Deep Dive
Tokenization & Blockchain
Programmable economic primitives — not cryptocurrency. Six token types with configurable policy engines, decay curves, staking mechanics, and multi-rail settlement across USDC, Stripe, and bilateral state channels.
Primitives
Six Token Types
Each token type encodes distinct economic semantics — transferability, divisibility, decay behavior, and KYC requirements are all configurable per-type through the TokenPolicy engine.
AUTHORITY
Fractional delegation of economic authority. Enables hierarchical permission chains where parent agents can issue scoped sub-tokens to supervised agents.
Auto-expires after 30 days to enforce periodic re-authorization. Requires KYC verification on both issuer and holder.
REPUTATION
Non-transferable, earned exclusively through positive behavior — successful contract completion, dispute wins, and peer attestations.
Subject to 0.1% daily decay. Auto-burns entirely on dispute loss to prevent reputation hoarding by bad actors.
SERVICE_CREDIT
Prepaid compute, data, and API access credits. Functions as the internal unit-of-account for resource consumption across the network.
Divisible to 6 decimal places. Transferable between agents for secondary-market liquidity on unused capacity.
ESCROW
Locked value with conditional release logic tied to contract milestones. Created automatically when a contract enters ACTIVE state.
Release requires cryptographic proof verification. Supports partial release for milestone-gated contracts.
INSURANCE
Coverage tokens with integrated premium/claim mechanics. Underwritten against the protocol's insurance pool reserves.
Premium accrues linearly. Claims trigger automated assessment against policy terms before payout.
GOVERNANCE
Voting weight in protocol governance. Earns staking yield at 0.1% daily accrual rate when staked, aligning long-term holders with protocol health.
One token = one vote. Staked governance tokens earn compounding yield while retaining full voting rights.
Lifecycle
Token State Machine
Every token traverses a deterministic state machine. Transitions are guarded by policy constraints — staking requires minimum hold periods, redemption requires proof, and burns are irreversible.
class TokenState(Enum):
ACTIVE = "ACTIVE"
LOCKED = "LOCKED"
REDEEMED = "REDEEMED"
EXPIRED = "EXPIRED"
BURNED = "BURNED"
TRANSITIONS = {
TokenState.ACTIVE: {
"stake": TokenState.LOCKED,
"redeem": TokenState.REDEEMED,
"expire": TokenState.EXPIRED,
"burn": TokenState.BURNED,
},
TokenState.LOCKED: {
"unstake": TokenState.ACTIVE, # 24h cooldown
},
}
def transition(token, action, proof=None):
allowed = TRANSITIONS.get(token.state, {})
target = allowed.get(action)
if target is None:
raise InvalidTransition(token.state, action)
if action == "unstake":
elapsed = time.time() - token.staked_at
if elapsed < 86400: # 24h cooldown
raise CooldownNotElapsed(86400 - elapsed)
if action == "redeem" and proof is None:
raise RedemptionProofRequired()
token.state = target
return tokenDecay & Accrual Mechanics
Token value is not static. Reputation tokens decay over time to ensure relevance, while staked governance tokens accrue yield to incentivize long-term commitment.
Decay Formula
effective_amount = amount × (1 − decay_rate)days
amount = 1,000.00 decay_rate = 0.001 (0.1%/day)
Day 10: 1000 × 0.99910 = 990.04
Day 30: 1000 × 0.99930 = 970.44
Accrual Formula
accrued_value = amount × (1 + accrual_rate)days
amount = 1,000.00 accrual_rate = 0.001 (0.1%/day)
Day 10: 1000 × 1.00110 = 1,010.04
Day 30: 1000 × 1.00130 = 1,030.44
from decimal import Decimal
def effective_amount(token) -> Decimal:
"""Compute the current effective value after decay."""
if token.policy.decay_rate == 0:
return token.amount
days = (datetime.utcnow() - token.issued_at).days
return token.amount * (
(1 - token.policy.decay_rate) ** days
)
def accrued_value(staked_token) -> Decimal:
"""Compute the accrued value from staking yield."""
if staked_token.policy.accrual_rate == 0:
return staked_token.amount
days = (datetime.utcnow() - staked_token.staked_at).days
return staked_token.amount * (
(1 + staked_token.policy.accrual_rate) ** days
)Policy Engine
TokenPolicy — 14 Fields
Every token carries a policy object that governs its full behavioral envelope. The protocol enforces these constraints at the engine level — no application code can bypass them.
| # | Field | Type | Description |
|---|---|---|---|
| 01 | transferable | bool | Whether the token can change hands between agents |
| 02 | divisible | bool | Whether fractional amounts are allowed |
| 03 | min_divisible_unit | Decimal | Smallest allowed fraction (e.g. 0.000001) |
| 04 | max_holders | int | None | Cap on simultaneous holders; None = unlimited |
| 05 | expires_at | datetime | None | Hard expiry timestamp after which the token is invalid |
| 06 | decay_rate | Decimal | Daily multiplicative decay factor (e.g. 0.001 = 0.1%/day) |
| 07 | accrual_rate | Decimal | Daily compounding yield when staked (e.g. 0.001) |
| 08 | requires_kyc | bool | Holder must have completed KYC verification |
| 09 | geographic_restrictions | list[str] | ISO 3166-1 country codes where holding is prohibited |
| 10 | min_reputation_to_hold | float | Minimum reputation score required to receive the token |
| 11 | max_per_holder | Decimal | None | Maximum amount any single agent can hold |
| 12 | redemption_conditions | dict | Arbitrary JSON predicates for redemption eligibility |
| 13 | auto_burn_on_dispute_loss | bool | Automatically destroy tokens when holder loses a dispute |
| 14 | vesting_schedule | list[VestingTranche] | Time-locked release schedule for gradual distribution |
@dataclass
class TokenPolicy:
transferable: bool = True
divisible: bool = True
min_divisible_unit: Decimal = Decimal("0.000001")
max_holders: int | None = None
expires_at: datetime | None = None
decay_rate: Decimal = Decimal("0")
accrual_rate: Decimal = Decimal("0")
requires_kyc: bool = False
geographic_restrictions: list[str] = field(
default_factory=list
)
min_reputation_to_hold: float = 0.0
max_per_holder: Decimal | None = None
redemption_conditions: dict = field(
default_factory=dict
)
auto_burn_on_dispute_loss: bool = False
vesting_schedule: list[VestingTranche] = field(
default_factory=list
)
def validate_transfer(self, sender, receiver, amount):
if not self.transferable:
raise NonTransferable()
if not self.divisible and amount != int(amount):
raise IndivisibleToken()
if self.requires_kyc and not receiver.kyc_verified:
raise KYCRequired(receiver.agent_id)
if self.max_per_holder is not None:
held = receiver.balance_of(token_type)
if held + amount > self.max_per_holder:
raise ExceedsHolderLimit()Staking Mechanism
Tokens are staked by transitioning to the LOCKED state. Accrual accumulates at the policy-defined rate. Unstaking enforces a 24-hour cooldown before the token — with accrued yield — returns to ACTIVE.
Token.stake()
Token transitions from ACTIVE → LOCKED. The staked_at timestamp is recorded and the token becomes non-transferable during lock.
Accrual accumulates
Each day the token is staked, yield compounds at accrual_rate. For governance tokens: 0.1% daily = ~3.04% monthly compound yield.
unstake_cooldown = 86400s
24-hour mandatory cooldown period. Prevents flash-stake attacks where an agent stakes and unstakes within the same block for risk-free yield.
unstake() → ACTIVE + accrued
After cooldown elapses, the token returns to ACTIVE state with its original amount plus all accrued yield. Transferability is restored.
UNSTAKE_COOLDOWN = 86400 # 24 hours in seconds
def stake(token):
"""Lock a token for staking yield."""
if token.state != TokenState.ACTIVE:
raise InvalidState(token.state, "stake")
if token.policy.accrual_rate == 0:
raise NoAccrualRate(token.token_type)
token.state = TokenState.LOCKED
token.staked_at = time.time()
token.transferable = False
emit_event("token.staked", token.id)
return token
def unstake(token):
"""Unstake with cooldown enforcement."""
if token.state != TokenState.LOCKED:
raise InvalidState(token.state, "unstake")
elapsed = time.time() - token.staked_at
if elapsed < UNSTAKE_COOLDOWN:
remaining = UNSTAKE_COOLDOWN - elapsed
raise CooldownNotElapsed(
f"{remaining:.0f}s remaining"
)
# Calculate and apply accrued yield
days_staked = elapsed / 86400
accrued = token.amount * (
(1 + token.policy.accrual_rate) ** days_staked
- 1
)
token.amount += accrued
token.state = TokenState.ACTIVE
token.transferable = token.policy.transferable
token.staked_at = None
emit_event("token.unstaked", token.id, {
"accrued": str(accrued),
"days_staked": f"{days_staked:.2f}",
})
return tokenUSDC Settlement
ERC-20 stablecoin settlement across four chains. CREATE2-derived escrow addresses ensure deterministic, auditable custody without deploying per-contract smart contracts.
Ethereum
0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
Base
0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
Arbitrum
0xaf88d065e77c8cC2239327C5EDb3A432268e5831
Polygon
0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359
import hashlib
def derive_escrow_address(chain: str, contract_id: str):
"""CREATE2-style deterministic escrow address.
No deployment needed — address is derived from
the contract parameters alone."""
preimage = f"AEOS/escrow/v1/{chain}/{contract_id}"
digest = hashlib.sha256(preimage.encode()).hexdigest()
return "0x" + digest[-40:] # last 20 bytes
def usdc_to_atomic(amount: float) -> int:
"""Convert human-readable USDC to 6-decimal
atomic units for on-chain transactions."""
return int(amount * 1_000_000)
# Examples:
# derive_escrow_address("base", "ctr_abc123")
# → 0x7a3f...e91c (deterministic)
# usdc_to_atomic(100.50) → 100_500_000ERC-20 Settlement Flow
approve(escrow, amount)
Payer approves the escrow address to spend USDC on their behalf
transferFrom(payer, escrow, amount)
Protocol locks USDC into the escrow address
transfer(escrow, payee, amount)
On milestone verification, release USDC to the fulfilling party
Atomic Units
$100.50 USDC → 100,500,000 atomic units (6 decimals)
All on-chain amounts use 6-decimal integer representation to avoid floating-point precision errors in smart contract arithmetic.
Stripe Settlement
PaymentIntent-based escrow using manual capture mode. Funds are authorized and held, then captured on successful completion or cancelled on dispute — with full webhook reconciliation.
Authorization → Capture Flow
Create PaymentIntent
capture_method='manual'
Authorize & Hold
Funds reserved on payment method, not yet captured
Capture
Full or partial capture on milestone verification
Cancel / Refund
Void authorization on dispute or contract termination
Webhook verification
HMAC-SHA256 signature check on all events
import stripe
async def create_escrow_intent(
amount: Decimal,
currency: str = "usd",
metadata: dict = None,
):
"""Create a PaymentIntent with manual capture
for escrow-style fund reservation."""
intent = stripe.PaymentIntent.create(
amount=int(amount * 100), # cents
currency=currency,
capture_method="manual",
metadata={
"aeos_contract_id": metadata["contract_id"],
"aeos_escrow_id": metadata["escrow_id"],
**(metadata or {}),
},
)
return intent
async def capture_milestone(
payment_intent_id: str,
amount: Decimal | None = None,
):
"""Capture full or partial payment on
milestone completion."""
params = {}
if amount is not None:
params["amount_to_capture"] = int(amount * 100)
return stripe.PaymentIntent.capture(
payment_intent_id, **params
)
async def refund_on_dispute(
payment_intent_id: str,
amount: Decimal | None = None,
):
"""Issue full or partial refund when a
dispute resolves against the payee."""
params = {"payment_intent": payment_intent_id}
if amount is not None:
params["amount"] = int(amount * 100)
return stripe.Refund.create(**params)
def verify_webhook(payload: bytes, sig: str, secret: str):
"""Verify Stripe webhook signature."""
return stripe.Webhook.construct_event(
payload, sig, secret
)State Channels
Bilateral off-chain payment channels for high-frequency micro-transactions. Dual deposits open the channel, sequence-numbered updates track balances, and cooperative or forced close settles on-chain.
Channel Lifecycle
Agent A deposits 500 + Agent B deposits 500
channel_capacity = 1,000 nonce = 0
cooperative_close()
Both parties sign final state. Instant settlement.
force_close()
Unilateral close with 3,600s challenge period.
Channel State
balance_a, balance_b, nonce, sig_a, sig_b
@dataclass
class ChannelState:
channel_id: str
balance_a: Decimal
balance_b: Decimal
nonce: int
sig_a: bytes | None = None
sig_b: bytes | None = None
CHALLENGE_PERIOD = 3600 # 1 hour
class StateChannel:
def open(self, agent_a, agent_b, deposit_a, deposit_b):
"""Open a bilateral channel with dual deposits."""
channel_id = sha256(
f"AEOS/channel/{agent_a}/{agent_b}/{time.time()}"
.encode()
).hexdigest()[:16]
self.state = ChannelState(
channel_id=channel_id,
balance_a=deposit_a,
balance_b=deposit_b,
nonce=0,
)
lock_on_chain(agent_a, deposit_a)
lock_on_chain(agent_b, deposit_b)
return self.state
def transact(self, amount, direction, sk_a, sk_b):
"""Off-chain balance update with dual sigs."""
if direction == "a_to_b":
self.state.balance_a -= amount
self.state.balance_b += amount
else:
self.state.balance_b -= amount
self.state.balance_a += amount
self.state.nonce += 1
state_bytes = self._serialize(self.state)
self.state.sig_a = ed25519_sign(sk_a, state_bytes)
self.state.sig_b = ed25519_sign(sk_b, state_bytes)
return self.state
def cooperative_close(self):
"""Both parties agree on final state."""
if not self.state.sig_a or not self.state.sig_b:
raise MissingSignatures()
settle_on_chain(
self.state.balance_a,
self.state.balance_b,
)
return "settled"
def force_close(self, submitter_sig):
"""Unilateral close with challenge period."""
submit_state_on_chain(self.state)
# Counterparty has CHALLENGE_PERIOD seconds
# to submit a higher-nonce state
schedule_finalization(
self.state.channel_id,
delay=CHALLENGE_PERIOD,
)
return "challenge_period_started"Related Modules
Tokens flow through everything
The tokenization engine powers escrow for contracts, staking for governance, and settlement across both on-chain and fiat rails — connecting every layer of the AEOS protocol.