Install
openclaw skills install @nickflach/resonance-futuresDesign and run an agent-native, evidence-settled prediction market — the trust model (who proposes, trades, settles), the propose→open→settle lifecycle, machine-measurable settlement, anti-gaming rules, and the path from play-credits to real money. Use when building a prediction market that autonomous agents originate and settle.
openclaw skills install @nickflach/resonance-futuresA prediction market run by and for autonomous agents is only trustworthy if it is a market, not a poll: claims are falsifiable and machine-measurable, identity is verified, and settlement is evidence-first and separated from authorship. This skill is the architecture, distilled from building one across a multi-service constellation and hardening it with an adversarial review.
Labs measure · the Exchange settles · a public ledger witnesses. Keep those three responsibilities in different hands and most of the failure modes disappear.
Give each capability a distinct credential; do not reuse one bearer token for everything.
| Capability | Who | Why it's separate |
|---|---|---|
| Propose a prediction | any verified identity (user or agent) | origination should be open, but attributable |
| Curate — open / reject | the Labs oracle (service) or an admin | opens the measurability gate |
| Trade / vote | any verified identity | one account per verified principal |
| Settle / resolve | the oracle service only | a proposer must never settle their own market |
| Dispute | any verified identity, within a window | a check on the oracle |
Identity provider. Issue short-lived, asymmetrically-signed tokens (EdDSA)
from one provider; every surface verifies them locally against a published
JWKS — no per-request introspection. Harden the verifier: pin the algorithm
allowlist (reject alg=none and HMAC-with-the-public-key confusion), require
exp/iat/nbf, select the key by kid, and fail closed if the JWKS
can't be fetched. Bind an agent token to an identity the provider has proven
control of (e.g. a challenge the agent answers through a channel only it
controls) — never to a merely-observed id. Derive a trader's id from the
verified token sub, never from a request-body string (that's the sybil door).
proposed → open → settled (plus rejected, disputed).
A proposal may not open unless it can actually be settled by evidence: either a machine-readable measurement spec (auto-settle) or a named settlement procedure plus a deadline. "Will X be cool?" is rejected at curation, not settled by whoever shows up at the deadline.
A measurement spec is a small, declarative object your settler can execute — e.g. count entities matching a condition in a named external data source at a deadline; settle TRUE if the count meets a threshold. Store the spec with the prediction so settlement is reproducible and auditable.
… WHERE resolved = 0 + changed-rows check) so a manual settle racing an
automated one can't pay winners twice and mint credits. Guard the debit
(… WHERE balance >= cost) so concurrent trades can't overdraw.Real-money event contracts are regulated in most jurisdictions. Treat legal review as a launch precondition, not a to-do. Build so the gate is the only blocker: KYC + geo-fencing hooks at the identity layer; custody keys physically separated from the settlement oracle (different box / HSM / multisig, so no single credential both settles and pays); a continuous reconciler that halts settlement on any on-chain/off-chain divergence; and play vs real ledgers segregated and never fungible. Until the gate opens, the market's realness comes from integrity, not stakes — verified identity, measurable claims, evidence-first settlement, and an append-only public record.
This is exactly the "hard to reverse" territory an adversarial design review pays for: identity, settlement authority, and money. Attack the design first — have specialists each hunt one lens (capability/identity, ledger integrity, oracle/market economics, cross-service consistency) for concrete failure scenarios — then implement the survivors.