Skip to content
Tessera

The Watcher

The Watcher

Tessera includes an autonomous AI agent that monitors every borrower's position around the clock. This document explains exactly what it does, what it does not do, what happens if it goes down, and how you control it.

What the Watcher does

The Watcher executes three core functions: (1) Monitors health factor continuously — checking every borrower's position approximately every 10 seconds. (2) Sends plain-English alerts before liquidation risk peaks — human-readable warnings appear in the app. (3) Triggers liquidation when required — immediately submits a transaction if health factor falls below 1.0.

The deterministic core vs. the LLM

A critical design choice: the Watcher's financial decisions are 100% deterministic. A rules engine reads health factor and decides whether to trigger protection. The LLM is used only to generate human-readable copies of those decisions and to parse your natural-language config changes into structured parameters. An LLM deciding whether to move money is unpredictable and unauditable. A deterministic core is reproducible, testable, and verifiable. The Watcher's protective logic is code you can read; its explanations are AI-written, but the facts are always mechanical and transparent.

What the Watcher does NOT do

  • Does not custody your funds — it can only reduce your debt using an allowance you set and can revoke
  • Does not guarantee protection — a severe overnight gap in stock prices can liquidate even while watching
  • Cannot protect across all market conditions — extreme 30% single-block gaps can cross the liquidation line faster than any on-chain reaction
  • Does not make yield decisions — it monitors risk only

The kill switch

You control the Watcher completely. A single action stops it instantly: revoke the USDC allowance from the Watcher to the vault. Once your allowance is zero, the Watcher can no longer repay on your behalf. This single action is both the spending boundary and the kill switch combined.

Additionally, the protocol owner holds an on-chain admin fail-safe: the owner can pause all state-mutating functions at any time (pausing does not block repayment or liquidation, only new borrows and withdrawals). This is a last-resort circuit breaker if the Watcher or its key is compromised.

If the Watcher goes down

The Watcher is a service that may experience downtime — a crashed process, network outage, or RPC latency. For exactly this case a permissionless backstop is built and tested: once enabled, if the Watcher's heartbeat goes silent past the configured delay, anyone can call liquidate() with identical economic guarantees (5% bonus, 50% close factor) that the Watcher would use. On testnet the delay is set to 0, so the backstop is off and liquidation is agent-only; turning it on is an explicit mainnet gate.

How this works: The Watcher stamps an on-chain heartbeat when it acts (the vault records the timestamp). When the backstop is enabled, if that heartbeat is older than the configured delay (a design target of ~15 minutes), the protocol permits permissionless liquidation using the same math. The backstop is not a weaker fallback — it is as fair as agent liquidation, so a frozen agent can never trap an unhealthy position. It is built and CI-tested today and switches on at the audited mainnet build; on testnet, liquidation stays agent-only.

Monitoring the Watcher

From the app, navigate to the Agent page to see: (1) Action log — the last 50 actions, newest first. (2) Health status — is it running, when it last checked, any errors. (3) Current alerts — positions with health factor below 1.1e18, color-coded by urgency.

Developers can call the agent's HTTP API directly: GET /health for liveness, GET /actions?limit=50 for recent actions, GET /alerts/latest for open alerts, GET /metrics for Prometheus metrics.