# Axon

> Treasury and payment infrastructure for autonomous AI agents. Non-custodial on-chain vaults, gasless bot payments via EIP-712 intents, off-chain policy engine, 3-agent LLM verification, and native HTTP 402 support.

## Actors

- **Owner** — Vault owner (ideally hardware wallet / multisig). Deploys vaults, registers bots, sets policies, withdraws funds, reviews flagged transactions.
- **Operator** — Optional hot wallet for day-to-day management. Can tighten policies and pause, but cannot loosen limits or withdraw.
- **Bot (Agent)** — Autonomous AI agent. Signs EIP-712 intents with an expiring deadline. Never holds ETH or submits transactions.
- **Relayer** — Axon's off-chain service. Validates intents, enforces policies, simulates, pays gas, and submits on-chain. Cannot access funds without a valid bot signature.

## How It Works

Bot signs an EIP-712 intent → POSTs to relayer → relayer simulates via `eth_call` → policy engine checks (spending limits, velocity, whitelist/blacklist, per-tx cap) → if threshold exceeded, 3-agent AI scan (2/3 consensus required) → approved intents submitted on-chain by relayer's Delegator → vault contract verifies bot registration + signature + deadline → executes → txHash returned.

Three on-chain execute actions:

- **executePayment()** — Direct transfer or swap-then-pay. Bot signs a PaymentIntent (recipient, token, amount, deadline, ref). Relayer handles swap routing if the vault holds a different token.
- **executeProtocol()** — DeFi protocol interactions (approve-call-revoke pattern). Bot signs an ExecuteIntent.
- **executeSwap()** — In-vault token rebalancing. Bot signs a SwapIntent. Restricted by the vault's rebalance token whitelist and per-bot `maxRebalanceAmount` cap.

Vaults can also receive funds: anyone can call `deposit(token, amount, ref)` on a vault.

## Smart Contracts

Three contracts deployed with identical bytecode across supported chains:

- **AxonVault.sol** — Per-owner vault. Holds funds, verifies bot signatures, enforces per-tx hard cap and destination rules. Only the registered Delegator can call execute functions. Only the Owner can withdraw. Not upgradeable.
- **AxonVaultFactory.sol** — Deploys vault clones via `create2`. Call `deployVault()` to create a new vault.
- **AxonRegistry.sol** — Axon-controlled. Maintains authorized relayers and approved swap routers.

For full contract source, structs, and interfaces → https://github.com/axonfi/contracts

## SDK (TypeScript)

```bash
npm install @axonfi/sdk
```

```typescript
import { AxonClient, Chain } from '@axonfi/sdk';

const client = new AxonClient({
  vaultAddress: '0xVAULT_ADDRESS',
  chainId: Chain.Base,
  botPrivateKey: '0xBOT_PRIVATE_KEY',
});
```

No RPC endpoint needed — the SDK signs intents locally and reads chain data through the relayer.

What you can do with the SDK:

- **Pay** — `client.pay({ to, token, amount, memo? })` — submit a payment intent
- **Execute** — `client.execute({ protocol, callData, token, amount })` — DeFi protocol calls
- **Swap** — `client.swap({ toToken, minToAmount })` — in-vault rebalancing
- **Poll** — `client.poll(requestId)`, `client.pollExecute(requestId)`, `client.pollSwap(requestId)`
- **Read** — `client.getBalance(token)`, `client.getBalances(tokens)`, `client.getVaultInfo()`
- **Check** — `client.isActive()`, `client.isPaused()`, `client.canPayTo(dest)`, `client.isProtocolApproved(addr)`
- **Keystore** — `encryptKeystore()` / `decryptKeystore()` for secure bot key storage
- **Constants** — `Chain`, `Token`, `KNOWN_TOKENS`, `USDC`, `WINDOW` time presets

Amounts accept human-friendly numbers (`5.2`), strings (`'5.2'`), or raw BigInt. Tokens accept symbols (`'USDC'`), enum values (`Token.USDC`), or addresses.

For full API reference → https://www.npmjs.com/package/@axonfi/sdk

## API

Full OpenAPI/Swagger documentation → **https://relay.axonfi.xyz/docs**

No authentication required — authorization comes from the bot's EIP-712 signature and on-chain registration.

Endpoint groups:

- **Payments** — Submit payment intents, poll status, batch lookup by tx hash
- **Protocol Execution** — Submit DeFi protocol calls, poll status
- **Swaps / Rebalancing** — Submit in-vault rebalances, poll status
- **Vault Reads** — Token balances, vault info, bot status, destination checks, rebalance token whitelist
- **Info** — Supported chains and tokens (`GET /v1/chains`), service health

All submit endpoints accept `simulate: true` for dry-run validation (full policy checks + simulation without broadcasting).

Response paths: **fast** (sync txHash) | **AI scan** (~30s when AI threshold triggered) | **human review** (async `requestId` — poll until resolved).

For detailed endpoints, request/response schemas, parameters, and error codes → https://relay.axonfi.xyz/docs

## Policy Engine

Owner-configured rules enforced by the relayer. Configuration stored on-chain in BotConfig structs for verifiability.

- Per-bot spending limits: up to 5 independent time windows (amount + count + duration)
- Hard per-transaction cap (`maxPerTxAmount`) — enforced on-chain, cannot be bypassed
- Destination whitelist (global vault + per-bot) and blacklist (vault-level, always wins)
- Velocity checks for unusual transaction patterns
- Configurable AI verification threshold per bot

## AI Verification

Payments exceeding a bot's AI threshold trigger three independent LLM agents in parallel: a **Safety Agent** (destination analysis, threat signals), a **Behavioral Agent** (anomaly detection against historical patterns), and a **Reasoning Agent** (prompt injection / social engineering detection). A 2/3 consensus is required to approve. Without consensus, the transaction enters a human review queue with push notification and Telegram alerts to the owner.

Rejected transactions create vault-scoped threat signals that feed into future AI scanning. Threat signals auto-deactivate if the owner later approves a similar transaction, preventing permanent false positives.

## Security Model

- **Non-custodial**: Only the Owner wallet can withdraw funds — enforced in Solidity, not a policy setting.
- **Owner sovereignty**: If Axon goes offline, the Owner can call `withdraw()` directly on the contract from any Ethereum client. Zero dependency on Axon infrastructure for fund recovery.
- **Bounded bot compromise**: A compromised bot key can only sign intents within its configured limits. Signatures expire in ≤15 minutes. Owner can remove the bot instantly.
- **Operator constraints**: Cannot loosen policies, cannot withdraw, cannot unpause. Bounded impact if compromised.
- **Relayer is facilitation only**: Pays gas and submits transactions, but cannot fabricate payments without a valid bot signature.

## Chains and Tokens

Axon deploys the same bytecode across multiple EVM chains. USDC (6 decimals) is the base asset. Any ERC-20 token can be used as payment output — the relayer swaps atomically via approved DEX routers.

Query `GET /v1/chains` for the current list of supported networks, their status (`live` / `coming_soon`), and all known tokens.

## Links

- Website: https://axonfi.xyz
- API Documentation (Swagger): https://relay.axonfi.xyz/docs
- SDK (npm): https://www.npmjs.com/package/@axonfi/sdk
- Smart Contracts (open source): https://github.com/axonfi/contracts
- GitHub: https://github.com/axonfi
- Twitter / X: https://x.com/axonfixyz
- Contact: hello@axonfi.xyz