> For the complete documentation index, see [llms.txt](https://autopilot-5.gitbook.io/autopilot/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://autopilot-5.gitbook.io/autopilot/protocol/markdown/upgradeability-and-governance.md). # Upgradeability & Governance Autopilot is designed with a constrained upgrade model: \ Only peripheral components can be updated — core logic related to voting, rewards, user funds, and NFT ownership is immutable. This structure allows for flexibility where needed without compromising trust or non-custodial guarantees. *** #### 🔧 Controlled Upgradeability Some modules in the Autopilot system are upgradeable to allow the protocol to adapt to changes in ecosystem infrastructure, integration needs, or performance improvements. **Upgradeable Modules:** * **SwapperV1**\ Handles reward token conversion during the distribution process.\ Can be upgraded to support better DEX routing, slippage protection, or additional assets.\ Enables Autopilot to maintain swap efficiency over time. * **DepositValidatorV1**\ Defines the rules for veAERO deposits — including minimum size, lock duration, and timing windows.\ Can be updated to reflect changes in veAERO mechanics or new eligibility requirements.\ Provides flexibility while keeping enforcement trustless. * **Operator Permissions**\ Used to manage bot operator addresses that execute voting, claiming, and swap functions.\ Can be updated on-chain by the owner role, with all changes logged.\ Ensures continued functionality in case of bot or infrastructure changes. > Upgradeable modules are limited in scope and do not affect core protocol behavior. *** #### 🔒 Immutable Core Contracts The core components of Autopilot — those responsible for user funds, voting rights, and reward logic — are immutable.\ These contracts cannot be upgraded or modified after deployment. **Immutable Components:** * **NFT Tracking**\ veAERO positions are tracked on-chain.\ Ownership, vote weight, and reward eligibility are tied to these records and cannot be altered externally. * **Reward Calculation Logic**\ All formulas for vote-based reward distribution and scaling are hardcoded.\ They cannot be changed through governance or admin access. * **Withdrawal Rights**\ Users can always withdraw their NFTs outside the Special Window.\ This function is fixed in the contract and cannot be disabled or re-routed. * **Access Control**\ No contract in the system contains admin logic for fund access or reward manipulation.\ There are no backdoors. *** #### 🚫 Owner Limitations The contract owner role exists for managing operator permissions and upgradeable modules only.\ It does **not** have access to user funds or critical protocol logic. The owner **cannot**: * Access user NFTs or rewards * Reassign or freeze veAERO locks * Modify withdrawal logic * Change voting or reward distribution math > These limitations are enforced at the contract level and cannot be bypassed. *** #### ⚖️ Governance Roadmap Autopilot is currently not governed by a token.\ However, the architecture supports a potential future transition to DAO-managed upgrades and operations. In a DAO setup: * Upgrades (e.g., to Swapper) could be proposed and voted on by token holders * Operator addresses could be managed via on-chain governance * Treasury assets (if introduced) could be governed collectively For now, the protocol prioritizes reliability, with upgradeability restricted to components that benefit from flexibility, not those tied to user value or access. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://autopilot-5.gitbook.io/autopilot/protocol/markdown/upgradeability-and-governance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.