Nex Copilot

Governed agentic copilot for Web3, DeFi, and tool execution
28 nodes

nex-t1.ai

Nex Copilot

08

Production-oriented monorepo for Nex Copilot (https://nex-t1.ai): a governed AI copilot where users search, analyze, automate, and execute across wallets and 300+ tools — with read-only / approval / execution modes, spending limits, contract allowlists, human-in-the-loop approvals, and machine-readable execution receipts.

Project context05

Problem

AI copilots that touch wallets, DeFi tools, and external connectors fail quickly when they treat every action as a chat completion. The hard problem is controlled delegation: users need useful autonomy without giving models direct authority over tokens, private connector credentials, or irreversible transactions.

Solution

Nex Copilot separates clients, API/BFF, agent runtime, MCP tool gateway, sandbox execution, on-chain intents, policy checks, approvals, and audit receipts. The user can stay in read-only, approval, or execution mode while every risky action passes through deterministic policy and human-in-the-loop gates.

Challenges

The system has to coordinate streaming UX, resumable agent sessions, connector vaulting, sandbox artifacts, transaction simulation, signing isolation, and event ledgers without leaking secrets into model context or letting retries create duplicate runs.

Innovation

The architecture treats on-chain execution as typed intent orchestration rather than raw transaction generation. It combines OpenAI Agents SDK, AI SDK streams, MCP routing, E2B-style isolation, and Supabase-backed approvals into one governed execution plane.

Domain expertise

This page shows Stefan's depth across agent platform architecture, Web3 risk controls, MCP connector boundaries, Supabase/RLS data design, SSE run streaming, policy packages, and audit-ready execution receipts.

Case study evidence11

Outcomes

  • Transforms a wallet-connected assistant from a chat surface into a governed execution product with read-only, approval, and execution modes.
  • Makes high-risk actions reviewable through policy checks, human approvals, simulation, and machine-readable receipts.
  • Creates a reusable blueprint for AI copilots that must coordinate tools, wallets, sandboxes, and audit trails.

Architecture decisions

  • BFF and agent runtime are separate so UI streaming cannot bypass policy or connector boundaries.
  • MCP tool gateway centralizes connector access instead of letting model prompts call tools directly.
  • Supabase run events, approvals, and artifacts create a durable audit ledger for each execution path.

Domain expertise signals

Agent governanceDeFi execution safetyMCP tool boundariesApproval UXAudit receipts
Technical deep dive09

Nex Copilot is an execution-control system disguised as a copilot. The technical depth is in separating what the model can propose, what policy can approve, what infrastructure can execute, and what the user can audit after the fact.

Trust boundary

Clients never get direct model, connector, or signer authority. They speak to a BFF that creates runs, streams events, and exposes approval surfaces while connector credentials and signing paths remain isolated behind server-side boundaries.

Agent runtime separation

UI chat streams and multi-agent tool execution are separate concerns. AI SDK can serve app-facing streaming while OpenAI Agents SDK handles handoffs, sessions, interruptions, and MCP tool loops inside the governed runtime.

Policy and receipts

The important product primitive is the typed intent, not the generated answer. Intents pass spending caps, contract allowlists, simulation, approval, and signing gates before a receipt records wallet, fees, risk flags, approvals, and transaction hashes.

Operational posture

The system is designed for retry safety, run idempotency, event ledgers, sandbox artifacts, and reviewable tool traces. That makes it closer to a financial control plane than a consumer chatbot.

What this proves

  • Mode-based autonomy instead of all-or-nothing agent execution
  • MCP gateway and Auth0 vault keep connector tokens out of model context
  • Supabase run events and approvals create a replayable audit trail
  • On-chain simulation and signing are isolated from planning authority
6services
300+tool integrations
3client surfaces
2SDK families
1signing facade
100%HITL-capable
Technology stack05
Next.js

Next.js

Primary web surface for chat, tool cards, streaming runs, and approval UI over the BFF contract.

Supabase

Supabase

Postgres + RLS for agent_runs, events, approvals, and artifact metadata — one persistence boundary.

OpenAI

OpenAI Agents SDK

Multi-agent handoffs, sessions, HITL interruptions, and MCP tool loops in agent-runtime.

AI SDK

AI SDK v6

UI-facing chat streams in React/Next — kept separate from the multi-agent runtime per platform boundary.

MCP

MCP

300+ tools route through tool-gateway — connectors never called directly from clients or LLM-ad-hoc fetch.

Tools implemented08

API / BFF

Supabase JWT + API key auth; creates agent_runs; streams agent_run_events over SSE.

Approval endpoints

Pauses risky tool or on-chain actions until explicit human approval.

Agent runtime

OpenAI Agents SDK ManagerAgent with Postgres session adapter and structured handoffs.

Tool gateway

MCP/function/internal tool registry with Auth0 Token Vault connector boundary.

Sandbox runner

E2B-isolated filesystem/shell/repo execution with artifact upload.

On-chain engine

Typed intents → simulation → policy → approval → isolated signing facade.

Policy package

Deterministic spending caps, contract allowlists, redaction, and kill switches.

Execution receipts

Human-readable proof: wallet, fees, risk flags, approvals, transaction hashes.

Stefan Creadore · @Eldergenixproduction agent systems mapped end to end