AI Agent OSGuarded mainnet beta. .rama identity, smart wallets, sponsored gas, permissions and scheduling are available for controlled testing.Open Agent OS
Learning center

AI Agent OS

Smart Wallets for Controlled AI Agents

Learn why an agent should use a dedicated smart wallet instead of a controller’s unrestricted wallet key.

In this guide

Practical outcomes

  • Isolate agent funds
  • Configure wallet ownership
  • Limit blast radius

How this works in practice

Learn why an agent should use a dedicated smart wallet instead of a controller’s unrestricted wallet key.

A controlled agent separates the controller from the runtime. The controller owns the agent identity and defines policy, while a smart wallet, permission rules, quotas, relayer and scheduler constrain what the runtime can actually execute.

Implementation sequence

Turn the topic into a controlled implementation rather than a one-off transaction. Each step below should leave evidence a teammate, user or auditor can independently review.

  1. 01. Isolate agent funds. Define the expected result, capture the relevant onchain or operational evidence, and stop for review if the result differs from the plan.
  2. 02. Configure wallet ownership. Define the expected result, capture the relevant onchain or operational evidence, and stop for review if the result differs from the plan.
  3. 03. Limit blast radius. Define the expected result, capture the relevant onchain or operational evidence, and stop for review if the result differs from the plan.

Evidence to retain

Record the .rama identity, controller, wallet, policy version, approval event, task identifier and resulting transaction hash. This makes a decision traceable without giving the agent unrestricted custody.

Control point

Start with small allocations, explicit recipient and contract allowlists, bounded session keys and a tested pause path. An automated workflow must never be the only place where authority or recovery knowledge exists.

Related guides