Permissions

User-approved automation permissions, not unrestricted agent control.

Stackit.ai is designed so agents can analyze, simulate, recommend, monitor, and prepare actions. Moving real funds requires a wallet signature or explicitly approved, scoped automation permissions.

Last updated June 25, 2026

Plain-English model

Wallet ownership

The user or operator owns the treasury wallet. Stackit.ai is not the private-key custodian.

Privy role

Privy provides embedded wallet and signer infrastructure for users who choose a managed login experience.

User-approved automation permissions

Automation can act only inside the strategy, limits, and permissions the user approved.

Scope limits

Policy limits cover actions, assets, LTV bands, gas caps, and whether execution is preview-only or live.

Revocation

Users can revoke future automation permissions. Already-submitted signed transactions may still settle.

Logs

Every tool and action path should be attributable in the audit trail with timestamp, initiator, action, trigger, and fee.

Technical model

Wallet-sovereignActions return unsigned transaction envelopes. The operator or agent wallet signs, then relays through POST /api/v1/relay.
Managed treasuryThe treasury wallet remains operator-owned. Stackit.ai automation is an additional signer gated by a deny-all-by-default policy compiled from the approved strategy.
Delegation statesnot_granted, approved_pending_funds, active, revoked_pending_settlement, revoked.
Policy checksPreview and execution routes enforce LTV ceiling, live band, gas caps, action type, idempotency, and replay protection.
x402Wallet-sovereign agents can pay per request. Payment does not grant permission to move real funds.

Agent permission table

ActionAgent can prepare?Can move funds?Human approval required?
Read treasury stateYesNoNo
Simulate borrowYesNoNo
Prepare unsigned transactionYesNoNo, but live signing requires approval
Relay signed transactionOnly after wallet signaturePossible if signedYes
Managed automation executionOnly inside approved policyPossibleYes
Change policy limitsNoNoYes, by user/operator
Revoke permissionsNoNoUser/operator action

Revocation path

Revoke future automation from the wallet or policy manager that granted it. If the Stackit.ai UI is unavailable, follow the self-rescue runbook to revoke permissions and interact directly with the underlying wallet/protocol interfaces.