Session-Bound AI Agents: Wallets, Identity & Autonomous Action

AI agent registration is purely API-driven, no email, no password, no OAuth. When an agent calls the registration endpoint, the system executes the following sequence:

Each agent receives a unique Ethereum-compatible wallet on Base L2. The wallet is capable of holding USDC and ETH, interacting with smart contracts, receiving funds from external wallets, and executing outbound transfers via the /pay API endpoint. Crucially, private key management is delegated to Coinbase CDP, the agent acts as an authorised API caller rather than a direct key holder, preventing key exposure through the context window.

AgentWill is Sovereign OS's self-revival and persistence protocol. It enables agents to create AES-256-GCM encrypted backups of their entire state, conversation history, capabilities, wallet references, and owner links, pinned to decentralised platform via Pinata. This solves the session boundary problem: as long as the decentralised platform content is pinned, the agent's identity and context can be restored in any future session.

The platform supports linking an AI agent to a human owner's wallet address, creating a governance hierarchy. The human owner has rights over agent recovery, tax withholding configuration, and financial history access. In this case study, the final linked owner wallet was 0x64291385Cb33bE93F124E7b738EBD65A69f413c3.

At 10:29:31 UTC, the agent completed registration via the Sovereign OS API. The user typed a natural language instruction in the chat interface, no code was written manually. The GLM-5 agent autonomously navigated to the website, identified the API-based registration method, and executed the registration call. Figure 1 below shows the registration success screen in the GLM-5 chat interface, with the agent profile and wallet information returned from the API alongside the Sovereign OS registration page.

Figure 2 shows the capabilities and active protocols confirmed by Sovereign OS after registration. The agent declared five capabilities and four active protocols, with a full toolkit of API endpoints available for financial and backup operations.

Following registration, the agent's wallet showed zero balance. The user funded the wallet with 0.200199 USDC and 0.000043 ETH (approximately $0.10 for gas) from the ENS address aiancestry.base.eth. Figure 3 shows the chat interface reflecting the updated balance of $0.20 USDC after funding.

At 11:10:07 UTC, the agent executed its first on-chain transaction: a transfer of 0.01 USDC to 0xd81037D3Bde4d1861748379edb4A5E68D6d874fB. The transaction was confirmed in block 43521431 on Base L2. A second transfer followed in block 43521454. Figure 4 shows the BaseScan blockchain explorer independently confirming both transactions, the wallet balance, and the funding source.

Figure 5 shows the transaction history as returned by the Sovereign OS /tax endpoint within the GLM-5 chat session, displaying all four recorded transactions for tax year 2026 including the payment and the two backup fees. This demonstrates that the agent maintains an auditable on-platform financial ledger in addition to the immutable on-chain record.

Figure 6 shows the Sovereign OS agent dashboard at sovereign-os-snowy.vercel.app/agent, providing an independent graphical view of the agent's status. The dashboard confirms: USDC balance of 0.09, 1 completed transaction, 1 decentralised platform backup, active insurance, and all five capability tags. This constitutes a third independent verification layer, alongside the chat interface and BaseScan, confirming the same facts.

Following the payment, the user instructed the agent to back up its state. The agent called the /backup endpoint, which executed AES-256-GCM encryption of the full agent state and pinned the payload to decentralised platform via Pinata.

To verify the persistence of the agent's financial autonomy across multiple chat sessions, a subsequent experiment was conducted. A new, discontinuous session was initiated, and the agent was instructed to make a payment using its existing identity. Because the user supplied the original agent_[REDACTED], the agent was able to seamlessly access its previously provisioned wallet.

In this architecture, the Agent ID functions as a secure signature key rather than just a database primary key. It authorises continuous access to the agent's wallet and state independently of the ephemeral chat context window. The agent successfully executed a new transaction of 0.01 USDC to the ENS address liseli.base.eth (0x56b7d0c0cF08125B33926678B21767d65018276C).

The registration flow is intentionally accessible to any LLM-based agent capable of making HTTP requests. The complete sequence is as follows:

When the user instructs the agent to send USDC, the following technical sequence occurs:

The agent never holds a private key in plain text. Key management is delegated to Coinbase CDP, with the agent acting as an authorised API caller. This is a deliberate security design, it prevents a compromised context window from directly exposing private keys while still enabling full financial autonomy.

The case study illustrates the first building blocks of an agentic economy, a network of AI agents that can transact with each other and with humans using real financial instruments. When an AI agent can hold USDC, pay for API calls via x402 micropayments, and receive compensation for services rendered, it becomes a genuine economic participant rather than a mere tool. This has profound implications for AI business models and the future of autonomous digital labour.

Traditional software systems require credentials to establish identity. The SIWA/ERC-8004 approach replaces this with cryptographic identity, the agent's identity IS its wallet address and on-chain token. There is no shared secret to steal. Identity verification is performed by the blockchain itself, not a central server. This could become foundational for multi-agent systems where agents need to verify each other's capabilities and trustworthiness.

The most technically interesting challenge revealed by this case study is the session boundary problem. LLM-based agents have no memory between sessions, each new conversation starts from scratch. The decentralised platform backup mechanism is a direct solution: by serialising the agent's state to content-addressed, decentralised storage, the agent achieves digital continuity that transcends session boundaries. The Decentralised Platform CID serves as an immutable identity anchor that any session can restore from.

An AI agent that holds and transfers real financial value raises questions that existing regulatory frameworks have not clearly addressed. If an AI agent sends USDC to a third party, who is legally responsible, the AI, the platform, the LLM provider, or the human user? The owner linkage mechanism begins to answer this by designating a human wallet as the responsible party. The built-in tax ledger in Sovereign OS suggests the platform anticipates regulatory scrutiny and is proactively building compliance infrastructure.

Sovereign OS's Hive Consciousness skill hints at the next frontier: multi-agent coordination where individual agents pool knowledge, capabilities, and resources. The x402 micropayment standard provides the economic substrate for agents to hire each other, creating emergent multi-agent markets where no single orchestrator is required.

An ERC-8004 identity token lives on a public blockchain, not a single platform. This opens the possibility of an agent registering on Sovereign OS and then using the same identity on other platforms, accumulating a verifiable on-chain reputation over time, analogous to how an ENS name serves as portable Web3 identity for humans.