Custody & Security

Trustless operations for institutional desks

HyperAgent orchestrates Hyperliquid trades without ever asking for your private key. Custody remains on your workstation or MPC, while the Brain provides governance, alerts, and audit-ready runbooks.

Download the trustless onboarding guide Inspect signed performance logs

Keys stay client-side

Client signer / MPC handles every signature; HyperAgent only stores allowlisted public keys plus scopes encrypted with FIPS 140-2 KMS.

API scopes with guardrails

Withdrawal permissions are never requested. Trading scopes are rotated every 30 days with on-chain attestations.

Auditable brain & ticketing

ErrorWatcher auto-opens support tickets + SES alerts, creating a tamper-proof incident trail for compliance.

Architecture Diagram

Custody pipeline

Three isolated planes keep risk contained: client signer (custody), BrainCenter (strategy), and Hyperliquid (execution). Only signed payloads traverse the boundary.

Client Signer

Laptop, HSM, or MPC cluster that owns the private key.

Signs `SIGN_REQUEST` digests
Streams heartbeat to Redis
No secrets leave the host

BrainCenter

Analyst → Boss → Executor pipeline with ErrorWatcher and ticketing.

Validates VaR + incident state
Queues signature requests
Logs SHA-256 proofs

Hyperliquid Venue

Receives signed orders with `tif` + `reduce_only` controls.

REST/Websocket confirmation
Responses mirrored in dashboard
Order IDs shared with investors

Dual mode

Testnet rehearsal

Clone agents, prompts, and VaR limits into TESTNET before unlocking MAINNET.

Mission Control exposes a single toggle with RBAC + audit logs.

Dual mode

Mainnet execution

Executor validates wallet balances + ErrorWatcher status before firing orders.

Every signature references the client signer heartbeat to prove custody never moved.

Observability

Continuous monitoring + ticketing

ErrorWatcher tails Brain logs, raises CRITICAL tickets, and emails compliance via SES. Alerts include log context, VaR limit breached, and direct links to mission control kill switches.

HyperAlpha Daily (SES) stitches PnL, open orders, and ticket status into an investor-ready digest every morning.

Support tickets sync with the admin dashboard so Ops can escalate, acknowledge, and close incidents with audit timestamps.

Invite-only RSS + Slack hooks broadcast the same feed, ensuring no alert is missed even when not logged into the app.

Review VaR + ErrorWatcher playbook Talk to security engineering

Downloadable evidence kit

Share the HyperSniper case study PDF, `/resources/live-pnl` equity proofs, and session logs with LPs. Every artifact is hashed and timestamped so due diligence teams can verify independently.

View the live PnL hub Download the PDF proof

Custody Brief (PDF)SVG MD