Policy-enforced smart wallets for AI agents on Solana.
This paper explains the TavSin operating model: custody lives in wallet state, agents request execution, policies arbitrate the request, and the resulting action is recorded for later review.
Control plane, not custody plane
The wallet is the control surface. The owner, agent, policies, trackers, and audit log are all modeled as protocol state so the system can reason about what is allowed before a transaction is released.
How an action moves through the protocol
An agent constructs a request, the program checks the policy rails, and approved requests become execution records while denied requests become denial records. That gives operators traceability without trusting the model.
- Request creation happens with explicit target program, account set, and payload hash.
- The policy engine validates amount, budget, program access, time windows, and freeze state before execution.
- Approved actions emit audit records that can be inspected by humans and monitoring tools.
What lives on-chain
Wallet state, policy state, spend trackers, execution requests, and audits are all persisted so the protocol can enforce behavior across time instead of relying on ephemeral application memory.
What still has to be trusted
Users still trust the chain, the deployed program, and the operational discipline around key roles. That is why audit prep, role assignment, and public launch status matter just as much as the product UI.
- Owners control freeze and recovery decisions.
- Upgrade authority should remain tightly scoped and documented.
- Security review is required before mainnet launch.
- Monitoring and incident response roles need to be explicit.
Current boundaries
The current implementation is a launch-ready devnet protocol with a public dashboard and read layer validation. Mainnet operations should only begin after the policy, deployment, and review gates are closed.