We introduce Koan, a system for compiling natural language DeFi requests into executable safety-validated directed acyclic graphs (DAGs). Assembling correct multi-step DeFi workflows requires sequencing irrevocable on-chain transactions across heterogeneous protocols, demanding flexible intent understanding and strict execution discipline simultaneously – a combination no existing tool provides. Koan addresses this in two phases. Phase 1 translates user intent into a typed graph via an LLM with deterministic fallback heuristics. Phase 2 validates that graph, injects missing safety nodes, and executes with dependency-aware scheduling. We evaluated on 1,000 prompts across 9 DeFi categories. Intent-to-workflow correctness reached 82.4%; DAG validity 93.6%. The Safety Injector raised price-impact check coverage from 41.2% to 98.4%, and 7.3% of all workflows were aborted by injected checks identifying excessive risk. Workflow authoring averaged 2.4 min versus 46.8 min for manual scripting (a 20x speedup), and compiled flows achieved 97% execution success with 18% gas savings on matched DEX routes under testnet conditions.

Intent compilation is a workable systems abstraction for DeFi automation. Splitting probabilistic intent inference from deterministic validation and execution resolves a real tension: LLMs are flexible but unreliable, and on-chain calls are unforgiving. Three results stand out. First, the graph validator is the single largest correctness contributor: DAG validity drops from 94.3% to 67.8% without it, confirming that structural enforcement – not LLM quality – is the primary reliability lever. Second, the Safety Injector reaches 96.2% unsafe-flow block rate independent of LLM output quality, and injected checks actively abort 7.3% of trades at execution time, demonstrating that safety-by-construction at the workflow layer provides guarantees probabilistic generation alone cannot. Third, Koan reduces workflow construction time 20x versus manual scripting while maintaining 97% execution success and 18% gas savings on matched routes under testnet conditions. The path forward is interactive clarification for ambiguous prompts, control-flow extensions beyond pure DAGs, ERC-4337 integration for wallet-layer policy enforcement, and a formal user study with non-technical DeFi participants.

[1] Q. Mao, Y. Zhang, J. Chen, W. Zhou, and J. Yan, “Know Your Intent: An Autonomous Multi-Perspective LLM Agent Framework for DeFi User Transaction Intent Mining,” arXiv preprint arXiv:2511.15456, 2025. [CrossRef] [Google Scholar] [Publisher Link] [2] Zapier, “Zapier Apps Directory,” 2026. [Online]. Available: https://zapier.com/apps. [Publisher Link] [3] n8n, “n8n: AI Workflow Automation Platform,” 2026. [Online]. Available: https://n8n.io/. [Publisher Link] [4] Node-RED, “Node-RED: Low-Code Programming for Event-Driven Applications,” 2026. [Online]. Available: https://nodered.org/. [Publisher Link] [5] Langflow, “Langflow Documentation,” 2026. [Online]. Available: https://docs.langflow.org/. [Publisher Link] [6] Flowise, “Flowise Documentation,” 2026. [Online]. Available: https://docs.flowiseai.com/. [Publisher Link] [7] 1inch Network, “1inch Swap API,” 2026. [Online]. Available: https://1inch.dev/swap-api. [Publisher Link] [8] CoW Protocol, “CoW Protocol Documentation: MEV Protection,” 2026. [Online]. Available: https://docs.cow.fi/cow-protocol/concepts/benefits/mev-protection. [Publisher Link] [9] Make, “Make: Visual-First Automation and AI Platform,” 2026. [Online]. Available: https://www.make.com/en. [Publisher Link] [10] A. Gandhi, T. Q. Nguyen, H. Jiao, R. Steen, and A. Bhatawdekar, “Natural Language Commanding via Program Synthesis,” arXiv preprint arXiv:2306.03460, 2023. [CrossRef] [Google Scholar] [Publisher Link] [11] N. Yaghmazadeh, Y. Wang, I. Dillig, and T. Dillig, “SQLizer: Query Synthesis from Natural Language,” Proceedings of the ACM on Programming Languages, vol. 1, no. OOPSLA, pp. 63:1-63:26, 2017. [CrossRef] [Google Scholar] [Publisher Link] [12] A. Chivukula, J. Somasundaram, and V. Somasundaram, “Agint: Agentic Graph Compilation for Software Engineering Agents,” arXiv preprint arXiv:2511.19635, 2025. [CrossRef] [Google Scholar] [Publisher Link] [13] S. Qiao, R. Fang, Z. Qiu, X. Wang, N. Zhang, Y. Jiang, P. Xie, F. Huang, and H. Chen, “Benchmarking Agentic Workflow Generation,” arXiv preprint arXiv:2410.07869, 2024. [CrossRef] [Google Scholar] [Publisher Link] [14] S. M. Werner, D. Perez, L. Gudgeon, A. Klages-Mundt, D. Harz, and W. J. Knottenbelt, “SoK: Decentralized Finance (DeFi),” Proceedings of the 4th ACM Conference on Advances in Financial Technologies (AFT ’22), pp. 30-46, 2022. [CrossRef] [Google Scholar] [Publisher Link] [15] P. Daian, S. Goldfeder, T. Kell, Y. Li, X. Zhao, I. Bentov, L. Breidenbach, and A. Juels, “Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability,” Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP ’20), pp. 910-927, 2020. [CrossRef] [Google Scholar] [Publisher Link] [16] A. Zamyatin, M. Al-Bassam, D. Zindros, E. Kokoris-Kogias, P. Moreno-Sanchez, A. Kiayias, and W. J. Knottenbelt, “SoK: Communication Across Distributed Ledgers,” Proceedings of the 25th International Conference on Financial Cryptography and Data Security (FC ’21), pp. 3-36, 2021. [CrossRef] [Google Scholar] [Publisher Link] [17] L. Luu, D. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making Smart Contracts Smarter,” Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16), pp. 254-269, 2016. [CrossRef] [Google Scholar] [Publisher Link] [18] P. Tsankov, A. Dan, D. Drachsler-Cohen, A. Gervais, F. Bunzli, and M. Vechev, “Securify: Practical Security Analysis of Smart Contracts,” Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18), pp. 67-82, 2018. [CrossRef] [Google Scholar] [Publisher Link] [19] C. Kelleher and R. Pausch, “Lowering the Barriers to Programming: A Taxonomy of Programming Environments and Languages for Novice Programmers,” ACM Computing Surveys, vol. 37, no. 2, pp. 83-137, 2005. [CrossRef] [Google Scholar] [Publisher Link]