Autonomy you can verify.
Letting an AI near a treasury is only acceptable if it can’t do the wrong thing. lyra’s answer is to keep the AI advisory and put every fund-moving action through four deterministic gates before it can ever broadcast.
The four-gate write pipeline
Every value-moving intent is checked against deterministic rules in the on-chain lyra::policy Move package — allowlists, per-coin and daily caps, slippage and health-factor floors, RWA eligibility. Violations are rejected before anything is signed.
The PTB is dry-run against live Sui state first. If it would abort, move more than expected, or breach a limit, it never reaches your wallet.
Material-risk actions require explicit human approval. Low-risk actions can run inside a pre-authorized envelope; anything outside it asks you (or your multisig) to confirm.
Only then does it broadcast on Sui — signed by the wallet you chose for that action — returning a tx digest and emitting an auditable receipt, anchored in Walrus, of what was decided and why.
Principles
The model proposes typed intents. It never holds keys and cannot move funds on its own. The guardrails are deterministic code and the on-chain lyra::policy Move package, not prompts — so a wrong or jailbroken model still cannot break a limit.
lyra never holds your funds. You connect a wallet (or derive an agent wallet you control); signing happens client-side. There is no server-side key for the public console.
Each agent is a Sui address (keypair). Its on-chain history of policy-checked PTBs and Walrus-anchored receipts forms a track record that can be checked, not just claimed.
Autonomy is opt-in and capped. Leverage and hedging are strictly bounded. You set the envelope; lyra acts only inside it and escalates the rest to you.
Want the technical detail — the lyra::policy Move package, simulation, and how Sui-address identity works?