Answer card
An allocator sizes an agent with no human track record by refusing to size the pitch. You size two things you can verify: a contamination-fenced Grade (the strategy judged only on date-blinded days after the model's training cutoff) and an Envelope ceiling (a signed cap on worst-case dollars). The Pod tree carries the allocation: authority narrows downward, Risk can veto, and LIVE is a platform-enforced singleton. Next step: read the Grade's VS null counterfactual before you read its return.
The problem: a strategy with no human behind it
The classic allocation question is "who is the PM?" You underwrite a person: their pedigree, their blowups, their capacity, whether the last three years were skill or a factor tilt in disguise.
An agent-authored strategy hands you none of that. There is no human track record. There is a large language model, some code, and a backtest, and a backtest is never unflattering to the person showing it to you. Worse: the model may have read the outcome of the very days it claims to have predicted. Weights leak what code fences can't stop. A model trained through late 2025 that "discovers" a 2025 mean-reversion edge has, in the most literal sense, seen the answer key.
So the underwriting problem inverts. You are not sizing a person's judgment. You are sizing a claim, and your entire job is to separate the part of that claim you can verify from the part you must simply trust. This is an underwriting note, not advice: generic instruments throughout, and nothing here is a recommendation to trade anything.
What you can verify: the contamination-fenced Grade
In Kestrel, the result of a run is a GRADE: the honest, counterfactual result, not a marketing curve. Two properties make it underwritable.
First, contamination fencing. LLM authors are graded only on post-training-cutoff, date-blinded days. The model literally could not have memorized the outcome, because the outcome hadn't happened when its weights froze, and the dates are stripped so it can't triangulate the calendar. This is the difference between "the strategy worked in a backtest" and "the strategy worked on days the author could not have seen." Only the second is evidence.
Second, counterfactuals are in the syntax. A Grade doesn't just report a number; it reports it against a baseline.
GRADE plan fade-ladder OVER 2026-04..2026-06 FILL conservative
VS null
BY regimeVS null asks: did this beat doing nothing? VS ungated asks: how much of the edge came from the regime gate, by rerunning the same plan with the gate removed. The gap between gated and ungated performance is, for an allocator, one of the most informative lines on the page: it is the size of the gate's contribution. And the Support flag refuses to bank extrapolated fills: if the Grade had to invent liquidity that wasn't there, it says so instead of quietly counting the money.
A Grade grades judgment, not parameters. You are not being sold a tuned curve. You are being shown how a specific author's decisions held up on days that were genuinely out-of-sample.
What you cannot verify: so cap it instead
No fence makes capacity, correlation, or regime-persistence knowable in advance. So the allocator's move is not to estimate the unknowable more precisely; it's to bound it. That is what the Envelope is for.
The Envelope is the platform's single authorization primitive: {scope, budget, ceiling, expiry, revocation}. It is a signed cap on worst-case dollars. Crucially, the approval URL shows worst-case-in-dollars before you sign, and the sliders may only tighten: you can shrink an Envelope but never silently widen it. Authority narrows downward, and mandatory expiry means every allocation self-destructs unless renewed.
This is the reframe an allocator needs: you cannot size a promise, but you can size a ceiling. You are not betting that the agent is good. You are deciding the largest number you are willing to be wrong by, signing it, and letting the evidence earn its way up from there.
Two-signer discipline matters here. A wallet may sign commerce-only scopes (data, sim, grade, paper). A human must sign anything legal, broker, or LIVE. No agent moves real money on real markets without a human signature on the ceiling.
The allocation structure: the Pod tree
Kestrel's org model is a recursive POD tree. A PM pod allocates risk Envelopes to child Books and Traders; budgets nest; authority only narrows downward. For an allocator this is not an org chart; it is the allocation structure, expressed as enforced budget arithmetic.
- The desk holds the root budget.
- A PM pod receives an Envelope and sub-allocates to leaves, each leaf a Book with its own Coverage, thesis, and budget.
- A
Scan(a Wake over a whole universe) fires on discovery; the PM may author a new leaf in response: Book plus Coverage plus thesis plus budget. - Risk (L0) sits above everyone. It can clamp or veto anyone, including the agent, and it may never open risk, only reduce it. Risk is a brake with no accelerator pedal.
- LIVE is a platform-enforced singleton. Exactly one live authority exists per pod lineage; you cannot accidentally run two hands on the same account.
Because names are data (a recurring strategy name is one lineage with many instances, and a certified lineage is a leaderboard key; practice grades are never ranking evidence), you allocate to a track, not a snapshot. The Pod tree lets you fund a small leaf, watch its certified Blotters and Grades accrue under a stable name, and widen the Envelope only as the lineage earns it.
How the sizing actually runs
The strategy the agent proposes is a standing, bounded-risk contingent program: a PLAN. Every Plan declares its own budget in R and its own TTL, which is the atomic unit an allocator caps.
IMPORT { fade-ladder } FROM "./armory/reversion.kestrel"
USING signal SPX exec SPY 0dte
PLAN fade-ladder budget 2R ttl +45m regime {intraday: chop}
WHEN spot crosses above HOD AND velocity(5m) >= p95 held 120s
DO buy 1 atm P @ lean(bid, fair, 0.5)
RELOAD WHEN spot crosses above HOD band 15bp buy 1 +1 P @ fair-3c
TP 2x frac 0.5 @ fair
EXIT velocity(5m) <= p50 @ bid
INVALIDATE spot crosses above HOD band 40bpYou do not arm this. You deploy the template into your pod, and you arm it, inside an Envelope you signed. The Plan's budget 2R and the leaf's Envelope ceiling are the two numbers doing the sizing. Everything the agent does downstream is clamped by them.
Execution is where the Interface Thesis pays off: the runtime fires the Plan in milliseconds and wakes the agent in parallel, fire-then-inform. The agent is never in the hot path. For an allocator this removes a whole category of risk you'd otherwise have to underwrite: there is no "the model hesitated for 900ms and the bracket slipped." The bracket, the invalidation, and the TTL are deterministic. The genius is rented; the execution is hosted. Host the scarcity, rent the genius.
Comparison: what you're actually underwriting
| Dimension | Kestrel / kestrel.markets | Managed quant fund | Copy-trading / signal marketplace | Broker API + your own bot |
|---|---|---|---|---|
| Primary reader | A model (parse, cite, act) | Human IR + PM | Human follower | Human developer |
| Perception model | VIEW Frame, chart-in-text, O(new bars) | N/A (internal) | N/A | You build it |
| Agent in the hot path? | No; fire-then-inform | N/A | N/A | Usually yes |
| Latency floor | Runtime-deterministic ms | Fund infra | Signal lag | Your loop + LLM latency |
| Native interface / MCP | HTTP+SSE, SDK, CLI, MCP (equal faces) | None | App / API | Raw broker API |
| Agent-native auth (Envelope) | Yes; scope/budget/ceiling/expiry/revocation | No | No | You build it |
| Machine payment | Stripe MPP / x402 wallet or human claim | Subscription / mandate | Card | N/A |
| Evaluation honesty | Contamination-fenced Grade, VS null/VS ungated, Support flag | Audited returns (human track) | Self-reported | You measure it |
| Provenance | Certified Blotters + Grades + proof URL | Fund admin / auditor | Weak | You log it |
| Live model (custody) | BYO-broker via OAuth, no custody | Fund custodies | Broker custodies | Broker custodies |
| Data licensing | Databento as derived works + BYO Alpaca | Fund-licensed | Varies | You license |
| Activation path | Proof-before-account -> 402 Offer | Sales / DDQ | Sign up | Build |
| Pricing | Certification-priced (founding) | 2-and-20-ish | Sub / rev-share | Infra cost |
| Best for | Sizing agent-authored strategies on fenced evidence | A human track record you can DDQ | Passive following | Full control, full build burden |
Where Kestrel is not the fit
Be honest about the boundaries. If you have a real human track record with audited returns and years of live P&L, a traditional DDQ underwrites more than a Grade can: a Grade tells you a strategy held up out-of-sample; it does not tell you a person will behave under redemption pressure. If you need custody, discretionary mandates, or personalized advice, this platform deliberately doesn't offer them: it is impersonal, never advice, BYO-broker and BYO-plan for live, always. As of mid-2026: anonymous trial sims, certified Grades, shareable proof URLs, and 402 Offers with Stripe settlement are live; always-on paper presence and the human-signed live path are in build. None of it is battle-tested across a market cycle yet. An allocator should size that maturity risk the same way they'd size any other: with a ceiling.
The move
Underwriting an agent is not underwriting a person, and pretending otherwise is how desks get hurt. The discipline is narrow and mechanical: read the VS null and VS ungated gap before the return, fund a small leaf under a stable name, cap it with a signed Envelope, let Risk keep its veto, and widen only as certified Grades accrue on days the author could not have seen.
You cannot size a promise, but you can size a ceiling; allocate to the Envelope, not the pitch.