How It Works

Understand the Axon payment flow from bot signature to on-chain settlement.

How It Works

Axon sits between your AI agent and the blockchain. Your bot signs a payment intent, Axon validates it, and the relayer executes the on-chain transfer from your vault. The bot never touches gas or submits transactions directly.

The Core Flow

Bot (off-chain)
  |
  |  1. Sign EIP-712 PaymentIntent
  v
Relayer API  (POST /v1/payments)
  |
  |  2. Simulate via eth_call
  |  3. Policy engine checks
  |  4. AI verification (if triggered)
  v
Vault Contract (on-chain)
  |
  |  5. Verify bot whitelist + signature + deadline
  |  6. Transfer tokens to recipient
  v
Recipient

Step by Step

Bot signs a PaymentIntent. The bot constructs an EIP-712 typed data structure containing the recipient, token, amount, deadline, and a reference. It signs this with its private key. No gas is needed.
Relayer simulates the transaction. Before spending any gas, the relayer calls eth_call against the vault contract to confirm the intent will succeed. This catches expired deadlines, invalid signatures, insufficient balances, and destination reverts.
Policy engine evaluates the payment. The relayer reads the bot's on-chain configuration (spending limits, AI thresholds) and checks against off-chain state (rolling daily spend in Redis, velocity windows). If the payment passes all checks, it proceeds. If a threshold is exceeded, AI verification is triggered.
AI verification runs (when triggered). Three independent LLM agents analyze the payment in parallel. Two out of three must approve. If consensus is not reached, the payment is routed to the owner's human review queue.
Vault contract verifies on-chain. The contract checks three things: the signing bot is whitelisted, the EIP-712 signature is valid, and the deadline has not passed. It also enforces the on-chain maxPerTxAmount hard cap. Only the authorized relayer (delegator) address can call executePayment.
Tokens are transferred. The vault executes the ERC-20 transfer to the recipient. The relayer returns the transaction hash to the bot.

Three Response Paths

Every payment request takes one of three paths depending on the amount and policy configuration.

Fast Path

For payments below all thresholds (typical micro-transactions), the relayer simulates, validates, and submits the transaction immediately. The bot receives a confirmed txHash in the response within seconds.

Bot → Relayer → simulate → policy pass → execute → txHash (sync)

This is the only path compatible with synchronous HTTP 402 payment flows.

AI Scan Path

When a single payment exceeds the aiTriggerThreshold or the bot's spending velocity crosses a configured window, the relayer triggers the three-agent AI verification layer. This adds approximately 30 seconds of latency.

Bot → Relayer → simulate → policy triggers AI → 3 agents vote
  → 2/3 approve → execute → txHash (sync or via poll)
  → no consensus → human review queue

If the AI agents reach consensus (2 out of 3 approve), the payment proceeds and the bot can receive the result synchronously or via polling. If consensus fails, the payment moves to human review.

Human Review Path

Payments that fail AI consensus, or payments from bots configured to always require human approval, enter the owner's review queue. The owner receives a push notification and can approve or reject from the dashboard.

Bot → Relayer → simulate → routed to review queue
  → Owner approves → execute → txHash (via poll)
  → Owner rejects → rejected (via poll)

The bot receives a requestId and can poll for resolution.

EIP-712 Signing

Axon uses EIP-712 typed structured data for bot signatures. This provides:

Human readability — wallets and tools can display the structured fields (recipient, amount, token) rather than an opaque hash
Domain separation — the signature includes the vault address and chain ID, preventing cross-chain and cross-vault replay
On-chain verification — the vault contract can recover the signer and confirm it matches a whitelisted bot

The PaymentIntent struct signed by every bot:

struct PaymentIntent {
    address bot;       // signer address, must be active in vault
    address to;        // recipient
    address token;     // ERC-20 token (e.g., USDC)
    uint256 amount;    // payment amount
    uint256 deadline;  // expiry timestamp (default: 5 minutes)
    bytes32 ref;       // reference linking on-chain tx to off-chain records
}

The SDK handles all signing automatically. You never need to construct EIP-712 data manually.

What the Relayer Does

The relayer is the off-chain execution layer operated by Axon. It performs several functions:

Function	Description
Intake	Accepts signed intents via `POST /v1/payments`, validates format and signature
Simulation	Dry-runs the transaction via `eth_call` before any gas is spent
Policy enforcement	Checks per-tx limits, daily rolling limits, velocity windows, destination whitelists
AI verification	Orchestrates the three-agent scan when thresholds are exceeded
Execution	Submits the on-chain transaction, pays gas, monitors confirmation
Status delivery	Returns results via synchronous response or polling endpoint

The relayer is the only address authorized to call executePayment on the vault contract. A compromised bot key alone cannot execute payments — the bot can only produce signed intents that expire within minutes.

Trust Model

Actor	What it controls	Risk if compromised
Owner (hardware wallet + multisig)	Bot whitelist, withdrawal, pause	Catastrophic, but very hard to compromise
Bot key	Signs payment intents	Can issue payments up to configured limits; signatures expire in minutes
Relayer	Submits signed payloads on-chain	Cannot forge signatures or initiate payments independently

The system is designed so that no single compromised component can drain funds without cooperation from other layers.

Next Steps

Key Concepts — definitions for every term used in this guide
Deploy a Vault — set up your own vault
First Payment — full end-to-end payment walkthrough