Anafi: Technical Product Vision

1. Motivation — why automation matters for crypto
2. What is Anafi — product overview and core features
3. Technical Vision — architecture and security model
4. MVP Scope — what is included in the first version
5. Delegation is Code: DSL Design — rule language and tooling
6. Example Workflow — salary auto-split end to end
7. Integration API/UI — REST API and embeddable widget

Motivation

Crypto neobanks are gaining traction precisely because users prioritise UX. But users also need automation. In the US, 25% of the bills are paid automatically [1], with 67% household bills automatic in Australia [2], and direct debit accounting for about 70% of all recurrent payments in EU [3] and UK [4].

Part of Web2 neobanks' popularity can be attributed to seamless automation: scheduled payments, round-ups, salary splitting, auto-investing. Web3 automation, by contrast, is non-existent or terribly complex. To compete with web2 neobanks, web3 and stablecoin-oriented neobanks and wallets must be equally intuitive and UX-friendly.

Trust and delegation. How do you delegate execution without losing non-custodiality? You can write a smart contract script, but how can you be sure it's secure and does not give more rights than you expect? Simple delegation protocols exist across ecosystems, but they typically define only on-chain rules, and rather loosely so — "only swap these tokens", "do not withdraw funds", or "only rebalance between these wallets". No product solves automation well today — they either defer to a third-party watchtower, propose complicated intent optimisation auctions, or push the responsibility entirely onto the user. For a neobank or wallet, building their own automation layer is costly and introduces an extra layer of security risks and compliance headaches.

Simplicity. Most average consumers gravitate towards simpler, convenient, understandable products first [5]. This stands in stark contrast with complicated DeFi yield vaults with unclear regulatory implications, or AI-optimised on-chain hedge funds, that web3 commonly suggests to retail customers. Features such as simple auto transactions, direct debits, stablecoin rebalancing, all non-custodial, and owned by the end user — are largely overlooked in web3. Stablecoins and RWAs, growing in popularity and adoption faster than ever, could become "normal" instruments for average neobank users, and represent known, and already well-understood assets. However, we believe that this transition is likely to be stymied without a simple, user-focused approach to financial management.

Privacy. Privacy is a huge bottleneck for wider blockchain adoption. Aside from being one of the biggest trends of 2025/2026, privacy is fundamental — web3 currently lacks the luxury of confidentiality that users of tradfi neobanks take for granted.

Anafi aims to address all three by providing simple, secure, and private automation infrastructure.

What is Anafi?

Anafi is a privacy-preserving decentralized automation engine. The core technical proposition of Anafi is the infrastructure layer for neobanks, wallets, and RWA providers, built to ship automated, private, non-custodial financial automation to their end users, fast.

Our core features:

1. Automated execution
   • Automate transfers: direct debits, auto rebalancing, auto payments (bills/salaries), split expenses, salary management.
   • Simplify savings and investment: auto-investment (e.g. monthly DCA/TWAP), weighted/proportionate allocation, sector-based allocation, and rebalancing rules.
2. Trusted: Secure and private non-custodial delegation
   • User's automation expressed in clear, safety-checked DSL, executed by Anafi servers
   • Non-custodial, directly settled: users are in control and own their funds.
   • Decentralized and secured by cryptographic assumptions and economic incentives.
   • Privacy: ZK proofs of execution correctness—users verify delegation rules are followed. Enabled by ZK/TEE advances; fully delegated to chain.
3. Clear UX
   • Designed for clarity while enabling extensive, partner-customizable programmability.
   • Anafi provides SDK and API, along with UI widget and wireframe references making integration easy and fast.
   • With Anafi, users understand what is going on with their finances.
4. Stablecoin and RWA focused
   • RWAs, stablecoins, and basic crypto tokens as primary investment resources (not complex DeFi yield schemes)
   • Integration with RWA providers and stablecoin issuers
5. Report generation & auditability
   • Compliance-friendly audit trails and financial reporting.

We believe the solution we provide lives best in the B2B2C model — Anafi integrates with neobanks and wallets as backend infrastructure, while end users interact through partner apps with a Monzo/Revolut-style simple interface. Low barriers to entry, globally accessible.

Technical Vision

We first present the complete vision of Anafi, with an MVP scope defined right after.

1. Confidential execution substrate — a privacy-preserving runtime that holds user strategies and signing keys. Triggers, balances, and policy state are hidden from third parties.

   • TEE-based (mature in 2026, MVP path): Intel TDX or SGX, AWS Nitro, AMD SEV-SNP. Trust = hardware attestation + the manufacturer. Oasis ROFL is a credible managed option — deterministic enclave-bound secp256k1 keys plus a threshold key-manager committee for cross-restart continuity.
   • MPC-based (decentralization roadmap): a quorum of nodes (Arcium, Nillion, Partisia, TACEO) jointly evaluates triggers; no single party sees full state. Trust = non-collusion across the quorum. Higher cost and latency than TEE; toolchains are pre-1.0 in 2026.
   • Confidential L1 / L2 (Oasis Sapphire, Secret Network) — outsource the confidential-runtime problem to a chain that already provides it; trades engineering work for vendor lock-in.
   • Security composes: (1) hardware attestation, (2) BFT / MPC honest majority, (3) economic assumptions and fraud proofs — operators can be slashable for non-participation when a trigger was supposed to fire. Decentralization — multi-operator MPC + slashing — is the post-MVP target.

2. Automation & triggers — the MPC collectively evaluates when an action should fire.

   • Uses timelock crypto (simplest case: external time oracle) + secret sharing of dates + secure comparison.
   • For this we include oracle integration — external data (prices, time) flows into the network and can be referenced by triggers. We are actively considering using Symbiotic-style AVS for oracle data in the future.

3. Execution — two paths:

   • Threshold signing (MPC+TEE): nodes jointly create and sign a transaction Fireblocks-style, then broadcast it. Can be signature-on-TEE-execution, or "provable MPC" without TEEs.
   • Collaborative zkSNARK (Renegade-style): parties generate a proof together. Especially useful for private/shielded transactions (e.g. confidential coins/RWAs).
   • Either way, the transaction hits the chain and settles.
   • Bonus pseudonymity by randomized triggers: triggers/execution can be slightly delayed for privacy — e.g. "evaluate condition X; schedule action within random interval in the next hour/day".

4. Settlement, account model, on-off ramp integration:

   • We aim to make our account model as lightweight as possible — delegation is a "small extra" on top of a "normal looking account". No complex big smart contracts with opaque ownership.
   • For delegation we need something like AA (Account Abstraction) with delegated ownership (AA / PDA) to verify MPC threshold sigs or SNARKs as proof of ownership, and an on-chain DSL interpreter.
   • With Anafi, settlement is direct: users own their funds normally, not just shares in some auto-managed vault.
     • Funds settlement itself is just a regular transaction that our backend creates in a secure and delegated way. Everything that the user delegates looks like a normal transaction.
   • We are compatible with common automated on/off-ramp designs: where payment is necessary to be made to a one-time address for e.g. off-ramp.
   • Future support of privacy-preserving tokens is possible. We can support accounts within a confidential pool (Aleo/Secret Network/Elusiv/Light protocol style). Railgun/0xbow target stronger anonymity than our compliance model requires, but remain potential future integrations.

5. DSL & programmability:

   • We design a DSL expressing "how to automate/delegate" (see paragraph below).
   • It's a simple declarative language with three parts: (1) triggers (time/oracle conditions), (2) actions (interact with accounts/token contracts), (3) restrictions/optimisation (max fee, exchange choice, slippage, allowed tokens — CoW/intent protocol style).
   • The "actions" part is interpreted on-chain (1inch swapVM style).
   • All three components compile to MPC-friendly bytecode for node execution.
   • For future SNARK provability: we also compile triggers/restrictions into circuit language — proving actions fired at correct conditions and the action plan satisfies user constraints.

6. Basic multi-account pseudonymity:

   • For MVP, we support "pseudonymity" rather than full privacy: users can create and automatically manage many single-use accounts (AA+paymaster style), the link between which is known only to the user and Anafi.
   • Accounts are treated as UTXO-like containers — new accounts created for incoming funds, any account can be used for outgoing. Hierarchical derivation presents them as "one account" to the user.
   • Anafi stores account to user mappings and can disclose to compliance partners (RWA providers, on/off-ramp) on request. Optionally, users can post encrypted user IDs with ZKP to enable partner-side linking without on-chain visibility.
   • This is not "fully private" (correlation attacks possible), but also orthogonal to our main privacy approach, regulation-compliant, and sufficient for MVP. Full MPC/ZK privacy is post-MVP.

7. Provable liveness (research direction) — the maximalist version of the privacy story: not just hiding execution, but cryptographically proving that every trigger that should have fired did fire. Realised through "private supervisor" oracles — TEE/MPC quorums that ingest the public world, evaluate opaque trigger sets, and emit slashable attestations when an operator misses a trigger.

   • Time-locked beacons (drand / tlock) cover the time-based case directly: a commitment unlocks at a target slot, and the supervisor must have submitted the corresponding action by then.
   • Predicate triggers (incoming tx, price moves, balance thresholds) reduce to a private filtering problem — today realistic only inside TEEs at scale; coSNARK / FHE approaches are research-grade in 2026.
   • One-of-N honesty among supervisors is enough — the inverse of usual oracle quorum design. Slashing only fires when every supervisor either reports a missed trigger or fails to report.

MVP Scope

For our Q2 2026 MVP, we have to prioritise the most important features first:

1. Core backend: TEE + a single server + on-chain rails. Fireblocks/turnkey-style without MPC. Our own oracle data. Basic pseudonymity via multi-account storage can be supported as described above.
2. DSL: simple automation, transfers, purchasing tokens, price and time triggers.
3. Settlement: public transactions, settlement with some public contract rails + TEE receipt publishing.

See "deferred features" below for what we do not include at the start.

MVP Deliverables

For B2B2C, partners (neobanks, wallets) need to integrate Anafi easily.

MVP deliverables internal-facing:

1. TEE execution service — enclave that stores strategies, evaluates triggers, signs transactions
2. Chain indexer / listener — monitors on-chain events for trigger conditions (incoming txs, price changes)
3. DSL compiler & validator — parses YAML specs, runs consistency checks, compiles to TEE format
4. On-chain contracts — user account contracts (AA/PDA), delegation verification, DSL interpreter
5. Backend API server — REST endpoints for partner integration, execution logging, notifications

MVP deliverables for partners (external-facing):

1. REST API — strategy CRUD, execution history, notifications (spec in doc below)
2. SDK — TypeScript/JS wrapper, possibly Rust for Solana
3. Wireframes + optional UI widget — while we focus on the SDK approach, we provide wireframes and iframe/webview or React component for day-1 integration and testing.
4. Documentation — integration guide, DSL reference, example flows

MVP Timeline & Phasing

Target: Late Q2 2026 (MVP launch)

Phase breakdown:

1. Foundation — DSL spec, TEE infrastructure setup, basic contract architecture. UI / widget started from first weeks in parallel.
2. Core Execution — DSL interpreter (on-chain or TEE-based), trigger detection, transaction building
3. Integration — Partner SDK/API, widget development, on/off-ramp integration
4. Testing & Hardening — Security review, testnet deployment, partner pilot

On/Off-Ramp & External Integrations

MVP requires basic money movement. Key integrations to consider:

1. On/off-ramp provider — enable users to fund accounts, withdraw to bank.
   • We provide our own integration with an on/off-ramp provider, e.g. Bridge (Stripe), Transak, MoonPay.
   • At the same time, we are aiming to integrate partner-specific on/off-ramp provider where necessary.
   • Integration should be uncomplicated, as Anafi's delegated actions are regular transactions, so the naive integration workflow will be quite similar to ours.
2. DEX/swap routing — for token purchases within strategies
   • Options: Jupiter, 1inch/0x.
3. Time and price oracles (post MVP) — for time and price-triggered strategies (DCA, rebalancing)
   • Options: in-house at the start for MVP, but could consider e.g. Pyth or Chainlink.

Deferred Features (Post-MVP Roadmap)

Explicitly out of scope for MVP, but on the roadmap:

1. Decentralization — MPC network, multiple TEE operators, slashing / fraud proofs, partner-run nodes
2. Full privacy — ZK-proven execution correctness, shielded amounts (Railgun / Nocturne / Aztec), confidential stablecoin integration, aggregated execution (CoWSwap / SUAVE / MEV-Share)
3. Advanced DSL — portfolio rebalancing, value averaging, conditional expressions, stateful refs (balance(TOKEN), last.X, running_total), composite triggers (any_of / all_of), pipelined and atomic action composition, named budget pools and rolling-window caps
4. Advanced privacy triggers — epoched batching (anonymity sets), decoy emissions, composite-trigger guards. (MVP already ships randomized_delay.)
5. External oracles — Pyth / Chainlink integration, generic oracle reads, Symbiotic-style AVS for oracle-data attestations
6. Multi-chain — cross-chain rules, bridge primitives, multi-chain budgets, chain-aware address book
7. Advanced compliance tooling — full audit trail, tax reporting (FIFO / LIFO / HIFO lot tracking), regulator-grade view-key disclosure
8. Visual strategy builder — drag-and-drop UI for non-technical users, bidirectional natural-language ↔ DSL ("Babel policies")
9. Confidential B2B2C rails — partner-issued shielded tokens on a confidential EVM (Oasis Sapphire-style) for intra-neobank settlements: private to outside observers, accountable to the issuer via view-key disclosure
10. Community plugin marketplace — uses:-style imports for third-party triggers and actions, with content-hashed pinning, sandboxing, and tiered trust (verified / audit-stamped / community)

---

Delegation is Code: DSL Design

The primary function of Anafi's DSL is to capture the automation/delegation strategy, concisely expressing in a human-readable way: (1) triggers, (2) actions, (3) red line checks and restrictions.

Example DSL declarations that we support:

1. Basic transfers:
   • Schedule payment from A to B on time T (daily/monthly, starting date/end date)
   • If received transaction 1-3 of the month with the sum [A,B] OR from one of these addresses - send these three transactions.
   • "Split expense" with another user (similar to Monzo's bill splitting).
   • If received a transaction above 10k$, move 90% to cold storage
   • If detecting an outgoing transaction with "TAG", send an outgoing transaction with 0.5% of the cost to person Y (e.g. this can be used to implement joint expenses).
2. Auto investment, or recurrent asset buying:
   • TWAP/DCA = "buy 1000$ of this asset monthly/weekly"
   • Value Averaging (VA) = "target 1000$ monthly portfolio growth"
   • Momentum-based DCA = "adjust purchase amount based on trend indicators"
   • Rebalancing bands: set portfolio allocation, e.g. 40/60
   • RSI-weighted DCA (relative strength index).
3. Price and fee control:
   • 1% commission on purchases maximum (for ALL txs)
   • Do not exceed 30th percentile weekly gas price (for DCA)
4. Notifications:
   • Notify if ethereum price above Y
   • Notify if "all crypto" / "all stablecoins" > 60% (e.g. wants to keep certain proportion of funds)
   • Notify if portfolio grows/shrinks >10% within a day.
5. Privacy & agent delegation:
   • Decorrelate firing timing with randomized_delay wrappers — cron and event triggers fire at a uniform-random offset in a user-chosen window.
   • Hand a session key to an AI/automation agent inside an agent_envelope: token allowlist, recipient allowlist, per-tx max, balance floor — all enforced statelessly at redemption.
   • The agent never sees the user's full position — balance checks happen inside the confidential runtime.

We use YAML with custom expressions as the canonical surface — round-trippable to a visual builder, lintable, and familiar to anyone who has authored a GitHub Actions workflow. Structurally, the DSL borrows from GitHub Actions (trigger-then-actions decomposition, uses:-style plugin model for community modules) and Nix (typed module system, content-hashed dependency graph — the on-chain commitment plays the role of flake.lock). YAML is the human-facing surface; the on-chain commitment is over the typed, resolved AST.

Example specification — illustrating triggers (incoming_tx, cron, cron_schedule, price_changed, randomized_delay privacy wrapper), actions (send_one, send, exchange, lock, notify), value expressions (percentages, FX-style of conversion, named constants and address book), and an agent_envelope for autonomous-agent spending:

# ── Variables, constants, address book ───────────────
# Plain string aliases, typed constants, and named-address
# entries — referenced symbolically by the rules below.
variables:
  cold_wallet: "0xColdWallet0000000000000000000000000000001"
  employer:    "0xEmployerAddr00000000000000000000000000001"

constants:
  dca_amount: "100 USDC"

address_book:
  landlord: { addr: "0xLandlord0000000000000000000000000000001", label: "Landlord" }

rules:
  # ── Rule 1: Monthly rent ─────────────────────────────
  # 1st of every month at 09:00 — fixed EUR amount paid
  # in USDC via on-the-fly FX conversion (`of`).
  monthly_rent:
    trigger:
      type: cron_schedule
      day_of_month: 1
      time_of_day: "09:00"
    actions:
      - type: send_one
        to:    "$book.landlord"
        value: "1200 EUR of USDC"

  # ── Rule 2: Salary auto-split ────────────────────────
  # When a paycheck (1000–10000 EUR) arrives from the
  # employer: 50% cold storage, 30% brokerage, 10% into
  # ETH, 10% locked until next salary day.
  salary_split:
    trigger:
      type: incoming_tx
      from:  "$employer"
      value: "1000..10000 EUR"
      sender_type: "employer"
    actions:
      - type: send
        recipients:
          - { to: "$cold_wallet",                              value: "trigger.value * 50%" }
          - { to: "0xBrokerage000000000000000000000000000001", value: "trigger.value * 30%" }
      - type: exchange
        in:  "trigger.value * 10%"
        out: ETH
      - type: lock
        value: "trigger.value * 10%"
        unlock_trigger:
          type: cron_schedule        # unlocks at next 1st-of-month
          day_of_month: 1            # (at-most-once when used as unlock)
          time_of_day: "09:00"

  # ── Rule 3: Daily DCA with privacy delay ─────────────
  # `randomized_delay` wraps any non-wrapper trigger and
  # adds a uniform-random delay — here 5min–1h after the
  # daily cron — so block-explorer observers can't infer
  # the schedule from regular block timing.
  dca_eth_private:
    trigger:
      type: randomized_delay
      inner:
        type: cron
        interval_seconds: 86400
      delay_min_sec: 300
      delay_max_sec: 3600
    actions:
      - type: exchange
        in:  "$dca_amount"
        out: ETH

  # ── Rule 4: ETH price alert (edge-triggered) ─────────
  # Fires once per directional crossing, not on every
  # sample above threshold.
  eth_high_alert:
    trigger:
      type: price_changed
      symbol: ETH
      condition: above
      threshold_usd: 5000
      edge_only: true
    actions:
      - type: notify
        channel: push
        message: "ETH crossed $5000 — review portfolio"

# ── Agent envelope (use case B) ──────────────────────
# Hand a session key to an AI research agent so it can
# pay for API calls and RPC services autonomously,
# within a privacy-preserving balance envelope.
# Stateless caps: USDC balance must stay above 500 after
# every spend; no single tx may exceed 50 USDC.
agent_envelope:
  to: "0xResearchAgentKey00000000000000000000000001"
  token_allowlist: [USDC]
  recipient_allowlist:
    - "0xOpenAIPaymaster0000000000000000000000000001"
    - "0xRPCProvider000000000000000000000000000001"
  balance_floor: "500 USDC"
  per_tx_max:    "50 USDC"
  expiry: "2026-12-31T00:00:00Z"

# ── Global constraints ───────────────────────────────
global:
  token_allowlist: [USDC, USDT, EUR, EURC, ETH]

Operator precedence in value expressions: of is the lowest-precedence operator — trigger.value * 50% of EUR parses as (trigger.value * 50%) of EUR. The conversion always happens last. The canonical pretty-printer wraps non-atomic LHS of of in parens for unambiguous reading.

DSL SDK toolset features the following checkers (with examples):

1. Consistency checker — validates internal correctness before deployment. Basic type-checking and language-level checks.

   Check	Status	Message
   Undefined reference	❌	Error: variable $hot_wallet used in rule sweep_to_cold but not declared in variables / constants / address_book
   Address format	❌	Error: 0x123 is not a valid 20-byte hex address
   Token allowlist violation	❌	Error: rule dca_eth exchanges into SOL, not in global.token_allowlist
   Dimensional mismatch	❌	Error: cannot add USDT + ETH in swap_leg.value — bridge with of first
   Chained of conversions	⚠️	Warning: 30 USDT of ETH of EURC — double conversion loses precision
   Volatile source in of	⚠️	Warning: 1000 ETH of USDT — ETH price could spike between evaluation and settlement
   Tight randomized_delay window	⚠️	Warning: delay window 30s — privacy benefit is marginal
   Cross-rule resource conflict	⚠️	Warning: rule dca_eth and sweep_to_cold may race on USDT balance
   Agent envelope without expiry	⚠️	Warning: agent_envelope has no expiry — long-lived envelopes are an audit risk

2. Compiler — transforms DSL into target execution environments. Here presented as a set of CLI commands, but available as an SDK/through an API. Targets:

   • On-chain execution: generates calldata / instruction set for on-chain interpretation (1inch swapVM-style)
   • MPC bytecode output: for threshold-signed execution.
   • TEE enclave format: for Fireblocks/Turnkey-style single-server implementation, and for MPC+TEE in the future.
   • ZK circuit (future): for proving execution correctness.

3. Sanity checker — static analysis for financial risk and operational clarity.

   • Monthly outflow projection:

     $ anafi analyze rules.yaml --monthly-summary
     Projected monthly outflows:
       dca_eth:        ~400 USD (4x weekly)
       salary_split:   ~4500 USD (90% of expected salary)
       rent_payment:   1200 USD (fixed)
       ─────────────────────────────
       Total:          ~6100 USD/month

   • High-risk rule flagging:

     Rule 'sweep_to_cold' moves 90% of large incoming txs
         => consider if 0xEmployer changes payment schedule
     Rule 'momentum_dca' uses external RSI oracle
         => verify oracle feed reliability
     No global spend cap defined
         => consider adding monthly_max_outflow constraint

   • Competing strategy detection:

     Conflict: 'rebalance_bands' (targets 60/40 ETH/USDC) may
         counteract 'dca_eth' (increases ETH allocation monthly)
     Suggestion: Add exclusion window or unify allocation targets

   • Execution simulation — dry-run with mock events or historical data to evaluate strategy performance:

     anafi simulate rules.yaml --scenario salary_received.json

Example Workflow: Salary Auto-Split

Scenario: User wants to automatically (1) send 500 USDC to a friend and (2) buy 200 USDC worth of ETH whenever they receive their monthly salary.

Setup phase:

1. User connects to the partner app
2. User creates a delegation rule via UI builder (DSL snippet):
   • Trigger: incoming_tx from 0xEmployer, value 2000..10000 USDC
   • Action 1: send_one 500 USDC to 0xFriend
   • Action 2: exchange — 200 USDC for ETH
3. User signs the delegation config with their wallet (proves ownership)
4. Partner app submits encrypted config to Anafi API (PUT /v1/profile), and commits it in the user's account under "delegated to my_strategy" section.
5. Anafi TEE stores the strategy (secret-shared with user for recovery)

Execution phase (monthly, when salary arrives):

1. Salary tx lands on-chain: 0xEmployer → User, 5000 USDC
2. Anafi backend detects incoming tx matching trigger conditions
3. Anafi backend evaluates constraints inside MPC/TEE (gas price acceptable? slippage within bounds?)
4. Anafi backend constructs two transactions:
   • Tx A: User → 0xFriend, 500 USDC
   • Tx B: User → DEX, swap 200 USDC for ETH
5. Anafi backend signs transactions using delegated authority (AA session key / PDA)
6. Transactions broadcast to chain and settle
   • The on-chain script checks that the actions are according to the DSL strategy snippet committed before.
   • 0xFriend contract might be an off-ramp service that auto-detects any incoming transactions and initiates a bank transfer according to the tx metadata.
7. Anafi logs execution, user can query via GET /v1/executions
8. (Optional) User receives notification: "Salary split complete: 500 USDC sent, 0.08 ETH purchased"

Integration: API and UI Module

For partner integration we provide two toolsets: a REST API (with optional SDK) and an embeddable UI widget.

API

REST + OpenAPI spec. All requests are signed by user's wallet (e.g. Phantom signMessage), with partner identification via API keys.

Core endpoints:

GET  /v1/profile                  # current delegation rules
PUT  /v1/profile                  # update delegation rules
POST /v1/profile/pause            # pause all or specific rules
POST /v1/profile/emergency-stop   # kill switch — halt everything

GET  /v1/executions               # execution history (for reporting/accounting)
GET  /v1/executions/:id           # single execution details
GET  /v1/notifications            # failed payments, alerts, etc.

Example: update a rule

curl -X PUT https://api.anafi.io/v1/profile \
  -H "Authorization: Bearer <signed-message>" \
  -H "X-Partner-ID: partner-wallet-app" \
  -d '{"rules": {"dca_eth": {"trigger": "weekly", "amount": "150 USD"}}}'

Privacy note: all queries are constructed client-side (Fireblocks/TEE style) — the network never sees plaintext delegation rules.

Embedded UI Widget / Webview

We envision the main integration path to be through partner's own frontend plus our SDK, but we provide wireframes and the widget as a day 1 drop-in solution if necessary. Implemented as iframe/webview or React component — easily integratable, customizable styling, works out of the box.

Main tabs:

1. Payments — schedule one-time or recurring payments, payroll (batch recipients)
2. Invest — auto-invest (DCA/TWAP/VA), rebalancing rules
3. Activity — scheduled items list, execution history, cancel/edit actions

Supported features:

• Schedule a payment — one-time future transfer (e.g., pay invoice on March 1st)
• Recurring payments — fixed amount on schedule ($500 rent monthly)
• DCA / Auto-invest — recurring buys ($100 → SOL weekly)
• Rebalance rules — trigger swaps when allocation drifts (keep 60/40 SOL/USDC)
• Sweep rules — auto-transfer when balance exceeds threshold (>$10k → cold wallet)
• Payroll — batch recurring payments to multiple addresses

Optional — partners can replace with native UI or use as fallback. UX inspiration: Monzo/Revolut, yield.xyz, DCABot, Glider.