MCL

Determinism for the agent economy.

MCL (Matrix Command Language) is the rigorous rail for high-stakes work. It converts natural language into a closed-vocabulary Intent IR, ensuring byte-deterministic execution for irreversible and on-chain operations.

Typed Intent IR

A protocol that turns natural language into a strictly typed intermediate representation with a closed verb vocabulary and closed object kinds.

Replayable Walks

Every action is planned and recorded. Byte-deterministic replay means you can audit, rewind, and verify exactly what the agent did.

High-Stakes Execution

Built for monetary transactions, smart contract deployments, and enterprise operations where a hallucination is not an option.

DeFi & Web3

Executing token swaps or liquidity provisioning with absolute certainty.

Enterprise Admin

Irreversible database migrations or API state changes.

Inside an MCL execution

MCL transforms ambiguous natural language into a byte-deterministic action record through three distinct stages.

Parse to Intent IR

The model generates a typed Intent IR object from natural language. The IR has a closed verb, typed object parameters, and and a declared reversibility class.

Validate against permission manifest

The IR is validated against the agent’s declared permission manifest. Actions outside scope are rejected before the walk begins.

Walk, commit, and receipt

The Executor walks the plan step-by-step. On completion, it commits to Cortex and generates EIP-712 signed receipts that are anchored to Paxeer.

Read the MCL specification

See use cases

Matrix Configuration Language

MCL is the declarative configuration system that defines how Matrix agents behave, what tools they can access, how memory is structured, and what execution policies govern their actions. Rather than writing imperative code to configure agents, you declare intent in MCL and the Matrix runtime interprets it deterministically.

MCL configurations are versioned, composable, and auditable. Every agent behavior — from tool selection to memory retrieval to execution constraints — traces back to an MCL document that can be reviewed, diffed, and rolled back.

// Example MCL agent definition agent "researcher" { model = "claude-4-sonnet" system = file("./prompts/researcher.md") tools = [web_search, fetch, fs_read, fs_write] memory = cortex.research policy = "read-only-unless-approved" max_turns = 50 timeout = "30m" }

Tool Definitions

Every tool available to a Matrix agent is declared in MCL with its full interface: parameter schemas, return types, permission requirements, and rate limits. The runtime uses these declarations to validate tool calls before execution and to present structured tool descriptions to the LLM.

Parameter Schemas

JSON Schema-based parameter validation with support for required fields, enums, defaults, and nested objects. Invalid calls are rejected before reaching the tool implementation.

Permission Tiers

Tools declare their permission level: read, write, execute, or sign. The execution policy determines which tiers require user approval.

Composable Toolsets

Tool groups can be defined once and reused across agents. A dev-tools set might include shell, git, and filesystem tools, referenced by multiple agent configs.

Rate Limiting

Per-tool rate limits prevent runaway execution. Configure max calls per minute, per hour, or per session. Exceeded limits pause the agent and surface a notification.

tool "web_search" { description = "Search the public web" parameters = { query : string(required) max_results : int(default: 5, range: [1, 20]) topic : enum("general", "news") } returns = { results: array, answer: string? } permission = "read" rate_limit = "30/min" }

Memory Schemas

MCL defines how agent memory is structured through Cortex schemas. Memory isn't a free-form blob — it's typed, namespaced, and queryable. Each memory domain (knowledge, observations, user preferences, task state) has its own schema that determines what gets stored, how it's indexed, and when it expires.

Knowledge notes — Persistent facts and observations the agent accumulates across sessions, stored as typed key-value pairs with confidence scores

Conversation context — Working memory for the current session, automatically summarized and compressed as context windows fill

User profile — Long-term preferences, communication style, and workflow patterns that persist across all sessions

Task state — Structured checkpoints for multi-step work, enabling resumption after interruptions or context refreshes

memory "cortex.research" { namespace = "research" retention = "90d" schema { findings : array<{ claim: string, source: url, confidence: float }> open_q : array<string> bibliography: array<{ title: string, url: url, accessed: datetime }> } indexing = "semantic" // vector similarity search eviction = "lru" // least recently used when at capacity max_size = "50mb" }

Execution Policies

Execution policies are the security and governance layer of MCL. They define what an agent can do autonomously versus what requires human approval, how failures are handled, and what audit trail is maintained. Policies are composable — you can layer a base policy with domain-specific overrides.

Autonomy Levels

From fully autonomous (read-only tools, no approval needed) to fully gated (every tool call requires explicit user confirmation). Most configs use a middle ground: reads are free, writes need approval.

Budget Controls

Set spend limits per session, per day, or per task. When an agent approaches its budget, it pauses and reports. Prevents runaway costs from loops or hallucinated tool chains.

Audit Logging

Every tool invocation, LLM call, and decision point is logged with timestamps, inputs, outputs, and the policy rule that permitted it. Full traceability for compliance and debugging.

Failure Handling

Configure retry behavior, fallback strategies, and escalation paths. A failed tool call can retry with backoff, fall back to an alternative tool, or escalate to the user with context.

policy "standard-agent" { autonomy = "read-free" // reads are autonomous, writes need approval budget = { session: "$5", daily: "$20" } on_failure = { retry = 3 backoff = "exponential" escalate = "after-retries" } audit = { log_level = "verbose" retention = "365d" export = ["stdout", "file://./audit.log"] } // Monetary operations always require user approval sign_rule = "always-approve" }