Safety Guardrails

What it checks: Checks whether trading has been emergency-stopped for the entire platform or for your specific account.

Why it exists: Allows FutureWallet to instantly halt all trading if a security issue, market anomaly, or regulatory event occurs. Your funds remain safe in your wallet.

What happens if it fails: You see a message explaining that trading is temporarily paused and why. No trades execute until the kill switch is deactivated.

What it checks: Verifies that you are not a US person or located in a blocked jurisdiction (US territories, sanctioned countries).

Why it exists: xStocks are not available to US persons due to regulatory requirements. This check enforces that restriction at the execution level, regardless of what the app shows.

What happens if it fails: The trade is blocked with a message that xStocks are not available in your jurisdiction.

What it checks: Verifies that the trade interacts only with explicitly approved smart contracts.

Why it exists: Prevents your wallet from interacting with unknown, malicious, or unvetted contracts. Only contracts that have been reviewed and allowlisted can be traded.

What happens if it fails: The trade is blocked because the target contract is not on the approved list. This is unusual in normal operation.

What it checks: Checks whether this trade would cause your total daily trading volume to exceed your tier's limit.

Why it exists: Prevents excessive trading in a single day. Limits risk exposure and protects against runaway autonomous personas.

What happens if it fails: You are told you have reached your daily trading limit and how much budget remains. You can trade again tomorrow or upgrade your tier for a higher limit.

What it checks: Checks whether this trade would cause a single asset to represent more than your maximum portfolio concentration (default 25%).

Why it exists: Prevents over-concentration in a single asset. If xTSLA already makes up 24% of your portfolio and you try to buy more, this check prevents it.

What happens if it fails: You see a message explaining that the trade would over-concentrate your portfolio and what the current allocation is.

What it checks: Checks whether you have already made the maximum number of trades allowed for your tier today.

Why it exists: Prevents excessive trading frequency, which can lead to poor outcomes due to fees and slippage adding up. Also limits the surface area for errors.

What happens if it fails: You are told you have used all your trades for today. The counter resets at midnight.

What it checks: Checks whether at least 60 seconds have passed since your last trade.

Why it exists: Prevents rapid-fire trading that could result from mistakes, emotional reactions, or misbehaving autonomous personas. The 60-second window gives you time to reconsider.

What happens if it fails: You are told to wait before trading again. The remaining cooldown time is shown.

What it checks: Compares the expected execution price with the quoted price. If the difference exceeds 1%, the trade is blocked.

Why it exists: Protects you from getting a significantly worse price than what was quoted. Slippage can happen during high volatility or low liquidity.

What happens if it fails: The trade is blocked because the price has moved too much since the quote. You can try again for a fresh quote.

What it checks: Checks whether your per-user request rate exceeds the limit for your tier (60 per minute for Free, 300 for Pro, 1000 for Premium).

Why it exists: Prevents abuse and ensures fair resource allocation across all users. Protects the platform from automated scripting or runaway clients.

What happens if it fails: Your request is rejected with a 429 status code. You are told how many seconds to wait before retrying.

What it checks: Strips HTML tags and null bytes from chat input and enforces a 2000 character limit per message.

Why it exists: Prevents injection attacks and ensures that chat messages are clean text before being processed by the AI. Protects both the LLM pipeline and other users.

What happens if it fails: Your message is sanitized before processing. If it exceeds 2000 characters, it is truncated and you are notified.

What it checks: Wraps user-created custom persona prompts in a safety preamble that enforces platform rules.

Why it exists: Ensures that custom personas cannot be used to bypass guardrails, exceed risk tolerances, or hide the AI's nature. The safety preamble is prepended to every custom prompt and cannot be overridden.

What happens if it fails: The safety preamble is always applied. If a custom prompt attempts to contradict safety rules, the preamble takes precedence.

What it checks: In autonomous mode, checks the risk level of every trade. High-risk trades are blocked from auto-execution and held for manual approval.

Why it exists: Ensures that autonomous personas cannot make high-risk trades without human oversight. Only low and medium risk trades auto-execute. This prevents catastrophic losses from aggressive autonomous strategies.

What happens if it fails: The trade is not executed. Instead, it appears in your chat as a notification with full details and reasoning. You can approve or reject it manually.

What it checks: Enforces per-persona daily budget and max-per-trade limits configured by the user for autonomous mode.

Why it exists: Gives you precise control over how much each autonomous persona can trade. These limits apply on top of your tier limits — the more restrictive always applies. Prevents runaway spending by autonomous personas.

What happens if it fails: The persona stops trading for the day once its daily budget is exhausted. Individual trades exceeding the max-per-trade limit are blocked.