Skip to content
Helm Docs

Agent Permissions

Agent permissions let a user give an external agent or app limited wallet access.

The user chooses:

  • agent or app name
  • token
  • spending limit
  • reset period
  • optional recipient rules

Helm authorizes the key on Tempo, then stores only metadata. The external agent keeps its own key.

What an agent can do

For the first public version, agents can request Tempo token transfers.

If the request is inside the saved policy, Helm returns the transfer plan. If the request is outside policy but still user-approvable, Helm shows the request to the user.

What approval means

Approving a request does not give broad access.

It approves one exact signed request:

  • same agent key
  • same token
  • same recipient
  • same raw amount
  • same nonce
  • same expiry

Tempo still enforces the on-chain keychain budget and call scope.

Revocation

The user can revoke an agent permission from Helm.

After revocation, the agent should generate a fresh key before asking for new access. Reusing a revoked key is not supported.