Architecture
System design and data flow of the Aegis Protocol.
High-Level Architecture
βββββββββββββββββββββββ
β Vault Owner β (Human)
β - Browser Wallet β
ββββββββββββ¬βββββββββββ
β Signs vault management
βΌ
βββββββββββββββββββββββ
β Aegis Protocol β (On-chain)
β - VaultConfig PDA β
β - Policy Engine β
β - Fee Collection β
ββββββββββββ¬βββββββββββ
β²
β Signs transactions
ββββββββββββ΄βββββββββββ
β AI Agent β (Autonomous)
β - Server Keypair β
βββββββββββββββββββββββPDA Derivation
Vault Config PDA
Seeds: ["vault", authority, nonce]
Purpose: Stores vault configurationVault Authority PDA
Seeds: ["vault_authority", vault_pda]
Purpose: Holds actual SOL (deposit address)Override PDA
Seeds: ["override", vault_pda, override_nonce]
Purpose: Stores override requestsFee Treasury PDA
Seeds: ["fee_treasury"]
Purpose: Collects protocol feesTransaction Flow
Successful Transaction
- Agent calls
execute_agent - Protocol verifies agent signer matches
vault.agent_signer - Check: Is destination whitelisted?
- Check: Would exceed daily limit?
- Check: Is vault paused?
- Calculate fee (0.05%)
- Transfer SOL from vault authority to destination
- Transfer fee to treasury
- Update
vault.spent_today - Emit
TransactionExecutedevent
Blocked Transaction (Override Flow)
- Agent calls
execute_agent - Policy check fails (not whitelisted or limit exceeded)
- Transaction reverts with error
- SDK catches error, calls Guardian API
- Guardian stores override request
- Guardian generates Blink URL
- Owner receives notification
- Owner approves via Blink
- Transaction executes
Security Layers
Layer 1: Account Validation
- Verify all account ownership
- Check PDA derivations
- Validate signer authorities
Layer 2: Policy Checks
- Whitelist validation
- Daily limit enforcement
- Pause state check
Layer 3: Arithmetic Safety
- Checked addition/subtraction
- Overflow protection
- Underflow prevention
Layer 4: Fee Collection
- Mandatory 0.05% fee
- Atomic with transfer
- Cannot be bypassed