Skip to main content
Build AI agents, trading bots, and automated systems that execute onchain transactions for users—securely, with user-defined limits, across any chain.

The Agent Problem

Today’s onchain agents face a fundamental challenge: they need to transact, but users don’t trust them with private keys. Traditional solutions are broken:
ApproachProblem
Share private keysUsers won’t do it (rightfully so)
Custodial walletsRegulatory nightmare, trust issues
Approve max tokensOne exploit drains everything
Sign every actionDefeats the purpose of automation

Smart Sessions: The Solution

Smart Sessions let users grant scoped, time-limited, revocable permissions to your agent. The agent can act autonomously within those bounds—enforced by smart contracts, not trust. 
User grants permission → Agent acts within limits → Smart contract enforces rules

What Users Control

Which contracts

Agent can only call whitelisted addresses

Which functions

Specific function selectors, not general access

How much

Spending caps per action and total

How long

Automatic expiration of permissions

Agent Types & Use Cases

🤖 AI Trading Agents

Autonomous agents that execute trades based on market signals. 
// Agent can only swap on Uniswap
// Max $500 per trade, $5,000 daily limit
// Expires in 7 days
const permissions = {
  actions: [{
    actionTarget: UNISWAP_ROUTER,
    actionTargetSelector: "exactInputSingle()",
    actionPolicies: [getUniversalActionPolicy({
      valueLimitPerUse: parseUnits("500", 6),
      paramRules: { /* recipient must be user */ }
    })]
  }],
  sessionValidUntil: now + 7 * DAY
};
Best policies: Universal Action (spending limits) + Time Range

📈 Yield Optimization Agents

Move funds to highest-yielding opportunities across protocols and chains. 
// Agent can deposit/withdraw from approved protocols
// Morpho, Aave, Compound on Base, Optimism, Arbitrum
// Max 10,000 USDC total exposure
const permissions = {
  actions: [
    { chainId: base.id, actionTarget: MORPHO_BASE, ... },
    { chainId: optimism.id, actionTarget: AAVE_OP, ... },
    { chainId: arbitrum.id, actionTarget: COMPOUND_ARB, ... }
  ]
};
Best policies: Sudo (for trusted protocols) + Usage Limit

🔄 Portfolio Rebalancing Agents

Maintain target allocations by automatically trading when drift exceeds threshold. 
// Agent can swap between ETH, BTC, stables
// Only rebalance when >5% drift
// Max 2% of portfolio per rebalance
Best policies: Universal Action (parameter rules for amounts)

💳 Subscription & Payments Agents

Automate recurring payments, subscriptions, and payroll. 
// Agent can send up to 100 USDC
// Only to merchant address 0x...
// Once per month, expires in 1 year
const permissions = {
  actions: [{
    actionTarget: USDC,
    actionTargetSelector: "transfer(address,uint256)",
    actionPolicies: [getUniversalActionPolicy({
      paramRules: {
        rules: [
          { condition: EQUAL, ref: pad(MERCHANT_ADDRESS) },  // Only to merchant
          { condition: LTE, ref: parseUnits("100", 6) }      // Max 100 USDC
        ]
      }
    })]
  }],
  usageLimit: 12n,  // 12 payments max
  sessionValidUntil: now + 365 * DAY
};
Best policies: Universal Action + Usage Limit + Time Range

🎮 Gaming & Social Agents

Automate in-game actions, social interactions, or NFT operations. 
// Agent can mint, transfer, and interact with game contract
// No value transfers allowed
// 1000 actions per day
Best policies: Sudo (for game contract) + Usage Limit

🏦 Treasury Management Agents

Institutional-grade automated treasury operations. 
// Agent can move funds between approved vaults
// Requires 2-of-3 multisig for amounts over $100k
// Full audit trail
Best policies: Universal Action + custom multisig integration

Quick Implementation

1

Generate Agent Key

import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";

const agentKey = generatePrivateKey();
const agentSigner = privateKeyToAccount(agentKey);
// Store agentKey securely in your backend
2

User Grants Permission

const sessionDetails = await sessionClient.grantPermissionTypedDataSign({
  redeemer: agentSigner.address,
  feeToken: { address: USDC, chainId: base.id },
  actions: [/* your agent's allowed actions */],
  maxPaymentAmount: parseUnits("10", 6)
});

// Store sessionDetails - agent needs this to act
3

Agent Executes

// In your agent backend
const result = await agentClient.usePermission({
  sessionDetails,
  mode: "ENABLE_AND_USE",
  feeToken,
  instructions: [/* agent's action */]
});

Why Biconomy?

Multichain Native

Single permission works across all chains. No per-chain grants.

Works with EOAs

Users keep their existing wallets. No migration needed.

Gas Abstracted

Agents can pay gas in any token or have it sponsored.

On-Chain Enforcement

Smart contracts enforce limits. No trust required.

Next Steps

Choose Your Policy

Pick the right security model for your agent

Implementation Guide

Step-by-step code walkthrough