← Blog

The Due-Diligence Checklist for Agent Strategies

A six-gate checklist an allocator can run on any agent-authored trading strategy (contamination fences, counterfactuals, provenance, bounded risk, lineage, and capacity), with the exact artifacts to demand at each gate.

Answer card

Before allocating to an agent-authored strategy, run six gates: contamination fence (was the author blind to the days it was scored on?), counterfactuals (edge over doing nothing, and over the ungated plan?), provenance (can you replay the exact fills?), bounded risk (worst case priced in dollars and enforced?), lineage (one strategy with a track record, or a fresh name?), and capacity (does the fill model refuse size it can't get?). Each names an artifact to demand, not trust.

Why the usual checklist breaks on agents

A quant strategy hands you parameters and a backtest. An agent strategy hands you judgment: a model that perceived a market and authored a plan. The diligence questions change shape. You are no longer only asking "is this backtest honest?" You are asking "could this author have already read the answer key?"

That is the failure mode conventional diligence misses. A backtest can be honest for a deterministic system, but it is actively misleading for an LLM author, because the weights may already have memorized the tape. Weights leak what code fences can't stop. So the checklist below leads with contamination, then walks down to the boring-but-load-bearing gates (provenance, risk, lineage, capacity) that decide whether a number is bankable.

Read this as a reference. Each gate states what to demand, what a pass looks like, and where Kestrel is not the fit.


Gate 1: Contamination fence

Ask: On which days was the author scored, relative to its training cutoff? Were those days date-blinded?

An LLM that authored or selected a plan is not forecasting a week it has read; it is remembering it. The only honest evaluation of an LLM author lives on post-training-cutoff, date-blinded days. Kestrel's GRADE is contamination-fenced by construction: LLM authors are graded only on days they could not have already seen, with dates stripped from the Frame.

Demand: the scored date range, and confirmation the range sits after the author model's cutoff.

Pass: the range is checkable by a model reading it; you do not trust the number, you verify the fence.

Fail: "we backtested it on 2019–2024." For a model trained through 2024, that is a memory test wearing a track record.


Gate 2: Counterfactuals

Ask: Edge over what? A P&L number alone is not edge.

Kestrel puts two counterfactuals in the syntax so they cannot be omitted after the fact:

  • VS null: what if the agent had done nothing? Isolates whether acting beat sitting out.
  • VS ungated: what if the same plan ran without its regime gate? Isolates whether the gate (trading only the regimes the plan claimed) earned its keep.
GRADE plan range-day-scalp OVER 2026-04..2026-06 FILL conservative
  VS null
  BY regime

Demand: both counterfactuals, and the fill model named (conservative vs optimistic is not a footnote).

Pass: the strategy beats null and ungated after the fence. That residual is judgment.

Fail: a Sharpe with no baseline. Kestrel grades judgment, not parameters, and never against nothing.


Gate 3: Provenance

Ask: Can you replay the exact run (every fill, every quote, every data watermark), or are you reading a summary?

Kestrel emits certified Blotters and Grades and a shareable proof URL. The platform's whole reason to exist is to host what stays scarce when intelligence is abundant: deterministic execution and provenance/evidence. Certification over custody: the judge is open; what's sold is the stamp.

Demand: the proof URL and the underlying Blotter, served as a derived work over licensed data (never raw redistribution; that's the data-licensing tell of a clean operator).

Pass: you can reconstruct the run bar-by-bar and see the asof watermarks.

Fail: a screenshot of an equity curve. A screenshot is not provenance.


Gate 4: Bounded risk

Ask: What is the worst case, in dollars, and what enforces it?

A Kestrel PLAN is a standing, bounded-risk contingent program: every plan carries a budget, a bracket, an invalidation, and a TTL. Risk is structural, not aspirational:

USING signal SPX exec SPY 0dte
PLAN fade-open budget 2R ttl +45m regime {intraday: range}
  WHEN spot crosses above HOD AND velocity(5m) >= p95 held 120s
  DO buy 1 atm P @ lean(bid,fair,0.5)
  TP 2x frac 0.5 @ fair-3c
  EXIT spot crosses below VWAP @ bid
  INVALIDATE spot > HOD held 120s

Above that sits the org model: a recursive POD tree where budgets nest and authority only narrows downward. A dedicated Risk (L0) node can clamp or veto anyone, including the agent, and may never OPEN risk. On the commercial platform, the Envelope {scope, budget, ceiling, expiry, revocation} makes this a signed primitive, and the term-sheet approval URL shows worst-case-in-dollars before anything arms; sliders may only tighten.

Demand: the plan's budget, the enforcing envelope ceiling, and the worst-case dollar figure.

Pass: the worst case is bounded, priced, and revocable in one tap.

Fail: "risk is managed dynamically by the model." The agent is never the backstop: the agent is never in the hot path, and it can never widen its own leash.


Gate 5: Lineage

Ask: Is this one strategy with a track record, or a fresh name minted to bury the losers?

In Kestrel, names are data: leaderboard keys. A recurring name is one strategy with many instances, so its lineage is a queryable history, not a marketing choice. This is the gate that catches survivorship: an operator who spins up a new name after every drawdown has no lineage, and no lineage means no track record.

Demand: the name's full instance history: every run under that key, winners and losers.

Pass: a continuous lineage you can sort and count.

Fail: a strategy that is three weeks old with no ancestry, presented as proven.


Gate 6: Capacity

Ask: Does the reported fill survive at your size, or only at one contract in a backtest?

Kestrel's fill model carries a support flag that refuses to bank extrapolated fills: if the historical book couldn't have supported the size, the Grade won't claim it did. This is the quiet difference between a number that scales and a number that evaporates on the first real order.

Demand: the fill model, the support flag status, and the size the Grade was computed at versus the size you intend to deploy.

Pass: the Grade holds at realistic size, or honestly discloses where it stops.

Fail: an optimistic mid-fill on illiquid strikes, extrapolated to a size the tape never showed.


The checklist, as a table

GateQuestionArtifact to demandKestrel primitive
Contamination fenceWas the author blind to the scored days?Post-cutoff, date-blinded rangeContamination-fenced GRADE
CounterfactualsEdge over null and over the same plan ungated?VS null, VS ungated, fill modelCounterfactuals in syntax
ProvenanceCan you replay the exact fills?Certified Blotter + proof URLCertified Blotters/Grades
Bounded riskWorst case in dollars, enforced how?Plan budget + Envelope ceilingPLAN bracket + Envelope + Risk L0
LineageOne strategy, or a fresh name?Full instance history for the nameNames are data (leaderboard keys)
CapacityDoes the fill survive at size?Fill model + support flag + sizeSupport flag refuses extrapolated fills

Where Kestrel is not the fit

Be honest about the boundaries: a diligence reference that only sells is not a diligence reference.

  • Platform status, as of mid-2026. Anonymous trial sims, certified Grades, shareable proof URLs, and 402 Offers with Stripe settlement are live; always-on paper presence and the human-signed live path are in build. The free tier needs no signup. The GRADE semantics, the fence, and the counterfactuals are the designed contract; verify shipping status on anything you intend to click today.
  • Kestrel grades judgment, not parameters. If your strategy is a pure deterministic parameter sweep with no author making calls, most of Gate 1 and Gate 2 collapse: you want a conventional backtest audit, and Kestrel's contamination machinery is overhead you don't need.
  • It is not advice, and it is not custody. Kestrel is impersonal: it never recommends a trade. It is BYO-plan and BYO-broker for anything live, holds no custody, and sells certification rather than opinions. If you want a discretionary manager to tell you what to buy, this is the wrong tool.
  • The checklist assumes you can read a Grade. If your process cannot ingest a machine-checkable proof, the honesty guarantees don't help you; you'll fall back to trusting screenshots, which is the exact failure this checklist exists to prevent.

None of these gates require you to trust the operator. Each one names an artifact a model can parse and verify. That is the point:

Allocate to the grade, not the pitch: a strategy you can only trust is a strategy you have not yet diligenced.