Protocol architecture

Two things on‑chain. Everything else only as far as it must be.

The chain is genuinely irreplaceable for exactly two things — the box that holds the money, and the book that records what happened. The architecture is best read as a map of that single decision.

OFF-CHAIN — AS FAR AS POSSIBLE ON-CHAIN — ONLY THE IRREPLACEABLE Operator + AIreads leases · drafts actions · accountable Integrator’s reportingthe off-chain facts at the trigger boundary The physical worlda wall scuffed · a tenant moved in PRIMITIVE 01Vaultstablecoin escrow — the protocol holds no key PRIMITIVE 02Ledgeran unfalsifiable record no party can rewrite
Only two things are placed on-chain — because the chain is genuinely irreplaceable for exactly them, and slow and expensive for everything else.
The five components

What each part is responsible for.

VAULT · ON-CHAINThe box that holds the money
For each tenancy it escrows the deposit and incoming rent, denominated entirely in stablecoin. Its defining property is what it withholds from everyone, including its own authors: the protocol holds no key, runs no administrative account, and exposes no lever by which funds could be seized, redirected or frozen. The escrow logic binding a tenancy is fixed when that tenancy is created — even a future upgrade reaches only tenancies created after it, never funds already locked. It releases only when an autonomous condition is met — a date reached, an on-chain event observed.
MANDATE · RULEBOOKThe walls the Operator cannot exceed
An on-chain rulebook, authored by the landlord or integrating platform, stating in advance what may be spent, up to what amount, to whom, on what schedule, and above which threshold a human must explicitly approve. Every Operator action is checked against it before it can touch the Vault; an instruction that exceeds a cap, names a payee outside the allowlist, or arrives off-schedule is simply refused — and the refusal itself is recorded.
OPERATOR · PRINCIPALThe accountable principal — not the AI
The AI is the tool — it reads the lease, computes what is owed, schedules the plumber, drafts the action. The Operator is the capital-bearing, accountable party that runs that AI: it posts a slashable bond, earns the management fee, and is the one that loses something real when the AI, or its own negligence, causes harm. Code cannot be a principal; accountability must be injected by someone who has put capital at risk.
COURT · EXCEPTIONA judge of last resort, kept asleep
The part of the architecture the design works hardest to avoid using. Ordinary tenancies need no judge: rent releases on a clock, a clean move-out returns the deposit automatically. The Court wakes only when a deduction is actually contested — and even then the design stacks the deck toward quiet resolution. It is also the neutral venue for a claim against an Operator's bond.
LEDGER · ON-CHAINThe book no one can quietly rewrite
Every rule-check, every payment, every ruling is written to it permanently, and no party — not the Operator, not the integrator, not the protocol's authors — can revise it after the fact. Its readers are everyone the system must satisfy: the investor verifying the rent arrived, the tenant who needs recourse, the auditor checking compliance. Almost free — an inherent by-product of doing the steps on-chain at all.
Core mechanisms

The machinery, described with the abuse it defends against.

Release engine

A clock and an event before a judge

Every movement of value is triggered either by something chain-verifiable — a date passed, an on-chain event — or, as the costly exception, by a judgment about the physical world. The engine pushes as much behaviour as possible into the first class. Rent releases on a schedule; the deposit returns on a pure timer unless a bonded deduction claim is filed.

Mandate model

Bounding an autonomous actor

Four constraint types — caps, allowlists, schedules, approval thresholds. The mechanism that makes it trustworthy is check-before-touch: the Operator never holds funds; it emits an instruction, the Mandate evaluates it deterministically, and only a passing instruction reaches the Vault. It bounds the Operator's payments, not the AI's reasoning — making misbehaviour bounded and expensive, not impossible.

Optimistic dispute

The Court, kept asleep by economics

A claimant posts a bond and evidence; an optimistic challenge window opens; an unchallenged proposal simply stands. Only a genuinely disputed case escalates to staked jurors, rewarded for sound rulings and slashed for bad or absent ones. Bonds deter frivolous claims and nuisance challenges alike. Honestly stated: a juror verdict is a bonded consensus, not access to ground truth.

Deduction claim+ bond & evidence Challenge windowoptimistic · time-boxed MOST TENANCIES Unchallenged → proposal stands the Vault splits · no juror convened RARE Challenged → staked jurors rule written to the Ledger · rewarded / slashed
The honest, uncontested path is engineered to be overwhelmingly the cheapest — which is how the Court is kept asleep.
Read together, the mechanisms compose: judge-free in the ordinary case, adversarially robust in the exceptional one — and the only remaining trust assumption small, bonded and explicit.

See who stands around the machine — and what each puts at risk.

Actors & incentives Read the whitepaper