Compass Labs: Shipping Agentic Finance with Guardrails
Learn how the Compass CLI and MCP leverage Para Transaction Permissions to enable agentic finance with guardrails for their customers.
AI agents can already read markets, analyze yield curves, and execute across onchain finance. Compass proved it. Through the Compass MCP, an agent like Claude can manage a real portfolio: managing yield, rebalancing credit, trading perps, and allocating into tokenized stocks.
So why hasn't every fund, institution, and power user handed a portfolio to an agent already? An agent that can move money the way a person can is an agent that can lose money the way a person never would. An LLM holds no malice, but it can be tricked, it can hallucinate, and it can be hit with a prompt-injection attack. Give it open-ended signing authority and a single bad day can look like a drained wallet or funds wired to a stranger.
An AI agent will drain your wallet, sign a phishing link, or wire funds to a stranger ... unless you stop it at the infrastructure layer.@labs_compass x @get_para bridged the trust chasm in Agentic Finance. pic.twitter.com/sVl8mxtN5e
— Compass Labs (@labs_compass) June 26, 2026
The industry's usual answer is to clip the agent's wings: route every action through a human, but Compass has a different solution.
Compass MCP: Agents with Permission Scopes
Agentic finance becomes viable the moment you stop asking one system to be both the strategist and its own safety check. Compass leverages Para Transaction Permissions to split the jobs cleanly.
Compass MCP enables the agent to manage onchain finance end to end, executing yield strategies, balancing portfolios, drawing on credit, and trading across venues. Para enforces the rules underneath. Every action the agent attempts is checked against a permission policy before anything is signed.
Scopes are enforced at the wallet layer where the agent has no way to talk its way around the check. This works because Para is non-custodial by design. Private keys never exist in full via Distributed MPC, so there is no key sitting in the agent's context. Signing happens only when a transaction satisfies the policy.
An example: Compass enables the agent to interact with Earn accounts, which are allowed to do two things and nothing else:
- Move USDC into the Earn account: it can send USDC, but only to that one Earn account. It can't send USDC to any other address, and it can't touch any other token.
- Let the Earn account operate: it can trigger the Earn account (a smart-contract "Safe" wallet) to carry out its transactions.
Everything else is denied by default. Any other recipient, any other token, any other contract, any other action is automatically blocked. So even if the agent misbehaves or its key is compromised, the blast radius is tiny: it can only top up the Earn account with USDC and let that account run.
Why this Matters for Capital Efficiency
Remove the fear of an empty vault and automated capital efficiency stops being theoretical. Funds can run agents that manage collateral ratios across protocols around the clock, rebalance risk in real time, and act on opportunities that close in seconds, all inside boundaries the operator set in advance. The failure mode is a declined transaction, not a loss event.
Get Started
→ Explore the Compass CLI and MCP: docs.compasslabs.ai/v2/Agents/CLI
→ Para × Compass walkthrough: docs.getpara.com/v3/walkthroughs/compass
→ Build with Transaction Permissions in your Dev Portal account: https://developer.getpara.com/