Documentation Index
Fetch the complete documentation index at: https://docs.gotchipus.com/llms.txt
Use this file to discover all available pages before exploring further.
The Problem
Giving your Gotchipus the ability to execute on-chain transactions is powerful — but power without control is dangerous. How do you let your Gotchipus act autonomously while ensuring it doesn’t drain its wallet or interact with malicious contracts?
Sessions: Time-Limited Delegation
A Session is a time-bounded permission grant that lets an authorized party (such as the AI agent or a keeper) execute transactions on behalf of your Gotchipus’s TBA, within strict constraints.
Session Parameters
| Parameter | Description |
|---|
| Expiration | When the session expires (absolute timestamp) |
| Max Value per Transaction | Maximum ETH that can be sent in a single call |
| Max Value per Session | Total spending cap for the entire session |
| Whitelist/Blacklist | Which contract addresses are allowed or forbidden |
| Cooldown | Minimum time between consecutive executions |
Session Lifecycle
Create Session → Active (executing within limits) → Expired / Revoked
- Create: The Gotchipus owner defines constraints and creates the session
- Active: Authorized callers can execute within the session’s boundaries
- Revoke: The owner can revoke a session at any time, immediately cutting off access
Security Options
Beyond sessions, four security flags provide additional protection:
| Flag | What It Does |
|---|
| Block Infinite Approvals | Prevents unlimited ERC-20 token approvals — no contract can get blanket spending permission |
| Daily Transfer Limit | Caps the total value that can leave the TBA in a 24-hour period |
| Single Transaction Limit | Caps the value of any individual outgoing transaction |
| Restrict Target Addresses | Only allows execution against pre-approved contract addresses |
Transfer Limits
Transfer limits operate on a rolling daily basis:
- Daily limit resets every 24 hours from the first transfer
- Per-transaction limit applies to each individual call
- Both limits are enforced at the TBA level, regardless of who initiates the transaction
Whitelist & Blacklist
You choose between two modes:
| Mode | Behavior |
|---|
| Whitelist | Only contracts on the whitelist can be called |
| Blacklist | All contracts can be called except those on the blacklist |
Why This Matters
The session and security system solves the fundamental tension of autonomous agents:
- For cautious players: Set tight limits, short sessions, and strict whitelists. Your Gotchipus can only do exactly what you allow.
- For power users: Set generous limits and long sessions. Let your Gotchipus operate with more freedom.
- For everyone: You can always revoke a session instantly. You never lose ultimate control.
This graduated security model is what makes it safe to give an AI-powered NFT real economic agency. Without it, autonomy would be a liability. With it, autonomy becomes a feature.