Security Guide

z4p is designed so that automation never outruns the trader. The harness is local, non-custodial, and approval-gated by default.

Core Security Model

1. Local-First, Non-Custodial

• Your wallet keys and vault bible live on your machine.
• z4p never receives, stores, or has access to private keys.
• All execution happens through wallets you configure and control.

2. Approval Gates

Every live write path is gated:

• Dry-run by default — Agents simulate and propose; they do not execute live trades automatically.
• Explicit trader approval — Use z4p trade:approve, the Vault UI, or z4p Mobile to approve proposals.
• Scoped bot policies — Each bot has bounded allowances, allowed venues, and halt conditions.

3. Vault Bible as Source of Truth

• Agent memory, instructions, bots, skills, and learnings live in inspectable Markdown.
• You can version, diff, and audit the vault just like code.

Operational Best Practices

• Run z4p agent-tick --dry-run before enabling live execution.
• Start with small allowances and tighten bot policies as you gain confidence.
• Keep the harness host secure — encrypted disk, strong login, minimal exposed ports.
• Review proposals carefully before approving; verify venue, size, and slippage.
• Use the global halt (z4p halt) if anything looks abnormal.

What z4p Does NOT Do

• z4p is not a custodial service.
• z4p will not auto-execute trades without configured approval paths.
• z4p does not hold funds or move assets on your behalf.