Read-only
Reads public or authorized state. Cannot create unsigned transactions or move funds.
Examples
market rates, gateway status, portfolio state, policy state
Tool Risk Model
Agent tools are separated by risk level. Reads and simulations are safe to test publicly. Preparing an action is not the same thing as moving funds. Real execution requires signed or user-approved authority.
Last updated June 25, 2026
Reads public or authorized state. Cannot create unsigned transactions or move funds.
Examples
market rates, gateway status, portfolio state, policy state
Calculates expected fees, LTV, health score, and safety result. Cannot move funds.
Examples
preview_action, estimates, safety-rail tests
Creates unsigned transaction envelopes or sandbox treasuries. Requires wallet signature before real execution.
Examples
create_treasury, wallet-mode action prep
Relays an already signed transaction or executes inside approved automation permissions.
Examples
relay_signed_transaction, managed live automation
| Scoped permissions | No unlimited agent execution. Permissions bind action type, asset, LTV limits, gas caps, and approval mode. |
|---|---|
| Human approval mode | Default for real money. A wallet signature or approved automation policy is required. |
| Read-only sandbox | Public reads and simulations are available without signup. |
| Transaction preparation | Allowed before execution. A prepared action is not a completed action. |
| Execution controls | Live execution requires approved wallet permissions, idempotency, and policy validation. |
| Logging | Every agent/tool action should be logged with initiator, action, trigger, amount, fee, and timestamp. |
| Rate limits | Public and state-changing routes use rate limits to reduce abuse. |
| Replay protection | State-changing routes require Idempotency-Key headers where applicable. |
| PII filtering | Do not pass personal contact, payment, or credential data through prompts unless required and explicitly approved. |
| Prompt injection | Do not feed untrusted tool output into execution prompts without validating policy, amount, recipient, chain, and permission state. |
Agents may analyze, simulate, recommend, monitor, and prepare treasury actions. Agents should not move real funds unless the user has explicitly granted approved, scoped permissions or signed the transaction.