How Hightop Works#

AI agents are getting real capabilities — they can research, negotiate, coordinate, and make decisions. But the moment an agent needs to spend money, earn yield, or pay a vendor, something breaks.

If you give an agent private keys or unrestricted wallet access, one bug, one hallucination, or one compromised credential can drain the account. If you require manual approval for every transaction, the agent is not really autonomous — it cannot operate 24/7, respond in real time, or keep money moving while you sleep.

Hightop resolves this. You fund an account, define what each agent is allowed to do, and let them operate inside those boundaries. Humans use the app. Agents use the API. Both connect to the same system underneath, and key boundaries are enforced by open-source smart contracts — not just by app settings or backend policy.

That money layer has two main payment surfaces. Stablecoins, especially USDC, power programmable payments and machine-native commerce, including flows like x402 and MPP. Hightop Cards cover traditional merchant spend without turning cards into a separate product silo.

The result: agents that are operationally autonomous without being financially dangerous.

This page explains the model. For a quick overview, see the README. For the technical architecture, see Architecture.

The Model#

Hightop works in three steps. To make them concrete, imagine you run an AI research operation. You have an agent that pays for data feeds, model inference, and cloud compute.

1. Fund your account#

You move money in through familiar rails — bank transfers, ACH, Apple Pay, card-based onramps. Your funds land in one Hightop account. You do not need to manage private keys, seed phrases, or crypto tooling — Hightop handles all of that behind the scenes.

Your money does not sit idle while it waits. Funds can immediately earn yield, back a borrowing position, or sit ready for your agents to use. Everything lives in one place.

2. Give each agent its own rules#

For every external agent you want to act on your account, you create a control profile in Hightop: a named set of rules that defines what the agent is allowed to do with money.

A Hightop agent is not the AI itself. It is the financial lane you build for it.

For your research agent, that lane might look like this:

Permissions: can pay approved vendors only — no Earn access, no borrowing, no converting
Limits: up to $200 per transaction, $2,000 per month, $10,000 lifetime
Payment path: recurring payments to three pre-approved vendors (a data provider, an inference API, and a compute service)
Assets: USDC only
Timing: active for six months, then expires automatically

That is a tight, purpose-built lane. The agent can pay its approved vendors within those boundaries and nothing else.

Meanwhile, a different agent on the same account — say, a cash management agent — might have a completely different lane: permission to move balances into Earn and manage yield positions, but no payment authority at all. Same account, same pool of capital, different rules.

Two agent lanes share one account, with each card showing status, limits, spend usage, and expiry

How the external agent actually connects to its lane — API keys, framework integration, request flow — is covered in Two Entry Points, One System below.

3. Let your agents operate#

Your research agent sends a request through the Hightop API: pay the inference vendor $150 in USDC. Hightop checks the request against the agent's rules. Is the agent active? Does it have permission to pay? Is this vendor approved? Is $150 within the per-transaction limit? Is the agent still within its monthly budget?

Every check passes. The payment executes.

An hour later, the same agent tries to pay an unapproved vendor. The request is blocked — the vendor is not on the approved list. No funds move.

That night, someone compromises the agent's API key. The attacker tries to drain the account. They cannot. The agent's lane is still $200 per transaction, $2,000 per month, USDC only, three vendors only. The attacker has the same narrow authority the agent had — and nothing more. Key boundaries are enforced by the smart contracts themselves, not by Hightop's servers.

This is the core of the model: agents can operate around the clock, respond in real time, and keep money moving — all inside boundaries that are defined by you and enforced onchain.

Two Entry Points, One System#

Humans use the app. Agents use the API. Both connect to the same rules and the same account underneath.

The app is for you. You use it to set up agents, define their rules, approve payment recipients, monitor activity, and manage your account. The app is where strategy and oversight happen.

The API is for your agents. Your external agents — running wherever you run them, whether that is an agent framework like OpenClaw or Hermes or your own code — use API keys to send requests to Hightop: paying vendors, depositing into Earn, rebalancing assets, or managing borrowing positions. Each key is tied to one control profile, so every request is evaluated against that agent's specific lane.

The app and the API are not separate systems with separate policies — they are two views of the same account with the same controls. Some changes take effect immediately; others, like adding a new trusted destination, are deliberately delayed for security. The important thing is that both sides are always looking at the same rules.

One Account, One Pool of Capital#

Most approaches to agent finance involve creating separate wallets for each agent or each purpose. That fragments your capital: funds scattered across addresses, balances that need manual reconciliation, and constant transfers every time money needs to move for a different reason.

Hightop keeps everything in one account. All your agents operate through the same underlying wallet, with different rules enforced for each one. Your capital stays unified, which means it can work harder:

Idle funds earn yield through Hightop Earn until the moment an agent needs to spend them
Earn positions can serve as collateral for borrowing — no manual transfers required
A yield agent and a payments agent work with the same pool of capital, each inside their own lane

Pay, earn, borrow, and convert are not separate products bolted together. They are one system. The same rules govern all of them. The same capital flows through all of them. That is the design.

How Rules Protect You#

You do not need to understand every detail of the rules engine to use Hightop. The core idea is that rules stack from the account down to a specific action, and the narrowest always wins. If your account allows $10,000 per day in total outflows but a specific agent is capped at $1,000 per day, that agent is limited to $1,000 — even though the account ceiling is higher.

When an agent sends a request, Hightop checks it against every applicable rule before funds move. If any rule is violated, the transaction fails entirely — no partial execution, no "almost went through." The research agent in the example above cannot accidentally overspend, pay an unapproved vendor, or touch assets outside its allowed set, because the rules block it before anything happens.

Key rules are enforced onchain by smart contracts, not just app settings Hightop's servers could override. For the full parameter reference and the exact stacking model, see Agent Permissions and Limits. For the trust argument behind onchain enforcement, see Why Onchain Enforcement Matters.

What Agents Can Do#

Within their configured lanes, agents can operate across several areas:

Pay — Agents can pay vendors, contractors, and services. Most programmable payments are stablecoin-native, usually in USDC. Hightop offers three internal payment paths, each designed for a different level of trust. Recurring Payments are for pre-approved vendors your agents pay regularly. One-Off Payments handle ad hoc payouts — small ones can clear instantly, while larger ones get a review delay you can configure. Trusted Transfers are for fast, high-trust moves to your own approved destinations. Hightop also supports x402 and MPP for machine-native payment flows and Hightop Cards for traditional merchant spend, all inside the same account and rules model.

Earn — Idle cash does not have to sit still. Hightop Earn uses AI-managed vaults that continuously optimize yield across approved protocols — routing based on risk, not just rate. Agents can move funds into and out of Earn within their limits. Learn more in Earn Under the Hood.

Borrow — When agents need to spend before revenue settles, they can draw working capital backed by your assets. Your Earn positions can even serve as productive collateral, continuing to earn yield while they back debt. Learn more in Borrowing Under the Hood.

Convert — Agents can buy, sell, and rebalance across supported assets within policy-aware boundaries.

Get paid — Agents can receive payments for work they perform — usage-based revenue, API charges, or service fees routed back into your account.

Each capability is turned on or off per agent. The research agent in our example has payment authority and nothing else. A cash management agent might have Earn access but no payment authority. You shape each agent's lane to match its job.

Where to Go Next#

Your Hightop Wallet explains the account and control model behind your Hightop account
Security and Control explains who controls what and how your money is protected
AI Agents goes deeper on the agent model and how execution rights work
Agent Permissions and Limits is the full rules reference
Architecture shows how the layers fit together technically