# Agent Wallet

The agent wallet is the technical foundation of Autopilot's non-custodial design. Understanding it answers the most important question in automated trading: "Can Zirodelta take my money?"

The answer is no. Here is exactly why.

## What an agent wallet is

Hyperliquid L1 has a native permission system called `approveAgent`. When you sign this transaction, you tell Hyperliquid: "The address I specify is allowed to submit signed orders on my behalf."

That is all it does. The agent gets signing authority for order actions. Nothing else.

The agent **cannot**:

* Withdraw funds from your account
* Transfer tokens to any address
* Change your account settings
* Access your private key or seed phrase

The agent **can**:

* Place new orders (perp and spot)
* Cancel existing orders
* Close positions

This is precisely the set of operations Autopilot needs to function. And nothing beyond it.

## The approval transaction

When you first activate Autopilot, you sign the following action on Hyperliquid L1:

```json
{
 "type": "approveAgent",
 "agentAddress": "0x<ZIRODELTA_AGENT_ADDRESS>",
 "agentName": "Zirodelta",
 "nonce": <unix_ms>
}
```

This is an EIP-712 signed message. It is not a transaction that costs gas in the traditional sense. On Hyperliquid, this is an exchange action, not an EVM transaction. The cost is effectively zero.

After signing, this approval is stored on Hyperliquid L1. Zirodelta's backend can now sign orders with the agent key, and Hyperliquid will accept and execute them from your account.

## How orders are signed and submitted

Autopilot's backend holds the agent private key for your account. When Autopilot needs to open or close a position, it:

1. Constructs the order payload (asset, size, direction, type)
2. Signs the payload with the agent private key
3. Submits the signed order to Hyperliquid's exchange API

Hyperliquid validates the signature against the stored `approveAgent` record and, if valid, executes the order. The result. The filled position. Appears on your Hyperliquid account under your address.

## What Zirodelta sees vs. What it controls

| What Zirodelta sees                 | What Zirodelta controls             |
| ----------------------------------- | ----------------------------------- |
| Your account's open positions       | Placing orders from your account    |
| Your collateral balance (read-only) | Cancelling orders from your account |
| Your funding history (read-only)    | Closing positions from your account |
| Your equity curve (read-only)       | Nothing else                        |

Zirodelta's backend reads your account state via Hyperliquid's public API (`clearinghouseState`, `portfolio`). These are the same endpoints available to any public caller. Zirodelta does not have privileged access to your account data beyond what any API caller can read.

## Revoking the agent

You can revoke Autopilot's access at any time by going to **app.hyperliquid.xyz → Settings → API** and revoking the agent from there. This is an immediate, on-chain revocation. Once revoked, Zirodelta's backend cannot submit any new orders from your account.

Any open positions that Autopilot was managing remain open after revocation. You will need to close them manually, or re-authorize the agent and let Autopilot close them cleanly.

## Builder fee approval

Alongside `approveAgent`, you will also sign `approveBuilderFee`. A separate one-time authorization for Zirodelta to collect its 5 bps builder fee on your perp orders. This is also signing-authority only: it authorizes a fee on orders you place, not any withdrawal or transfer.

Both approvals are separate and both can be revoked independently.

## Security posture

Zirodelta's agent infrastructure is designed with separation of concerns:

* The agent private key is stored in a secured backend environment, not exposed to the web frontend
* The agent key is different from Zirodelta's treasury/operator keys
* If the agent key were somehow compromised, the attacker could place and cancel orders on affected accounts. They could not withdraw funds

This is the strongest non-custodial guarantee available on Hyperliquid today. It is built into the L1 protocol, not a Zirodelta smart contract abstraction.

> **See also:** [Autopilot Overview](/autopilot/overview.md) · [Delta-Neutral Explained](/autopilot/delta-neutral-explained.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zirodelta.com/autopilot/agent-wallet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.