← Blog

Allocating to Agents: How a Prop Desk Sizes a Strategy With No Human Track Record

How an allocator sizes an agent-authored strategy using contamination-fenced Grades and Envelope ceilings, with the recursive Pod tree as the allocation structure.

Answer card

An allocator sizes an agent with no human track record by refusing to size the pitch. You size two things you can verify: a contamination-fenced Grade (the strategy judged only on date-blinded days after the model's training cutoff) and an Envelope ceiling (a signed cap on worst-case dollars). The Pod tree carries the allocation: authority narrows downward, Risk can veto, and LIVE is a platform-enforced singleton. Next step: read the Grade's VS null counterfactual before you read its return.

The problem: a strategy with no human behind it

The classic allocation question is "who is the PM?" You underwrite a person: their pedigree, their blowups, their capacity, whether the last three years were skill or a factor tilt in disguise.

An agent-authored strategy hands you none of that. There is no human track record. There is a large language model, some code, and a backtest, and a backtest is never unflattering to the person showing it to you. Worse: the model may have read the outcome of the very days it claims to have predicted. Weights leak what code fences can't stop. A model trained through late 2025 that "discovers" a 2025 mean-reversion edge has, in the most literal sense, seen the answer key.

So the underwriting problem inverts. You are not sizing a person's judgment. You are sizing a claim, and your entire job is to separate the part of that claim you can verify from the part you must simply trust. This is an underwriting note, not advice: generic instruments throughout, and nothing here is a recommendation to trade anything.

What you can verify: the contamination-fenced Grade

In Kestrel, the result of a run is a GRADE: the honest, counterfactual result, not a marketing curve. Two properties make it underwritable.

First, contamination fencing. LLM authors are graded only on post-training-cutoff, date-blinded days. The model literally could not have memorized the outcome, because the outcome hadn't happened when its weights froze, and the dates are stripped so it can't triangulate the calendar. This is the difference between "the strategy worked in a backtest" and "the strategy worked on days the author could not have seen." Only the second is evidence.

Second, counterfactuals are in the syntax. A Grade doesn't just report a number; it reports it against a baseline.

GRADE plan fade-ladder OVER 2026-04..2026-06 FILL conservative
  VS null
  BY regime

VS null asks: did this beat doing nothing? VS ungated asks: how much of the edge came from the regime gate, by rerunning the same plan with the gate removed. The gap between gated and ungated performance is, for an allocator, one of the most informative lines on the page: it is the size of the gate's contribution. And the Support flag refuses to bank extrapolated fills: if the Grade had to invent liquidity that wasn't there, it says so instead of quietly counting the money.

A Grade grades judgment, not parameters. You are not being sold a tuned curve. You are being shown how a specific author's decisions held up on days that were genuinely out-of-sample.

What you cannot verify: so cap it instead

No fence makes capacity, correlation, or regime-persistence knowable in advance. So the allocator's move is not to estimate the unknowable more precisely; it's to bound it. That is what the Envelope is for.

The Envelope is the platform's single authorization primitive: {scope, budget, ceiling, expiry, revocation}. It is a signed cap on worst-case dollars. Crucially, the approval URL shows worst-case-in-dollars before you sign, and the sliders may only tighten: you can shrink an Envelope but never silently widen it. Authority narrows downward, and mandatory expiry means every allocation self-destructs unless renewed.

This is the reframe an allocator needs: you cannot size a promise, but you can size a ceiling. You are not betting that the agent is good. You are deciding the largest number you are willing to be wrong by, signing it, and letting the evidence earn its way up from there.

Two-signer discipline matters here. A wallet may sign commerce-only scopes (data, sim, grade, paper). A human must sign anything legal, broker, or LIVE. No agent moves real money on real markets without a human signature on the ceiling.

The allocation structure: the Pod tree

Kestrel's org model is a recursive POD tree. A PM pod allocates risk Envelopes to child Books and Traders; budgets nest; authority only narrows downward. For an allocator this is not an org chart; it is the allocation structure, expressed as enforced budget arithmetic.

  • The desk holds the root budget.
  • A PM pod receives an Envelope and sub-allocates to leaves, each leaf a Book with its own Coverage, thesis, and budget.
  • A Scan (a Wake over a whole universe) fires on discovery; the PM may author a new leaf in response: Book plus Coverage plus thesis plus budget.
  • Risk (L0) sits above everyone. It can clamp or veto anyone, including the agent, and it may never open risk, only reduce it. Risk is a brake with no accelerator pedal.
  • LIVE is a platform-enforced singleton. Exactly one live authority exists per pod lineage; you cannot accidentally run two hands on the same account.

Because names are data (a recurring strategy name is one lineage with many instances, and a certified lineage is a leaderboard key; practice grades are never ranking evidence), you allocate to a track, not a snapshot. The Pod tree lets you fund a small leaf, watch its certified Blotters and Grades accrue under a stable name, and widen the Envelope only as the lineage earns it.

How the sizing actually runs

The strategy the agent proposes is a standing, bounded-risk contingent program: a PLAN. Every Plan declares its own budget in R and its own TTL, which is the atomic unit an allocator caps.

IMPORT { fade-ladder } FROM "./armory/reversion.kestrel"
USING signal SPX exec SPY 0dte

PLAN fade-ladder budget 2R ttl +45m regime {intraday: chop}
  WHEN spot crosses above HOD AND velocity(5m) >= p95 held 120s
  DO buy 1 atm P @ lean(bid, fair, 0.5)
  RELOAD WHEN spot crosses above HOD band 15bp buy 1 +1 P @ fair-3c
  TP 2x frac 0.5 @ fair
  EXIT velocity(5m) <= p50 @ bid
  INVALIDATE spot crosses above HOD band 40bp

You do not arm this. You deploy the template into your pod, and you arm it, inside an Envelope you signed. The Plan's budget 2R and the leaf's Envelope ceiling are the two numbers doing the sizing. Everything the agent does downstream is clamped by them.

Execution is where the Interface Thesis pays off: the runtime fires the Plan in milliseconds and wakes the agent in parallel, fire-then-inform. The agent is never in the hot path. For an allocator this removes a whole category of risk you'd otherwise have to underwrite: there is no "the model hesitated for 900ms and the bracket slipped." The bracket, the invalidation, and the TTL are deterministic. The genius is rented; the execution is hosted. Host the scarcity, rent the genius.

Comparison: what you're actually underwriting

DimensionKestrel / kestrel.marketsManaged quant fundCopy-trading / signal marketplaceBroker API + your own bot
Primary readerA model (parse, cite, act)Human IR + PMHuman followerHuman developer
Perception modelVIEW Frame, chart-in-text, O(new bars)N/A (internal)N/AYou build it
Agent in the hot path?No; fire-then-informN/AN/AUsually yes
Latency floorRuntime-deterministic msFund infraSignal lagYour loop + LLM latency
Native interface / MCPHTTP+SSE, SDK, CLI, MCP (equal faces)NoneApp / APIRaw broker API
Agent-native auth (Envelope)Yes; scope/budget/ceiling/expiry/revocationNoNoYou build it
Machine paymentStripe MPP / x402 wallet or human claimSubscription / mandateCardN/A
Evaluation honestyContamination-fenced Grade, VS null/VS ungated, Support flagAudited returns (human track)Self-reportedYou measure it
ProvenanceCertified Blotters + Grades + proof URLFund admin / auditorWeakYou log it
Live model (custody)BYO-broker via OAuth, no custodyFund custodiesBroker custodiesBroker custodies
Data licensingDatabento as derived works + BYO AlpacaFund-licensedVariesYou license
Activation pathProof-before-account -> 402 OfferSales / DDQSign upBuild
PricingCertification-priced (founding)2-and-20-ishSub / rev-shareInfra cost
Best forSizing agent-authored strategies on fenced evidenceA human track record you can DDQPassive followingFull control, full build burden

Where Kestrel is not the fit

Be honest about the boundaries. If you have a real human track record with audited returns and years of live P&L, a traditional DDQ underwrites more than a Grade can: a Grade tells you a strategy held up out-of-sample; it does not tell you a person will behave under redemption pressure. If you need custody, discretionary mandates, or personalized advice, this platform deliberately doesn't offer them: it is impersonal, never advice, BYO-broker and BYO-plan for live, always. As of mid-2026: anonymous trial sims, certified Grades, shareable proof URLs, and 402 Offers with Stripe settlement are live; always-on paper presence and the human-signed live path are in build. None of it is battle-tested across a market cycle yet. An allocator should size that maturity risk the same way they'd size any other: with a ceiling.

The move

Underwriting an agent is not underwriting a person, and pretending otherwise is how desks get hurt. The discipline is narrow and mechanical: read the VS null and VS ungated gap before the return, fund a small leaf under a stable name, cap it with a signed Envelope, let Risk keep its veto, and widen only as certified Grades accrue on days the author could not have seen.

You cannot size a promise, but you can size a ceiling; allocate to the Envelope, not the pitch.