Abstract
Vela is a vertically-integrated execution-and-memory substrate for sovereign, AI-native DAOs. A deterministic workflow engine orchestrates both hand-coded logic and declarative, no-code agent specs inside secure WASM sandboxes, persisting every step to an append-only event log. Final state transitions are co-signed by a threshold-MPC bridge and settled on-chain to Governor + Safe contracts, guaranteeing cryptographic parity without sacrificing UX. All traffic (human, agent, or service) travels through the Model Context Protocol (MCP), a capability-scoped RPC layer whose calls carry short-lived Verifiable Credentials across a zero-trust mesh, unifying authentication and authorization. Every action is lifted, losslessly, into a hybrid memory fabric: a cryptographic property graph for causal reasoning overlaid with a vector index for semantic recall. This substrate powers a live gamification engine that turns observable behaviour into real-time incentives. Side-car budget governors meter tokens, CPU and graph writes against a usage-priced ledger, enforcing economic safety while exposing clear cost telemetry. Finally, a global registry and read-only federated graph enable cross-DAO federation, allowing authenticated tool invocation and data introspection across a mesh of interoperable, context-rich, governance-aware agent ecosystems.
1. System Architecture
Vela is architected across three distinct logical planes: a global Control Plane, per-DAO Workspace Planes, and Shared Infrastructure. This design ensures hard multi-tenancy and operational scalability. All inter-service communication is secured by a VC-based, zero-trust mesh.
┌────────────── Control Plane ───────────────┐
│ Identity, Governance, & Federation Tiers │
JSON‑RPC/mTLS │ Data, Billing, & Definition Tiers │
└───────────────┬───────────────┬────────────┘
│ │
VC‑+‑mTLS │ │ Read-Only Graph API
▼ │
┌─────────── Workspace (dao‑X) ───────────────────┴───────────┐
│ mcp‑gateway ◀── Envoy/WASM VC filter ───▶ governance‑host │
│ ▲ ▲ ▲ │
│ │ Workflow Tasks │ gRPC │ │
│ agent‑host ─ dynamic‑runner │ budget‑svc │ graph‑svc │
│ │ │ │ │ │
│ wasm‑pool │ │ Event Stream │ Graph Store│
└───────────────┴──────────────┴─────────────────┴───────────┘1.1. Platform Control Plane
The Control Plane consists of singleton, globally-scoped services responsible for managing the entire ecosystem. These are grouped into functional tiers:
• Identity & Trust Tier: Manages the lifecycle of decentralized identities (DIDs) and Verifiable Credentials (VCs), including issuance and revocation.
• On-Chain & Governance Tier: Provides the secure gateway for all blockchain interactions and manages the state machines for off-chain governance processes.
• Data & Federation Tier: Manages the canonical semantic graph, a global federated index, and the discovery registry for inter-DAO communication.
• Agent & Economic Tier: Manages the registry for agent specifications, the platform's billing ledger, and the real-time gamification engine.
1.2. Workspace Plane
The Workspace Plane comprises all components deployed within a per-DAO, isolated Kubernetes namespace, ensuring resource isolation. Key services include the MCP gateway, the workflow execution hosts for governance and agents, and dedicated instances of the graph and vector stores.
1.3. Shared Infrastructure
These foundational services support both planes: a durable workflow engine for orchestration, a high-throughput event bus for data propagation, a comprehensive observability stack, and a GitOps controller for declarative deployments.
2. Architectural Pillars
The system is built on six foundational pillars that deliver its core functionality.
2.1. On-Chain Sovereignty & Secure Gateway
Each workspace is a cryptographically sovereign on-chain entity, managed without exposing services to private key risk.
• Contract Stack: A central factory contract uses deterministic address generation (`CREATE2`) to deploy a standard, upgradeable governance suite for each DAO.
• Transactional Gateway Path: All on-chain interactions are routed through a central gateway. It authenticates requests via VC, queues them, and coordinates a distributed signing cluster to produce a valid signature, ensuring no single point of key compromise.
• State Reconciliation: A dedicated service subscribes to on-chain event logs and translates them into canonical event messages for the off-chain system, ensuring eventual consistency.
2.2. Durable Execution Fabric
Agentic processes and governance workflows are stateful and long-running. The protocol uses a robust workflow engine to guarantee reliable completion.
Key Primitives:
• Workflows: All stateful logic is modeled as a deterministic workflow. State is automatically persisted by the engine.
• Activities: All external I/O is encapsulated in Activities, which feature automatic retries and heartbeating.
• Message Passing: Workflows communicate through asynchronous signals and synchronous queries or updates.
Resilience via Replay: The state of every workflow is maintained as an append-only event history. If a worker process fails, a new one resumes execution by replaying this history, restoring the workflow's state to the exact point before the failure.
2.3. Semantic Graph Fabric
The system's "nervous system" is an event-sourced semantic graph built on an enterprise-grade property graph store, providing the canonical source of truth for structured data.
• Event Bus: All state changes are published as immutable event messages to a high-throughput, append-only stream.
• Ingest Plane: A fleet of stateless ingest workers consumes events from the stream and applies them idempotently to the graph database.
• Graph Schema: The graph model is defined by a versioned schema that establishes core entities (e.g., `:Human`, `:Agent`) and their relationships.
2.4. Hybrid Agent Memory
To enable sophisticated reasoning, agents are endowed with a memory architecture that fuses factual graph knowledge with semantic nuance from a high-performance vector index.
• Memory Object Model: Agent experiences are stored as structured objects in the vector index. These objects contain the experience's content, its vector embedding, and crucially, references that link it back to specific entities in the semantic graph.
• Hybrid Retrieval: Agent memory queries combine structural and semantic search to retrieve experiences that are both factually relevant and semantically similar to the current context.
2.5. Zero-Trust VC Mesh & Agent Sandboxing
The protocol mandates a modern, zero-trust security model.
• Verifiable Credential Profile: All inter-service communication is authenticated using short-lived Verifiable Credentials. VCs contain the caller's DID, DAO scope, and granular capability claims.
• Revocation: A dedicated service manages and distributes revocation lists using a modern, bitmap-based standard, enabling near-real-time invalidation.
• Agent Sandboxing: User-defined agent logic is executed within a secure Wasm sandbox. The sandbox has no network or filesystem access; all external interactions are mediated through capability-gated hostcalls that invoke the standard, VC-secured MCP toolset.
2.6. Federation and Interoperability
The system is designed to evolve from a collection of isolated DAOs into an interconnected network.
• Discovery: A global DAO registry provides a DNS-like service that maps human-readable DAO names to their technical metadata, including gateway endpoints and root VC identifiers.
• Data: A read-only, federated graph index aggregates a subset of data from all individual DAO graphs into a single, queryable global view.
• Execution: An agent in one DAO can securely invoke a tool in another. The call is authenticated by a VC-authenticated header, and the receiving DAO enforces a local policy to authorize the specific federated interaction.
3. Core Protocols & Specifications
3.1. Model Context Protocol (MCP)
All agent-environment interaction is standardized through MCP, a client-server protocol built on JSON-RPC 2.0.
• Lifecycle: Connections follow a strict `initialize` handshake for version and capability negotiation.
• Primitives:
• Resources (Application-Controlled): File-like data that an agent can read to gain context.
• Tools (Model-Controlled): Executable functions, such as `governance-submit`, that an agent can invoke to perform actions.
• Transport: The primary transport uses a streaming transport for asynchronous server-to-client notifications.
3.2. Agent Specification
While "classic" agents can be hand-coded, the platform supports "dynamic" agents defined by a declarative YAML specification. The spec defines the agent's trigger, budget, permissions, and a sequence of steps that orchestrate calls to built-in and custom tools. A dedicated service validates these specs, which are then interpreted by a dynamic workflow runner.
4. Runtime Services
Key control plane services provide advanced, platform-wide functionality.
4.1. Off-chain Governance Ledger
To provide a responsive UI while maintaining on-chain integrity, a dedicated governance service manages off-chain proposal state. It is an event-sourced FSM using a relational database for fast reads. It uses a workflow worker for deadline scheduling and runs a reconciler to ensure its state remains consistent with on-chain events.
4.2. Real-time Budgeting & Metering
A sidecar service enforces economic guardrails. It intercepts every priced operation, performing a real-time reservation/commit against in-memory counters. Usage records are flushed to a central collector, which joins them with a versioned pricing catalog to compute costs before persisting them to a billing ledger.
4.3. Gamification Engine
A dedicated engine consumes the platform's event stream and applies rules defined in a human-readable Graph DSL (GDL). When a pattern is matched, it publishes a reward event back onto the event bus, creating a closed-loop incentive system grounded in the semantic graph.
5. Security Model
The protocol's security model is designed to mitigate threats across multiple layers. Key strategies include distributed on-chain key management, real-time budget enforcement, strict Wasm sandboxing with cgroup quotas, and VC-based authentication for all intra-cluster and cross-DAO communication. Data access is mediated by tools that enforce namespace isolation and data visibility rules.
6. Conclusion
Vela converges durable execution, a hybrid memory model, standardized interaction protocols, and a zero-trust security fabric into a cohesive architecture. Each subsystem is modular yet shares unified identity, observability, and data contracts. By addressing the foundational challenges of security, state management, and interoperability, the system provides a robust and scalable platform for building, operating, and federating high-throughput, autonomous organizations.