System components
Frontends
| App | Path | Purpose |
|---|---|---|
| Web / Desktop | apps/web |
The main product. Next.js (App Router). Bespoke desktop views (overview, custody, distributions, settlements, reports) plus screens reused from the mobile layer (agreements, send/receive, account, onboarding). |
| Admin console | apps/admin |
Operations UI for AXON staff — facility approvals, Lydiam payout driving, policy tuning, distribution overrides, alerts. |
| Mobile screen layer | apps/mobile-version |
A React screen + hook library (agreements, wallet, account) that the web app imports as a workspace dependency, so one implementation of the core flows serves both. |
The web app authenticates with Privy (embedded wallet via Google/email), proves wallet ownership with SIWE, and then talks to the backend with a JWT. wagmi/viem drive on‑chain signing; the active wallet is bridged from Privy into wagmi per the current profile mode.
API Gateway
apps/api-gateway is the single public entry point. It:
- proxies
//api/v1/<service>/…to the right internal service over the private network (keep‑alive pooled HTTP), - enforces a global JWT guard with an anchored‑prefix public‑route allowlist (
/auth/*,/kyc/webhook,/admin/login,/health*), - applies rate limiting by path class (auth ~20/min, AI ~40/min, everything else ~300/min),
- strips sensitive internal headers on ingress, compresses responses, and serves Swagger.
Backend services
| Service | Owns / does | Notable background work |
|---|---|---|
| auth | SIWE login, JWT issuance, rotating refresh tokens, nonces. Provisions embedded wallets via Privy. | — |
| kyc | Identity (KYC) and business (KYB) verification via Sumsub; webhook intake; binds business wallets. | — |
| wallet | Read‑only USDC/ETH balance and network lookups on Base. | — |
| transactions | Peer transfers (send), top‑ups, fee quotes, transaction history. KYC‑gated. | — |
| agreements | Milestone‑escrow lifecycle (create → accept → fund → complete → release / dispute), notifications, settlement backfill. | — |
| distributions | Batch cash‑out planner: splits payouts across corridors/vendors, auto‑picks the best route, tracks per‑route status, builds audit reports. | — |
| settlements | The append‑only, hash‑chained money‑movement ledger; integrity verification; periodic on‑chain anchoring. | reconciliation (60 s), anchor (30 min) |
| funding | Instant Funding: facility lifecycle + coverage of inbound transfers, fiat payout via Lydiam, and USDC sweep to the collection wallet. | CoverageWatcher (30 s) + CollectionSweeper |
| onramp | Fiat on‑ramp (buy) and off‑ramp (sell) across a provider pool (MoonPay, Onramper, Wise, …); sessions, quotes, verification. | — |
| ai | AI assistant — chat, document summarisation, and balanced contract drafting. Provider‑switchable (OpenAI gpt‑4o by default). | — |
| admin | Staff operations plane — facility approve/decline, Lydiam payout simulator, policy levers, distribution overrides, alerts, reports. | — |
| reconciliation | Background safety net — reconciles distribution routes against vendors and escrow on‑chain state against the database; heals drift and raises alerts. | Reconciler (30 s) |
Note on
ai. Older code comments mention Claude/Anthropic; the platform was switched to OpenAI (AI_PROVIDER=openai, default modelgpt‑4o) and remains provider‑switchable.
Data stores
- PostgreSQL 16 — the system of record, accessed through Prisma 5 with a single shared schema (
packages/db/prisma/schema.prisma). Migrations are applied by a one‑shotdb-migratecontainer runningprisma migrate deploy. - Redis 7 — ephemeral state: login nonces, rate‑limit counters, caches.
On‑chain layer (Base)
AXONEscrow.sol— milestone escrow holding USDC, gated on agreement acceptance, with a 5‑day permissionless‑release timeout, dispute/split resolution, and a fee snapshot at funding (the platform fee is locked at funding time, so it can't be raised retroactively on funds already in escrow).MockUSDC.sol— a testnet stand‑in for USDC; on the pilot, top‑ups mint MockUSDC.- Collection wallet — an AXON‑controlled wallet that sweeps covered USDC out of business wallets during Instant Funding (via ERC‑20
transferFromagainst an approved allowance).
Integration partners
See the full activation matrix in the Tech Stack overview. In short:
- Live (load‑bearing): Privy (wallets/auth), Base + AXONEscrow (settlement/escrow), Sumsub (KYC/KYB, sandbox), OpenAI (AI).
- Live (sandbox / partial): MoonPay (on‑ramp), Onramper (aggregator), Wise (quotes live, transfers stubbed).
- Not yet active: Lydiam (simulation — pending partner agreement), Circle CPN (deferred custody), Transak / Crossmint / Banxa (coded, not enabled), Anthropic (failover).