-
-
Notifications
You must be signed in to change notification settings - Fork 2k
Update agent wallet docs #2954
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update agent wallet docs #2954
Changes from 1 commit
2f3da9f
67ecb89
b0509b3
f0bb39a
b5fa2e3
0f1a7aa
683f15a
3ede935
405e364
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| --- | ||
| description: How Agent Wallet enforces rolling 24-hour outflow limits on server-wallet transactions. | ||
| keywords: [MetaMask, Agent Wallet, outflow policy, outflow limit, server-wallet, Guard Mode, 2FA] | ||
| --- | ||
|
|
||
| # Outflow policy | ||
|
|
||
| Your outflow limit caps the total value that can leave the server-wallet in a rolling 24-hour window. | ||
| MetaMask tracks outflows automatically and requests 2-factor authentication approval when a transaction | ||
| would exceed the limit. | ||
|
|
||
| Outflow limits apply in **Guard Mode (Recommended)** when using server-wallet. | ||
| See [Trading modes](trading-modes.md) for how Guard Mode enforces this policy alongside other | ||
| guardrails. | ||
|
|
||
| ## Setting your outflow limit | ||
|
|
||
| You're prompted to set your outflow limit on your first transaction, or whenever a transaction would | ||
| exceed your current limit. | ||
| When you set your 24-hour outflow limit, it counts the transaction you're approving now plus all | ||
| subsequent transactions in the rolling window. | ||
|
|
||
| ## How outflow is calculated | ||
|
|
||
| Before signing, MetaMask simulates the transaction value and adds that value to your 24-hour total once | ||
| the transaction is confirmed (submitted successfully). | ||
|
|
||
| For example, if you swap 10 USDC to ETH and later swap the ETH to DAI, this counts as a \$10 outflow for | ||
| USDC to ETH and another \$10 for ETH to DAI. | ||
|
|
||
| You'll receive a 2-factor authentication request when the transaction exceeds your 24-hour outflow | ||
| limit. | ||
|
|
||
| ## What's included | ||
|
|
||
| The following transaction types count toward your outflow limit: | ||
|
|
||
| - Swaps and liquidity deposits (like on Uniswap). | ||
| - Polymarket USDC deposits to deposit addresses and collateral onramp contracts. | ||
|
Check warning on line 39 in agent-wallet/reference/outflow-policy.md
|
||
| - Hyperliquid deposits to bridge and deposit contracts. | ||
|
Check warning on line 40 in agent-wallet/reference/outflow-policy.md
|
||
|
yashovardhan marked this conversation as resolved.
Outdated
|
||
|
|
||
| ## Limitations | ||
|
|
||
| Outflow tracking can be imprecise if transactions are not submitted through our backend. | ||
|
|
||
| When an outflow can't be tracked reliably, such as when a transaction can't be simulated, fall back on | ||
| your allowlists. | ||
|
|
||
| Signatures (for example, Permit2) are not included in the outflow calculation as of now. | ||
|
|
||
| ## Related | ||
|
|
||
| - [Trading modes](trading-modes.md) | ||
| - [Architecture](architecture.md) | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| --- | ||
| description: Guard Mode and Beast Mode trading policies for server-wallet, including guardrails and 2FA approval. | ||
| keywords: | ||
| [ | ||
| MetaMask, | ||
| Agent Wallet, | ||
| trading modes, | ||
| Guard Mode, | ||
| Beast Mode, | ||
| server-wallet, | ||
| 2FA, | ||
| allowlist, | ||
| outflow limit, | ||
| ] | ||
| --- | ||
|
|
||
| # Trading modes | ||
|
|
||
| Trading modes apply to server-wallet only. | ||
| During `mm init`, you are prompted to choose a trading mode. | ||
|
|
||
| ## Guard Mode vs Beast Mode | ||
|
|
||
| Guard Mode enforces all of your policies and asks for approval on anything outside them. | ||
|
|
||
| Beast Mode is for power users who want fewer interruptions. | ||
| It still blocks and surfaces dangerous transactions. | ||
|
|
||
| :::info | ||
|
|
||
| We recommend **Guard Mode** for most users. | ||
|
|
||
| ::: | ||
|
|
||
| ## Comparison | ||
|
|
||
| ### Guardrails | ||
|
|
||
| Policies enforced automatically before a transaction can proceed. | ||
|
|
||
| | Guardrail | Guard Mode | Beast Mode | | ||
| | ------------------------------- | ---------- | ---------- | | ||
| | Threat scanning | ✓ | ✓ | | ||
| | Network allowlist | ✓ | — | | ||
|
Check failure on line 44 in agent-wallet/reference/trading-modes.md
|
||
| | Address allowlist | ✓ | — | | ||
|
Check failure on line 45 in agent-wallet/reference/trading-modes.md
|
||
| | Token recipient allowlist | ✓ | — | | ||
|
Check failure on line 46 in agent-wallet/reference/trading-modes.md
|
||
| | Rolling 24-hour outflow limit\* | ✓ | — | | ||
|
|
||
| In Guard Mode, untrusted contracts, networks, and recipients are caught by your allowlists. | ||
| In Beast Mode there are no allowlists. | ||
|
|
||
| ### Requires 2FA approval | ||
|
|
||
| Transactions that pause the job until you approve or reject them. | ||
|
|
||
| | Condition | Guard Mode | Beast Mode | | ||
| | -------------------------------- | ---------- | ---------- | | ||
| | Malicious transactions | ✓ | ✓ | | ||
| | Risky contracts | ✓ | ✓ | | ||
| | Anything outside your allowlists | ✓ | — | | ||
|
Check failure on line 60 in agent-wallet/reference/trading-modes.md
|
||
| | Raising your outflow limit | ✓ | — | | ||
|
Check failure on line 61 in agent-wallet/reference/trading-modes.md
|
||
|
|
||
| In Beast Mode, only malicious and risky transactions trigger approval. | ||
|
|
||
| :::note | ||
|
|
||
| See [Outflow policy](outflow-policy.md) for how outflows are tracked. | ||
|
|
||
| ::: | ||
|
|
||
| ## Set your trading mode | ||
|
|
||
| Set the mode with the `--mode` flag, or pick it at the interactive prompt: | ||
|
|
||
| ```bash | ||
| mm init --mode guard # or --mode beast | ||
| ``` | ||
|
|
||
| ## How 2FA approval works | ||
|
|
||
| When a transaction needs approval, the CLI pauses the job until you approve or reject it. | ||
| The agent cannot proceed on a flagged or policy-violating transaction without your response. | ||
|
|
||
| Your sign-in method during `mm login` determines where the approval request is sent: | ||
|
|
||
| | Sign-in method | Approval channel | | ||
| | ----------------------------- | --------------------------------- | | ||
| | MetaMask Mobile (QR code)\*\* | MetaMask Mobile push notification | | ||
| | Google or email | Email link | | ||
|
|
||
| \*\* QR code sign-in (`mm login qr`) is coming soon. | ||
|
|
||
| ## Switch modes | ||
|
|
||
| Re-run `mm init` with a different `--mode` value to change modes. | ||
| Confirm your active configuration with: | ||
|
|
||
| ```bash | ||
| mm init show | ||
| ``` | ||
|
|
||
| ## Outflow policy | ||
|
|
||
| Guard Mode enforces a rolling 24-hour outflow limit on server-wallet outgoing transfers. | ||
| You're prompted to set the limit on your first transaction, or when a transaction would exceed your | ||
| current limit. | ||
| If a transaction would exceed the limit, or you request a higher limit, the CLI requires | ||
| 2-factor authentication approval before the transaction proceeds. | ||
|
|
||
| See [Outflow policy](outflow-policy.md) for how outflows are calculated, what counts toward the | ||
| limit, and known limitations. | ||
Uh oh!
There was an error while loading. Please reload this page.