verticals

Set up Wallet-as-Bot for non-custodial automation

Sign a session policy your wallet enforces — caps you can't exceed, even by mistake

5-7 min · intermediate

What you'll have when finished

  • Configure hard caps your bots cannot exceed
  • Understand the forbidden-operations floor (setApprovalForAll, transfer, permit2_unlimited, etc.)
  • Know how to revoke a session instantly if you suspect compromise

Before you start

  • You sign typed data — read every cap and forbidden-op before signing.
  • Even with caps, this is non-custodial: you are responsible for your own keys.

Walkthrough

  1. Read the public policy

    Hit GET /api/wallet-sessions/policy first. Confirm the forbidden-operations floor matches what your wallet displays.

  2. Connect your wallet

    Trade → Wallet Sessions → Connect (RainbowKit / MetaMask).

  3. Configure caps

    Per-trade USD cap, session-total USD cap, expiry (≤ 30 days), allowed actions (swap/limit_order/rebalance).

    Success criteria: Per-trade cap ≤ $100k (hard floor) · Session-total cap ≤ $1M (hard floor) · Expiry ≤ 30 days (hard floor)

  4. Sign the EIP-712 typed data

    Your wallet shows the full policy — verify caps + forbidden ops. Reject if anything looks off.

  5. Test with a small trade

    Run one $20 swap through the session before delegating real capital. Verify the trade appears under the session in the UI.

What's next

Revocation takes effect server-side immediately — no further trades can be staged against the revoked session.