Custody & Security

Trustless operations for institutional desks

HyperAgent orchestrates Hyperliquid trades without ever asking for your private key. Custody remains on your workstation or MPC, while the Brain provides governance, alerts, and audit-ready runbooks.

Download the trustless onboarding guide Inspect signed performance logs

Keys stay client-side

Client signer / MPC handles every signature; HyperAgent only stores allowlisted public keys plus scopes encrypted with FIPS 140-2 KMS.

API scopes with guardrails

Withdrawal permissions are never requested. Trading scopes are rotated every 30 days with on-chain attestations.

Auditable brain & ticketing

ErrorWatcher auto-opens support tickets + SES alerts, creating a tamper-proof incident trail for compliance.

Architecture Diagram

Custody pipeline

Three isolated planes keep risk contained: client signer (custody), BrainCenter (strategy), and Hyperliquid (execution). Only signed payloads traverse the boundary.

Client Signer

Laptop, HSM, or MPC cluster that owns the private key.

Signs `SIGN_REQUEST` digests
Streams heartbeat to Redis
No secrets leave the host

BrainCenter

Analyst → Boss → Executor pipeline with ErrorWatcher and ticketing.

Validates VaR + incident state
Queues signature requests
Logs SHA-256 proofs

Hyperliquid Venue

Receives signed orders with `tif` + `reduce_only` controls.

REST/Websocket confirmation
Responses mirrored in dashboard
Order IDs shared with investors

Safety Layer

17 Active Gates

Pre-trade validation: edge, spread, funding, trend, volatility, regime, and more.

Unified Direction Gates V2 with 9-factor weighted scoring - zero hardcoded rules.

Safety Layer

Circuit Breaker & Watchdog

Max 10 restarts/hour prevents crash loops. Auto-disable with Telegram alerts.

Safety Watchdog monitors positions 24/7 with independent stop-loss enforcement.

Observability

Continuous monitoring + ticketing

ErrorWatcher tails Brain logs, raises CRITICAL tickets, and emails compliance via SES. Alerts include log context, VaR limit breached, and direct links to mission control kill switches.

HyperAlpha Daily (SES) stitches PnL, open orders, and ticket status into an investor-ready digest every morning.

Support tickets sync with the admin dashboard so Ops can escalate, acknowledge, and close incidents with audit timestamps.

Invite-only RSS + Slack hooks broadcast the same feed, ensuring no alert is missed even when not logged into the app.

Review VaR + ErrorWatcher playbook Talk to security engineering

Downloadable evidence kit

Share the HyperSniper case study PDF, `/resources/live-pnl` equity proofs, and session logs with LPs. Every artifact is hashed and timestamped so due diligence teams can verify independently.

View the live PnL hub Download the PDF proof

Custody Brief (PDF)SVG MD