{"artifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/evidence","byteLength":7451,"description":"Structured evidence ledger tying claims and chart provenance back to cited sources.","format":"evidence","label":"Evidence artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc","status":"live"},"document":{"chartProvenance":[{"chartTitle":"Which treasury control surface should dominate each action","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Fireblocks custody overview","Passage step-up authentication"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview","https://docs.passage.id/flex/step-up"],"whyUseful":"Shows operators where the dominant guard should live for each money movement instead of collapsing spend, custody, review, and release into one generic approval layer."},{"chartTitle":"Who should own the final decision for each treasury action","sourceLabels":["Cloudflare human-in-the-loop","Oracle delegate versus reassign","Cerbos authorization in workflows","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html","https://www.cerbos.dev/blog/authorization-in-workflows","https://airuntimesecurity.io/core/multi-agent-controls"],"whyUseful":"Turns treasury control into an operating-model question by showing when product, treasury, or owner lanes should dominate the final decision."}],"claims":[{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"runtime-spend-stays-delegated","kind":"comparison","section":"Routine spend should stay delegated","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Routine API or tool spend should usually stay inside runtime caps, scope checks, and destination allowlists instead of reopening finance review for every bounded action."},{"chartTitles":["Which treasury control surface should dominate each action"],"confidence":"high","id":"refills-extend-authority","kind":"finding","section":"Top-ups and rebalances extend authority","sourceLabels":["Stripe Treasury overview","Turnkey embedded wallet guide","Fireblocks custody overview"],"sourceUrls":["https://docs.stripe.com/treasury","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview"],"statement":"Wallet top-ups or refills are authority-extending actions because they add fresh balance that future runtime activity can keep using, so finance approval and custody policy should dominate more than routine runtime convenience."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"rebalances-are-treasury-events","kind":"comparison","section":"Top-ups and rebalances extend authority","sourceLabels":["Fireblocks custody overview","Stripe Treasury overview","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.fireblocks.com/docs/overview","https://docs.stripe.com/treasury","https://airuntimesecurity.io/core/multi-agent-controls"],"statement":"Cross-rail rebalance or bridge actions should be treated as treasury events because they change settlement exposure, counterparties, and recovery assumptions rather than merely consuming budget."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"payouts-need-accountability","kind":"finding","section":"Payouts need named accountability","sourceLabels":["Stripe Treasury overview","Fireblocks custody overview","Oracle delegate versus reassign"],"sourceUrls":["https://docs.stripe.com/treasury","https://developers.fireblocks.com/docs/overview","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Customer payouts or refunds need named accountability, destination review, and stronger finance ownership because outward value transfer is harder to reverse than routine runtime spend."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"scope-release-is-governance","kind":"comparison","section":"Scope release is governance, not spending","sourceLabels":["Passage step-up authentication","Cloudflare human-in-the-loop","Oracle delegate versus reassign"],"sourceUrls":["https://docs.passage.id/flex/step-up","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Private-route or policy expansion should require diff-aware review and fresh owner presence rather than relying on the same delegated authority used for routine execution."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"ownership-needs-separate-lanes","kind":"comparison","section":"Bottom line","sourceLabels":["Coinbase CDP Wallets overview","Cloudflare human-in-the-loop","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Product operators, treasury owners, and release owners should see different decision lanes because treasury control is really a coordination problem across runtime policy, custody, finance approval, and owner release."}],"generatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","summary":{"chartBackedClaimCount":4,"claimCount":6,"ecosystemSourceCount":2,"officialSourceCount":7,"totalSourceCount":9},"title":"Agent Treasury Controls, 2026"},"generatedAt":"2026-05-04T00:12:23.103Z","kind":"deep_report_evidence","operatorAccess":null,"payer":null}