Engineered for distrust

An autonomous treasury does not get to ask for trust. It earns it by making every action inspectable, every boundary enforced, and every failure survivable. This page explains how.

Custody: yours, scoped

Capital lives in a Swig smart wallet that you own. Olbos never holds your root key, and cannot.

The root key never moves

You create the wallet. You hold the root authority. Olbos requests permissions; it cannot grant itself any.

Session keys carry mandates

The engine acts through session keys scoped to specific programs, venues, and amounts, with expiry. A key for rebalancing cannot withdraw.

Policy is enforced at signing

Caps, allowlists, and limits live in the wallet layer, not in promises. An instruction outside the mandate fails to sign, no matter what the engine asks for.

Break-glass is yours alone

One owner-signed action drains every venue back to the vault and freezes deployment. It works even if every Olbos service is down, because it is a wallet operation, not an API call.

engine-role.scope

{  "role": "engine",  "programs": ["marginfi", "kamino"],  "spend_limit": "100,000 USDC / 24h",  "withdraw_to": "vault only",  "root_authority": "owner, never delegated"}

✓ outside this scope, the chain refuses to sign

Circuit breakers

Deployment halts before damage spreads. Triggers are evaluated on every cycle, per position.

peg drift > tolerance

Depeg

New deployment halts and exposed positions begin unwinding the moment a stable asset leaves its band.

loss past floor

Drawdown

A position falling past its configured floor is unwound to the liquid buffer and the venue is benched.

turbulence beyond bounds

Volatility

Market chop beyond bounds pauses rebalancing entirely. In turbulence, the engine chooses stillness.

stale oracle · failed call

Venue health

Anomalous venue behavior takes the venue out of rotation until a human clears it.

Replayable from genesis

Every decision the engine makes lands in an append-only audit log: the proposal, the risk-gate verdict, the simulation, the signed transaction, and the on-chain confirmation. Entries are ordered and signed, so the full history of a treasury can be replayed and verified from its first deposit.

The same log drives the dashboard’s decision feed. What you see in mission control is not a summary of the record. It is the record.

audit-log · one decision

#1841  proposed    move 1,000 USDC idle → olympia
#1842  risk gate   passed · caps, buffer, allowlist
#1843  simulated   intent 1d946760eff876aa
#1844  signed      scoped key · within daily cap
#1845  confirmed   slot 13572 · receipt appended

✓ ordered, signed, replayable

Responsible disclosure

Found something? We want to know, quietly and quickly. Write to security@olbos.tech and we will respond within 48 hours. Audits and formal disclosures will be published here as they complete.

Common questions

What exactly can Olbos do with my funds?

Only what the session-key scope permits: move capital between the venues on your allowlist and your vault, within your caps and the on-chain daily limit. It cannot withdraw to any other address, touch other assets, or grant itself new permissions.

What is the worst case if Olbos itself is compromised?

Bounded, by construction. A fully compromised engine still cannot exceed the on-chain daily custody cap, cannot send funds anywhere except allowlisted venues and your vault, and cannot stop you from break-glass withdrawing everything, because that is an owner-signed wallet operation we never touch.

What happens if Olbos disappears tomorrow?

Your capital does not. Custody is a Swig smart wallet you own; break-glass and withdrawals are wallet operations that work against the chain directly, with every Olbos service offline.

Can I revoke Olbos’s access?

At any time, at the wallet layer. Revoking the engine role ends all engine activity immediately; nothing in our infrastructure needs to cooperate for that to work.

Has Olbos been audited?

Audits are part of the path to general availability and will be published on this page as they complete, alongside any disclosures. We will not claim coverage we do not have: check this page rather than taking our word for it.

Read the docs