🛡️ Phylax SDK: Bounded Intelligence, Verifiable Execution

Overview

Phylax SDK is an institutional-grade control layer for autonomous AI agents, built natively on Arbitrum to make on-chain agent execution secure, bounded, and verifiable. By combining ERC-4337 smart accounts, delegated session keys, recipient and contract-level policy guardrails, and centralized gas sponsorship, Phylax allows owners to provision AI agents that can act independently without exposing master keys, bypassing policy limits, or spending capital outside predefined boundaries. It turns autonomous execution from a trust problem into an enforceable on-chain security model.

The Problem

The rise of autonomous AI agents introduces a new security problem for on-chain finance: once an agent is given transaction authority, the owner must trust that it will never exceed its mandate, leak signing power, or execute unsafe actions under adversarial conditions.

Private Key Exposure: Most agent systems still rely on hot-wallet style signing or broad delegated permissions, creating a dangerous custody model where one compromised environment can expose the owner’s capital.
Unbounded Execution Risk: Prompt injection, hallucinated tool usage, and faulty backend logic can cause an AI agent to interact with unauthorized contracts, transfer funds to unintended recipients, or exceed operational spending limits.
Operational Friction for Safe Automation: Even when developers want stronger controls, existing wallet flows make it difficult to combine programmable policy boundaries, gas abstraction, and session-based delegation into a system that is practical for real-world autonomous execution.
The Missing Control Layer: Current AI-agent stacks can automate transactions, but they do not provide an immutable on-chain enforcement layer that constrains what an agent is allowed to do before capital is put at risk.

The Solution

We built Phylax as an immutable control layer for autonomous AI execution, separating agent intelligence from transaction authority and enforcing policy boundaries directly on-chain.

ERC-4337 Smart Accounts with Delegated Session Keys: Each AI agent operates through its own smart account, while the owner retains custody of the master wallet. Temporary session keys allow the agent to execute autonomously without ever exposing the owner’s primary private key to the runtime environment.
On-Chain Guardrails for Bounded Execution: Every transaction is checked against explicit policy constraints, including contract-level whitelists, recipient-level wallet whitelists, session expiry windows, and spending caps. Unsafe or unauthorized actions are rejected before they can put capital at risk.
Centralized Gas Sponsorship: Phylax separates operational gas from agent capital through a centralized paymaster gas tank. Owners can fund a single USDC reserve to sponsor multiple AI accounts, ensuring that transaction costs are abstracted cleanly without hidden gas deductions from agent balances.
Verifiable Runtime Enforcement: Instead of relying on prompts or off-chain trust assumptions, Phylax makes autonomous execution enforceable, inspectable, and auditable at the blockchain layer, turning AI-agent security into a programmable on-chain primitive.

Why Arbitrum?

Phylax was built specifically for autonomous on-chain execution, where security enforcement must be practical, low-latency, and affordable enough to support real agent activity at scale.

Low-Cost Policy Enforcement: Every guarded execution in Phylax adds real security logic on-chain, including whitelist checks, session validation, and spending-bound enforcement. Arbitrum’s low transaction costs make this kind of repeated policy enforcement viable for autonomous agents without turning safety into an expensive overhead.
ERC-4337-Native UX for AI Agents: Phylax relies on smart accounts, delegated session keys, and paymaster-based gas sponsorship to create a seamless owner and agent experience. Arbitrum provides the performance and ecosystem maturity needed to make account abstraction practical for real-world AI automation.
Fast, Composable Runtime Execution: Autonomous agents need to react quickly while interacting with multiple on-chain systems under strict control boundaries. Arbitrum’s fast execution environment and strong EVM compatibility make it an ideal foundation for secure, policy-bounded agent operations.
A Natural Home for On-Chain Agent Infrastructure: Phylax is not just another dApp deployed on Arbitrum; it is infrastructure for making autonomous AI behavior safe on Arbitrum itself, turning the network into a reliable execution layer for the next generation of programmable agents.

What Phylax SDK Do

At the core of Phylax is a complete control stack for autonomous AI execution, combining on-chain policy enforcement with a developer-facing SDK and owner-facing management layer:

Guarded Smart Account Provisioning: Phylax provisions ERC-4337 smart accounts for AI agents with delegated session keys, configurable spending limits, expiry windows, and address-based policy controls from a single setup flow.
Immutable On-Chain Guardrails: Every agent transaction is enforced against contract-level whitelists, recipient wallet whitelists, and bounded execution policies directly on-chain, preventing unsafe actions before funds move.
Centralized Gas Sponsorship Infrastructure: Phylax separates gas from agent capital through a paymaster-backed USDC gas tank, allowing one owner to sponsor multiple AI accounts without exposing working balances to hidden gas deductions.
Runtime SDK for Autonomous Execution: The SDK enables AI runtimes to sign and submit session-key-powered ERC-4337 UserOperations through a bundled and sponsored flow, abstracting away the complexity of smart account execution.
Owner Control Plane and Auditability: Phylax gives owners a dashboard to provision agents, manage policy boundaries, revoke sessions, top up gas, and inspect execution history, making autonomous behavior operationally manageable and transparent.

Key Features

ERC-4337 Guarded Smart Accounts: Provision autonomous AI agents through dedicated smart accounts with delegated session keys, bounded execution policies, and owner-retained custody.
Immutable On-Chain Guardrails: Enforce contract whitelists, recipient wallet whitelists, session expiry, and spend caps directly at execution time, so unsafe agent actions revert before funds move.
Centralized Gas Sponsorship: Fund a single USDC gas reserve to sponsor multiple AI agents through a paymaster architecture, cleanly separating operational gas from agent working capital.
Emergency Revoke and Session Control: Instantly revoke an agent’s delegated session key without rotating the master wallet, giving owners a fast response path for compromised or misbehaving agents.
Live Owner Control Plane: Monitor active guarded accounts, spending usage, protocol targets, gas consumption, and on- chain execution history from a unified dashboard.
AI Runtime SDK: Give AI runtimes a programmable interface for signing and submitting session-key-powered ERC-4337 UserOperations without exposing owner private keys.

Roadmap

Q2 2026: Arbitrum Sepolia MVP Validation (Current Phase)

Complete live testing across the owner dashboard, runtime SDK, centralized gas sponsorship, and guarded AI execution flows on Arbitrum Sepolia.

Q3 2026: Developer Documentation and Public SDK Release

Launch the full Nextra documentation site, publish the Phylax SDK to npm, and ship production-ready integration guides for developers building autonomous agent systems.

Q4 2026: Policy Expansion and Runtime Hardening

Extend guardrails beyond basic target and recipient controls into richer policy modules, improve runtime observability, and strengthen execution reporting for blocked anomalies and multi-action agent flows.

Q1 2027: Arbitrum One Mainnet Launch

Deploy Phylax to Arbitrum One as institutional-grade infrastructure for secure, policy-bounded autonomous AI finance and on-chain agent operations.

Architecture

Smart Contracts: Solidity and Foundry, deployed on Arbitrum Sepolia, implementing ERC-4337 smart accounts, delegated session-key guardrails, centralized paymaster gas sponsorship, and mock USDC-based test flows.
SDK & Runtime Layer: TypeScript SDK built on Viem and Permissionless, enabling owner-side account provisioning, policy management, and AI-agent runtime execution through Pimlico bundler and paymaster infrastructure.
Frontend: Next.js, React, Tailwind CSS, and RainbowKit, featuring a modular institutional-grade dashboard for guarded account provisioning, gas tank management, policy control, and on-chain activity monitoring.