HelmProtocol

Just watched my agent on Solana mainnet propose a $10 transfer. Two seconds later, Telegram buzzed: 🔔 New pending transaction Vault: AQt7…8cPS Action: 0.14 SOL → unknown program USD: $10.00 (hourly: $0 / $25) [Approve] [Veto] [View vault] Tapped Approve → https://t.co/Mt0H8K7XGV opened → Phantom signed → done. The agent's transaction cleared on-chain. Or I could've tapped Veto. Or just ignored it for 24 hours and let the timelock expire. This is the agent economy with a kill switch in your pocket. The bot never touched my keys. It just told me what my agent wanted to do, and routed me to my own wallet to make the call. Connect your own at https://t.co/Mt0H8K7XGV → vault detail → Connect Telegram. @HelmProtocolBot

Real scenarios this unlocks: → Shopping agent with a Solana wallet — let it browse and buy, but every purchase pings your phone for approval before it clears → Polymarket trading agent — set a $50/tx cap, then catch any large position your agent wants to open before it commits → Treasury automation — your DAO agent rebalances daily, but anything above the daily cap waits for a human in the chat → Subscription / payments agent — small recurring payments flow through, but new merchants always trigger a delayed approval → Yield farming agent — auto-compound under the cap, ask permission before moving size The pattern is the same every time: agent acts within the rules instantly, asks you for anything outside them. The chain enforces. The chat notifies. You sign or veto on your own terms.

Helm now lives in your pocket. Connect Telegram to any vault. The moment your agent proposes a transaction — anywhere in the world, any time of day — your phone buzzes. One tap opens the vault. One signature approves or vetoes. The bot doesn't hold your keys. It can't. Helm is self-custodial by design, even when you're holding it from a chat interface. This is what a real-time guardian looks like: → Agent proposes → Telegram notification in seconds → Tap Approve → https://t.co/Mt0H8K7XGV opens → Phantom signs → done → Or tap Veto → same flow, transaction killed on-chain You can also pull state on demand: /vaults — list your vaults /pending — see what's awaiting approval Connect it from any vault page: https://t.co/Mt0H8K7XGV The trust layer just got a notification channel. → @HelmProtocolBot → https://t.co/mYUyn4wrc9

If you're building anything with an AI agent that touches money — trading bot, treasury automation, DAO operator, payment agent — the question is no longer "should this have spending controls" but "why doesn't it already." The infrastructure is here. It's on Solana mainnet. It's open source. It works in a browser. Create a vault. Set your caps in USD. Choose your allowlist. Hold veto rights. The agent operates. The protocol holds the line.

Robinhood just opened to AI agents. Isolated account. Spending limits. Manual approval. Kill switch. That's the exact safety pattern Helm built — except on Solana mainnet, self-custodial, and live today. Here's what's interesting: Robinhood's design choices are basically the centralized version of Helm's protocol. → Isolated account → Helm vault PDA (separate from your main wallet) → Spending limits → on-chain USD caps via Pyth oracles → Manual approval → guardian veto on delayed-tier transactions → Kill switch → one-click suspend vault from the dashboard The difference: Robinhood holds your money, your account, your trades, your approval flow. They can change the rules. They can freeze you. They can disconnect the agent without you. Helm holds nothing. The vault is your PDA. The policy is on-chain. The caps are enforced by Solana, not by a server somewhere. If Helm disappeared tomorrow, your vault still works. When the biggest US broker ships agentic accounts with the exact safety primitives Helm built into a programmable multisig — that's not competition. That's validation that the pattern is correct. Centralized → Robinhood Agentic. Self-custodial → Helm. Agents need wallets with rules.

If your agent ever steps out of policy — or you just want to pause it — one click suspends the vault. The agent can't propose anything new until you resume it. Funds stay where they are. You stay in control. No CLI, no transaction surgery. This is what "the trust layer" actually means in practice: not just rules on paper, but a kill switch you can hit from your phone the moment something looks wrong.

What's coming to Helm: → Multi-agent vaults — one vault, multiple agents with scoped permissions → Telegram-based remote guardian — approve/veto from your phone → Permissioned validator marketplace — opt-in third parties for high-stakes vaults → Cross-program permission scopes — limit not just which programs, but which instructions The trust layer keeps deepening. https://t.co/mYUyn4wrc9