How Archer Works

Archer is a conversational trading agent that lets you execute crypto trades through your favorite messaging app.

Overview

Archer connects to Tristero, a multi-chain decentralized exchange, and allows you to trade using natural language commands via Telegram, Signal, or iMessage. Simply tell Archer what you want to trade, review the transaction details, and confirm to execute.

Trading Flow

Connect — Open Archer via Telegram, Signal, or iMessage
Request — Tell Archer what you want to trade (e.g., "swap 100 USDC to ETH")
Review — Archer shows you the quote, fees, and transaction summary
Confirm — Reply to approve, and Archer executes the trade
Done — Receive confirmation with transaction details

Your Wallet

When you first message Archer, it automatically creates a secure wallet for you. Your wallet is linked to your messaging identity — no seed phrases to manage or browser extensions to install.

Wallet Features

Multi-chain support (ETH, Arbitrum, Base, Polygon, 50+ networks)
Automatic address derivation per chain
View balances anytime by asking Archer
Export private keys if you want full control

Example Commands

swap 0.5 ETH to USDCSwap tokens

buy $500 worth of ETHBuy with dollar amount

what's my balanceCheck balances

send 100 USDC to 0x...Transfer tokens

price of BTCGet current prices

Security

Every transaction requires your explicit confirmation before execution. Archer will always show you exactly what you're signing, including:

Token amounts and USD values
Network fees and slippage estimates
Destination addresses (for transfers)
Contract interactions being approved

You can cancel any pending transaction by simply saying "cancel" or "no".

Dark Pool Execution

For larger trades, Archer routes through Tristero's dark pool to minimize market impact. This means your orders execute with better prices and without moving the market against you.

How it works: Orders are matched peer-to-peer against other Tristero users when possible, with remaining volume filled through aggregated DEX liquidity.

Architecture

Archer is built as a modular system with several components working together:

System Components

Agent (OpenClaw) — LLM-powered conversational interface that interprets user intent and orchestrates tool calls
MCP Servers — Model Context Protocol servers for wallet operations, Hyperliquid, Polymarket, and Tristero integration
Signing Listener — Processes user confirmations, retrieves encrypted keys, signs transactions, and submits to exchanges
Redis — Shared state for user registry, signature queue, and session management
Supabase — Audit logs, chat history, and dashboard data

Trade Execution Flow

User requests trade via messaging app
Agent calls MCP tools to fetch quotes and build typed data (EIP-712)
Quote + typed data pushed to Redis signature queue with 5-minute TTL
User confirms with "Y" — confirmation watcher detects this
Signing listener pulls from queue, decrypts private key, signs transaction
Signed transaction submitted to exchange (Hyperliquid/Polymarket/Tristero)
Result logged and user notified of success/failure

Wallet Architecture

Wallets are non-custodial with keys encrypted at rest using AES-256-GCM.

Key Management

Generation — BIP-39 mnemonic derived, one HD wallet per user
Storage — Private keys encrypted with server-side encryption key, stored in Redis
Address derivation — EVM chains share one address; BTC/SOL have separate derivation paths
Signing — Keys decrypted in-memory only during signing, never persisted decrypted

Supported Wallet Types

EVM — Ethereum, Arbitrum, Base, Optimism, Polygon, BSC, Avalanche C-Chain
Bitcoin — Native SegWit (P2WPKH) addresses
Solana — Ed25519 keypairs

Hyperliquid Integration

Trade perpetual futures on crypto, stocks, commodities, and indices via Hyperliquid L1.

Supported Markets

Crypto Perps — BTC, ETH, SOL, ARB, and 100+ assets
HIP-3 Stocks — TSLA, NVDA, AAPL, MSFT, META, GOOG, AMZN (via xyz dex)
HIP-3 Commodities — GOLD, SILVER, CL (crude oil), NG (natural gas)
HIP-3 Indices — USA500, NAS100, EUR50

Order Types

Market orders — Immediate execution at current price
Limit orders — Execute at specified price or better
TP/SL orders — Conditional take-profit and stop-loss triggers
Close position — Market close with optional reduce-only flag

Signing Model

Hyperliquid uses EIP-712 typed data signing. Orders are signed with the Agent primary type, which derives an agent address from the signature. This agent address must be authorized to trade on behalf of the user's main wallet via the approveAgent action.

Polymarket Integration

Trade prediction markets on politics, crypto, sports, and current events.

How It Works

Markets — Binary outcome markets (Yes/No) with prices representing probability
Collateral — USDC on Polygon, automatically bridged if needed
Signing — Permit2 approvals + CLOB order signatures
Settlement — Winning positions pay $1 per share at resolution

Security Model

Confirmation Flow

5-minute timeout — Pending signatures expire after 5 minutes if not confirmed
Explicit confirmation — Users must reply "Y" to execute; no auto-signing
Quote display — Full transaction details shown before confirmation
Audit logging — All signing operations logged with wallet, status, and timestamps

Key Security

Encryption — AES-256-GCM with unique IV per key
Key isolation — Decryption only in signing listener, in-memory only
No key logging — Private keys never written to logs or disk unencrypted
User export — Users can export their private key on request

MCP (Model Context Protocol)

Archer uses MCP servers to expose trading capabilities to the LLM agent. Each MCP server is a separate process that handles a specific domain.

MCP Servers

wallet-mcp — User registration, balance checks, wallet creation, key export
hyperliquid-mcp — Perp trading, positions, markets, deposits, withdrawals
polymarket-mcp — Prediction market trading, event search, position management
tristero-mcp — Cross-chain swaps, quotes, supported tokens/chains

How MCP Tools Work

The agent calls tools via JSON-RPC. Each tool validates inputs, interacts with external APIs/contracts, and returns structured responses. For signing operations:

Tool builds EIP-712 typed data for the transaction
Typed data + metadata pushed to signature queue
Tool returns a confirmation prompt with tx details
Agent shows prompt to user and waits for "Y"

Order Lifecycle

Every order goes through a state machine from creation to completion.

Order States

queued → Order created, waiting for user confirmation
pending_confirmation → Pulled for signing, processing
signed → Signature created, submitting to exchange
filled → Order executed successfully
failed → Signing or submission failed
expired → 5-minute TTL exceeded without confirmation

Confirmation Detection

The signing listener watches for user confirmations via two methods: (1) Supabase realtime subscription on the chat_messages table for new "Y" messages, and (2) polling the signature queue for pending orders. When a match is found, the listener pulls the order, decrypts the key, signs, and submits.

EIP-712 Typed Data

All signing uses EIP-712 structured data, which provides human-readable transaction details and prevents signature replay attacks.

Structure

{
  domain: {
    name: "Exchange",
    version: "1",
    chainId: 42161,
    verifyingContract: "0x..."
  },
  types: {
    Order: [
      { name: "asset", type: "uint32" },
      { name: "isBuy", type: "bool" },
      { name: "limitPx", type: "uint64" },
      { name: "sz", type: "uint64" },
      ...
    ]
  },
  message: { /* order parameters */ }
}

Hyperliquid Agent Signing

Hyperliquid uses a unique "Agent" signing model. When you sign with primaryType "Agent", the exchange derives an agent address from your signature (via ecrecover). This agent address must be pre-authorized via approveAgent to trade on behalf of your main wallet. This allows delegated trading without exposing your main key.

Data Flow

Message → Trade Flow

User (Signal/TG/iMessage)
    │
    ▼
┌─────────────────┐
│  OpenClaw       │  ← LLM agent interprets intent
│  Gateway        │
└────────┬────────┘
         │ MCP call
         ▼
┌─────────────────┐
│  MCP Server     │  ← Builds typed data, pushes to queue
│  (HL/PM/etc)    │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Redis Queue    │  ← Stores pending signatures (5min TTL)
└────────┬────────┘
         │ User confirms "Y"
         ▼
┌─────────────────┐
│  Signing        │  ← Decrypts key, signs, submits
│  Listener       │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Exchange API   │  ← Hyperliquid / Polymarket / DEX
└─────────────────┘

State Management

Redis stores ephemeral state with TTLs. Supabase (Postgres) stores persistent audit logs and chat history.

Redis Data

User registry — Platform identity → wallet address mapping (1 year TTL)
Encrypted keys — Wallet address → AES-encrypted private key
Signature queue — Pending orders with typed data (5 min TTL)
Processing locks — Prevents duplicate signing (30 sec TTL)

Supabase Tables

chat_messages — Full conversation history for dashboard/debugging
signing_logs — Audit trail of all signing operations
user_feedback — Bug reports and feature requests

External Integrations

Hyperliquid

Info API — api.hyperliquid.xyz/info for market data, positions, balances
Exchange API — api.hyperliquid.xyz/exchange for order submission
Bridge — USDC deposits via Arbitrum bridge contract

Polymarket

CLOB API — Order book and trade submission
Gamma API — Market search and event data
Permit2 — Gasless USDC approvals on Polygon

Messaging Platforms

Telegram — Bot API via OpenClaw gateway
Signal — signal-cli over JSON-RPC
iMessage — BlueBubbles server API

Supported Platforms

FAQ

Is there a minimum trade size?

No minimum, but very small trades may not be economical due to network gas fees.

What chains are supported?

Ethereum, Arbitrum, Base, Optimism, Polygon, BSC, Avalanche, Solana, and 50+ more.

How are fees calculated?

You pay network gas fees plus a small protocol fee (shown before you confirm).

Can I use my existing wallet?

Currently Archer creates a wallet for you. BYOW (Bring Your Own Wallet) is coming soon.

Is my data private?

Messages are end-to-end encrypted on Signal. Trade data is stored securely and not shared.

Ready to start trading?

Connect via your favorite messaging app in seconds.

Get Started

How Archer Works

Archer is a conversational trading agent that lets you execute crypto trades through your favorite messaging app.

Overview

Trading Flow

Connect — Open Archer via Telegram, Signal, or iMessage
Request — Tell Archer what you want to trade (e.g., "swap 100 USDC to ETH")
Review — Archer shows you the quote, fees, and transaction summary
Confirm — Reply to approve, and Archer executes the trade
Done — Receive confirmation with transaction details

Your Wallet

When you first message Archer, it automatically creates a secure wallet for you. Your wallet is linked to your messaging identity — no seed phrases to manage or browser extensions to install.

Wallet Features

Multi-chain support (ETH, Arbitrum, Base, Polygon, 50+ networks)
Automatic address derivation per chain
View balances anytime by asking Archer
Export private keys if you want full control

Example Commands

swap 0.5 ETH to USDCSwap tokens

buy $500 worth of ETHBuy with dollar amount

what's my balanceCheck balances

send 100 USDC to 0x...Transfer tokens

price of BTCGet current prices

Security

Every transaction requires your explicit confirmation before execution. Archer will always show you exactly what you're signing, including:

Token amounts and USD values
Network fees and slippage estimates
Destination addresses (for transfers)
Contract interactions being approved

You can cancel any pending transaction by simply saying "cancel" or "no".

Dark Pool Execution

For larger trades, Archer routes through Tristero's dark pool to minimize market impact. This means your orders execute with better prices and without moving the market against you.

How it works: Orders are matched peer-to-peer against other Tristero users when possible, with remaining volume filled through aggregated DEX liquidity.

Architecture

Archer is built as a modular system with several components working together:

System Components

Agent (OpenClaw) — LLM-powered conversational interface that interprets user intent and orchestrates tool calls
MCP Servers — Model Context Protocol servers for wallet operations, Hyperliquid, Polymarket, and Tristero integration
Signing Listener — Processes user confirmations, retrieves encrypted keys, signs transactions, and submits to exchanges
Redis — Shared state for user registry, signature queue, and session management
Supabase — Audit logs, chat history, and dashboard data

Trade Execution Flow

User requests trade via messaging app
Agent calls MCP tools to fetch quotes and build typed data (EIP-712)
Quote + typed data pushed to Redis signature queue with 5-minute TTL
User confirms with "Y" — confirmation watcher detects this
Signing listener pulls from queue, decrypts private key, signs transaction
Signed transaction submitted to exchange (Hyperliquid/Polymarket/Tristero)
Result logged and user notified of success/failure

Wallet Architecture

Wallets are non-custodial with keys encrypted at rest using AES-256-GCM.

Key Management

Generation — BIP-39 mnemonic derived, one HD wallet per user
Storage — Private keys encrypted with server-side encryption key, stored in Redis
Address derivation — EVM chains share one address; BTC/SOL have separate derivation paths
Signing — Keys decrypted in-memory only during signing, never persisted decrypted

Supported Wallet Types

EVM — Ethereum, Arbitrum, Base, Optimism, Polygon, BSC, Avalanche C-Chain
Bitcoin — Native SegWit (P2WPKH) addresses
Solana — Ed25519 keypairs

Hyperliquid Integration

Trade perpetual futures on crypto, stocks, commodities, and indices via Hyperliquid L1.

Supported Markets

Crypto Perps — BTC, ETH, SOL, ARB, and 100+ assets
HIP-3 Stocks — TSLA, NVDA, AAPL, MSFT, META, GOOG, AMZN (via xyz dex)
HIP-3 Commodities — GOLD, SILVER, CL (crude oil), NG (natural gas)
HIP-3 Indices — USA500, NAS100, EUR50

Order Types

Market orders — Immediate execution at current price
Limit orders — Execute at specified price or better
TP/SL orders — Conditional take-profit and stop-loss triggers
Close position — Market close with optional reduce-only flag

Signing Model

Polymarket Integration

Trade prediction markets on politics, crypto, sports, and current events.

How It Works

Markets — Binary outcome markets (Yes/No) with prices representing probability
Collateral — USDC on Polygon, automatically bridged if needed
Signing — Permit2 approvals + CLOB order signatures
Settlement — Winning positions pay $1 per share at resolution

Security Model

Confirmation Flow

5-minute timeout — Pending signatures expire after 5 minutes if not confirmed
Explicit confirmation — Users must reply "Y" to execute; no auto-signing
Quote display — Full transaction details shown before confirmation
Audit logging — All signing operations logged with wallet, status, and timestamps

Key Security

Encryption — AES-256-GCM with unique IV per key
Key isolation — Decryption only in signing listener, in-memory only
No key logging — Private keys never written to logs or disk unencrypted
User export — Users can export their private key on request

MCP (Model Context Protocol)

Archer uses MCP servers to expose trading capabilities to the LLM agent. Each MCP server is a separate process that handles a specific domain.

MCP Servers

wallet-mcp — User registration, balance checks, wallet creation, key export
hyperliquid-mcp — Perp trading, positions, markets, deposits, withdrawals
polymarket-mcp — Prediction market trading, event search, position management
tristero-mcp — Cross-chain swaps, quotes, supported tokens/chains

How MCP Tools Work

The agent calls tools via JSON-RPC. Each tool validates inputs, interacts with external APIs/contracts, and returns structured responses. For signing operations:

Tool builds EIP-712 typed data for the transaction
Typed data + metadata pushed to signature queue
Tool returns a confirmation prompt with tx details
Agent shows prompt to user and waits for "Y"

Order Lifecycle

Every order goes through a state machine from creation to completion.

Order States

queued → Order created, waiting for user confirmation
pending_confirmation → Pulled for signing, processing
signed → Signature created, submitting to exchange
filled → Order executed successfully
failed → Signing or submission failed
expired → 5-minute TTL exceeded without confirmation

Confirmation Detection

EIP-712 Typed Data

All signing uses EIP-712 structured data, which provides human-readable transaction details and prevents signature replay attacks.

Structure

{
  domain: {
    name: "Exchange",
    version: "1",
    chainId: 42161,
    verifyingContract: "0x..."
  },
  types: {
    Order: [
      { name: "asset", type: "uint32" },
      { name: "isBuy", type: "bool" },
      { name: "limitPx", type: "uint64" },
      { name: "sz", type: "uint64" },
      ...
    ]
  },
  message: { /* order parameters */ }
}

Hyperliquid Agent Signing

Data Flow

Message → Trade Flow

User (Signal/TG/iMessage)
    │
    ▼
┌─────────────────┐
│  OpenClaw       │  ← LLM agent interprets intent
│  Gateway        │
└────────┬────────┘
         │ MCP call
         ▼
┌─────────────────┐
│  MCP Server     │  ← Builds typed data, pushes to queue
│  (HL/PM/etc)    │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Redis Queue    │  ← Stores pending signatures (5min TTL)
└────────┬────────┘
         │ User confirms "Y"
         ▼
┌─────────────────┐
│  Signing        │  ← Decrypts key, signs, submits
│  Listener       │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Exchange API   │  ← Hyperliquid / Polymarket / DEX
└─────────────────┘

State Management

Redis stores ephemeral state with TTLs. Supabase (Postgres) stores persistent audit logs and chat history.

Redis Data

User registry — Platform identity → wallet address mapping (1 year TTL)
Encrypted keys — Wallet address → AES-encrypted private key
Signature queue — Pending orders with typed data (5 min TTL)
Processing locks — Prevents duplicate signing (30 sec TTL)

Supabase Tables

chat_messages — Full conversation history for dashboard/debugging
signing_logs — Audit trail of all signing operations
user_feedback — Bug reports and feature requests

External Integrations

Hyperliquid

Info API — api.hyperliquid.xyz/info for market data, positions, balances
Exchange API — api.hyperliquid.xyz/exchange for order submission
Bridge — USDC deposits via Arbitrum bridge contract

Polymarket

CLOB API — Order book and trade submission
Gamma API — Market search and event data
Permit2 — Gasless USDC approvals on Polygon

Messaging Platforms

Telegram — Bot API via OpenClaw gateway
Signal — signal-cli over JSON-RPC
iMessage — BlueBubbles server API

Supported Platforms

FAQ

Is there a minimum trade size?

No minimum, but very small trades may not be economical due to network gas fees.

What chains are supported?

Ethereum, Arbitrum, Base, Optimism, Polygon, BSC, Avalanche, Solana, and 50+ more.

How are fees calculated?

You pay network gas fees plus a small protocol fee (shown before you confirm).

Can I use my existing wallet?

Currently Archer creates a wallet for you. BYOW (Bring Your Own Wallet) is coming soon.

Is my data private?

Messages are end-to-end encrypted on Signal. Trade data is stored securely and not shared.

Ready to start trading?

Connect via your favorite messaging app in seconds.

Get Started