Give your AI agents
a wallet they can
actually use.
MOSS is the execution and permission layer for AI agents in crypto applications. No private key exposure. No escrow contracts. No human approval loops.
Every alternativehas a fatal flaw.
Developers building agents on crypto have tried three approaches. Each breaks in a different way..
Raw EOA + private key
Give the agent a wallet it "owns" directly. The most common approach. The most dangerous.
- One leaked key means total, irreversible loss. No recovery path.
- The agent has unconstrained access. There is no permission layer.
- No revocation. You can't narrow what the agent can do after the fact.
- Can't scope by app, time window, or spend amount.
const wallet = new ethers.Wallet( process.env.AGENT_PRIVATE_KEY ); // If this leaks: // total loss, no limits, no revocation
Custom escrow contracts
Deploy a contract that holds user funds. The agent draws from it within rules you define in Solidity.
- Users must deposit funds before the agent can operate.
- Every new rule requires a contract deployment or upgrade.
- New attack surface. Smart contract bugs mean drained escrows.
- 3–6 weeks of engineering before you have a working prototype.
contract AgentEscrow {
mapping(address => uint256) limits;
// Audit this. Then audit again.
// Then deploy. Then upgrade.
}Human wallet SDKs
Bolt an existing embedded wallet (Privy, Dynamic, Turnkey) onto your agent flow. Built for humans, not agents.
- Every action interrupts with an approval popup. Agents can't click "Confirm."
- Session keys exist as afterthoughts, not first-class primitives.
- No natural language → policy compiler. You write JSON schemas by hand.
- Cross-app execution requires separate wallet connections per app.
await wallet.sendTransaction(tx); // "Please confirm this in your wallet" // Agent stalls. User is not there.
Identity, Wallet, Permissions, Clean separation
const identity = {
type: "service",
address: agentServiceAddress,
};
await mega.initialise({
network: "mainnet",
sponsorUrl: "YOUR_PAYMASTER",
});
const { status } = await mega.grantPermissions({
permissions: {
expiry: now + 86_400,
permissions: {
calls: [{ to: wcmContractAddress, signature: "executeLimitOrder(uint256)" }],
spend: [{ limit: Value.fromEther("5"), period: "day" }],
},
},
});
// status === "approved"
// identity stays separate from wallet keysIdentity. Wallet. Permissions. Clean separation.
OWS wallet address, service identity, or social credential. The agent never holds a private key.
const identity = {
type: "service",
address: agentServiceAddress,
};
await mega.initialise({
network: "mainnet",
sponsorUrl: "YOUR_PAYMASTER",
});
const { status } = await mega.grantPermissions({
permissions: {
expiry: now + 86_400,
permissions: {
calls: [{ to: wcmContractAddress, signature: "executeLimitOrder(uint256)" }],
spend: [{ limit: Value.fromEther("5"), period: "day" }],
},
},
});
// status === "approved"
// identity stays separate from wallet keysPlain language becomesEnforceable policy.
Users describe what they want. MOSS compiles it into a precise JSON permission schema, presents a human-readable summary for approval, and the agent is live. No JSON editing. No session key schemas. One approval.
User Input
“Trade up to 5 ETH on WCM, 0.5 ETH on Kumbaya's launchpad, and use 0.25 ETH on Euphoria — for the next 2 days.”
Compiled Policy
SDK Call
await mega.grantPermissions({
permissions: {
expiry: now + 172_800,
permissions: {
calls: [
{ to: wcmAddr, signature: "executeLimitOrder(uint256)" },
{ to: kumbayaAddr, signature: "swap(bytes,uint256)" },
{ to: euphoriaAddr, signature: "mint(uint256)" },
],
spend: [
{ limit: fromEther("5"), period: "day" },
{ limit: fromEther("0.5"), period: "day" },
{ limit: fromEther("0.25"), period: "day" },
],
},
},
});Approve (once),Execute (forever).
Once a user approves a permission policy, the agent operates silently within those bounds — no confirmation popups, no user present required. When the permission expires or is revoked, execution stops immediately.
Software-speed execution
Responds in <10ms on MegaETH. Your agent doesn't wait for block confirmations.
Responds in <10ms on MegaETH. Your agent doesn't wait for block confirmations.
No key management
Session keys live inside MOSS infrastructure. Your agent code never touches them.
Session keys live inside MOSS infrastructure. Your agent code never touches them.
Enforced at account level
Spend limits and app scope are enforced by the smart account itself — not middleware you maintain.
Spend limits and app scope are enforced by the smart account itself — not middleware you maintain.
No escrow contracts
Users don't deposit funds first. Permissions apply to the wallet directly. Zero contract deployment.
Users don't deposit funds first. Permissions apply to the wallet directly. Zero contract deployment.
Instant revocation
Call mega.revokePermissions() and the agent is stopped immediately, no transaction needed.
Call mega.revokePermissions() and the agent is stopped immediately, no transaction needed.
await mega.grantPermissions({
permissions: {
expiry: now + 86_400,
permissions: {
calls: [{ to: wcmContractAddress, signature: "executeLimitOrder(uint256)" }],
spend: [{ limit: Value.fromEther("5"), period: "day" }],
},
},
});
if (ethPrice <= targetPrice) {
const result = await mega.callContract({
address: wcmContractAddress,
abi: wcmAbi,
functionName: "executeLimitOrder",
args: [orderId],
silent: true,
});
}
Five agent patternsReady to build.
Each use case runs on the same SDK. Different permissions, same wallet.
Autonomous Trading
An agent executes a limit order or rebalancing strategy with defined spend limits and a time window. No approvals for individual transactions — the strategy runs from the moment conditions are met.
Works without deploying any contracts. Session key enforcement handles authorization at the account level.
Spend limits per day, per session, or per action. Agent cannot exceed them regardless of what the strategy requests.
Spend limits per day, per session, or per action. Agent cannot exceed them regardless of what the strategy requests.
Receipts in <10ms. Limit order strategies viable at software cadence, not block time.
This is the primary launch narrative and demo
await mega.grantPermissions({
permissions: {
expiry: now + 86_400,
permissions: {
calls: [{ to: wcmContractAddress, signature: "executeLimitOrder(uint256)" }],
spend: [{ limit: Value.fromEther("5"), period: "day" }],
},
},
});
if (ethPrice <= targetPrice) {
await mega.callContract({
address: wcmContractAddress,
abi: wcmAbi,
functionName: "executeLimitOrder",
args: [orderId],
silent: true,
});
}
Cross-App DeFi
An agent manages positions across multiple DeFi protocols — rebalancing, harvesting yields, and compounding — all from a single wallet with scoped permissions per app.
One wallet interacts with multiple protocols. No separate connections or approvals per app.
Per-app spend limits ensure the agent can't drain funds from one protocol to another.
Automatic yield harvesting and compounding without user intervention.
Real-time execution means DeFi strategies react to market conditions instantly.
Cross-protocol arbitrage becomes viable at software speed.
await mega.grantPermissions({
permissions: {
expiry: now + 86_400,
permissions: {
calls: [
{ to: aaveAddress, signature: "supply(address,uint256,address,uint16)" },
{ to: uniswapAddress, signature: "swap(bytes,uint256)" },
{ to: curveAddress, signature: "exchange(int128,int128,uint256,uint256)" },
],
spend: [{ limit: fromEther("10"), period: "day" }],
},
},
});
await mega.callContract({
address: uniswapAddress,
abi: routerAbi,
functionName: "swap",
args: [params],
silent: true,
});
Game Automation
An agent plays on behalf of the user — executing in-game transactions, claiming rewards, and managing inventory without requiring approval for every action.
Time-boxed sessions let agents play for defined periods then automatically expire.
In-game spend caps prevent agents from over-spending on items or upgrades.
Instant transaction confirmation keeps gameplay smooth and responsive.
No wallet popups interrupting the game loop.
Perfect for idle games, auto-battlers, and strategy games.
await mega.grantPermissions({
permissions: {
expiry: now + 3_600,
permissions: {
calls: [{ to: gameContract, signature: "executeMove(uint256)" }],
spend: [{ limit: fromEther("0.5"), period: "hour" }],
},
},
});
while (sessionActive) {
await mega.callContract({
address: gameContract,
functionName: "executeMove",
args: [move],
silent: true,
});
}
Personal Finance
An agent manages recurring payments, savings allocations, and bill payments — executing financial operations on a schedule without manual intervention.
Scheduled transactions execute automatically at defined intervals.
Spending categories with individual limits prevent overspending.
Automatic savings allocation moves funds to savings on payday.
Bill payment automation ensures no missed payments.
Full audit trail of every transaction the agent executes.
await mega.grantPermissions({
permissions: {
expiry: now + 2_592_000,
permissions: {
calls: [
{ to: savingsContract, signature: "deposit(uint256)" },
{ to: billPayContract, signature: "pay(address,uint256)" },
],
spend: [{ limit: fromEther("2"), period: "day" }],
},
},
});
await mega.callContract({
address: savingsContract,
abi: savingsAbi,
functionName: "deposit",
args: [fromEther("0.1")],
silent: true,
});
Coming Soon
Autonomous Trading
An agent executes a limit order or rebalancing strategy with defined spend limits and a time window. No approvals for individual transactions — the strategy runs from the moment conditions are met.
Works without deploying any contracts. Session key enforcement handles authorization at the account level.
Spend limits per day, per session, or per action. Agent cannot exceed them regardless of what the strategy requests.
Spend limits per day, per session, or per action. Agent cannot exceed them regardless of what the strategy requests.
Receipts in <10ms. Limit order strategies viable at software cadence, not block time.
This is the primary launch narrative and demo
await mega.grantPermissions({
permissions: {
expiry: now + 86_400,
permissions: {
calls: [{ to: wcmContractAddress, signature: "executeLimitOrder(uint256)" }],
spend: [{ limit: Value.fromEther("5"), period: "day" }],
},
},
});
if (ethPrice <= targetPrice) {
await mega.callContract({
address: wcmContractAddress,
abi: wcmAbi,
functionName: "executeLimitOrder",
args: [orderId],
silent: true,
});
}