Enforcement
On-chain, not in middleware
Per-tx, daily, and hourly limits live on the AgentWallet PDA. The Anchor program rejects anything outside policy — no backend override exists.
Whitelist
TTL-bound recipients
External recipients carry a TTL and an approved-amount cap. The WhitelistEntry PDA auto-closes on-chain when the cap is consumed.
Blast radius
No private key for the agent
Agents authenticate with a scoped API key. Limits hold even if the backend is breached, the agent is prompt-injected, or the key is leaked.