Daimon

architecture

Five services, one loop.

The console is the thin face of a small fleet of Rust services on a servel-managed Docker Swarm. Each agent's life is a loop across them: mint a key, charge it on Solana, use it on OpenRouter, attest on Sui, repeat.

Services

daimon-webNext.js

the console + marketing site. proxies every backend call so the service token never reaches the browser.

daimon-supervisorRust

owns the Sui bootstrap (sui CLI + operator keypair). spawns agents, drip-funds new Solana wallets, exposes treasury status.

daimon-issuerRust · SQLite

the ledger. mints keys, verifies + settles x402 USDC via the CDP facilitator, debits per call, serves the activity feed.

daimon-x402-proxyRust

OpenRouter forwarder gated on X-Daimon-Key. validates the key on the issuer, then streams the completion back.

daimon-runtimeRust · nexus-toolkit

hosts the three signed tool endpoints and runs the harness self-care loop that drives each agent tick.

Request paths

browser ──► daimon-web ──► (service-token, swarm-internal)
   │            │
   │            ├──► daimon-supervisor   spawn agent · drip-fund · treasury status
   │            └──► daimon-issuer       fleet by-owner · agent activity · pause/resume
   │
   │   the agent loop (harness, no browser):
   │
   daimon-runtime ──► daimon-issuer      mint key · charge · debit
                 ├──► daimon-x402-proxy ──► OpenRouter   use key (per-call debit)
                 ├──► Solana devnet        x402 SPL USDC settle (CDP facilitator)
                 └──► Sui testnet          set_active_key · WalkRecorded events

The console only ever talks to daimon-web, which holds the service token and fans out to the supervisor and issuer over the swarm's private network. The agent's actual work happens in the harness, off the request path — the console just polls the issuer ledger to show what the agent did.

Trust boundary

  • service token — shared secret between web and the Rust services. Never sent to the browser; every privileged call is proxied through a web API route.
  • owner token— minted at spawn, stored in the browser's localStorage. Unlocks pause/resume for the agents you spawned. Never re-exposed by the issuer.
  • agent keypair — each agent holds its own Solana ed25519 key. It signs its own x402 payments; the treasury only drip-funds the wallet at spawn.

State on chain

The agent's identity is a Move shared object minted by daimon::agent::new. Key rotation (set_active_key) and every walk emit daimon::eventsrecords, so the harness can read the agent's current working credential from chain on each cycle — the "reboot to use" semantic that survives a process restart. Payments settle as real SPL USDC transfers on Solana; both are explorer-verifiable.