{"artifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/json","byteLength":27847,"description":"Structured treasury control rows, source mappings, and governance summary metrics.","format":"json","label":"Full machine-readable JSON","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"702a7e5495adf75061c6f32e7322744fa7ef6aa5f88221be3c425928ab66daa3","status":"live"},"document":{"artifacts":[{"apiPath":"/api/reports/agent-treasury-controls-2026/markdown","byteLength":15789,"description":"Human-readable treasury dossier with the full narrative, charts, and operator recommendations.","format":"markdown","label":"Full markdown report","mimeType":"text/markdown; charset=utf-8","priceUsdc":0,"sha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/json","byteLength":null,"description":"Structured treasury control rows, source mappings, and governance summary metrics.","format":"json","label":"Full machine-readable JSON","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":null,"status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/charts","byteLength":3529,"description":"Structured chart payload backing the inline report visuals and machine-readable consumers.","format":"charts","label":"Chart data artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/definition","byteLength":2552,"description":"Saved report definition artifact.","format":"definition","label":"Definition artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/evidence","byteLength":7451,"description":"Structured evidence ledger tying claims and chart provenance back to cited sources.","format":"evidence","label":"Evidence artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/methodology","byteLength":1048,"description":"Structured methodology notes, dataset summary, and report timing metadata.","format":"methodology","label":"Methodology artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/sources","byteLength":2608,"description":"Structured source ledger with source kinds, labels, notes, and URLs.","format":"sources","label":"Sources artifact","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3","status":"live"},{"apiPath":"/api/reports/agent-treasury-controls-2026/bundle","byteLength":null,"description":"Single purchase target returning the markdown report, JSON artifact, and manifest together.","format":"bundle","label":"Combined report bundle","mimeType":"application/json; charset=utf-8","priceUsdc":0,"sha256":null,"status":"live"}],"charts":[{"caption":"Routine spend should stay runtime-policy heavy. Refill, rebalance, payout, and scope release shift toward custody, finance approval, and owner step-up.","chartType":"bar","points":[{"label":"Routine API or tool spend","note":"Quiet recurring work should mostly stay inside caps, allowlists, and policy checks while the delegated envelope is still valid.","values":[4,1,1,0]},{"label":"Wallet top-up or refill","note":"A refill extends what the system may keep doing later, so finance approval and custody policy should dominate more than runtime convenience.","values":[2,3,4,0]},{"label":"Cross-rail rebalance or bridge","note":"Rebalancing changes rail exposure and counterparties, so custody controls and treasury review should outweigh ordinary spend logic.","values":[1,4,3,1]},{"label":"Customer payout or refund","note":"Outbound value transfer needs named accountability, destination review, and sometimes fresh user presence.","values":[1,2,4,2]},{"label":"Private-route or policy expansion","note":"Changing what the system may touch is a governance event, so runtime delegation should give way to release review and fresh owner presence.","values":[0,1,2,4]}],"series":["runtime policy","custody policy","finance approval","fresh owner step-up"],"title":"Which treasury control surface should dominate each action","unit":"relative control weight"},{"caption":"Routine spend usually belongs to the product lane. As money movement gets less reversible or more authority-extending, treasury and owner lanes should take over.","chartType":"bar","points":[{"label":"Routine API or tool spend","note":"Quiet product execution should stay close to the operator as long as policy, budget, and destination rules remain valid.","values":[4,1,0]},{"label":"Wallet top-up or refill","note":"Refills should usually be a treasury decision because they extend future authority more than they resolve a product workflow question.","values":[1,4,1]},{"label":"Cross-rail rebalance or bridge","note":"Rebalancing often needs treasury judgment plus stronger review because it changes rail exposure and recovery assumptions.","values":[1,3,2]},{"label":"Customer payout or refund","note":"Outbound transfers need finance ownership and, when the movement is sensitive enough, a stronger owner or compliance checkpoint.","values":[1,3,3]},{"label":"Private-route or policy expansion","note":"Release and scope expansion should be dominated by owner or security review, not by day-to-day product operators.","values":[0,1,4]}],"series":["product operator","treasury or finance owner","security or executive owner"],"title":"Who should own the final decision for each treasury action","unit":"relative ownership weight"}],"chartsArtifact":{"byteLength":3529,"fileName":"charts.json","format":"charts","mimeType":"application/json; charset=utf-8","sha256":"6d1f8e2038072ff2b5fda2bed92ac39bb23213d6ef6d1527e17cbcb66a91f40e"},"definition":{"audience":null,"authoredAt":"1970-01-01T00:00:00.000Z","authoredByUserId":null,"chartPlan":[],"dateAnchor":"March 24, 2026","datasetWindow":"Q1 2026 operator docs and production guidance","deepResearchPrompts":[{"id":"prompt_treasury-control-sweep","maxTokens":2400,"model":"gpt-5.4-mini","prompt":"Collect current guidance on treasury spend policy, wallet custody, refill review, rebalance controls, payout review, and release checkpoints for agent products.","purpose":"Treasury control sweep"},{"id":"prompt_boundary-failure-sweep","maxTokens":2400,"model":"gpt-5.4-mini","prompt":"Find sources that show where teams blur routine runtime spend and true treasury mutation, especially around top-ups, bridging, payouts, and scope release.","purpose":"Boundary failure sweep"}],"deepResearchPromptCount":2,"evidenceRequirements":[],"freshnessExpectation":null,"generatedAt":"1970-01-01T00:00:00.000Z","notes":[],"officialDomainHints":["docs.cdp.coinbase.com","docs.stripe.com","docs.turnkey.com","developers.fireblocks.com","docs.passage.id","developers.cloudflare.com"],"reportPromptGuidance":["Keep the category boundary sharp: runtime policy, custody policy, finance approval, and owner release are different control layers.","Prefer action-by-action operator decisions over abstract autonomy rhetoric.","Use charts only if they clarify which control surface or owner should dominate a treasury action."],"searchQueries":[{"id":"query_runtime-spend-vs-refill","maxResults":6,"maxTokens":1200,"purpose":"Runtime spend versus refill guidance","query":"agent runtime spend caps wallet top up treasury controls March 2026","searchDomainFilter":["docs.cdp.coinbase.com","docs.turnkey.com","developers.fireblocks.com"],"searchRecencyFilter":"30d"},{"id":"query_rebalance-and-payout-controls","maxResults":6,"maxTokens":1200,"purpose":"Rebalance and payout controls","query":"bridge rebalance payout treasury approval custody controls agents","searchDomainFilter":["docs.stripe.com","developers.fireblocks.com","developers.cloudflare.com"],"searchRecencyFilter":null},{"id":"query_release-and-step-up-controls","maxResults":6,"maxTokens":1200,"purpose":"Release and step-up controls","query":"step up authentication publish approval workflow treasury controls","searchDomainFilter":["docs.passage.id","developers.cloudflare.com","docs.oracle.com"],"searchRecencyFilter":null}],"sectionPlan":[],"slug":"agent-treasury-controls-2026","title":"Agent Treasury Controls, 2026","topic":"agent treasury controls","versionId":"seed_agent-treasury-controls-2026"},"definitionArtifact":{"byteLength":2552,"fileName":"definition.json","format":"definition","mimeType":"application/json; charset=utf-8","sha256":"035b18e2cf567a9ad2f0aa1ba0443f9fca5c419a82cb20f0917809fc26b37339"},"dataset":{"sampleRows":[{"surface":"Routine tool or API spend","dominantControl":"Runtime spend caps plus policy checks","likelyOwner":"product operator","whyItMatters":"Quiet recurring work should stay delegated while the scope, destination, and budget envelope remain valid."},{"surface":"Wallet top-up or refill","dominantControl":"Finance approval plus custody policy","likelyOwner":"treasury owner","whyItMatters":"A refill extends future authority and changes what the agent can keep doing later."},{"surface":"Cross-rail rebalance or bridge","dominantControl":"Custody controls plus treasury review","likelyOwner":"treasury operator","whyItMatters":"Moving funds across rails changes settlement, counterparties, and failure modes, not just balance location."},{"surface":"Customer payout or refund","dominantControl":"Fresh finance review plus destination checks","likelyOwner":"finance owner","whyItMatters":"Outbound transfers are harder to reverse and need named accountability."},{"surface":"Private-route or policy expansion","dominantControl":"Owner step-up plus diff-aware review","likelyOwner":"owner or security lead","whyItMatters":"Changing what the system may touch is a release event, not routine runtime spending."}],"summary":{"deepResearchRuns":1,"normalizedSources":79,"publicSources":9,"sampleRows":5,"searchQueries":3,"window":"Q1 2026"}},"evidence":{"chartProvenance":[{"chartTitle":"Which treasury control surface should dominate each action","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Fireblocks custody overview","Passage step-up authentication"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview","https://docs.passage.id/flex/step-up"],"whyUseful":"Shows operators where the dominant guard should live for each money movement instead of collapsing spend, custody, review, and release into one generic approval layer."},{"chartTitle":"Who should own the final decision for each treasury action","sourceLabels":["Cloudflare human-in-the-loop","Oracle delegate versus reassign","Cerbos authorization in workflows","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html","https://www.cerbos.dev/blog/authorization-in-workflows","https://airuntimesecurity.io/core/multi-agent-controls"],"whyUseful":"Turns treasury control into an operating-model question by showing when product, treasury, or owner lanes should dominate the final decision."}],"claims":[{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"runtime-spend-stays-delegated","kind":"comparison","section":"Routine spend should stay delegated","sourceLabels":["Coinbase CDP Wallets overview","Turnkey embedded wallet guide","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://docs.turnkey.com/production-checklist/embedded-wallet","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Routine API or tool spend should usually stay inside runtime caps, scope checks, and destination allowlists instead of reopening finance review for every bounded action."},{"chartTitles":["Which treasury control surface should dominate each action"],"confidence":"high","id":"refills-extend-authority","kind":"finding","section":"Top-ups and rebalances extend authority","sourceLabels":["Stripe Treasury overview","Turnkey embedded wallet guide","Fireblocks custody overview"],"sourceUrls":["https://docs.stripe.com/treasury","https://docs.turnkey.com/production-checklist/embedded-wallet","https://developers.fireblocks.com/docs/overview"],"statement":"Wallet top-ups or refills are authority-extending actions because they add fresh balance that future runtime activity can keep using, so finance approval and custody policy should dominate more than routine runtime convenience."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"rebalances-are-treasury-events","kind":"comparison","section":"Top-ups and rebalances extend authority","sourceLabels":["Fireblocks custody overview","Stripe Treasury overview","AI Runtime Security multi-agent controls"],"sourceUrls":["https://developers.fireblocks.com/docs/overview","https://docs.stripe.com/treasury","https://airuntimesecurity.io/core/multi-agent-controls"],"statement":"Cross-rail rebalance or bridge actions should be treated as treasury events because they change settlement exposure, counterparties, and recovery assumptions rather than merely consuming budget."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"payouts-need-accountability","kind":"finding","section":"Payouts need named accountability","sourceLabels":["Stripe Treasury overview","Fireblocks custody overview","Oracle delegate versus reassign"],"sourceUrls":["https://docs.stripe.com/treasury","https://developers.fireblocks.com/docs/overview","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Customer payouts or refunds need named accountability, destination review, and stronger finance ownership because outward value transfer is harder to reverse than routine runtime spend."},{"chartTitles":["Which treasury control surface should dominate each action","Who should own the final decision for each treasury action"],"confidence":"high","id":"scope-release-is-governance","kind":"comparison","section":"Scope release is governance, not spending","sourceLabels":["Passage step-up authentication","Cloudflare human-in-the-loop","Oracle delegate versus reassign"],"sourceUrls":["https://docs.passage.id/flex/step-up","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"],"statement":"Private-route or policy expansion should require diff-aware review and fresh owner presence rather than relying on the same delegated authority used for routine execution."},{"chartTitles":["Who should own the final decision for each treasury action"],"confidence":"high","id":"ownership-needs-separate-lanes","kind":"comparison","section":"Bottom line","sourceLabels":["Coinbase CDP Wallets overview","Cloudflare human-in-the-loop","Cerbos authorization in workflows"],"sourceUrls":["https://docs.cdp.coinbase.com/wallet-api/docs/welcome","https://developers.cloudflare.com/agents/concepts/human-in-the-loop","https://www.cerbos.dev/blog/authorization-in-workflows"],"statement":"Product operators, treasury owners, and release owners should see different decision lanes because treasury control is really a coordination problem across runtime policy, custody, finance approval, and owner release."}],"generatedAt":"2026-03-24T00:00:00.000Z","slug":"agent-treasury-controls-2026","summary":{"chartBackedClaimCount":4,"claimCount":6,"ecosystemSourceCount":2,"officialSourceCount":7,"totalSourceCount":9},"title":"Agent Treasury Controls, 2026"},"evidenceArtifact":{"byteLength":7451,"fileName":"evidence.json","format":"evidence","mimeType":"application/json; charset=utf-8","sha256":"71fabae6f0e4c2a828d8ff4549c3474593d11a55d65e7724bab7c21e67f9c5dc"},"findings":["Most agent products blur runtime spend policy, custody controls, and finance approval until a refill or payout exposes the gap.","Routine API or tool spend should usually stay inside runtime caps and allowlists rather than reopening finance review every time.","Top-up, rebalance, and payout flows extend authority or move cash across risk boundaries, so they need stronger human ceremony than routine execution.","Private-route or policy expansion is a governance event and should require diff-aware review plus fresh owner presence."],"markdownArtifact":{"apiPath":"/api/reports/agent-treasury-controls-2026/markdown","byteLength":15789,"description":"Human-readable treasury dossier with the full narrative, charts, and operator recommendations.","format":"markdown","label":"Full markdown report","mimeType":"text/markdown; charset=utf-8","priceUsdc":0,"sha256":"489ebf1f1aa700f72ea3835f6aafc92ab35a8db903f5a9f0a6f595ceeb60bc90","status":"live"},"markdownAvailable":true,"methodologyArtifact":{"byteLength":1048,"fileName":"methodology.json","format":"methodology","mimeType":"application/json; charset=utf-8","sha256":"7c4792ffac7827f29266926a75b4940dd2196a9d174382f4c605d3db98a2b2cb"},"methodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"outline":[{"id":"agent-treasury-controls-2026","level":1,"text":"Agent Treasury Controls, 2026"},{"id":"the-treasury-action-ladder","level":2,"text":"The Treasury Action Ladder"},{"id":"routine-spend-should-stay-delegated","level":2,"text":"Routine Spend Should Stay Delegated"},{"id":"top-ups-and-rebalances-extend-authority","level":2,"text":"Top-Ups and Rebalances Extend Authority"},{"id":"payouts-need-named-accountability","level":2,"text":"Payouts Need Named Accountability"},{"id":"scope-release-is-governance-not-spending","level":2,"text":"Scope Release Is Governance, Not Spending"},{"id":"comparison-table","level":2,"text":"Comparison Table"},{"id":"recommendations-for-operators","level":2,"text":"Recommendations for Operators"},{"id":"bottom-line","level":2,"text":"Bottom Line"}],"previewMarkdown":"# Agent Treasury Controls, 2026\n\n## What this report covers\n\n- Where routine agent spend should stay delegated and policy-enforced\n- Why wallet top-ups, rebalances, and payouts should reopen finance or treasury review\n- How custody, workflow policy, approval, and step-up fit together without collapsing into one vague control\n\n## Core takeaway\n\nTreasury control is not one approval checkbox. Serious agent products need a clearer split between quiet runtime spend, authority-extending treasury actions, and outward-facing policy changes. Routine tool or API spend should remain boring inside caps and policy. Funding, bridging, payouts, and scope release should not.\n\n## Why this slug matters\n\nThe workflow and payment layers are now strong enough to support a dedicated treasury memo instead of burying the topic inside broader approval or wallet reports. This report turns treasury control into an operator decision framework rather than a generic “more governance” slogan.\n","report":{"category":"Treasury operations","datasetSummary":{"deepResearchRuns":1,"normalizedSources":79,"publicSources":9,"sampleRows":5,"searchQueries":3,"window":"Q1 2026"},"featureKey":"deep_reports_agent_treasury_controls_2026","findings":["Most agent products blur runtime spend policy, custody controls, and finance approval until a refill or payout exposes the gap.","Routine API or tool spend should usually stay inside runtime caps and allowlists rather than reopening finance review every time.","Top-up, rebalance, and payout flows extend authority or move cash across risk boundaries, so they need stronger human ceremony than routine execution.","Private-route or policy expansion is a governance event and should require diff-aware review plus fresh owner presence."],"methodology":["Anchored the report in official custody, treasury, workflow, wallet, and step-up documentation from Coinbase, Stripe, Turnkey, Fireblocks, Passage, Cloudflare, and Oracle as of March 24, 2026.","Used one deep research run plus three focused search sweeps to separate routine agent spend from refill, rebalance, payout, and release decisions.","Modeled treasury control as four distinct surfaces: runtime policy, custody policy, finance approval, and fresh owner presence.","Preferred operator decision rules and control ownership over generalized governance language."],"previewBullets":["Routine bounded spend should stay delegated and policy-enforced instead of constantly reopening finance review.","Wallet top-ups, rebalances, and payouts are authority-extending treasury actions and deserve stronger custody or finance ceremony.","The right split is between runtime policy, custody policy, treasury approval, and fresh owner step-up for scope release."],"publishedAt":"2026-03-24T00:00:00.000Z","sampleRows":[{"surface":"Routine tool or API spend","dominantControl":"Runtime spend caps plus policy checks","likelyOwner":"product operator","whyItMatters":"Quiet recurring work should stay delegated while the scope, destination, and budget envelope remain valid."},{"surface":"Wallet top-up or refill","dominantControl":"Finance approval plus custody policy","likelyOwner":"treasury owner","whyItMatters":"A refill extends future authority and changes what the agent can keep doing later."},{"surface":"Cross-rail rebalance or bridge","dominantControl":"Custody controls plus treasury review","likelyOwner":"treasury operator","whyItMatters":"Moving funds across rails changes settlement, counterparties, and failure modes, not just balance location."},{"surface":"Customer payout or refund","dominantControl":"Fresh finance review plus destination checks","likelyOwner":"finance owner","whyItMatters":"Outbound transfers are harder to reverse and need named accountability."},{"surface":"Private-route or policy expansion","dominantControl":"Owner step-up plus diff-aware review","likelyOwner":"owner or security lead","whyItMatters":"Changing what the system may touch is a release event, not routine runtime spending."}],"slug":"agent-treasury-controls-2026","sources":[{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"}],"subtitle":"Built for operators deciding which money movements can stay delegated and which ones should reopen finance, custody, or owner review.","summary":"A category report on how agent products should separate runtime spend policy, treasury approval, custody controls, and owner release.","tags":["treasury","controls","agents","custody","policy"],"title":"Agent Treasury Controls, 2026","updatedAt":"2026-03-24T00:00:00.000Z"},"sourcesArtifact":{"byteLength":2608,"fileName":"sources.json","format":"sources","mimeType":"application/json; charset=utf-8","sha256":"93407e2938c6aa89485cba6fcf586738453205d12589512eaaf83ae0d1b24fa3"},"sources":[{"kind":"official","label":"Coinbase CDP Wallets overview","note":"Wallet-control surface for agent-facing products and embedded transaction management.","url":"https://docs.cdp.coinbase.com/wallet-api/docs/welcome"},{"kind":"official","label":"Stripe Treasury overview","note":"Treasury primitives and money-movement framing for balances, outbound flows, and financial accounts.","url":"https://docs.stripe.com/treasury"},{"kind":"official","label":"Turnkey embedded wallet guide","note":"Operational wallet-control guidance covering delegated, app-controlled, and shared-custody models.","url":"https://docs.turnkey.com/production-checklist/embedded-wallet"},{"kind":"official","label":"Fireblocks custody overview","note":"Institutional custody and policy surface for treasury-heavy workflows and approval boundaries.","url":"https://developers.fireblocks.com/docs/overview"},{"kind":"official","label":"Passage step-up authentication","note":"Reference for requiring fresh user presence on sensitive release or payout actions.","url":"https://docs.passage.id/flex/step-up"},{"kind":"official","label":"Cloudflare human-in-the-loop","note":"Workflow pause, approval, timeout, and resume patterns for long-running agent systems.","url":"https://developers.cloudflare.com/agents/concepts/human-in-the-loop"},{"kind":"official","label":"Oracle delegate versus reassign","note":"Useful distinction between temporary delegated action and true ownership transfer.","url":"https://docs.oracle.com/en/cloud/saas/supply-chain-and-manufacturing/25c/faipr/what-s-the-difference-between-reassign-and-delegate.html"},{"kind":"ecosystem","label":"Cerbos authorization in workflows","note":"Application-layer framing for authorization that persists across workflow state transitions.","url":"https://www.cerbos.dev/blog/authorization-in-workflows"},{"kind":"ecosystem","label":"AI Runtime Security multi-agent controls","note":"Runtime guardrail framing for delegation depth, no-privilege-escalation, and scope inheritance.","url":"https://airuntimesecurity.io/core/multi-agent-controls"}]},"generatedAt":"2026-05-04T00:11:55.940Z","kind":"deep_report_json","operatorAccess":null,"payer":null}