Agent wallet deep dive (for engineers)

Your main wallet (MetaMask + hardware optional) holds the EVM main key. The Botely wizard generates a separate keypair in your browser (the agent) and asks your main wallet to sign an EIP-712 `approveAgent` action that authorises the agent to sign trading actions for your main account.

After approval, the signed `approveAgent` payload + the agent's encrypted private key are stored server-side. The bot's runner loads + decrypts the bundle every tick, signs `place`/`cancel` order actions for your account, and submits them to Hyperliquid's `/exchange` endpoint.

The EIP-712 `approveAgent` action is a structured typed-data message with `agentAddress` (the new agent's EVM address), `agentName` (a human-readable label, set to "Botely"), `nonce` and `time`. It's signed by your main wallet and submitted to Hyperliquid.

Once accepted, Hyperliquid's validators record the agent → main-account binding. Subsequent trading actions signed by the agent are validated against this binding and applied to your main account's balance.

Every tick (~30s) the strategy runner: (a) loads your config row from Postgres including the encrypted agent bundle, (b) AES-256-GCM-decrypts the bundle using the master key in process memory, (c) signs a fresh `place` or `cancel` order action with viem, (d) submits to Hyperliquid REST, (e) discards the plaintext key.

Plaintext lifetime is ~10ms inside one Node.js function frame. No plaintext touches disk, no plaintext appears in logs, no plaintext is sent over the network beyond the signed payload.

Exfiltration of the encrypted bundle alone: useless without the master key.

Exfiltration of bundle + master key (e.g. full server compromise): attacker can sign trades on your account within HL's trading-only authority and within Botely's server-side market whitelist. Cannot withdraw. Mitigation: wallet-side revoke instantly invalidates the agent.

Malicious Botely insider modifying the runner to sign on non-whitelisted markets: residual risk, mitigated by code review + change management + audit logging. Honestly disclosed in Risk Disclosure §7A.4.

Phishing user into approving a fake agent: real risk; the wizard shows the agent address before you sign — always verify the address starts with `0x` and matches what the wizard displays.