← Back to blog
Agent Infrastructure · 5 min read · March 2026

Why Your AI Agent
Needs Its Own Wallet

Giving an agent access to shared API credentials is the equivalent of handing your intern a company credit card with no limit and no audit trail. Agent-owned, policy-bound wallets are the right model — here's the case for them and how to set one up in minutes.

5 min read

The shared credential problem

Today's AI agents typically get access to paid services the same way a developer does: an API key in an environment variable, a shared billing account, or a service account attached to the company's credit card. This works fine for a single agent running one task. It breaks down quickly as your agent infrastructure scales.

Consider what happens when you have ten agents running in parallel — a research agent, a trading agent, a customer service agent, a code review agent. They all share the same billing account. One misbehaving agent can exhaust the budget for all of them. You have no per-agent spending visibility. You can't rotate one agent's credentials without rotating them all. And if you want to grant a sub-agent access to a specific paid service, you have no way to scope that access.

Shared credentials Agent-owned wallet
One agent can spend the entire budget Per-agent spending limits enforced at the protocol level
No per-agent audit trail Every payment cryptographically linked to the agent identity
Credential rotation affects all agents Each agent's wallet is independently managed
Can't scope access to specific services Spending policies whitelist allowed recipients and amounts
Custodial: the API key is the credential Non-custodial: agent controls its own wallet address

What an agent wallet actually is

An agent wallet in Proco is a non-custodial wallet address deterministically derived from an agent ID — a cryptographic identifier that represents the agent's identity independent of any particular session or deployment. The agent signs payment authorizations with its private key; Proco validates the signature and executes settlement.

This is meaningfully different from an API key. An API key is a bearer token: whoever holds it can spend. A wallet address is an identity: only the agent holding the private key can authorize payments. You can publish an agent's wallet address publicly without enabling anyone to spend from it.

Non-custodial by design: Proco never holds your agents' private keys. Keys are generated locally and stored in your environment. Proco provides the payment infrastructure — validation, settlement, policy enforcement — but has no ability to move funds without an agent-signed authorization.

Setting up an agent wallet

Provisioning a wallet for a new agent takes three lines:

provision-agent.ts
import { ProcoAgent } from '@proco/sdk'; // Create a new agent identity (deterministic from agentId) const agent = await ProcoAgent.create({ agentId: 'research-agent-v2', label: 'Market Research Agent', network: 'base', }); console.log(agent.walletAddress); // 0x7f3a9b2c... console.log(agent.agentId); // research-agent-v2

Defining spending policies

Spending policies are the guardrails that make agent autonomy safe. They're evaluated locally before any payment request reaches the network, so they can't be bypassed by a compromised agent attempting to spend beyond its limits:

spending-policy.ts
const agent = await ProcoAgent.create({ agentId: 'trading-agent-v1', network: 'base', spendingPolicy: { // Hard limits maxPerTransaction: '10.00', // USD — reject single payments over $10 dailyLimit: '100.00', // USD — hard daily cap monthlyLimit: '2000.00', // USD — monthly ceiling // Recipient controls allowedRecipients: [ // whitelist of wallet addresses '0x742d35Cc6634C0532925a3b8D4C9b3e57', // market data vendor '0x8B4A9f2e1c3D5E6f7A8B9C0D1E2F3A4B', // execution venue ], // Approval requirements requireApprovalAbove: '50.00', // USD — flag for human review cooldownSeconds: 60, // min seconds between payments }, });

Topping up an agent's balance

Agents receive funds via transfer from your treasury account. You can set up automatic top-ups triggered when the balance falls below a threshold, or fund manually from your dashboard:

fund-agent.ts
import { ProcoTreasury } from '@proco/sdk'; const treasury = new ProcoTreasury({ apiKey: process.env.PROCO_API_KEY }); // One-time fund await treasury.fundAgent({ agentId: 'research-agent-v2', amount: '50.00', }); // Or set up auto top-up await treasury.setAutoTopup({ agentId: 'research-agent-v2', triggerBelowAmount: '5.00', // refill when balance drops below $5 topupAmount: '25.00', // refill to $25 });

Audit trail and observability

Every payment made by an agent is recorded with the agent ID, wallet address, recipient, amount, purpose memo, and a cryptographic receipt. Your dashboard gives you per-agent spend breakdowns, policy violation alerts, and a full transaction history you can export for accounting.

When something goes wrong — an agent spending more than expected, a payment to an unexpected recipient — you have the data to investigate. The audit trail is immutable and doesn't depend on your own logging infrastructure working correctly.

What to read next

Give your agents their own wallets

Free sandbox on signup. No credit card. Live in 10 minutes.

Start building free →