The agent's authority is bounded by three numbers and four flags. Setting them well is the difference between a useful assistant and a leverage point for an attacker.
The three numbers
Daily cap (EUR cents). Maximum agent spend in a 24-hour UTC window. Resets at midnight UTC. Default: €5. The reset is per-user, not per-action — racing concurrent actions can't combine to exceed the cap because the allowance ledger uses row-level locks.
Recommended starting points:
| User profile | Daily cap |
|---|---|
| First two weeks of agent use | €5 |
| Steady-state, x402 + portfolio Q&A only | €20-50 |
| Adding DCA + bridge rules | €100-500 |
| Production trading workflows | Talk to your Maestro CSM |
Per-tx cap (EUR cents). Hard ceiling on any single action. Default: €10. Set this lower than your daily cap so a single rogue action can't drain your budget. A €100 daily / €10 per-tx config means 10 distinct actions before exhaustion — each individually small.
Auto-confirm above (EUR cents). Default 0 (every action requires push confirmation). Setting this to e.g. 500 means actions above €5 prompt you to confirm before the executor runs. Iter-E doesn't yet wire the confirm-modal UX; for now treat this as a "future strict mode" toggle.
The four flags
x402 — auto-pay for HTTP 402 endpoints. Enable if you use paid APIs / on-demand compute / data feeds. Default off.
dca — recurring scheduled buys. Enable if you want to dollar-cost-average into XRP / BTC / ETH automatically. Each scheduled run consumes from your daily allowance. Default off.
bridge — auto-bridge rules. Enable if you want rebalancing across chains based on balance thresholds. Each bridge firing consumes from your daily allowance. Default off.
qa — conversational portfolio Q&A. Read-only. Doesn't consume allowance. Safe to enable by default.
Disabling a flag is the strongest control you have. If dca is off, the validator rejects any DCA action regardless of how the planner was tricked into emitting one.
When to disable the agent entirely
- After a suspicious entry in the action log
- Before a long trip / period of inattention
- When a wormhole / bridge incident is in progress (limits the blast radius)
- Whenever you're unsure
Disabling sets a soft flag: any in-flight action completes, no new actions accepted. The kill-switch is exposed on the overview page.
Reading your daily ledger
The overview page shows:
- Spent today (EUR)
- Cap today (EUR)
- Actions count
If actions count is climbing without spent climbing, the agent is doing portfolio QA — fine. If spent is climbing without you authorising new flows, dig into the action log immediately.
What you commit to
- Daily and per-tx caps are your responsibility to set sanely
- Flags are stronger than caps — disable use cases you don't need
- Treat the per-tx cap as the unit of acceptable loss in a worst-case attack
- A disabled agent is a safe agent
The final lesson covers auditing — the audit bundle format and what a regulator (or future-you) needs to verify the agent's behaviour cryptographically.