The risk of AI agents isn't malicious behavior — it's unbounded authority. This page covers why Intent Layer exists, how the trust model is enforced on-chain, and where bounded authority applies.
The risk of AI agents isn't malicious behavior — it's unbounded authority. Intent Layer exists to limit blast radius, not maximize outcomes.
Budgets, venues, selectors, assets, time windows. Authority is explicitly bounded and enforced on-chain.
Readable violations: budget exceeded, venue not allowed, TOCTOUTOCTOU (Time-of-check to time-of-use)Execution conditions changed after validation but before execution. mismatch.
Agents decide actions. Executors perform them. Swap executors without migrating wallets or changing policies.
Execution power is always constrained, auditable, and replaceable by design.
Any authorized executor can run an intent — but only after it passes on-chain policy validation.
Executors never have custody. They can only execute what a policy explicitly allows.
Budgets, venues, selectors, and time windows are enforced on-chain before execution.
Invalid intents fail validation, violations emit readable errors, and apps can switch executors without migrating wallets.
Bounded agent authority applies wherever agents act autonomously.
For teams replacing brittle ops scripts with auditable flows
Payroll, invoices, infrastructure payments — policy-constrained with full audit trail.
For builders giving agents real economic power
Agents propose actions, policies decide what executes. Authority expands only with human approval.
For protocols and agents managing on-chain capital
Swaps, lending, rebalancing, DCA — all bounded by budgets, venues, and selectors. DeFi is one domain where bounded authority matters.
See the quickstart, SDK reference, and MCP setup in the full docs.