Matrix moves real value. The security model assumes that, everywhere: typed plans instead of free-form actions, simulation before signatures, keys that never leave your wallet, and an audit trail by construction.
Every plan is replayed against forked live state and checked against your guardrails — spend caps, allow-lists, slippage, time windows. Failing plans are discarded unsigned and unbilled.
Auth is ed25519 DID through Paxport; signing is EIP-712 from your wallet or a scoped agent session. Matrix never holds key material.
A closed verb vocabulary and version-pinned tools mean reachable behavior is enumerable. The planner proposes; the schema rejects anything else.
Agent sessions scope down from declared capabilities, expire by default, and are revocable instantly. Runtime surfaces are origin-validated and provenance-checked.
The Matrix codebase undergoes external security review, and findings are remediated and verified before release milestones. We publish audit summaries and remediation status in the Trust Center, and run a standing disclosure program.
Read the latest audit summary →| Area | Approach |
|---|---|
| Identity | ed25519 DID (Paxport) · EIP-712 signing · JWT hardened |
| Execution | typed IR · closed verbs · version-pinned tools |
| Pre-flight | deterministic simulation · guardrail profiles |
| Audit trail | plans, sims, signatures, receipts — replayable |
| Compliance | GDPR · CCPA · MiCA-aligned · Delaware (PaxLabs Inc.) |
| Disclosure | security@matrix.paxeer.network · safe harbor |