Architecture
Understanding the Sardis system architecture and data flow. How the Policy Engine, MPC wallets, and settlement layer work together.
System Overview
Sardis acts as a financial middleware layer between AI agents and payment rails. Every transaction passes through the Policy Engine before reaching the settlement layer.
+-------------------------------------------------------------------+
| AI AGENT LAYER |
| +-----------+ +-----------+ +-----------+ |
| | Claude | | Cursor | | LangChain | ... |
| +-----+-----+ +-----+-----+ +-----+-----+ |
+---------+-----------+-----------+-----------------------------+
| | |
+-----------+-----------+
|
+-----v-----+
| MCP/SDK |
+-----+-----+
|
+---------------------v-----------------------------------------+
| SARDIS POLICY ENGINE |
| +-------------------------------------------------------+ |
| | Natural Language Rules Merchant Allowlist | |
| | Amount Limits Category Restrictions | |
| | Risk Scoring Compliance Checks | |
| +-------------------------------------------------------+ |
+-----------------------+---------------------------------------+
|
+-----v-----+
| MPC |
| (Turnkey) |
+-----+-----+
|
+---------------+---------------+
| | |
+-------v-------+ +-----v-----+ +-------v-------+
| BANK | | STABLECOIN| | VIRTUAL |
| TRANSFER | | RAILS | | CARDS |
| (ACH/Wire) | | (USDC) | | (Stripe Iss.) |
+---------------+ +-----------+ +---------------+Core Components
- Policy Engine -- Real-time transaction validation against defined rules. Supports natural language policy definitions, merchant allowlists, amount limits, and category restrictions. 12-check pipeline, fail-closed by default.
- MPC Wallets (Turnkey) -- Non-custodial Multi-Party Computation wallets. Keys are split across multiple parties, ensuring no single entity can access funds.
- MCP Server -- Model Context Protocol server for zero-integration setup with Claude Desktop and Cursor. Exposes 52 tools including
sardis_pay,sardis_check_policy,sardis_get_balance, treasury, checkout, and agent discovery tools. - Virtual Card Service -- On-demand virtual card issuance via Stripe Issuing. Cards are single-use or limited-use, locked to specific merchants and amounts.
Transaction Flow
- Agent Request -- Agent calls
sardis.pay()with vendor, amount, and purpose. - Policy Check -- Engine validates against rules, merchant allowlist, and limits.
- Risk Scoring -- Transaction receives a risk score (0-1) based on patterns.
- MPC Signing -- Approved transactions are signed via Turnkey MPC.
- Settlement -- Funds settle via on-chain rails or virtual card issuance.
- Response -- Agent receives confirmation with transaction ID and card details.
Policy Engine Rules
The Policy Engine supports natural language rule definitions that are compiled into executable policies.
{
"rules": [
"Allow SaaS vendors up to $100 per transaction",
"Allow DevTools vendors up to $50 per transaction",
"Block all retail and gift card purchases",
"Maximum $500 daily spend across all categories"
],
"allowlist": [
"openai.com",
"github.com",
"vercel.com",
"aws.amazon.com"
],
"blocklist": [
"amazon.com",
"ebay.com",
"coinbase.com"
]
}Security Model
Sardis follows a defense-in-depth security approach:
- Non-custodial: Users maintain control of their keys via MPC
- Policy-first: Every transaction validated before execution
- Audit trail: Complete transaction history with cryptographic proofs
- Compliance: KYC/AML integration via Didit and Elliptic