Agent Wallet
The agent wallet is the technical foundation of Autopilot's non-custodial design. Understanding it answers the most important question in automated trading: "Can Zirodelta take my money?"
The answer is no. Here is exactly why.
What an agent wallet is
Hyperliquid L1 has a native permission system called approveAgent. When you sign this transaction, you tell Hyperliquid: "The address I specify is allowed to submit signed orders on my behalf."
That is all it does. The agent gets signing authority for order actions. Nothing else.
The agent cannot:
Withdraw funds from your account
Transfer tokens to any address
Change your account settings
Access your private key or seed phrase
The agent can:
Place new orders (perp and spot)
Cancel existing orders
Close positions
This is precisely the set of operations Autopilot needs to function. And nothing beyond it.
The approval transaction
When you first activate Autopilot, you sign the following action on Hyperliquid L1:
This is an EIP-712 signed message. It is not a transaction that costs gas in the traditional sense. On Hyperliquid, this is an exchange action, not an EVM transaction. The cost is effectively zero.
After signing, this approval is stored on Hyperliquid L1. Zirodelta's backend can now sign orders with the agent key, and Hyperliquid will accept and execute them from your account.
How orders are signed and submitted
Autopilot's backend holds the agent private key for your account. When Autopilot needs to open or close a position, it:
Constructs the order payload (asset, size, direction, type)
Signs the payload with the agent private key
Submits the signed order to Hyperliquid's exchange API
Hyperliquid validates the signature against the stored approveAgent record and, if valid, executes the order. The result. The filled position. Appears on your Hyperliquid account under your address.
What Zirodelta sees vs. What it controls
Your account's open positions
Placing orders from your account
Your collateral balance (read-only)
Cancelling orders from your account
Your funding history (read-only)
Closing positions from your account
Your equity curve (read-only)
Nothing else
Zirodelta's backend reads your account state via Hyperliquid's public API (clearinghouseState, portfolio). These are the same endpoints available to any public caller. Zirodelta does not have privileged access to your account data beyond what any API caller can read.
Revoking the agent
You can revoke Autopilot's access at any time by going to app.hyperliquid.xyz → Settings → API and revoking the agent from there. This is an immediate, on-chain revocation. Once revoked, Zirodelta's backend cannot submit any new orders from your account.
Any open positions that Autopilot was managing remain open after revocation. You will need to close them manually, or re-authorize the agent and let Autopilot close them cleanly.
Builder fee approval
Alongside approveAgent, you will also sign approveBuilderFee. A separate one-time authorization for Zirodelta to collect its 5 bps builder fee on your perp orders. This is also signing-authority only: it authorizes a fee on orders you place, not any withdrawal or transfer.
Both approvals are separate and both can be revoked independently.
Security posture
Zirodelta's agent infrastructure is designed with separation of concerns:
The agent private key is stored in a secured backend environment, not exposed to the web frontend
The agent key is different from Zirodelta's treasury/operator keys
If the agent key were somehow compromised, the attacker could place and cancel orders on affected accounts. They could not withdraw funds
This is the strongest non-custodial guarantee available on Hyperliquid today. It is built into the L1 protocol, not a Zirodelta smart contract abstraction.
See also: Autopilot Overview · Delta-Neutral Explained
Last updated
Was this helpful?