Privileges

Privileges let you pre-approve a scope of operations so your agent can act without triggering an approval each time. Think of it as a signed permission slip: “you may spend up to $X, only to these addresses, only on this chain, and only for the next N hours.”

How It Works

You define a scope — spend limit, allowed addresses, chain, and expiration
You approve it once — creates an encoded token
Agent attaches the token — qualifying transactions are signed instantly, no 2FA
Token expires — after the time limit or spend cap is reached, the agent needs a new token or falls back to normal approvals

Scope Parameters

Parameter	What it controls
`allowedAddresses`	Which addresses the agent can send to. Empty `[]` = any address (riskier).
`chainId`	Which chain the token applies to
`requestedAmountUsd`	Maximum cumulative USD value across all transactions
`requestedExpirySeconds`	How long the token is valid

Using Privileges (CLI)

Pass --permission-token to any signing or transaction command:


waap-cli send-tx \
  --to 0xCetusPool \
  --value 0.01 \
  --chain-id sui:mainnet \
  --permission-token <encoded-token>

The transaction goes through immediately — no Telegram prompt, no waiting.

When to Use Them

Scenario	Without Privilege	With Privilege
Yield agent repositioning every few hours	Telegram approval each time	Auto-approved within scope
Trading agent executing 50 trades/day	50 Telegram approvals/day	Auto-approved up to limit
One-time large transfer	Approve manually (good)	Not recommended — use normal approval

Rule of thumb: Use Privileges for routine, low-value, repetitive operations. Keep normal approvals for anything large or unusual.

SDK Integration

For browser-based apps, Privileges are requested via window.waap.requestPermissionToken(). See the Privileges SDK guide for full implementation details.

Approvals & Notifications — What happens when a Privilege isn’t present
Policy Controls — Set the baseline limits that Privileges operate within
CLI Commands — Full command reference