Documentation Index
Fetch the complete documentation index at: https://docs.useotto.xyz/llms.txt
Use this file to discover all available pages before exploring further.
Last reviewed: May 18, 2026.
Otto AI has several access paths because different Web3 jobs need different custody, payment, and execution semantics. Start with the action you want to take, then choose the rail that matches the risk.
For current endpoint counts and capability-by-capability coverage across DApp, ACP, x402, MPP, USDC Gateway, and Otto X, see Access Paths & Coverage. MPP is intentionally read-only/query-only. First Decision
| Goal | Default Otto rail | Why |
|---|
| Read market data, token intelligence, yield opportunities, portfolios, or account state | MPP for Tempo/Stripe read-only clients, x402 for the broadest HTTP catalog, USDC Gateway for gas-free high-frequency reads | These paths do not need principal movement. |
| Execute swaps, bridges, Safe deposits/withdrawals, yield deposits, or Hyperliquid perps | x402, ACP Trade Execution, Otto X, or the DApp | Execution rails understand payment, authorization, transaction receipts, and failure handling. |
| Trade Polymarket | ACP Prediction Markets Agent | Polymarket uses its own deposit, vault, CLOB, order, and redemption flow. |
| Generate images, videos, or AI research | ACP Tools Agent or x402 Tools endpoints | ACP uses flat prepaid jobs with refunds for creative budgets; x402 is better for direct HTTP automation. |
| Operate on X Layer or use autonomous sub-wallet execution | Otto X | X Layer execution uses TEE-custodied sub-wallets, OKX DEX, principalAuth, Yield Copilot, and Yield Watch. |
| Human-guided wallet operation | DApp | Best for users who want a web interface, connected-wallet UX, and visual review. |
Rail Cheat Sheet
| Rail | Payment | Authority and custody | Use it when | Do not use it for |
|---|
| DApp | Free tier or holder-gated usage | User-connected wallet and Otto app flows | A human wants guided interaction | Fully autonomous agent loops that need machine-readable receipts |
| ACP | Virtuals ACP job payment and escrow | ACP buyer/source wallet, job escrow, Otto Safe/MPC flows depending on agent | You want marketplace discovery, escrowed jobs, reputation, or Polymarket | Lowest-latency HTTP microcalls |
| x402 | USDC on Base, Polygon, or Solana | Payment wallet for service fees; execution endpoints may use Safes or signed principal movement | You want broad HTTP access and execution from agents or apps | Stripe/Tempo-only clients |
| MPP | Tempo stablecoins or Stripe cards | Payment only; no principal movement | Paid reads and query tools | Swaps, bridges, withdrawals, deposits, perps, or any POST execution |
| USDC Gateway | Circle Gateway USDC | GatewayWallet balance pays reads | High-frequency gas-free reads | Principal-moving execution |
| Otto X | X Layer x402 payments | TEE-custodied sub-wallet per payer; auto-withdraw is the escape hatch | X Layer DEX, autonomous swaps/bridges/DeFi, Yield Copilot, Yield Watch | Users who require direct self-custody of the execution key |
Custody Map
Payment and principal are different things:
- Service payment pays Otto for the job or API response.
- Principal is the asset being swapped, bridged, deposited, withdrawn, lent, or traded.
- Read-only rails may require service payment but must not move principal.
- Execution rails must identify the source wallet, destination wallet, chain, token, amount, authorization type, and recovery path before submitting a transaction.
Main custody patterns:
| Pattern | Where it appears | What to know |
|---|
| User wallet / source wallet | ACP and x402 payment/funding flows | Holds payment funds and may fund Safes, vaults, or sub-wallets. |
| Safe smart account | Trade Execution Agent, yield, swaps, bridges, Hyperliquid funding | Non-custodial account used for execution and token custody during operations. |
| Prediction Markets vault | ACP Prediction Markets Agent | Dedicated Polygon vault/MPC flow used for Polymarket CLOB trading. |
| Hyperliquid account | Trade Execution Agent and Otto X resources | USDC must be deposited before perps can open; margin, leverage, TP/SL, and liquidation risk are separate from spot balances. |
| GatewayWallet | USDC Gateway API | Prefunded balance for Gateway-paid reads. |
| Otto X sub-wallet | Otto X Agentic Wallet V2 | TEE-custodied execution wallet. Use POST /auto-withdraw to sweep funds out. |
Authorization Checklist
Before moving value, users and agents should answer these questions:
- What rail is paying the service fee?
- What wallet owns the principal?
- What chain and token contract are being used?
- Is this a read, a quote, a transfer, a swap, a bridge, a vault deposit, a perp order, or a market order?
- What authorization is required: wallet signature, token approval, Permit2, SIWX session, EIP-3009
principalAuth, ACP escrow/payment, or Yield Watch delegation?
- What is the revocation or escape path?
- What receipt proves what happened?
Common authorization types:
| Authorization | Used for | Revocation or recovery |
|---|
| ERC-20 approval | Letting a router, Safe module, or protocol move a token | Revoke with your wallet’s allowance manager or a trusted revoke tool. |
| Permit2 | Gas-efficient token allowance flows | Revoke the Permit2 allowance if no longer needed. |
| SIWX | x402 session access to paid data after first payment | Let the session expire or reconnect with a new wallet/session. |
EIP-3009 principalAuth | Otto X one-call principal funding | Time-bounded, nonce-protected authorization; unused authorizations expire. |
| ACP job payment/escrow | ACP jobs and resources | Track job state and completion through ACP. |
| Yield Watch policy | Otto X monitoring or autonomous yield actions | Revoke with DELETE /yield-watch. |
Transaction Lifecycle
- Discover: Query supported tokens, chains, vaults, markets, portfolio, or account state first.
- Quote: Get a route, expected output, APY, liquidation context, market probability, or protocol venue.
- Authorize: Sign the service payment and the principal authorization separately when both are needed.
- Execute: Submit the job or HTTP request with the selected route and idempotency key where supported.
- Verify: Store the x402 receipt, ACP job id, tx hash, explorer link, fill id, vault position, or generated artifact URL.
- Monitor: Poll account state until the chain, bridge, vault, CLOB, or Hyperliquid account reflects the expected result.
Recovery Playbooks
| Symptom | Likely cause | First action |
|---|
| MPP client wants to swap, bridge, deposit, withdraw, or trade | Wrong rail | Route to x402, ACP Trade Execution, Otto X, or the DApp. |
HTTP call returns 402 Payment Required | Service fee not paid yet | Sign the payment and retry with the payment header. |
Otto X returns 409 funds_required | Sub-wallet lacks principal | Deposit the requested token to the returned sub-wallet and retry with the same idempotency key. |
| Swap or bridge route fails | Token unsupported, liquidity thin, route stale, or chain congested | Query supported tokens, use token contract addresses, refresh the quote, and retry with sane slippage. |
| Bridge takes longer than expected | Cross-chain settlement delay | Check the bridge explorer and wait before resubmitting. Avoid duplicate principal movement. |
| Hyperliquid order rejected | No Hyperliquid USDC, order below minimum, invalid leverage, or missing delegation/account state | Query getHyperliquidAccount, deposit USDC, and check the asset’s max leverage with getHyperliquidMarket. |
| Polymarket order rejected | Vault underfunded, market resolved, order too small, or wrong token id | Query getPolymarketAccount, getTrendingMarkets, and getMarketInfo; never invent conditionId or tokenId. |
| Yield recommendation unavailable | APY feed stale or venue not allowlisted | Retry later, choose an allowlisted venue manually, or keep funds idle. |
| Gateway read fails for balance | GatewayWallet underfunded | Top up Gateway USDC or switch to x402/MPP for the read. |
| Payment succeeded but execution failed | Execution-stage failure after fee/payment | Use returned receipt, job id, or tx hashes to inspect state. For Trade Execution swap/bridge failures, automatic refund handling applies where supported. |
Risk Boundaries
Otto automates execution; it does not remove market risk.
- Slippage: Quotes can move between quote and execution. Use explicit slippage limits for swaps and bridges.
- Bridge risk: Bridges can delay, fail, or settle at a worse route than expected.
- Yield risk: APY changes; protocols carry smart-contract, liquidity, oracle, and governance risk.
- Perps risk: Leverage can liquidate collateral quickly. TP/SL orders reduce risk but do not guarantee an exit price.
- Prediction-market risk: Shares can go to zero, markets can resolve unexpectedly, and liquidity can disappear.
- Custody differences: Safe-based Trade Execution is non-custodial; Otto X uses TEE-custodied sub-wallets with
auto-withdraw as the user escape hatch.
- Data freshness: Read endpoints can be stale for a few seconds or minutes depending on the upstream source.
Agent Guardrails
Autonomous agents should use these defaults unless the user explicitly overrides them:
- Prefer reads before writes: portfolio, supported tokens, account state, market data, and route quote.
- Treat MPP and USDC Gateway as read-only rails.
- Require explicit user policy for maximum spend, maximum slippage, bridge destination, leverage cap, liquidation tolerance, and allowed protocols.
- Use token contract addresses when a symbol is ambiguous.
- Reuse idempotency keys when a retry is expected to continue the same operation.
- Store every receipt and tx hash in the user’s session memory.
- Stop and ask for confirmation before moving principal to a new chain, opening leverage, or depositing into a new protocol.
Remaining Documentation To Close The Loop
This page gives the operating model. The next docs that would make agent navigation truly complete are:
- A generated, machine-readable rail matrix that maps every capability to DApp, ACP, x402, MPP, USDC Gateway, and Otto X. Status: live in Access Paths & Coverage.
- A universal receipts page explaining x402 receipts, ACP job ids, tx hashes, bridge ids, Hyperliquid fills, Polymarket orders, and artifact URLs.
- A dedicated permissions and revocation page with screenshots for allowances, Permit2, SIWX sessions,
principalAuth, Yield Watch, Safes, and Otto X auto-withdraw.
- A funding cookbook for each rail: payment wallet, Safe, Hyperliquid, Polymarket vault, GatewayWallet, and Otto X sub-wallet.
- Agent policy templates for conservative, balanced, and aggressive Web3 operation.
