You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .cursor/rules/product-agent-wallet.mdc
+17-8Lines changed: 17 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -15,9 +15,9 @@ alwaysApply: false
15
15
## Wallet and trading modes
16
16
17
17
- **server-wallet** — private keys are held securely in a TEE-backed environment.
18
-
- **BYOK** (bring your own key) — user supplies a BIP-39 mnemonic.
19
-
- **Guard Mode (Recommended)** — trading mode (`--mode guard`). Enforces spend limits and allowlists with 2-factor authentication on violations.
20
-
- **Beast Mode** — trading mode (`--mode beast`). Skips routine policy checks; malicious or flagged transactions still require 2-factor authentication.
18
+
- **Bring your own wallet** — user supplies a BIP-39 mnemonic. CLI flag: `byok`.
19
+
- **Guard Mode (Recommended)** — trading mode (`--mode guard`). Designed for everyday traders. Enforces security check, network allowlist, token recipient allowlist, address allowlist, and rolling 24h outflow limit. 2-factor authentication on policy violations, malicious transactions, and raising outflow limit.
20
+
- **Beast Mode** — trading mode (`--mode beast`). Designed for power users. Security check guardrail only. 2-factor authentication on malicious transactions and risky contracts.
21
21
22
22
Users choose wallet and trading modes during interactive `mm init` or by prompting their agent.
23
23
Mark Guard Mode as **Recommended**; do not describe modes as opt-in, default, or preferred in other ways.
@@ -29,9 +29,19 @@ CLI flags use `server-wallet`, `byok`, `guard`, and `beast`.
29
29
30
30
Use these terms consistently when describing the security stack:
31
31
32
-
- **Transaction Shield** — threat scanning for malicious contracts and scams. Do not lead with vendor names.
33
-
- **Smart Transactions** — MEV protection (externally branded name; do not use "Servo" in user-facing docs).
34
-
- **Server wallet** / **TEE** — key custody in server-wallet mode. Do not lead with vendor names.
32
+
- **Transaction Protection** — guarantee for transactions deemed safe (up to $10,000 loss coverage).
33
+
Frame as backing for "security by default," not as a standalone scanning feature. Link eligibility
- **Server wallet** / **TEE** — keys managed and secured server-side; agents can't access the user's
44
+
main wallet. Do not lead with vendor names.
35
45
- **2FA** or **2-factor authentication** — human approval for flagged or policy-violating transactions. Do not use "MFA" in prose (CLI state `AWAITING_MFA` is acceptable in code references).
36
46
37
47
Do not add comparative security claims beyond approved product copy.
@@ -42,8 +52,7 @@ Do not add comparative security claims beyond approved product copy.
Copy file name to clipboardExpand all lines: agent-wallet/README.mdx
+26-49Lines changed: 26 additions & 49 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,18 +7,34 @@ keywords: [MetaMask, Agent Wallet, mm, AI agents, skills]
7
7
8
8
importCardListfrom'@site/src/components/CardList'
9
9
10
-
Give your AI agent a self-custody wallet with built-in security on every signing path.
11
-
Custody depends on wallet mode: server-wallet uses TEE-backed key storage; BYOK keeps keys under your
12
-
local control.
13
-
You install the `mm` CLI and add agent skills once.
14
-
After that, your agent handles authentication, transfers, swaps, bridges, perpetuals, and prediction
15
-
markets from natural-language requests.
10
+
A fully self-custodial agent wallet that lets AI agents trade autonomously without forcing users to give up control. Deploying an agent on a self-custody wallet can mean choosing between giving the agent freedom to act and keeping users’ funds safe. MetaMask Agent Wallet ends that trade-off. Your agent operates inside user-defined limits.
0 commit comments