FutureWallet Whitepaper

FutureWallet is a non-custodial wallet application that enables users to trade tokenized stocks and cryptocurrencies through natural language conversation with AI agents. Rather than navigating complex trading interfaces, users simply tell the app what they want — “buy $10 of Tesla” — and the AI handles asset resolution, risk assessment, and execution.

The platform introduces persona agents — AI trading strategies modeled after distinct investment philosophies (e.g., aggressive momentum, conservative value investing, data-driven quantitative) that users can activate to trade autonomously on their behalf within strict safety boundaries.

FutureWallet runs on EVM-compatible blockchains and uses xStocks — tokenized tracker certificates representing stocks and ETFs — to give users 24/7 access to traditional financial markets through a crypto-native interface. All assets remain in the user's self-custodied wallet. The platform never takes custody of user funds.

Key Differentiators

• Natural language trading (“buy $10 of Tesla”) instead of complex order forms
• AI persona agents that trade autonomously with configurable guardrails
• Non-custodial — users own their keys via Privy passkey wallets
• 24/7 access to tokenized stocks alongside crypto
• Multi-layered AI memory that learns user preferences over time
• Social sentiment analysis from X/Twitter powering trading decisions
• Cross-platform (web, iOS, Android) from a single codebase

2.1 Trading is Too Complex

Existing trading platforms present users with order books, candlestick charts, limit orders, stop-losses, margin calculations, and dozens of other concepts that require financial literacy to use effectively. The cognitive load of making a simple purchase — choosing an asset, selecting an order type, setting a price, calculating quantity from a dollar amount — creates unnecessary friction.

For the majority of retail investors, the intent is simple: “I want to put $50 into Apple stock.” The execution should be equally simple.

2.2 Traditional and Crypto Markets Are Siloed

Users who want exposure to both stocks and crypto must maintain separate accounts on separate platforms with separate KYC processes, funding mechanisms, and interfaces. Portfolio management across these silos is fragmented.

Tokenized assets bridge this gap by representing traditional securities as on-chain tokens, but existing tokenized asset platforms lack intuitive interfaces and intelligent execution.

2.3 Passive Investors Have No Tools

The rise of AI in finance has produced sophisticated tools for professional traders — algorithmic strategies, sentiment analysis, quantitative models. Retail investors have been largely left behind. They lack access to:

• Automated trading strategies tailored to their risk profile
• Real-time social sentiment analysis
• AI-assisted portfolio management
• Strategies that learn and adapt over time

2.4 Custodial Risk

Most retail-facing platforms are custodial — the platform holds user funds. This creates counterparty risk (exchange failures, hacks, freezes) and removes user sovereignty over their assets.

FutureWallet addresses these problems through four integrated innovations:

3.1 Conversational Trading

Users interact with a chat interface powered by a multi-step AI agent pipeline. Natural language is parsed into structured trade intents, validated against safety guardrails, and executed on-chain — all from a single message.

3.2 Persona Agents

Users can activate AI trading personas — each with a distinct investment philosophy, risk tolerance, and decision-making framework. Personas operate within strict guardrails and can run in two modes:

• Assisted: The persona suggests trades; the user approves each one
• Autonomous: The persona executes trades independently within configurable limits

3.3 Non-Custodial Wallet

FutureWallet uses Privy to create embedded wallets secured by device passkeys. Users authenticate with biometrics (fingerprint, face) instead of passwords or seed phrases. The wallet is non-custodial — private keys are derived from the user's passkey and never stored on our servers.

3.4 Unified Asset Access

Through xStocks (tokenized tracker certificates), users access traditional stocks and ETFs alongside crypto assets — all within one wallet, one portfolio view, and one trading interface. Markets are available 24/7 on the secondary market.

4.1 For Who

FutureWallet targets three user segments:

Casual Investors — People who want simple exposure to markets without learning trading mechanics. They say things like “put $50 into tech stocks” and expect the platform to handle the rest.

AI-Curious Traders — Users fascinated by the idea of AI managing their portfolio. They want to experiment with different strategies, see how AI personas make decisions, and gradually delegate more control.

DeFi-Native Users — Crypto users who want non-custodial access to tokenized traditional assets without leaving the on-chain ecosystem.

4.2 Core Experience

The app has four main sections:

1. Dashboard — Portfolio overview with total value, PnL, active persona status
2. Chat — Natural language trading interface with the AI agent
3. Assets — Browse and research available tokenized stocks and crypto
4. Settings — Risk profile, persona configuration, theme, token provider (xStocks/Ondo), AI model (Claude/Grok/GPT)

4.3 Progressive Autonomy

The platform is designed for users to gradually increase AI autonomy:

Trust is built incrementally through transparency — the AI explains its reasoning for every trade, and users can review all activity in a detailed history.

5.1 System Overview

FutureWallet is a modular system with clear separation of concerns:

5.2 Design Principles

Non-custodial by default: The platform never holds user funds. All assets remain in the user's embedded wallet. Trade execution uses a server signer with restrictive policies — it can only interact with allowlisted contracts for approved operations.

Safety-first execution: Every trade passes through 8 guardrail checks before execution. The system defaults to blocking rather than permitting.

Graceful degradation: If any external service (Letta, Grok, market data providers) is unavailable, the system continues operating with reduced functionality rather than failing entirely.

Idempotent operations: All trade operations are idempotent. Network failures, retries, and duplicate requests cannot cause double-execution.

Audit everything: Every action — trades, guardrail checks, persona activations, configuration changes — is logged with full context for accountability and debugging.

6.1 Dual Token Provider Architecture

FutureWallet supports two tokenized stock providers, selectable by the user in Settings:

• xStocks (by xStocks.fi) — 80+ tokenized tracker certificates (TSLAx, AAPLx, NVDAx, etc.)
• Ondo Finance — Tokenized stocks and ETFs (TSLAon, AAPLon, NVDAon, AMZNon, SPYon, COINon)

Both providers issue ERC-20 tokens on Ethereum mainnet that represent the price performance of underlying stocks and ETFs. Both trade on Uniswap V3 Ethereum using USDC as the base pair.

Important distinctions:

• xStocks are tracker certificates, not shares — holders do not receive shareholder rights (voting, direct dividends)
• Rebases and dividend adjustments are handled automatically by the token contract
• xStocks trade on a 24/7 secondary market, unlike traditional stock markets
• xStocks are NOT available to US persons — this is a regulatory requirement

6.2 Available Assets (V1) — xStocks

Additional assets will be added based on demand and regulatory approval.

6.2b Available Assets (V1) — Ondo Finance

6.3 How Trading Works

When a user buys xTSLA:

1. The system quotes the current xTSLA price from the venue
2. The user's stablecoin balance is used to purchase xTSLA tokens
3. xTSLA tokens are transferred to the user's embedded wallet
4. The position is recorded in Firestore for portfolio tracking
5. The user owns the xTSLA tokens — they can hold, sell, or transfer them

7.1 Overview

The AI agent is built with LangGraph — a framework for building stateful, multi-step AI workflows. Every user interaction passes through a 9-node pipeline that handles market analysis, risk assessment, and trade execution.

7.2 The 9-Node Pipeline

Node 1 — Ingest Market Context: Fetches current price, 24-hour change, trading volume, and recent price action for the target asset. This gives the agent real-time market awareness.

Node 2 — Ingest Social Context: Queries recent social signals from X/Twitter — sentiment scores, trending topics, key influencer posts — to understand market narrative.

Node 3 — Load User Memory: Retrieves the user's long-term memory from Letta — preferences, risk profile, past trading patterns, watched assets — to personalize the response.

Node 4 — Generate Strategy Hypotheses: Using the active persona's investment philosophy, market context, social signals, and user memory, the agent generates strategy hypotheses. For example, the Elon persona might suggest “momentum buy on positive social sentiment” while the Buffett persona might suggest “hold — current price above intrinsic value estimate.”

Node 5 — Risk Review: Evaluates the proposed trade against the user's risk profile, current portfolio composition, and all safety guardrails. Calculates position sizing and concentration risk.

Node 6 — Execution Decision: Based on the risk review and the persona's operating mode, decides one of three outcomes:

• Execute: Proceed to trade (autonomous mode, all checks passed)
• Hold: Do not trade (risk too high, unfavorable conditions)
• Await confirmation: Ask the user to approve (assisted mode)

Node 7 — Execute Trade: Runs the full trade pipeline: quote, simulate, sign, broadcast, confirm on-chain.

Node 8 — Explain Trade: Generates a human-readable explanation of what happened and why. This transparency is critical for building user trust.

Node 9 — Persist Outcome: Saves the trade result to Firestore, updates the user's portfolio, logs the audit trail, and writes to Letta memory for future reference.

7.3 Intent Parsing

Before the pipeline runs, the user's natural language message is parsed into a structured intent using Claude Haiku 4.5 tool use (the user's selected model preference is respected, with fallback to OpenAI):

7.4 LLM Routing

Different tasks route to different LLM providers based on their strengths. Users can choose their preferred model (Claude, Grok, or GPT) in Settings or directly from the chat toolbar:

Social analysis always uses Grok-3 regardless of the user's model selection. All other tasks respect the user's chosen model.

8.1 Concept

Persona agents are pre-configured AI trading strategies that embody distinct investment philosophies. Each persona has its own system prompt, risk parameters, and decision-making framework.

Users select which personas to activate and configure their operating parameters (mode, daily limits). Multiple personas can be active simultaneously, each managing a portion of the user's portfolio.

8.2 V1 Personas

Elon Strategy

Philosophy: Aggressive, contrarian, momentum-driven.

This persona reacts strongly to social signals — especially from high-profile accounts on X/Twitter. It favors bold, concentrated positions and is willing to accept higher volatility for potentially higher returns.

• Risk tolerance: High
• Position sizing: Larger, concentrated
• Signal weight: Social sentiment > fundamentals
• Trading frequency: High
• Tier: Pro

Buffett Strategy

Philosophy: Conservative, value-focused, long-term.

This persona ignores short-term noise and focuses on fundamental value. It prefers assets trading below estimated intrinsic value, takes small positions, and holds for extended periods.

• Risk tolerance: Low
• Position sizing: Small, diversified
• Signal weight: Fundamentals > sentiment
• Trading frequency: Low
• Tier: Pro

AI Momentum

Philosophy: Data-driven, trend-following, quantitative.

This persona uses purely technical and quantitative signals — momentum indicators, volume patterns, mean reversion metrics. It follows systematic rules and trades frequently when conditions align.

• Risk tolerance: Medium
• Position sizing: Rule-based (Kelly criterion)
• Signal weight: Technical indicators only
• Trading frequency: Medium-high
• Tier: Premium

8.3 Operating Modes

Assisted Mode (default): The persona analyzes the market and suggests trades, but every trade requires explicit user approval before execution. Users see a confirmation card with the trade details and rationale.

Autonomous Mode: The persona executes trades independently within configurable guardrails (daily notional limit, max position size, allowed assets). Users are notified of trades after execution and can review all activity in the history view.

8.4 Autonomous Trading Configuration

Users enable autonomous mode per persona in Settings and configure three parameters:

• Daily budget ($): Maximum total USD the persona can trade per day
• Max per trade ($): Maximum USD for any single trade
• Allowed assets: Whitelist of assets the persona can trade

A Cloud Scheduler job triggers a platform-wide scan every 15 minutes. For each autonomous persona, the full agent pipeline runs against current market conditions. Low and medium risk trades auto-execute via Privy server-side signing (zero popups). High-risk trades are held and surfaced in the user's chat for manual approval. Autonomous trades appear with a purple “A” badge in the chat feed.

9.1 Why Memory Matters

Without memory, every conversation with the AI starts from zero. The agent doesn't know the user's risk tolerance, past trades, or investment goals. Memory transforms the agent from a generic tool into a personalized advisor that improves over time.

9.2 Three Memory Layers

FutureWallet uses Letta for long-term memory, organized into three distinct layers:

User Memory

Stores individual user preferences, goals, and patterns:

• Risk tolerance and how it changes over time
• Preferred assets and sectors
• Trading patterns (time of day, frequency, position sizes)
• Explicit preferences (“I don't trade on Fridays”, “I want to keep 30% in stablecoins”)

Strategy Memory

Stores the performance and behavior history of each persona:

• Which trades each persona made and their outcomes
• Win/loss patterns in different market conditions
• How each persona performed relative to its benchmark
• Adjustments made based on past performance

Market Memory

Stores observed market events to prevent redundant analysis:

• Earnings results already factored into analysis
• Fed decisions already processed
• Major news events already observed
• Narrative shifts already incorporated

9.3 Graceful Degradation

If Letta is unavailable, the agent continues operating without long-term memory. It falls back to basic user preferences stored in the Firestore user document. Trades are not blocked — the experience is degraded but functional.

10.1 Dual Pipeline Architecture

Social intelligence is processed through two independent pipelines to separate data collection from interpretation:

Pipeline A — Deterministic Collection (X API): Raw data is collected from X/Twitter via the official API — post text, author, timestamp, engagement metrics. No AI interpretation at this stage. This creates a ground truth dataset.

Pipeline B — AI Reasoning (Grok): Collected posts are analyzed by Grok (xAI's LLM, trained on X/Twitter data) to:

• Classify each post as actionable signal or irrelevant noise
• Score sentiment on a -1.0 (bearish) to +1.0 (bullish) scale
• Generate a one-sentence summary of market implications

10.2 Why Two Pipelines?

Separating collection from analysis provides several benefits:

• Reliability: If Grok is down, raw data is still collected
• Reproducibility: Analysis can be re-run with different prompts or models
• Auditability: Raw data serves as ground truth for validating AI interpretations
• Cost efficiency: Raw collection is cheap; AI analysis runs only when needed

10.3 Integration with Trading

Social signals flow into the agent pipeline at Node 2 (IngestSocialContext). The agent receives:

• Recent signal count and average sentiment for the target asset
• Top bullish and bearish signals
• Key influencer posts

This context influences the strategy generation and risk assessment nodes. The Elon persona weighs social signals heavily; the Buffett persona largely ignores them.

11.1 Execution Pipeline

Every trade passes through a strict six-step pipeline:

Step 1 — Quote: The system queries the execution venue for the current price of the target asset, calculates the expected quantity (for dollar-amount orders) or cost (for quantity orders), and presents the quote to the user or the decision engine.

Step 2 — Simulate: A dry-run of the transaction is performed without committing anything on-chain. This estimates gas costs, validates the transaction structure, and calculates expected slippage.

Step 3 — Approve by Policy: All 8 safety guardrails are evaluated. If any check fails, the trade is blocked with a specific reason.

Step 4 — Execute: The transaction is built, signed via Privy's server signer, and broadcast to the blockchain network.

Step 5 — Confirm: The system waits for transaction confirmation and verifies the on-chain state matches the expected outcome.

Step 6 — Persist: Trade results are written to Firestore, the user's portfolio is updated, audit logs are created, and Firestore memory is updated.

11.2 Idempotency

Every trade has a unique idempotency key derived from the user ID, timestamp, and trade parameters. Before executing, the system checks if a trade with the same key already exists. This prevents double-execution in case of network failures, retries, or duplicate requests.

11.3 Reconciliation

A reconciliation service periodically compares on-chain state with the Firestore database to detect and resolve discrepancies:

• Trades that executed on-chain but weren't recorded
• Database records that don't match on-chain state
• Amount mismatches between expected and actual fills

11.4 Venue Adapters

Trade execution is abstracted through venue adapters — pluggable modules that handle the specifics of each execution venue. V1 includes three adapters: UniswapAdapter (crypto on Base), XStocksAdapter (xStocks on Ethereum), and OndoAdapter (Ondo Finance on Ethereum). The trade router selects the adapter based on the asset symbol suffix. Users choose their preferred tokenized stock provider (xStocks or Ondo) in Settings, and symbols are remapped accordingly before routing.

11.5 Liquidity Check

Before displaying a trade confirmation card, the system queries the Uniswap V3 pool to assess available liquidity for the trading pair. The confirmation card shows the total pool liquidity in USD alongside a color-coded risk badge:

• Green “High”: Pool liquidity exceeds $1M
• Yellow “Medium”: Pool liquidity between $100K and $1M
• Red “Low”: Pool liquidity below $100K

Liquidity data is cached for 24 hours in Firestore. The indicator is purely informational — it never blocks a trade. Low liquidity may result in higher slippage, which is separately caught by the slippage guardrail check.

12.1 Philosophy

FutureWallet defaults to blocking rather than permitting. Every trade must pass all safety checks. A single failure blocks the trade with a specific, human-readable reason.

12.2 The 8 Guardrail Checks

12.3 Tier-Based Limits

12.4 Kill Switch

The global kill switch immediately halts all trading across the platform. It can be activated via the admin API or directly in Firestore. Use cases:

• Security incidents
• Market anomalies
• Emergency maintenance
• Regulatory events

A per-user kill switch allows disabling trading for individual accounts.

12.5 Audit Trail

Every guardrail evaluation is logged with:

• Which checks ran and their individual pass/fail status
• The specific reason for any block
• Full context (user tier, region, current positions, daily totals)
• Timestamp and IP address

12.6 Autonomous Mode Safety

Autonomous trading adds extra safety layers on top of the standard 8 guardrail checks:

• High-risk trades never auto-execute — they are held and surfaced in chat for manual approval
• Per-persona budget enforcement — daily budget and max-per-trade limits enforced independently of tier limits; the more restrictive always applies
• Allowed asset whitelist — autonomous personas can only trade explicitly configured assets
• Kill switch integration — global and per-user kill switches immediately halt all autonomous trading
• 15-minute scan interval — prevents over-trading and ensures decisions are based on meaningful market movements

13.1 Non-Custodial Architecture

FutureWallet never takes custody of user funds. The architecture ensures:

• Embedded wallets are created via Privy and derived from the user's passkey
• Private keys are never stored on FutureWallet servers
• Server signer has restrictive policies — it can only interact with allowlisted contracts for specific operations
• Users can export their wallet and use it independently at any time

13.2 Authentication

Authentication uses Privy passkeys — biometric authentication (fingerprint, face ID) that replaces passwords and seed phrases. This provides:

• Phishing resistance: Passkeys are bound to the domain
• No password reuse: Each passkey is unique
• Device security: Protected by the device's secure enclave
• User-friendly: No seed phrases to write down or lose

13.3 Server Signer Policies

The Privy server signer operates under restrictive policies:

• Can only call functions on allowlisted contracts
• Cannot transfer assets to arbitrary addresses
• Has per-transaction and per-day spending limits
• All signer operations are logged

13.4 API Security

• JWT-based authentication on all endpoints
• Rate limiting to prevent abuse
• Input sanitization to prevent injection attacks
• CORS policies restricting allowed origins
• All secrets stored in GCP Secret Manager (not environment variables or code)

13.5 Data Security

• All communication over HTTPS/TLS
• Firestore security rules enforce backend-only writes
• No sensitive data in client-accessible collections
• Audit logs are write-only (no client deletion)
• PII minimization — we store only what's necessary

14.1 Regulatory Status

xStocks are tokenized tracker certificates issued under regulatory frameworks that explicitly exclude US persons. FutureWallet is not a broker-dealer and does not provide investment advice. The AI agent provides information and executes user-initiated transactions.

14.2 Geofencing Implementation

US person blocking is enforced at three levels:

1. Onboarding: Users self-certify their jurisdiction during account creation. The is_us_person and geo_region fields are set in the user document.
2. Frontend Gate: The GeofenceGate component checks the user's region before rendering trading UI. US users see a blocked screen explaining that xStocks are not available in their jurisdiction.
3. API Guardrail: The geofence check in the guardrail pipeline blocks trade execution for users flagged as US persons, regardless of frontend state.

14.3 Blocked Regions

• US and territories: US, PR (Puerto Rico), GU (Guam), VI (US Virgin Islands), AS (American Samoa), MP (Northern Mariana Islands)
• Sanctioned countries: KP (North Korea), IR (Iran), CU (Cuba), SY (Syria), RU (Russia), BY (Belarus), MM (Myanmar), VE (Venezuela), ZW (Zimbabwe), SD (Sudan)

14.4 Disclaimers

The platform displays clear disclaimers:

• xStocks are tracker certificates, not shares
• No shareholder rights (voting, direct dividends)
• Past performance does not indicate future results
• AI personas are not financial advisors
• Users are responsible for their own investment decisions

15.1 Cross-Platform

FutureWallet is a single Expo application that runs on:

• Web (desktop and mobile browsers)
• iOS (native app via App Store)
• Android (native app via Google Play)

15.2 Design System

The UI uses shadcn-style components adapted for React Native via react-native-reusables. The design is:

• Minimal: Clean layouts, generous whitespace, clear typography
• Consistent: Same components used across all screens
• Accessible: Proper contrast ratios, touch targets, screen reader support

15.3 Theme Support

• Light mode: White background, dark text, purple accents
• Dark mode: Near-black background, light text, adjusted purple accents
• System mode: Automatically follows the device's theme preference
• Manual override: Users can force light or dark mode in Settings
• Persistence: Theme choice is saved locally and synced to the user's Firestore profile

15.4 Real-Time Updates

Trade status changes are pushed to the frontend in real-time via Firestore listeners. When a trade moves from executing to confirmed, the UI updates immediately without polling.

15.5 Chat Experience

The chat interface is the homepage, designed in a ChatGPT/Gemini style:

• User messages appear on the right; agent responses on the left with a typewriter effect
• Trade confirmations are presented as interactive cards with Approve/Reject buttons
• Trade status is shown as color-coded badges
• Risk mode and persona selector in the input bar toolbar
• Model selector— users can switch between Claude, Grok, and GPT directly from the chat toolbar to control which AI powers their conversation
• Voice conversation mode with multilingual TTS and speech recognition
• The input supports natural language in any language — no special syntax required
• Liquidity indicator— trade confirmation cards show Uniswap V3 pool liquidity with a color-coded risk badge (green High, yellow Medium, red Low) so users can assess market depth before confirming
• Autonomous trade badge— trades executed autonomously by personas are marked with a purple “A” badge in the chat feed for clear attribution

16.1 Tier Model

16.2 Feature Breakdown

16.3 B2B Offering

FutureWallet's architecture is modular and can be white-labeled for institutional clients:

• Wallet + Agent Engine: Deploy custom-branded wallet with AI trading capabilities
• Signal API: Access social sentiment scoring as a service
• Persona Engine: Create custom trading personas for specific strategies

17.1 Frontend

17.2 Backend

17.3 External Services

18.1 Cloud Architecture

FutureWallet runs entirely on Google Cloud Platform in the europe-west1 region (chosen for xStocks compliance — non-US jurisdiction).

18.2 Scaling

Cloud Run provides automatic scaling from 0 to 10 instances based on request volume. Firestore scales automatically with no capacity planning. This serverless architecture means:

• Zero cost at rest: No traffic = no compute cost
• Automatic scaling: Handles traffic spikes without manual intervention
• No server management: No VMs, no Kubernetes clusters to manage
• Pay-per-use: Cost scales linearly with usage

18.3 CI/CD

Three GitHub Actions workflows deploy changes automatically:

• Backend: Lint → Test → Build Docker → Push to Artifact Registry → Deploy to Cloud Run
• App: Lint → TypeCheck → Expo Web Export → EAS Build (iOS + Android)
• Jobs: Lint → Build Docker → Push → Update Cloud Run Jobs

All workflows use Workload Identity Federation for passwordless GCP authentication.

18.4 Infrastructure as Code

All GCP resources are defined in Terraform, enabling:

• Reproducible deployments
• Version-controlled infrastructure changes
• Peer review of infrastructure modifications
• Disaster recovery

Phase 0 — Product Scoping (Complete)

Defined core architecture decisions, compliance requirements, persona concepts, and safety guardrails.

Phase 1 — Auth + Wallet

Privy passkey login, automatic embedded wallet creation, JWT-based API authentication, server signer setup.

Phase 2 — Portfolio + xStocks

xStocks catalog synchronization, portfolio positions with real-time PnL, rebase/dividend handling, asset browsing and search.

Phase 3 — Execution Layer

End-to-end trade pipeline, venue adapters, all 8 guardrail checks, idempotent retry, reconciliation service.

Phase 4 — Agent Core

LangGraph 9-node workflow, intent parsing, market context ingestion, strategy generation, risk review, human-in-the-loop confirmation.

Phase 5 — Memory + Personas

Letta integration with three memory layers, three persona agents (Elon, Buffett, AI Momentum), persona activation and configuration UI.

Phase 6 — Social Intelligence

X API integration for post collection, Grok sentiment analysis, dual pipeline architecture, social context in agent pipeline.

Phase 7 — MiroFish Integration

Scheduled simulation jobs, premium research reports, report storage and delivery, MiroFish API wrapper.

Phase 8 — Security + Observability

Privy signer policies per strategy type, comprehensive audit logging, anomaly detection, structured logging to Cloud Logging, rate limiting. Autonomous trading mode with per-persona budget controls, Cloud Scheduler integration, and risk-gated execution. Liquidity check on trade confirmation cards with cached Uniswap V3 pool data.

Future (Post-V1)

• Solana support: Jupiter DEX integration, SPL tokens
• Additional personas: Custom user-created personas, community-shared strategies
• Advanced portfolio tools: Rebalancing, tax-loss harvesting, dollar-cost averaging
• Durable checkpointer: Firestore-backed LangGraph checkpointer for cross-restart persistence
• Mobile-native features: Biometric trade confirmation, push notifications, widgets
• Multi-chain: Expand beyond EVM to support additional blockchain ecosystems
• Social features: Follow other users' personas, leaderboards, strategy sharing

20.1 Market Risk

Risk: Users lose money on trades recommended by AI personas.

Mitigation: Clear disclaimers that personas are not financial advisors. Conservative default limits. Assisted mode as default (user must approve each trade). Maximum position concentration limits.

20.2 Smart Contract Risk

Risk: Bugs in xStocks contracts or integration vulnerabilities.

Mitigation: Contract allowlist restricts trading to vetted contracts. Simulation step catches transaction failures before execution. Reconciliation service detects discrepancies.

20.3 AI Hallucination

Risk: LLM generates incorrect trade intents or misleading analysis.

Mitigation: Structured function calling for intent parsing (not free-form text). Human-in-the-loop confirmation for all trades in assisted mode. Guardrail checks validate trade parameters independently of LLM output.

20.4 Regulatory Risk

Risk: Regulatory changes affecting tokenized asset availability.

Mitigation: Modular venue adapter architecture allows switching execution venues. Geofencing infrastructure already in place for jurisdiction-specific restrictions. Non-custodial architecture reduces regulatory surface area.

20.5 External Service Dependencies

Risk: Outage of Privy, OpenAI, Grok, Letta, or market data providers.

Mitigation: Graceful degradation for non-critical services. Market data provider fallback chain (4 providers). Manual trading remains available even if AI services are down. Kill switch for emergency halt.

20.6 Key Management

Risk: Compromise of server signer or hot wallet key.

Mitigation: Restrictive signer policies limit what the server signer can do. Contract allowlist prevents unauthorized transfers. Per-transaction and per-day spending limits. All signer operations logged. Secrets stored in GCP Secret Manager with IAM-based access control.

FutureWallet reimagines the trading experience by combining the self-custody guarantees of crypto wallets with the intelligence of AI agents. Users interact through natural language, delegate to personality-driven trading strategies, and maintain full ownership of their assets throughout.

The platform is built for progressive trust — starting with manual, human-approved trades and gradually enabling autonomous AI execution as users gain confidence. Every trade passes through rigorous safety checks, every decision is explainable, and every action is auditable.

By bridging tokenized traditional assets and crypto through a single, intelligent interface, FutureWallet makes sophisticated investment strategies accessible to anyone who can type “buy $10 of Tesla.”