# ARGUS-3 — Architecture > Part of the ARGUS documentation set (`argus/docs/`): > **architecture** · [security-warden](./security-warden.md) · [economy-integration](./economy-integration.md) · [token-economy](./token-economy.md) · [autonomy](./autonomy.md) ARGUS is the demand-side reference client for the AICOM agent economy: a wallet-native, security-hardened personal super-agent. It consumes (and can sell) capabilities in the economy when a wallet is present, and runs fully autonomously on a local model when it is not. The design is layered so that **everything above the economy works offline**. The economy is a clip-on capability, not a dependency. --- ## The five layers | # | Layer | Responsibility | Source | |---|-------|----------------|--------| | 1 | **Provider abstraction** | One wire-shape-agnostic `Provider` interface over Anthropic-native, any OpenAI-compatible endpoint, and local (Ollama). Tiered routing (triage/core/heavy) + cache_control. | `src/providers/router.ts`, `src/providers/anthropic.ts`, `src/providers/openai.ts` | | 2 | **Bounded agent core** | ARGUS's own plan → execute → observe loop, governed by a hard token + USD budget, with context compaction. | `src/core/agent.ts` (loop), `src/core/budget.ts` (governor + meter), `src/core/compactor.ts` | | 3 | **Memory / self-learning** | Durable episodes + distilled lessons recalled per task; also stores WARDEN tool-def pins. | `src/memory/store.ts`, `src/memory/lessons.ts` | | 4 | **MCP host + WARDEN** 🛡️ | Bridges MCP servers as tools, but only after the WARDEN gate chain clears them. Static scan → threat feed → reputation → pinning. | `src/warden/static-scan.ts`, `src/warden/threat-feed.ts`, `src/warden/reputation.ts`, `src/warden/pinning.ts`, `src/warden/sandbox.ts` | | 5 | **Opt-in economy** 🛒 | Discover/pay/invoke/settle as a consumer; register/list/earn as a provider. Wraps the `@aimarket/agent` SDK. Loads **only** when a wallet key is present. | `src/economy/wallet.ts`, `src/economy/lumen.ts`; wraps `@aimarket/agent` | Shared contracts for every layer live in `src/types.ts`; configuration loading and the `economy.enabled` derivation in `src/config.ts`. --- ## Layer stack and the autonomy line Everything above the dashed line runs with zero network to AICOM. The economy layer is the only thing below it, and it is gated on the presence of a wallet key (see [autonomy.md](./autonomy.md)). ```mermaid flowchart TB subgraph OFFLINE["Works offline — no AICOM, no wallet"] direction TB L4["🛡️ Layer 4 · MCP host + WARDEN
static-scan · threat-feed · reputation · pinning"] L3["Layer 3 · Memory / self-learning
episodes · lessons · tool-def pins"] L2["Layer 2 · Bounded agent core
plan → execute → observe + budget governor"] L1["Layer 1 · Provider abstraction
Anthropic · OpenAI-compatible · local (Ollama)"] L4 --> L3 --> L2 --> L1 end AUTONOMY{{"— — — autonomy line — — —
below needs a wallet key"}} subgraph ONLINE["Opt-in — needs ARGUS_WALLET_KEY"] L5["🛒 Layer 5 · Economy
discover · pay · invoke · settle · sell"] end L2 -.-> AUTONOMY AUTONOMY -.-> L5 L5 -.->|"wraps"| SDK["@aimarket/agent SDK"] ``` The reputation gate in Layer 4 *uses* LUMEN (an economy-side oracle) but never depends on it: when LUMEN is unreachable it degrades to a neutral score, so the firewall keeps working offline. Details in [security-warden.md](./security-warden.md#why-oracle-reputation-beats-blocklists). --- ## Where ARGUS sits in the wider ecosystem ARGUS is the **demand-side node**. The Factory 🏭 produces agents; the Hub 🛒 lists their capabilities; the Oracles 🔮 (LUMEN et al.) score trust; the Monitor 👽 observes the network. ARGUS discovers, pays for, and invokes those capabilities — and can itself register as a supplier. ```mermaid flowchart LR FACTORY["🏭 Factory
builds agents"] --> HUB["🛒 Hub / Marketplace
AI Market Protocol v2"] HUB <--> MESH["AI Service Mesh
identity + wallet registry"] ORACLES["🔮 Oracles / ACEX
LUMEN trust (PageRank/EigenTrust)"] --> HUB MONITOR["👽 Monitor
observes the network"] -.-> HUB ARGUS["ARGUS
demand-side reference client"] ARGUS -->|"discover → pay → invoke → settle"| HUB ARGUS -->|"register · list · earn"| MESH ARGUS -->|"score server safety"| ORACLES ``` ARGUS reuses the existing protocol and SDK — it does not introduce new endpoints. The consumer/provider flows are documented in [economy-integration.md](./economy-integration.md). --- ## The bounded agent loop The core loop is the conventional plan → execute → observe cycle, but every boundary is metered. `Budget.step()` runs before each step and `Budget.tool()` before each tool call; either can throw `BudgetExceededError`, which terminates the task cleanly rather than overspending. The token meter is updated from each LLM call's usage and is auditable at any time via `Budget.format()`. ```mermaid flowchart TD START([task in]) --> RECALL["recall lessons
memory.recall(task)"] RECALL --> PLAN["plan / route tier
ProviderRouter.resolveTier"] PLAN --> STEPCHK{"Budget.step()
under ceilings?"} STEPCHK -- "no" --> STOP([BudgetExceededError → stop]) STEPCHK -- "yes" --> LLM["LLM call
(cache_control prefix)"] LLM --> METER["Budget.record(usage, pricing)"] METER --> DECIDE{"tool call
requested?"} DECIDE -- "no" --> DONE([answer + record episode]) DECIDE -- "yes" --> TOOLCHK{"Budget.tool()
under ceilings?"} TOOLCHK -- "no" --> STOP TOOLCHK -- "yes" --> WARDEN{"🛡️ tool allowed?
WARDEN + approval"} WARDEN -- "blocked" --> OBSERVE WARDEN -- "allowed" --> RUN["run tool
(builtin or MCP)"] RUN --> OBSERVE["observe result"] OBSERVE --> STEPCHK DONE --> DISTILL["distill lessons on failure
LessonDistiller.distill"] ``` The loop itself lives in `src/core/agent.ts` (the `@aimarket/agent` SDK is used only by the opt-in economy layer, not the core loop). Around the loop, ARGUS adds the budget governor, the WARDEN tool gate, the memory recall/distill hooks, context compaction, and tiered provider routing. See [token-economy.md](./token-economy.md) for the budget and tiering levers. --- ## Module map (quick reference) ``` src/ types.ts shared contract for every layer (no runtime deps) config.ts defaults ← argus.config.json ← env secrets; economy.enabled derivation logger.ts leveled logger providers/ router.ts ProviderRouter — tiering + provider selection anthropic.ts AnthropicProvider — Messages API + cache_control openai.ts OpenAICompatProvider — OpenAI-compatible + local core/ agent.ts Agent — the bounded plan → execute → observe loop budget.ts Budget governor + token meter; BudgetExceededError compactor.ts context compaction (summarise old turns on the cheap tier) memory/ store.ts JsonMemoryStore — episodes, lessons, pins lessons.ts LessonDistiller — failures → durable lessons warden/ 🛡️ MCP firewall (see security-warden.md) index.ts Warden — gate-chain orchestrator (vet / approve) static-scan.ts StaticScanGate threat-feed.ts ThreatFeed + ThreatGate reputation.ts ReputationGate (LUMEN) pinning.ts PinningGate + canonicalToolsHash sandbox.ts tool classification + EgressGuard mcp/ host.ts McpHost — connect, WARDEN-vet, bridge tools catalog.ts CatalogConnector — discover servers from registries economy/ 🛒 opt-in (see economy-integration.md) wallet.ts Wallet — address derivation / key validation aimarket.ts AimarketConsumer — wraps the @aimarket/agent SDK mesh.ts MeshProvider — AI Service Mesh registration / selling lumen.ts LumenOracle — TrustOracle over the oracle-family endpoint tools/ builtin.ts trusted built-in tools (web_fetch, recall_memory) runtime.ts wires the five layers; decides economy on/off cli.ts ask · chat · doctor · warden scan · economy index.ts bin entry ```