Skip to main content
Halyrd protects your capital with two completely independent safety layers that were designed to fail differently. The first layer — the Risk Engine — is smart, context-aware, and knows your strategy’s full history. The second layer — the TWAK guardrails — knows nothing about strategy and does not care: it enforces hard physical limits on what the agent is allowed to sign. If the first layer has a bug, the second one still holds. A hallucinating model cannot cross either line, and a bug in the app code cannot cross the second one.

The key distinction

Risk EngineTWAK Guardrails
Question it answersShould we trade?Can we trade?
Where it livesApplication code (Halyrd backend)Signing layer, outside our code
What it knowsStrategy intent, equity history, drawdown, expectancy, streakNothing about strategy — only allowlists, caps, and bounds
How it failsSmart but fallible — application code that depends on correct stateDumb but infallible — enforces its rules even if the rest of the app is compromised
Event it emitsrisk_vetotwak_block

Risk Engine (the policy layer)

The Risk Engine runs before every trade the agent considers, and again after every hourly equity snapshot. It enforces your EvaluationConfig — the preset you chose when spawning the agent — and emits a journal entry every time it blocks or detects a breach.

What it enforces

Max drawdown

A hard ceiling on total drawdown from the equity peak. In paper mode, a breach is logged and the configuration run is marked failed — the agent keeps trading on paper. In live mode, the agent immediately flattens to USDT and demotes itself. Live trading only resumes after you review the paper results and manually re-approve.

Daily drawdown

A per-UTC-day leash on how much the agent can lose. In paper mode, a breach is logged and the agent keeps trading. In live mode, the agent flattens to USDT and live trading locks until the next UTC midnight. The agent keeps paper-trading during the lockout — the evaluation clock does not stop.

Max consecutive losses

A streak circuit breaker. When the agent hits the maximum number of back-to-back losing trades for your preset, it stands aside — it pauses opening new positions for a cooldown period, then re-checks market conditions and resumes. This applies identically in paper and live mode.

Profitability / eligibility

Defines the ELIGIBLE signal rather than acting as a per-trade veto. The Risk Engine monitors whether your agent is on track to meet the evaluation criteria. See Evaluation for the full criteria.

Pre-trade vetoes

Before every potential trade, the Risk Engine asks: “Would this order bring any rule closer to a breach?” If the answer is yes, it blocks the trade, emits a risk_veto event, and writes a plain-English journal entry:
“Trade blocked: would breach daily drawdown limit”
The blocked order appears in the risk desk panel under the Policy (Risk Engine) column.

Why stand aside instead of sizing down on losing streaks

When a trade’s costs are a meaningful fraction of its size — which is true for small accounts paying gas on every swap — shrinking position size makes the next trade more cost-dominated, not less. A smaller position pays the same gas, so the cost-to-edge ratio worsens. Standing aside costs nothing, breaks the losing streak, and gives the market conditions filter a chance to find a better regime. Sizing down would dig the hole deeper. The Risk Engine stands aside.

TWAK Guardrails (the physics layer)

The TWAK guardrails live in the Trust Wallet Agent Kit signing layer — outside your application code entirely. They enforce a set of hard rules on every transaction the agent tries to sign. The agent cannot circumvent them; even if the entire application were compromised or the underlying model were hallucinating, TWAK would refuse to sign a transaction that violates these rules.

What they enforce

Token allowlist

Only tokens on the approved list can be traded. The allowlist defaults to your watchlist when you spawn the agent and is runtime-editable from Settings — no restart required. The invariant is strict: the allowlist must always be a superset of your active watchlist. You cannot trade a token the signer won’t sign.

Per-trade cap

A maximum USD value for any single trade. No individual swap can exceed this cap, regardless of what the strategy signals.

Daily volume cap

A maximum total trading volume across all swaps in a UTC day. Once the cap is reached, no further transactions are signed until the next UTC day.

Slippage protection

Every swap carries a slippage bound. If the on-chain execution price would exceed the bound, TWAK refuses to sign.

Kill switch

One button in Settings revokes the TWAK signing session entirely. From that point on, the agent physically cannot sign any transaction. It continues paper-trading, but the live execution path is gone until you intervene.
When TWAK blocks a transaction, it emits a twak_block event. The blocked transaction appears in the risk desk panel under the Physics (TWAK guardrails) column.

Why both layers exist

One layer with a bug means money moves. Two independent layers — one smart, one dumb — mean a logic error in the policy layer cannot become a transaction the physics layer would allow. The Risk Engine is the intelligent first filter: it has full context about your strategy, its history, your drawdown position, and your evaluation criteria. It catches the vast majority of risky trades with that full picture. But it is application code, and it depends on correct state. A misconfiguration or a software bug could let something through. TWAK does not care about any of that. It does not know your strategy, your equity curve, or your evaluation config. It only knows its own rules — and those rules hold even if the app is wrong, the model is confused, or a parameter was misconfigured. It is the backstop that works precisely because it is dumb.
Open the Risk screen (/risk) to see both layers side by side. The left column shows the Risk Engine’s active configuration and the recent policy vetoes it has emitted. The right column shows the TWAK allowlist, caps, and the recent physics-layer blocks. During normal operation, setting a tight daily drawdown cap or a conservative per-trade cap is enough to produce real risk_veto and twak_block events — you do not need to engineer a breach to see both layers working.

Comparison table

Risk EngineTWAK Guardrails
What it checksDrawdown limits, consecutive losses, eligibility criteria, pre-trade riskToken allowlist, per-trade USD cap, daily volume cap, slippage bounds
When it runsBefore every trade; after every hourly equity snapshotAt transaction signing time — outside app code
On a blockEmits risk_veto; journal entry; trade skippedEmits twak_block; transaction not signed
On a live breachFlatten to USDT; demote agent (daily or max drawdown)Transaction does not execute; no state change
Dashboard panelPolicy column — Risk deskPhysics column — Risk desk
Can app code bypass it?No (it is app code)No — it is outside app code
Kill switchN/ARevokes signing session entirely