1. Why we never ask for a private key

Secrets stay on the client device. HyperAgent only stores encrypted API scopes with Fernet + KMS and rotates them through admin tooling.

2. Client signer and MPC

Use the `client_signer` module on Linux/macOS or connect your favorite MPC provider (quorum >= 2).

Brain Control Center lets you switch TESTNET <-> MAINNET in seconds with granular RBAC + audit logs.

`TRUSTLESS_SETUP.md` plus ErrorWatcher define revocation, rotation, and Slack/SES alert flows.

Deliverables: Downloadable checklist, scripts `bin/env-shell.sh`, `run-script.sh`, and a customer-facing video walkthrough.