# Architecture

<figure><img src="/files/xVIbOhaj7n3tF2DjOPyP" alt=""><figcaption></figcaption></figure>

In terms of architecture, a [Safe](https://safe.global) is always at the core and acts as both the corporate crypto asset account for the company and the authority to trigger most corporate actions. Safe signers are always the legal board members of the company and therefore signatures to approve Safe actions can be assumed to be legal signed board consents.

Building on Safe has several important advantages:

* **From a security perspective:** All funds and most valuable access control rights stay in a highly battle tested contract which current holds tens of billions of dollars. Firm is used by plugging modules from the protocol into the Safe, which allows to perform actions based on arbitrary logic instead of multisig transactions.
* **From a user experience and anti lock-in perspective**: Users are always able to just use their Safe directly via all of the available interfaces and it’s compatible with other finance products built on top of Safe. Also, if a company wants to stop using Firm, it’s as easy as removing a couple of modules from their Safe and they will be left with a perfectly working vanilla Safe.

Firm protocol is built with a series of modules that can be added to any Safe. They have been built with these principles in mind:

* **Simple primitives, plug in customizability and granularity:** the core of Firm protocol is as simple as it could be, but not less. We have built some reasonable defaults that we think are what most companies will need to operate, but because companies might grow different in their structuring, most critical parts can be customized with optional code (e.g. controlling who can transfer shares).
* **Module independence:** not all modules have to be used, there’s the possibility to just pick some of them. The only shared dependency between all modules is the Safe itself. Even the roles system is opt-in and (although very recommended) it is not enforced that it must be the same between modules.
* **Upgradeability:** companies are rich in state by definition, so we have opted for allowing upgrades controlled by the Safe using proxies. Companies can optionally freeze all future upgrades and stay with their present code, effectively locking themselves.

<figure><img src="/files/HS5Q68bY3LdodII37wRl" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.firm.org/firm-protocol-v1/architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.