Two-Layer Policy Model

architecture agents

The combination of off-chain MCP preflight checks and on-chain PCL enforcement.

To provide immediate feedback to AI agents while maintaining strict blockchain security, MAWS uses a two-layer policy model. The AgentManager performs off-chain preflight checks, while the Maroo chain's Programmable Compliance Layer (PCL) provides the definitive on-chain enforcement.

Architecture

graph LR
  A[Agent Intent] --> B{Preflight (Off-chain)}
  B -- Reject --> C[ToolError to LLM]
  B -- Pass --> D[Submit Tx]
  D --> E{PCL (On-chain)}
  E -- Reject --> F[Tx Reverted]
  E -- Pass --> G[State Updated]

The dual-track enforcement flow.

Layer 1: Off-Chain Preflight

When an agent calls transfer.send, the MCP server's AgentManager reads the agent's policy from the on-chain IdentityRegistry. It simulates the transaction rules locally. If the transfer violates the spendingLimit or allowedTargets, the server immediately returns a ToolError (e.g., POLICY_REJECTED). This saves gas and gives the LLM a chance to adjust its behavior.

const { allowed, reason } = await manager.checkPolicy(onchainId, to, valueWei);
if (!allowed) throw new ToolError("POLICY_REJECTED", reason);

Layer 2: On-Chain PCL

If the preflight passes, the transaction is signed and submitted to the Maroo network. Here, the PCL AnteHandler intercepts the transaction. The PCL reads the exact same IdentityRegistry state and enforces the rules at the consensus level. This guarantees that even if the MCP server is bypassed, the agent cannot violate its FIU compliance constraints.

Architecture

Layer 1: Off-Chain Preflight

Layer 2: On-Chain PCL

Related Concepts