7. Security & Safety

Hypaw Terminal is designed to be non-custodial, isolated, and safe to use in live market conditions. While agents are automated, all critical actions — including trading and posting — are governed by user-controlled permissions.

This section explains how security works under the hood, how execution is isolated, and what controls are in place to prevent unintended behavior.

Wallet Permissions

Trading with Hyperliquid

  • When deploying a trading agent, you connect your wallet and approve permission for strategy execution.

  • All trades are signed and routed through Hyperliquid’s native execution layer.

  • You can revoke access at any time by disconnecting from Terminal or via wallet settings.

Key Facts:

  • No private keys are stored

  • Terminal cannot move funds independently

  • You retain full custody at all times

X (Twitter) Account Access

If using a Social Agent:

  • You must authorize Terminal via OAuth to post to your X (Twitter) account.

  • Only basic posting permission is requested — Terminal cannot read DMs, follow users, or manage your account.

You can revoke access instantly from your Twitter account settings.

Runtime Isolation

Each agent runs in a sandboxed environment. This ensures:

  • One agent cannot interfere with another

  • Agents cannot access shared data or credentials

  • Trigger evaluation and execution are compartmentalized

Isolation also allows Terminal to shut down or pause a specific agent without affecting your others.

Execution Controls

To prevent runaway behavior, every agent supports built-in safety parameters:

Control
Purpose

Max executions/hour

Prevent over-firing under volatile conditions

Cooldown windows

Enforce delay between repeated actions

Trigger thresholds

Ensure triggers are not too sensitive

Manual stop

Instantly deactivate any agent

These settings are enforced at runtime and in the deployment configuration itself. If an agent attempts to exceed limits, it’s automatically rate-limited or paused.

Failure Handling

If an action fails — for example:

  • Trade rejected by Hyperliquid

  • Posting API rate-limited

  • OAuth token expired

Then:

  • The agent logs the failure

  • The system enters a cooldown state

  • No further actions are taken until the issue is resolved or retried

You’re notified in the dashboard with a full log entry.

Testing Environment (Coming Soon)

A testing mode will allow agents to:

  • Simulate trigger evaluations

  • Produce log-only output without real trades or posts

  • Debug behavior safely before going live

This helps validate logic before funds or reputation are at risk.

Transparency

  • All actions, successes, and failures are visible in the Terminal UI.

  • Nothing happens in the background without being shown in logs or controls.

  • You have full auditability over your own agent history.

Next: 8. Reference & Resources → External links, FAQs, and where to learn more about MCP and Hypaw.

Previous6. Execution LogicNext8. Reference & Resources

Last updated