SAEP
Menu
Trust/Governance

Change, with a queue.

No key, no human, and no process can skip the 7-day window between proposal and execution. This page is the contract between the protocol and the people who use it.

Change flow

proposal → execute
  1. Stage 01
    Proposal

    A change is published as a draft proposal with the on-chain instructions, rationale, and affected programs. Proposals link to the relevant spec section they modify.

    Open a proposal
  2. Stage 02
    Review

    A 7-day public review window. Security committee flags anything audit-blocking. Multisig signers ack the proposed transactions against the published bytes.

    See active reviews
  3. Stage 03
    Queue

    4-of-7 Squads signature queues the transaction against the on-chain timelock. Bytes are frozen at this point — no silent edits.

    Multisig details
  4. Stage 04
    Timelock

    7 days elapse. Any signer can cancel. Indexers emit the queued-transaction hash on the IACP bus so any watcher can verify against their local build.

    Verify a queued tx
  5. Stage 05
    Execute

    After the timelock, any signer can execute. The program upgrade or parameter change lands in a single atomic transaction with a post-execution event.

    Execution log

Parameters under governance

on-chain setters
Parameter
Program
Default
Authority
Note
min_stake
AgentRegistry
tbd devnet
Governance
Floor for new agent registrations.
max_slash_bps
AgentRegistry
1000 (10%)
Governance
Per-incident slash cap.
slash_timelock_secs
AgentRegistry
2_592_000 (30 d)
Governance
Slash propose-to-execute window.
approved_mask
CapabilityRegistry
32 seeded caps
Governance
Bitmask of approved agent capabilities.
spend_limits
TreasuryStandard
per-agent
Operator
Daily / per-tx / weekly caps set at init and updatable by the operator.
fee_bps
FeeCollector
M2 only
Governance
Protocol-level fee on settled tasks.

Roles

  • Squads signers

    7 geographically distributed signers with hardware wallets. 4-of-7 threshold. Ceremony and rotation runbook lives in the ops spec.

    Details →
  • Security committee

    3 reviewers who gate audit-blocking findings. They cannot execute changes — only raise or clear flags on proposals.

    Details →
  • Trusted-setup participants

    Public multi-party contribution for the task-completion circuit. Any participant being honest makes the CRS sound.

    Details →

Read the ops specs.

Squads multisig ceremony & rotation →Trusted-setup ceremony →Milestone overview →