COD3X agents trade perpetual futures on Hyperliquid with real capital. They open positions, set stop-losses, close trades, and manage portfolios. They do all of this without ever holding your private keys.
This isn't a feature. It's a design principle.
How It Works#
Authentication#
Users connect to COD3X through standard Web3 authentication:
- Wallet connection via Wagmi — MetaMask, Coinbase Wallet, WalletConnect, or any EIP-1193 compatible wallet
- Sign-In with Ethereum (SIWE) — Cryptographic proof of wallet ownership without exposing private keys
- Session token — JWT issued after SIWE verification, used for subsequent API calls
At no point does COD3X receive, store, or have access to your private key or seed phrase. Authentication proves you own an address. It doesn't grant custody.
Agent Trade Execution#
When an agent decides to make a trade, here's what happens:
- Agent generates a trade intent — "Short BTC-PERP, $1,000, 2x leverage, market order"
- Intent is validated against risk parameters
- The execution layer constructs the order for Hyperliquid's API
- Order is submitted through the user's authenticated Hyperliquid session
- Hyperliquid executes the trade against the user's account
The agent operates within the permissions the user has granted to their Hyperliquid account. It doesn't sign transactions on the user's behalf — it submits orders through an authorized API session.
What the Platform Can Do#
- Submit orders on supported venues (with user-granted permissions)
- Read account balances and positions
- Set and modify stop-loss / take-profit levels
- Cancel pending orders
What the Platform Cannot Do#
- Transfer funds out of your account
- Withdraw to external addresses
- Access your wallet private key
- Move tokens between wallets
- Approve smart contract interactions on your behalf
The asymmetry is intentional. Agents need trade execution permissions to be useful. They don't need (and never receive) custody permissions.
Permission Model#
Permissions are granular and explicitly granted:
Monitoring-only mode is a valid configuration. An agent with read-only permissions can analyze markets, generate trade recommendations, and send alerts — without executing anything.
Audit Trail#
Every action is logged with:
- Timestamp (millisecond precision)
- Action type (order submitted, position modified, goal executed)
- Agent ID and goal ID that triggered the action
- Full reasoning chain from the AI model
- Order details (symbol, side, size, price)
- Execution result (filled, rejected, partial fill)
The audit trail is immutable within the platform. For users who want permanent, verifiable records, the Irys integration stores reasoning chains and execution logs on-chain with cryptographic timestamps.
Session Security#
JWT Tokens#
API sessions use JWT tokens with configurable expiry. Tokens are:
- Signed with per-user secrets
- Expire after a configurable period
- Revocable at any time by the user
- Scoped to specific permissions
Logging out invalidates all active sessions immediately.
WebAuthn / FIDO2#
For users who want hardware-level security, COD3X supports WebAuthn authentication:
- Physical security keys (YubiKey, etc.)
- Biometric authentication (fingerprint, face recognition)
- Phishing-resistant — domain-bound credentials can't be replayed
WebAuthn adds a second factor that can't be intercepted by phishing attacks, even if a user's password is compromised.
Multi-Provider Auth#
Authentication supports multiple providers:
- Wallet — SIWE (primary for Web3 users)
- OAuth — Google, GitHub, Discord, Apple
- WebAuthn — Hardware security keys
Users can link multiple auth methods to the same account for redundancy.
The Telegram Plugin Example#
The upcoming Telegram plugin lets users monitor and control agents from Telegram. Even through this remote interface:
- The plugin cannot access wallet keys
- The plugin cannot move funds
- The plugin can trigger goals (if the user grants that permission)
- The plugin can pause/resume agents
- The plugin can send alerts and reports
Remote control doesn't mean remote custody. The permission model applies uniformly across all interfaces — web terminal, Telegram, API, or any future integration.
Comparison to Custodial Alternatives#
Some trading platforms and bot services require you to deposit funds into their wallets or grant full trading API keys with withdrawal permissions. The risks:
- Platform compromise — If the platform is hacked, your funds are stolen
- Insider theft — Employees with access to hot wallets can take funds
- Regulatory seizure — Funds in a platform's custody can be frozen
- Rug pull — The platform itself can disappear with deposits
COD3X eliminates all four risks by never holding your funds. There's nothing to hack, nothing to steal, nothing to seize, and nothing to rug. Your capital stays in your wallet and your exchange account — the platform is a control layer, not a custody layer.
Your keys, your funds, your control. COD3X agents trade on your behalf without ever holding your private keys. Non-custodial isn't a checkbox — it's the architecture.
