not an afterthought. The vault grew as we hardened it, and the 24KB cap forced an early decision: trim the safety checks, or pick a chain that lets us keep them. We chose to keep them. Stylus and Robinhood Chain's larger code-size limit made that possible without contortions.
Autonomy is only trustworthy if it fails safe. The first version of the Watcher was a smart agent with a lot of responsibility. The version we shipped is a bounded agent the protocol doesn't depend on. The on-chain caps and the heartbeat backstop did more for our confidence than any amount of additional agent cleverness.
Keeping the LLM away from money clarified the whole design. Once we drew a hard line — deterministic core decides, language model only explains — a lot of ambiguity disappeared. The AI's job is to make the system legible to a human, not to be trusted with the human's balance.
Honesty is the cheapest moat to build and the hardest to fake. Stating plainly that the feed is a mock, that an admin fail-safe exists, that a bad gap can still liquidate you — none of it cost us anything except the temptation to overclaim. It's also the part a sophisticated reader checks first.
What's next: the road to mainnet
We won't open Tessera to real funds until four gates are cleared. None of these are done. We're naming them so there's no ambiguity about what "live on testnet" does and doesn't mean.
- Audit. An independent security audit of the vault, PriceGuard, and Lens. We make no audit claims today because we don't have one yet.
- Live price feed. Replacing the testnet mock with a real, licensed market-data feed routed through PriceGuard.
- Legal. Counsel-reviewed terms and a clear regional posture before any real-money access. Tessera is not available to US persons or sanctioned jurisdictions.
- Reserve. Capitalizing the first-loss reserve so the protocol can absorb the kind of loss it's designed to survive — not just describe one.
Read this as a caveat, not a roadmap teaser
Until the audit, the live feed, the legal review, and the reserve are all in place, Tessera should be used only with testnet funds. We will say clearly, in a build log like this one, when each gate is cleared.
That's build log #1. The architecture is in place, the Watcher is running on testnet with its backstop, and the gates ahead are named. If you want to follow along — or pressure-test our claims — the code is open-source, and the next log will cover progress against these four gates.
We'd rather lose a user to clarity than to a surprise.