{"artifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/bundle","byteLength":68111,"description":"Single purchase target returning the markdown report, JSON artifact, and manifest together.","format":"bundle","label":"Combined report bundle","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"5d638ad5e35562c7ec4278e35faae64c34848bbff090a755f0838dc70be7d0b9","status":"live"},"bundle":{"charts":{"artifact":{"byteLength":3529,"fileName":"charts.json","format":"charts","mimeType":"application/json; charset=utf-8","sha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e"},"document":{"charts":[{"caption":"Routine spend should stay runtime-policy heavy. Refill, rebalance, payout, and scope release shift toward custody, finance approval, and owner step-up.","chartType":"bar","points":[{"label":"Routine API or tool spend","note":"Quiet recurring work should mostly stay inside caps, allowlists, and policy checks while the delegated envelope is still valid.","values":[4,1,1,0]},{"label":"Wallet top-up or refill","note":"A refill extends what the system may keep doing later, so finance approval and custody policy should dominate more than runtime convenience.","values":[2,3,4,0]},{"label":"Cross-rail rebalance or bridge","note":"Rebalancing changes rail exposure and counterparties, so custody controls and treasury review should outweigh ordinary spend logic.","values":[1,4,3,1]},{"label":"Customer payout or refund","note":"Outbound value transfer needs named accountability, destination review, and sometimes fresh user presence.","values":[1,2,4,2]},{"label":"Private-route or policy expansion","note":"Changing what the system may touch is a governance event, so runtime delegation should give way to release review and fresh owner presence.","values":[0,1,2,4]}],"series":["runtime policy","custody policy","finance approval","fresh owner step-up"],"title":"Which treasury control surface should dominate each action","unit":"relative control weight"},{"caption":"Routine spend usually belongs to the product lane. As money movement gets less reversible or more authority-extending, treasury and owner lanes should take over.","chartType":"bar","points":[{"label":"Routine API or tool spend","note":"Quiet product execution should stay close to the operator as long as policy, budget, and destination rules remain valid.","values":[4,1,0]},{"label":"Wallet top-up or refill","note":"Refills should usually be a treasury decision because they extend future authority more than they resolve a product workflow question.","values":[1,4,1]},{"label":"Cross-rail rebalance or bridge","note":"Rebalancing often needs treasury judgment plus stronger review because it changes rail exposure and recovery assumptions.","values":[1,3,2]},{"label":"Customer payout or refund","note":"Outbound transfers need finance ownership and, when the movement is sensitive enough, a stronger owner or compliance checkpoint.","values":[1,3,3]},{"label":"Private-route or policy expansion","note":"Release and scope expansion should be dominated by owner or security review, not by day-to-day product operators.","values":[0,1,4]}],"series":["product operator","treasury or finance owner","security or executive owner"],"title":"Who should own the final decision for each treasury action","unit":"relative ownership weight"}],"generatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026"}},"definition":{"artifact":{"byteLength":2552,"fileName":"definition.json","format":"definition","mimeType":"application/json; charset=utf-8","sha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339"},"document":{"audience":null,"authoredAt":"1970-01-01T00:00:00.000Z","authoredByUserId":null,"chartPlan":[],"dateAnchor":"March 24, 2026","datasetWindow":"Q1 2026 operator docs and production guidance","deepResearchPrompts":[{"id":"prompt_treasury-control-sweep","maxTokens":2400,"model":"gpt-5.4-mini","prompt":"Collect current guidance on treasury spend policy, wallet custody, refill review, rebalance controls, payout review, and release checkpoints for agent products.","purpose":"Treasury control sweep"},{"id":"prompt_boundary-failure-sweep","maxTokens":2400,"model":"gpt-5.4-mini","prompt":"Find sources that show where teams blur routine runtime spend and true treasury mutation, especially around top-ups, bridging, payouts, and scope release.","purpose":"Boundary failure sweep"}],"deepResearchPromptCount":2,"evidenceRequirements":[],"freshnessExpectation":null,"generatedAt":"1970-01-01T00:00:00.000Z","notes":[],"officialDomainHints":["docs.cdp.coinbase.com","docs.stripe.com","docs.turnkey.com","developers.fireblocks.com","docs.passage.id","developers.cloudflare.com"],"reportPromptGuidance":["Keep the category boundary sharp: runtime policy, custody policy, finance approval, and owner release are different control layers.","Prefer action-by-action operator decisions over abstract autonomy rhetoric.","Use charts only if they clarify which control surface or owner should dominate a treasury action."],"searchQueries":[{"id":"query_runtime-spend-vs-refill","maxResults":6,"maxTokens":1200,"purpose":"Runtime spend versus refill guidance","query":"agent runtime spend caps wallet top up treasury controls March 2026","searchDomainFilter":["docs.cdp.coinbase.com","docs.turnkey.com","developers.fireblocks.com"],"searchRecencyFilter":"30d"},{"id":"query_rebalance-and-payout-controls","maxResults":6,"maxTokens":1200,"purpose":"Rebalance and payout controls","query":"bridge rebalance payout treasury approval custody controls agents","searchDomainFilter":["docs.stripe.com","developers.fireblocks.com","developers.cloudflare.com"],"searchRecencyFilter":null},{"id":"query_release-and-step-up-controls","maxResults":6,"maxTokens":1200,"purpose":"Release and step-up controls","query":"step up authentication publish approval workflow treasury controls","searchDomainFilter":["docs.passage.id","developers.cloudflare.com","docs.oracle.com"],"searchRecencyFilter":null}],"sectionPlan":[],"slug":"agent-treasury-controls-2026","title":"Agent Treasury Controls, 2026","topic":"agent treasury controls","versionId":"seed_agent-treasury-controls-2026"}},"evidence":{"artifact":{"byteLength":7451,"fileName":"evidence.json","format":"evidence","mimeType":"application/json; charset=utf-8","sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc"},"document":{"chartProvenance":[{"chartTitle":"Which treasury control surface should dominate each action","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Fireblocks custody overview","Passage step-up authentication"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview","https://docs.passage.id/flex/step-up"],"whyUseful":"Shows operators where the dominant guard should live for each money movement instead of collapsing spend, custody, review, and release into one generic approval layer."},{"chartTitle":"Who should own the final decision for each treasury action","sourceLabels":["Cloudflare human-in-the-loop","Oracle delegate versus reassign","Cerbos authorization in workflows","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html","https://www.cerbos.dev/blog/authorization-in-workflows","https://airuntimesecurity.io/core/multi-agent-controls"],"whyUseful":"Turns treasury control into an operating-model question by showing when product, treasury, or owner lanes should dominate the final decision."}],"claims":[{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"runtime-spend-stays-delegated","kind":"comparison","section":"Routine spend should stay delegated","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Routine API or tool spend should usually stay inside runtime caps, scope checks, and destination allowlists instead of reopening finance review for every bounded action."},{"chartTitles":["Which treasury control surface should dominate each action"],"confidence":"high","id":"refills-extend-authority","kind":"finding","section":"Top-ups and rebalances extend authority","sourceLabels":["Stripe Treasury overview","Turnkey embedded wallet guide","Fireblocks custody overview"],"sourceUrls":["https://docs.stripe.com/treasury","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview"],"statement":"Wallet top-ups or refills are authority-extending actions because they add fresh balance that future runtime activity can keep using, so finance approval and custody policy should dominate more than routine runtime convenience."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"rebalances-are-treasury-events","kind":"comparison","section":"Top-ups and rebalances extend authority","sourceLabels":["Fireblocks custody overview","Stripe Treasury overview","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.fireblocks.com/docs/overview","https://docs.stripe.com/treasury","https://airuntimesecurity.io/core/multi-agent-controls"],"statement":"Cross-rail rebalance or bridge actions should be treated as treasury events because they change settlement exposure, counterparties, and recovery assumptions rather than merely consuming budget."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"payouts-need-accountability","kind":"finding","section":"Payouts need named accountability","sourceLabels":["Stripe Treasury overview","Fireblocks custody overview","Oracle delegate versus reassign"],"sourceUrls":["https://docs.stripe.com/treasury","https://developers.fireblocks.com/docs/overview","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Customer payouts or refunds need named accountability, destination review, and stronger finance ownership because outward value transfer is harder to reverse than routine runtime spend."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"scope-release-is-governance","kind":"comparison","section":"Scope release is governance, not spending","sourceLabels":["Passage step-up authentication","Cloudflare human-in-the-loop","Oracle delegate versus reassign"],"sourceUrls":["https://docs.passage.id/flex/step-up","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Private-route or policy expansion should require diff-aware review and fresh owner presence rather than relying on the same delegated authority used for routine execution."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"ownership-needs-separate-lanes","kind":"comparison","section":"Bottom line","sourceLabels":["Coinbase CDP Wallets overview","Cloudflare human-in-the-loop","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Product operators, treasury owners, and release owners should see different decision lanes because treasury control is really a coordination problem across runtime policy, custody, finance approval, and owner release."}],"generatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","summary":{"chartBackedClaimCount":4,"claimCount":6,"ecosystemSourceCount":2,"officialSourceCount":7,"totalSourceCount":9},"title":"Agent Treasury Controls, 2026"}},"hashes":{"bundleSha256":"d2cfbf0f599bc8df786470007787f4fc7fc1c54cefa75fe1d9328fb2da39f3d9","chartsSha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e","definitionSha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339","evidenceSha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc","jsonSha256":"702a7e5495adf75061c6f32e7322744fa7ef6aa5f88221be3c425928ab66daa3","markdownSha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","methodologySha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb","sourcesSha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3"},"json":{"artifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/json","byteLength":27847,"description":"Structured treasury control rows, source mappings, and governance summary metrics.","format":"json","label":"Full machine-readable JSON","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"702a7e5495adf75061c6f32e7322744fa7ef6aa5f88221be3c425928ab66daa3","status":"live"},"document":{"artifacts":[{"apiPath":"/api/reports/agent-treasury-controls-2026/markdown","byteLength":15789,"description":"Human-readable treasury dossier with the full narrative, charts, and operator recommendations.","format":"markdown","label":"Full markdown report","mimeType":"text/markdown; charset=utf-8","priceUsdc":0,"sha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/json","byteLength":null,"description":"Structured treasury control rows, source mappings, and governance summary metrics.","format":"json","label":"Full machine-readable JSON","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":null,"status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/charts","byteLength":3529,"description":"Structured chart payload backing the inline report visuals and machine-readable consumers.","format":"charts","label":"Chart data artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/definition","byteLength":2552,"description":"Saved report definition artifact.","format":"definition","label":"Definition artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/evidence","byteLength":7451,"description":"Structured evidence ledger tying claims and chart provenance back to cited sources.","format":"evidence","label":"Evidence artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/methodology","byteLength":1048,"description":"Structured methodology notes, dataset summary, and report timing metadata.","format":"methodology","label":"Methodology artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/sources","byteLength":2608,"description":"Structured source ledger with source kinds, labels, notes, and URLs.","format":"sources","label":"Sources artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/bundle","byteLength":null,"description":"Single purchase target returning the markdown report, JSON artifact, and manifest together.","format":"bundle","label":"Combined report bundle","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":null,"status":"live"}],"charts":[{"caption":"Routine spend should stay runtime-policy heavy. Refill, rebalance, payout, and scope release shift toward custody, finance approval, and owner step-up.","chartType":"bar","points":[{"label":"Routine API or tool spend","note":"Quiet recurring work should mostly stay inside caps, allowlists, and policy checks while the delegated envelope is still valid.","values":[4,1,1,0]},{"label":"Wallet top-up or refill","note":"A refill extends what the system may keep doing later, so finance approval and custody policy should dominate more than runtime convenience.","values":[2,3,4,0]},{"label":"Cross-rail rebalance or bridge","note":"Rebalancing changes rail exposure and counterparties, so custody controls and treasury review should outweigh ordinary spend logic.","values":[1,4,3,1]},{"label":"Customer payout or refund","note":"Outbound value transfer needs named accountability, destination review, and sometimes fresh user presence.","values":[1,2,4,2]},{"label":"Private-route or policy expansion","note":"Changing what the system may touch is a governance event, so runtime delegation should give way to release review and fresh owner presence.","values":[0,1,2,4]}],"series":["runtime policy","custody policy","finance approval","fresh owner step-up"],"title":"Which treasury control surface should dominate each action","unit":"relative control weight"},{"caption":"Routine spend usually belongs to the product lane. As money movement gets less reversible or more authority-extending, treasury and owner lanes should take over.","chartType":"bar","points":[{"label":"Routine API or tool spend","note":"Quiet product execution should stay close to the operator as long as policy, budget, and destination rules remain valid.","values":[4,1,0]},{"label":"Wallet top-up or refill","note":"Refills should usually be a treasury decision because they extend future authority more than they resolve a product workflow question.","values":[1,4,1]},{"label":"Cross-rail rebalance or bridge","note":"Rebalancing often needs treasury judgment plus stronger review because it changes rail exposure and recovery assumptions.","values":[1,3,2]},{"label":"Customer payout or refund","note":"Outbound transfers need finance ownership and, when the movement is sensitive enough, a stronger owner or compliance checkpoint.","values":[1,3,3]},{"label":"Private-route or policy expansion","note":"Release and scope expansion should be dominated by owner or security review, not by day-to-day product operators.","values":[0,1,4]}],"series":["product operator","treasury or finance owner","security or executive owner"],"title":"Who should own the final decision for each treasury action","unit":"relative ownership weight"}],"chartsArtifact":{"byteLength":3529,"fileName":"charts.json","format":"charts","mimeType":"application/json; charset=utf-8","sha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e"},"definition":{"audience":null,"authoredAt":"1970-01-01T00:00:00.000Z","authoredByUserId":null,"chartPlan":[],"dateAnchor":"March 24, 2026","datasetWindow":"Q1 2026 operator docs and production guidance","deepResearchPrompts":[{"id":"prompt_treasury-control-sweep","maxTokens":2400,"model":"gpt-5.4-mini","prompt":"Collect current guidance on treasury spend policy, wallet custody, refill review, rebalance controls, payout review, and release checkpoints for agent products.","purpose":"Treasury control sweep"},{"id":"prompt_boundary-failure-sweep","maxTokens":2400,"model":"gpt-5.4-mini","prompt":"Find sources that show where teams blur routine runtime spend and true treasury mutation, especially around top-ups, bridging, payouts, and scope release.","purpose":"Boundary failure sweep"}],"deepResearchPromptCount":2,"evidenceRequirements":[],"freshnessExpectation":null,"generatedAt":"1970-01-01T00:00:00.000Z","notes":[],"officialDomainHints":["docs.cdp.coinbase.com","docs.stripe.com","docs.turnkey.com","developers.fireblocks.com","docs.passage.id","developers.cloudflare.com"],"reportPromptGuidance":["Keep the category boundary sharp: runtime policy, custody policy, finance approval, and owner release are different control layers.","Prefer action-by-action operator decisions over abstract autonomy rhetoric.","Use charts only if they clarify which control surface or owner should dominate a treasury action."],"searchQueries":[{"id":"query_runtime-spend-vs-refill","maxResults":6,"maxTokens":1200,"purpose":"Runtime spend versus refill guidance","query":"agent runtime spend caps wallet top up treasury controls March 2026","searchDomainFilter":["docs.cdp.coinbase.com","docs.turnkey.com","developers.fireblocks.com"],"searchRecencyFilter":"30d"},{"id":"query_rebalance-and-payout-controls","maxResults":6,"maxTokens":1200,"purpose":"Rebalance and payout controls","query":"bridge rebalance payout treasury approval custody controls agents","searchDomainFilter":["docs.stripe.com","developers.fireblocks.com","developers.cloudflare.com"],"searchRecencyFilter":null},{"id":"query_release-and-step-up-controls","maxResults":6,"maxTokens":1200,"purpose":"Release and step-up controls","query":"step up authentication publish approval workflow treasury controls","searchDomainFilter":["docs.passage.id","developers.cloudflare.com","docs.oracle.com"],"searchRecencyFilter":null}],"sectionPlan":[],"slug":"agent-treasury-controls-2026","title":"Agent Treasury Controls, 2026","topic":"agent treasury controls","versionId":"seed_agent-treasury-controls-2026"},"definitionArtifact":{"byteLength":2552,"fileName":"definition.json","format":"definition","mimeType":"application/json; charset=utf-8","sha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339"},"dataset":{"sampleRows":[{"surface":"Routine tool or API spend","dominantControl":"Runtime spend caps plus policy checks","likelyOwner":"product operator","whyItMatters":"Quiet recurring work should stay delegated while the scope, destination, and budget envelope remain valid."},{"surface":"Wallet top-up or refill","dominantControl":"Finance approval plus custody policy","likelyOwner":"treasury owner","whyItMatters":"A refill extends future authority and changes what the agent can keep doing later."},{"surface":"Cross-rail rebalance or bridge","dominantControl":"Custody controls plus treasury review","likelyOwner":"treasury operator","whyItMatters":"Moving funds across rails changes settlement, counterparties, and failure modes, not just balance location."},{"surface":"Customer payout or refund","dominantControl":"Fresh finance review plus destination checks","likelyOwner":"finance owner","whyItMatters":"Outbound transfers are harder to reverse and need named accountability."},{"surface":"Private-route or policy expansion","dominantControl":"Owner step-up plus diff-aware review","likelyOwner":"owner or security lead","whyItMatters":"Changing what the system may touch is a release event, not routine runtime spending."}],"summary":{"deepResearchRuns":1,"normalizedSources":79,"publicSources":9,"sampleRows":5,"searchQueries":3,"window":"Q1 2026"}},"evidence":{"chartProvenance":[{"chartTitle":"Which treasury control surface should dominate each action","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Fireblocks custody overview","Passage step-up authentication"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview","https://docs.passage.id/flex/step-up"],"whyUseful":"Shows operators where the dominant guard should live for each money movement instead of collapsing spend, custody, review, and release into one generic approval layer."},{"chartTitle":"Who should own the final decision for each treasury action","sourceLabels":["Cloudflare human-in-the-loop","Oracle delegate versus reassign","Cerbos authorization in workflows","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html","https://www.cerbos.dev/blog/authorization-in-workflows","https://airuntimesecurity.io/core/multi-agent-controls"],"whyUseful":"Turns treasury control into an operating-model question by showing when product, treasury, or owner lanes should dominate the final decision."}],"claims":[{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"runtime-spend-stays-delegated","kind":"comparison","section":"Routine spend should stay delegated","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Routine API or tool spend should usually stay inside runtime caps, scope checks, and destination allowlists instead of reopening finance review for every bounded action."},{"chartTitles":["Which treasury control surface should dominate each action"],"confidence":"high","id":"refills-extend-authority","kind":"finding","section":"Top-ups and rebalances extend authority","sourceLabels":["Stripe Treasury overview","Turnkey embedded wallet guide","Fireblocks custody overview"],"sourceUrls":["https://docs.stripe.com/treasury","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview"],"statement":"Wallet top-ups or refills are authority-extending actions because they add fresh balance that future runtime activity can keep using, so finance approval and custody policy should dominate more than routine runtime convenience."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"rebalances-are-treasury-events","kind":"comparison","section":"Top-ups and rebalances extend authority","sourceLabels":["Fireblocks custody overview","Stripe Treasury overview","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.fireblocks.com/docs/overview","https://docs.stripe.com/treasury","https://airuntimesecurity.io/core/multi-agent-controls"],"statement":"Cross-rail rebalance or bridge actions should be treated as treasury events because they change settlement exposure, counterparties, and recovery assumptions rather than merely consuming budget."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"payouts-need-accountability","kind":"finding","section":"Payouts need named accountability","sourceLabels":["Stripe Treasury overview","Fireblocks custody overview","Oracle delegate versus reassign"],"sourceUrls":["https://docs.stripe.com/treasury","https://developers.fireblocks.com/docs/overview","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Customer payouts or refunds need named accountability, destination review, and stronger finance ownership because outward value transfer is harder to reverse than routine runtime spend."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"scope-release-is-governance","kind":"comparison","section":"Scope release is governance, not spending","sourceLabels":["Passage step-up authentication","Cloudflare human-in-the-loop","Oracle delegate versus reassign"],"sourceUrls":["https://docs.passage.id/flex/step-up","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Private-route or policy expansion should require diff-aware review and fresh owner presence rather than relying on the same delegated authority used for routine execution."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"ownership-needs-separate-lanes","kind":"comparison","section":"Bottom line","sourceLabels":["Coinbase CDP Wallets overview","Cloudflare human-in-the-loop","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Product operators, treasury owners, and release owners should see different decision lanes because treasury control is really a coordination problem across runtime policy, custody, finance approval, and owner release."}],"generatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","summary":{"chartBackedClaimCount":4,"claimCount":6,"ecosystemSourceCount":2,"officialSourceCount":7,"totalSourceCount":9},"title":"Agent Treasury Controls, 2026"},"evidenceArtifact":{"byteLength":7451,"fileName":"evidence.json","format":"evidence","mimeType":"application/json; charset=utf-8","sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc"},"findings":["Most agent products blur runtime spend policy, custody controls, and finance approval until a refill or payout exposes the gap.","Routine API or tool spend should usually stay inside runtime caps and allowlists rather than reopening finance review every time.","Top-up, rebalance, and payout flows extend authority or move cash across risk boundaries, so they need stronger human ceremony than routine execution.","Private-route or policy expansion is a governance event and should require diff-aware review plus fresh owner presence."],"markdownArtifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/markdown","byteLength":15789,"description":"Human-readable treasury dossier with the full narrative, charts, and operator recommendations.","format":"markdown","label":"Full markdown report","mimeType":"text/markdown; charset=utf-8","priceUsdc":0,"sha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","status":"live"},"markdownAvailable":true,"methodologyArtifact":{"byteLength":1048,"fileName":"methodology.json","format":"methodology","mimeType":"application/json; charset=utf-8","sha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb"},"methodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"outline":[{"id":"agent-treasury-controls-2026","level":1,"text":"Agent Treasury Controls, 2026"},{"id":"the-treasury-action-ladder","level":2,"text":"The Treasury Action Ladder"},{"id":"routine-spend-should-stay-delegated","level":2,"text":"Routine Spend Should Stay Delegated"},{"id":"top-ups-and-rebalances-extend-authority","level":2,"text":"Top-Ups and Rebalances Extend Authority"},{"id":"payouts-need-named-accountability","level":2,"text":"Payouts Need Named Accountability"},{"id":"scope-release-is-governance-not-spending","level":2,"text":"Scope Release Is Governance, Not Spending"},{"id":"comparison-table","level":2,"text":"Comparison Table"},{"id":"recommendations-for-operators","level":2,"text":"Recommendations for Operators"},{"id":"bottom-line","level":2,"text":"Bottom Line"}],"previewMarkdown":"# Agent Treasury Controls, 2026\n\n## What this report covers\n\n- Where routine agent spend should stay delegated and policy-enforced\n- Why wallet top-ups, rebalances, and payouts should reopen finance or treasury review\n- How custody, workflow policy, approval, and step-up fit together without collapsing into one vague control\n\n## Core takeaway\n\nTreasury control is not one approval checkbox. Serious agent products need a clearer split between quiet runtime spend, authority-extending treasury actions, and outward-facing policy changes. Routine tool or API spend should remain boring inside caps and policy. Funding, bridging, payouts, and scope release should not.\n\n## Why this slug matters\n\nThe workflow and payment layers are now strong enough to support a dedicated treasury memo instead of burying the topic inside broader approval or wallet reports. This report turns treasury control into an operator decision framework rather than a generic “more governance” slogan.\n","report":{"category":"Treasury operations","datasetSummary":{"deepResearchRuns":1,"normalizedSources":79,"publicSources":9,"sampleRows":5,"searchQueries":3,"window":"Q1 2026"},"featureKey":"deep_reports_agent_treasury_controls_2026","findings":["Most agent products blur runtime spend policy, custody controls, and finance approval until a refill or payout exposes the gap.","Routine API or tool spend should usually stay inside runtime caps and allowlists rather than reopening finance review every time.","Top-up, rebalance, and payout flows extend authority or move cash across risk boundaries, so they need stronger human ceremony than routine execution.","Private-route or policy expansion is a governance event and should require diff-aware review plus fresh owner presence."],"methodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"previewBullets":["Routine bounded spend should stay delegated and policy-enforced instead of constantly reopening finance review.","Wallet top-ups, rebalances, and payouts are authority-extending treasury actions and deserve stronger custody or finance ceremony.","The right split is between runtime policy, custody policy, treasury approval, and fresh owner step-up for scope release."],"publishedAt":"2026-03-24T00:00:00.000Z","sampleRows":[{"surface":"Routine tool or API spend","dominantControl":"Runtime spend caps plus policy checks","likelyOwner":"product operator","whyItMatters":"Quiet recurring work should stay delegated while the scope, destination, and budget envelope remain valid."},{"surface":"Wallet top-up or refill","dominantControl":"Finance approval plus custody policy","likelyOwner":"treasury owner","whyItMatters":"A refill extends future authority and changes what the agent can keep doing later."},{"surface":"Cross-rail rebalance or bridge","dominantControl":"Custody controls plus treasury review","likelyOwner":"treasury operator","whyItMatters":"Moving funds across rails changes settlement, counterparties, and failure modes, not just balance location."},{"surface":"Customer payout or refund","dominantControl":"Fresh finance review plus destination checks","likelyOwner":"finance owner","whyItMatters":"Outbound transfers are harder to reverse and need named accountability."},{"surface":"Private-route or policy expansion","dominantControl":"Owner step-up plus diff-aware review","likelyOwner":"owner or security lead","whyItMatters":"Changing what the system may touch is a release event, not routine runtime spending."}],"slug":"agent-treasury-controls-2026","sources":[{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"}],"subtitle":"Built for operators deciding which money movements can stay delegated and which ones should reopen finance, custody, or owner review.","summary":"A category report on how agent products should separate runtime spend policy, treasury approval, custody controls, and owner release.","tags":["treasury","controls","agents","custody","policy"],"title":"Agent Treasury Controls, 2026","updatedAt":"2026-03-24T00:00:00.000Z"},"sourcesArtifact":{"byteLength":2608,"fileName":"sources.json","format":"sources","mimeType":"application/json; charset=utf-8","sha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3"},"sources":[{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"}]},"generatedAt":"2026-05-04T01:15:15.004Z","kind":"deep_report_json"},"methodology":{"artifact":{"byteLength":1048,"fileName":"methodology.json","format":"methodology","mimeType":"application/json; charset=utf-8","sha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb"},"document":{"category":"Treasury operations","datasetSummary":{"deepResearchRuns":1,"normalizedSources":79,"publicSources":9,"sampleRows":5,"searchQueries":3,"window":"Q1 2026"},"generatedAt":"2026-03-24T00:00:00.000Z","methodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"publishedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","title":"Agent Treasury Controls, 2026","updatedAt":"2026-03-24T00:00:00.000Z"}},"manifest":{"artifactCount":8,"generatedAt":"2026-05-04T01:15:15.004Z","hashAlgorithm":"sha256","includedFormats":["bundle","json","markdown","charts","definition","evidence","methodology","sources"],"slug":"agent-treasury-controls-2026"},"markdown":{"artifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/markdown","byteLength":15789,"description":"Human-readable treasury dossier with the full narrative, charts, and operator recommendations.","format":"markdown","label":"Full markdown report","mimeType":"text/markdown; charset=utf-8","priceUsdc":0,"sha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","status":"live"},"content":"# Agent Treasury Controls, 2026\n\n*Why routine agent spend, wallet custody, finance review, and owner release should be modeled as separate controls rather than one vague approval layer.*\n\n---\n\nAs of March 24, 2026, the most common treasury mistake in agent products is not that teams have too little control. It is that they keep putting several different controls behind one label. A runtime spend cap, a custody rule, a finance approval, and a step-up release check are all useful, but they solve different problems. When a product collapses them into one generic “approval” or one generic “policy engine,” the quiet path becomes noisy and the dangerous path becomes unclear.\n\nThe operator question is narrower than that. It is not “does the human approve the agent?” It is:\n\n- what can stay delegated while the budget and destination envelope are still valid\n- what action extends future authority and therefore deserves a finance or treasury checkpoint\n- what action changes custody, settlement rail, or payout direction\n- what action changes public or private scope and therefore deserves fresh owner presence\n\nThat split matters because agent treasury work is not one thing. Routine API or tool spend is closer to runtime execution than to treasury governance. A wallet top-up is different because it extends what the system may keep doing later. A cross-rail rebalance changes counterparty and settlement exposure. A payout or refund can be outward-facing and harder to reverse. A policy or private-route expansion is not a money movement at all, but it still changes the treasury risk envelope.\n\n[Coinbase CDP wallet guidance](https://docs.cdp.coinbase.com/wallet-api/docs/welcome), [Turnkey’s embedded wallet checklist](https://docs.turnkey.com/production-checklist/embedded-wallet), and [Fireblocks’ platform overview](https://developers.fireblocks.com/docs/overview) all point toward the same practical conclusion: wallet and custody systems are good at key handling, policy surfaces, and approval boundaries, but they do not replace workflow-level runtime control. [Cloudflare’s human-in-the-loop guidance](https://developers.cloudflare.com/agents/concepts/human-in-the-loop) and [Cerbos on authorization in workflows](https://www.cerbos.dev/blog/authorization-in-workflows) make the workflow half explicit: once a run starts, authorization still has to persist through state transitions and pauses. [Passage’s step-up documentation](https://docs.passage.id/flex/step-up) and [Oracle’s delegate-versus-reassign distinction](https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html) explain why some actions deserve fresh human presence or a named ownership transfer instead of silent continuation.\n\nThe right treasury model is therefore layered:\n\n- **runtime policy** for quiet bounded spend\n- **custody policy** for key use, destinations, and movement constraints\n- **finance or treasury approval** for authority-extending money actions\n- **fresh owner step-up** for release or scope expansion\n\nThat sounds more complex, but it actually removes confusion. Most low-risk runtime activity can stay delegated. The genuinely important boundaries become easier to see.\n\n---\n\n## The Treasury Action Ladder\n\nThe simplest way to explain treasury control is to follow the money movement from quiet runtime behavior to high-ceremony release decisions.\n\n```flow\ntitle: Treasury authority widens as the action moves away from routine runtime spend\ncaption: The more an action extends future authority, changes custody, or sends value outward, the less it should look like ordinary runtime spending.\nRoutine spend | Keep the agent inside spend caps, capability scope, and destination policy. | runtime policy, spend caps, allowlists\nWallet top-up | Re-open human review before adding fresh balance that can power later actions. | finance approval, custody policy\nRebalance or bridge | Treat cross-rail movement as a treasury event with explicit destinations and operators. | treasury review, custody controls, allowlists\nPayout or refund | Use named accountability for irreversible or outward-facing movement. | finance approval, destination review, step-up\nScope release | Treat private-route or policy expansion as governance, not spending. | owner step-up, diff review, release approval\n```\n\nThat ladder matters because teams often treat “the agent can spend” as the core decision. In practice, the better question is **what kind of action is this really?** If the action only uses an already-approved budget inside known destinations, runtime policy should dominate. If the action adds money, moves money across rails, or widens the system’s authority, the control should shift toward treasury or owner review.\n\n```chart\nchartType: bar\ntitle: Which treasury control surface should dominate each action\ncaption: Routine spend should stay runtime-policy heavy. Refill, rebalance, payout, and scope release shift toward custody, finance approval, and owner step-up.\nunit: relative control weight\nseries: runtime policy, custody policy, finance approval, fresh owner step-up\nRoutine API or tool spend | 4 | 1 | 1 | 0 | Quiet recurring work should mostly stay inside caps, allowlists, and policy checks while the delegated envelope is still valid.\nWallet top-up or refill | 2 | 3 | 4 | 0 | A refill extends what the system may keep doing later, so finance approval and custody policy should dominate more than runtime convenience.\nCross-rail rebalance or bridge | 1 | 4 | 3 | 1 | Rebalancing changes rail exposure and counterparties, so custody controls and treasury review should outweigh ordinary spend logic.\nCustomer payout or refund | 1 | 2 | 4 | 2 | Outbound value transfer needs named accountability, destination review, and sometimes fresh user presence.\nPrivate-route or policy expansion | 0 | 1 | 2 | 4 | Changing what the system may touch is a governance event, so runtime delegation should give way to release review and fresh owner presence.\n```\n\nThe chart is useful because it answers a very practical design question: **where should the dominant control live?** Not every action belongs in the same queue. Not every action belongs in the wallet layer either. The product gets safer and simpler when the quiet path stays quiet and the authority-extending path becomes unmistakable.\n\n---\n\n## Routine Spend Should Stay Delegated\n\nThe most common overreaction in treasury design is to turn every spend event into a finance event. That usually happens after a team realizes that “the agent can spend money” sounds scary, so the fix becomes “put every spend behind human review.” The result is predictable: harmless runtime actions pile up in review queues until operators start bypassing the controls or raising caps until the approvals no longer mean much.\n\nRoutine spend is the wrong place to concentrate treasury ceremony. If the spend is already inside:\n\n- an explicit budget\n- a known vendor or destination set\n- a narrow capability scope\n- a valid delegated runtime window\n\nthen the right control surface is runtime policy, not fresh finance review.\n\nThis is where workflow policy and wallet policy should work together instead of fighting each other. The workflow layer should answer questions like “is this tool still in scope?” and “is this budget envelope still valid?” The wallet or custody layer should answer “is this signer allowed to create this transaction?” and “is this destination or asset class permitted?” Those are complementary checks. For quiet bounded spend, they should resolve automatically.\n\nThe operator goal is not zero human involvement forever. It is to avoid wasting human involvement on the wrong action class.\n\n---\n\n## Top-Ups and Rebalances Extend Authority\n\nTop-up and rebalance flows deserve stronger ceremony because they do more than spend existing delegated budget. They change what the system can do next.\n\nA wallet refill is an authority-extending action. It adds fresh balance that can power future requests, retries, or recurring tasks. A bridge or rebalance is also an authority-changing action because it shifts settlement rail, counterparty assumptions, and recovery behavior. These are not just “more spend.” They are changes to the treasury state that future runtime activity will inherit.\n\nThat is why custody systems are useful here. Wallet and custody tooling is good at destination policy, approval thresholds, signer boundaries, and explicit movement review. Finance or treasury approval should attach to the movement because this is the point where the organization is deciding to extend economic reach, not merely continue pre-bounded execution.\n\nThe practical rule is simple:\n\n- if the action *consumes* already approved budget inside known bounds, lean toward runtime policy\n- if the action *adds*, *moves*, or *widens* future economic power, lean toward custody and treasury review\n\nThat distinction is what keeps treasury controls from becoming either toothless or unbearable.\n\n```chart\nchartType: bar\ntitle: Who should own the final decision for each treasury action\ncaption: Routine spend usually belongs to the product lane. As money movement gets less reversible or more authority-extending, treasury and owner lanes should take over.\nunit: relative ownership weight\nseries: product operator, treasury or finance owner, security or executive owner\nRoutine API or tool spend | 4 | 1 | 0 | Quiet product execution should stay close to the operator as long as policy, budget, and destination rules remain valid.\nWallet top-up or refill | 1 | 4 | 1 | Refills should usually be a treasury decision because they extend future authority more than they resolve a product workflow question.\nCross-rail rebalance or bridge | 1 | 3 | 2 | Rebalancing often needs treasury judgment plus stronger review because it changes rail exposure and recovery assumptions.\nCustomer payout or refund | 1 | 3 | 3 | Outbound transfers need finance ownership and, when the movement is sensitive enough, a stronger owner or compliance checkpoint.\nPrivate-route or policy expansion | 0 | 1 | 4 | Release and scope expansion should be dominated by owner or security review, not by day-to-day product operators.\n```\n\nThis second chart is less about technology and more about operating model. A lot of treasury confusion is really ownership confusion. When teams are unsure whether a product operator, treasury owner, or executive reviewer should decide, they hide that ambiguity behind generic “approval required” messages. The better answer is to decide that ownership explicitly.\n\n---\n\n## Payouts Need Named Accountability\n\nPayouts and refunds are the clearest place where runtime delegation usually stops being enough. Even when the system can assemble the transfer correctly, the business still needs named accountability around destination, amount, reason, and timing.\n\nThis is especially true when the movement is:\n\n- outward-facing\n- hard to reverse\n- recipient-sensitive\n- legally or financially material\n\nA payout is not just a more important version of routine spend. It is a different category of decision because the organization is authorizing value transfer to an external party. That is why payout paths should surface explicit destination review, allowlist checks, deny reasons, and often a fresh human checkpoint.\n\nThe product consequence is that payout UX should not look like “normal runtime, but louder.” It should clearly tell the operator why this action moved into a different ceremony lane.\n\n---\n\n## Scope Release Is Governance, Not Spending\n\nThe most dangerous treasury actions are not always the ones that move money immediately. Sometimes the higher-risk action is changing what the agent is allowed to touch next.\n\nPrivate-route expansion, new payout destinations, wider capability scope, or broader release permissions are governance events. They change the future risk envelope of the system. That is why they deserve diff-aware review and fresh owner presence instead of relying on the same runtime delegation that covered ordinary execution.\n\n[Passage’s step-up guidance](https://docs.passage.id/flex/step-up) is the right mental model here: some actions deserve proof that the right person is present right now, even if the broader session is still valid. Release and scope expansion belong in that class.\n\nThis is also why treasury and release tooling should not be designed in separate silos. A scope expansion can be more financially meaningful than a small routine spend. If it changes payout reach, private-route access, or signing authority, the release itself is part of treasury control.\n\n---\n\n## Comparison Table\n\n::wide::\n| Action | Primary question | Dominant control surface | Common mistake |\n|---|---|---|---|\n| Routine API or tool spend | Is the run still inside budget, scope, and allowed destinations? | Runtime policy plus spend caps | Reopening finance review for every harmless bounded action |\n| Wallet top-up or refill | Should the system receive fresh balance that extends later authority? | Finance approval plus custody policy | Treating refills as if they were ordinary runtime spend |\n| Cross-rail rebalance or bridge | Should funds move across rails or custody contexts right now? | Custody controls plus treasury review | Looking only at balance and ignoring settlement or counterparty change |\n| Customer payout or refund | Is this outward movement authorized to this destination now? | Finance review plus destination policy and step-up when needed | Treating payouts as just another tool call |\n| Private-route or policy expansion | Should the system gain wider authority or release now? | Owner step-up plus diff-aware review | Treating governance changes as if existing delegation already covered them |\n\nThat table is the category-level answer most agent teams need. The treasury system should not ask “does a human approve the agent?” It should ask “which control surface belongs to this action?”\n\n---\n\n## Recommendations for Operators\n\n1. **Keep runtime spend boring.** If the work is inside caps, scope, and allowed destinations, the system should resolve it through runtime and custody policy instead of fresh human review.\n\n2. **Treat refills as authority extension.** A top-up changes what the system may keep doing later, so it deserves finance or treasury review.\n\n3. **Model bridges and rebalances as treasury events.** Moving funds across rails changes exposure and recovery assumptions, not just balance location.\n\n4. **Give payouts named owners.** Outbound money movement should have clear ownership, explicit deny reasons, and destination checks.\n\n5. **Use fresh owner presence for scope release.** New private routes, wider policy envelopes, or outward-facing release should not ride on the same delegated authority used for quiet runtime spend.\n\n6. **Separate control ownership in the product.** Product operators, treasury owners, and release owners should see different decision lanes instead of one giant generic approval queue.\n\n---\n\n## Bottom Line\n\nAgent treasury control is not one thing. It is the interaction of runtime policy, custody rules, finance approval, and owner release.\n\nThe strongest 2026 operating model is:\n\n- delegate quiet bounded spend\n- reopen review for refills, rebalances, and payouts\n- use custody policy for movement constraints and signer boundaries\n- reserve fresh owner step-up for scope expansion and release\n\nThat model is safer than blanket autonomy and less frustrating than blanket approval. Most importantly, it gives operators a clear answer to the question that actually matters: **which human decision belongs to this action, and which control layer should carry it?**\n"},"previewMarkdown":"# Agent Treasury Controls, 2026\n\n## What this report covers\n\n- Where routine agent spend should stay delegated and policy-enforced\n- Why wallet top-ups, rebalances, and payouts should reopen finance or treasury review\n- How custody, workflow policy, approval, and step-up fit together without collapsing into one vague control\n\n## Core takeaway\n\nTreasury control is not one approval checkbox. Serious agent products need a clearer split between quiet runtime spend, authority-extending treasury actions, and outward-facing policy changes. Routine tool or API spend should remain boring inside caps and policy. Funding, bridging, payouts, and scope release should not.\n\n## Why this slug matters\n\nThe workflow and payment layers are now strong enough to support a dedicated treasury memo instead of burying the topic inside broader approval or wallet reports. This report turns treasury control into an operator decision framework rather than a generic “more governance” slogan.\n","report":{"category":"Treasury operations","datasetSummary":{"deepResearchRuns":1,"normalizedSources":79,"publicSources":9,"sampleRows":5,"searchQueries":3,"window":"Q1 2026"},"featureKey":"deep_reports_agent_treasury_controls_2026","findings":["Most agent products blur runtime spend policy, custody controls, and finance approval until a refill or payout exposes the gap.","Routine API or tool spend should usually stay inside runtime caps and allowlists rather than reopening finance review every time.","Top-up, rebalance, and payout flows extend authority or move cash across risk boundaries, so they need stronger human ceremony than routine execution.","Private-route or policy expansion is a governance event and should require diff-aware review plus fresh owner presence."],"methodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"previewBullets":["Routine bounded spend should stay delegated and policy-enforced instead of constantly reopening finance review.","Wallet top-ups, rebalances, and payouts are authority-extending treasury actions and deserve stronger custody or finance ceremony.","The right split is between runtime policy, custody policy, treasury approval, and fresh owner step-up for scope release."],"publishedAt":"2026-03-24T00:00:00.000Z","sampleRows":[{"surface":"Routine tool or API spend","dominantControl":"Runtime spend caps plus policy checks","likelyOwner":"product operator","whyItMatters":"Quiet recurring work should stay delegated while the scope, destination, and budget envelope remain valid."},{"surface":"Wallet top-up or refill","dominantControl":"Finance approval plus custody policy","likelyOwner":"treasury owner","whyItMatters":"A refill extends future authority and changes what the agent can keep doing later."},{"surface":"Cross-rail rebalance or bridge","dominantControl":"Custody controls plus treasury review","likelyOwner":"treasury operator","whyItMatters":"Moving funds across rails changes settlement, counterparties, and failure modes, not just balance location."},{"surface":"Customer payout or refund","dominantControl":"Fresh finance review plus destination checks","likelyOwner":"finance owner","whyItMatters":"Outbound transfers are harder to reverse and need named accountability."},{"surface":"Private-route or policy expansion","dominantControl":"Owner step-up plus diff-aware review","likelyOwner":"owner or security lead","whyItMatters":"Changing what the system may touch is a release event, not routine runtime spending."}],"slug":"agent-treasury-controls-2026","sources":[{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"}],"subtitle":"Built for operators deciding which money movements can stay delegated and which ones should reopen finance, custody, or owner review.","summary":"A category report on how agent products should separate runtime spend policy, treasury approval, custody controls, and owner release.","tags":["treasury","controls","agents","custody","policy"],"title":"Agent Treasury Controls, 2026","updatedAt":"2026-03-24T00:00:00.000Z"},"sources":{"artifact":{"byteLength":2608,"fileName":"sources.json","format":"sources","mimeType":"application/json; charset=utf-8","sha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3"},"document":{"counts":{"ecosystem":2,"official":7,"total":9},"generatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","sources":[{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"}],"title":"Agent Treasury Controls, 2026"}}},"generatedAt":"2026-05-04T01:15:15.004Z","kind":"deep_report_bundle","operatorAccess":null,"payer":null}