Autonomous trading safety
userThe consent model in plain English: readiness checks by default, the live-readiness gate, LiveAutonomyAck, and the ten mandatory autonomy fuses.
The consent model
Every autonomous trading path in HISS starts in paper — that is the default, not a suggestion. The three autonomy modes do exactly what they say:
paper(default, shown as Readiness Check in the app) — pre-execution verification only. Runbooks, receipts, checks. Nothing touches an account.preview— prepares the Robinhood MCP execution capsule and checks readiness. Preview cannot place orders, by rule and by compiled instruction.live_candidate— records that HISS readiness checks passed. It is not live execution by itself: HISS still sends nothing, and any live order happens only in your Robinhood Agentic Account through your own authorized Robinhood MCP connection.
The LiveAutonomyAck
Graduating past readiness checks and previews requires this object — separate from mode selection, all nine booleans literally true, timestamp valid ISO-8601. It exists so that “my agent can act without asking me each time” is something you said, not something an agent inferred. Per Robinhood’s own support article, if you have authorized your agent to act without per-order approval, it can place trades without your confirmation — which is exactly why HISS makes you say so explicitly:
{
"acknowledgedAgentCanTradeWithoutPerOrderInput": true,
"acknowledgedLossOfPrincipalRisk": true,
"acknowledgedUserResponsibleForMonitoring": true,
"acknowledgedUserResponsibleForAgentInstructions": true,
"acknowledgedOrdersMayAppearInRobinhoodActivityAndHistory": true,
"acknowledgedLongEquitiesAndOptionsOnlyUnlessDocsChange": true,
"acknowledgedOptionsRiskIfOptionsEnabled": true,
"acknowledgedHissNoCredentialsNoOrders": true,
"acknowledgedNotInvestmentAdvice": true,
"timestamp": "2026-07-07T00:00:00.000Z"
}Receipts store a hash of the acknowledgment (liveAutonomyAckHash), never credentials and never anything an agent could replay as consent to something else.
The live-readiness gate
Four checks, all visible, all required before the gate reads passed:
- The Coil validates and all ten mandatory autonomy fuses are present and in bounds.
- A paper preview was run and reviewed by you.
- The LiveAutonomyAck is complete (separate from mode selection).
- Receipt logging and the post-run audit are committed.
Gate states: not_ready → paper_pending → ack_required → passed. “Passed” is a readiness statement about the capsule — never an execution grant.
The ten mandatory autonomy fuses
No autonomous loop compiles without every one of these. Missing, ambiguous, or conflicting fuses fail closed — that is the design, not an inconvenience.
| Fuse | What it bounds |
|---|---|
| allowedTickers | The only symbols an agent may touch — plain broker tickers from your own Coil, never chain addresses. |
| maxNotionalPerOrderUsd | Hard dollar cap on any single order. |
| maxDailyNotionalUsd | Hard dollar cap on total order flow per day. |
| maxPortfolioAllocationPerSymbolBps | No symbol may exceed this share of the portfolio (basis points). |
| maxRebalanceFrequency | At most daily, weekly, or monthly — an agent may not churn faster. |
| marketHoursPolicy | Regular market hours only, unless you explicitly chose extended-allowed. |
| slippageLimitPolicy | Order type plus a maximum slippage tolerance in bps. |
| stopConditions | At least one binding stop — breached fuse, stale data, receipt mismatch, or the user saying pause. |
| receiptLogging | Must be literally true: every session logs a deterministic receipt. |
| postRunAuditRequired | Must be literally true: reported activity comes back to HISS for a fuse audit. |
Two more rules sit under all of them: allocation basis points must sum to exactly 10,000, and broker tickers and chain addresses are separate symbol spaces — a 0x address in a ticker field is a hard error, never a conversion.
Receipts and post-run audits
Every compile writes a deterministic receipt: manifest hash, fuse checksum, autonomy mode, gate status, allowed tickers, notional caps, cadence, stop conditions — and liveOrderSent: false, hard-typed so no HISS artifact can ever claim an order happened. After any external agent session, the reported activity goes back through post_run_audit, which checks every reported order against the receipt’s fuses and flags anything outside them.
What HISS never does
- Never stores Robinhood credentials — no passwords, API keys, tokens, or cookies, and requests carrying credential-looking fields are rejected outright.
- Never sends live orders from the web app; there is no order rail in HISS to misuse.
- Never claims an order happened — the output guard blocks execution-claim language in every API response, MCP tool result, and x402 response.
- Never recommends specific securities and never provides personalized investment advice — it operationalizes your own Coil.
- Never infers consent: not from a mode string, not from enthusiasm, not from an agent asserting it.
What can still go wrong
Fuses bound damage; they do not remove risk. Be specific with yourself about this:
- Agent error. An agent can misread instructions, act on stale data, or rebalance at a bad moment. Notifications on, activity feed watched, disconnect switch known — those are your controls, in Robinhood.
- Market risk. A perfectly executed bad strategy still loses money. Autonomous trading involves substantial risk, including loss of principal.
- Monitoring is on you. Robinhood explicitly does not supervise or audit agents, and neither does HISS. Users are responsible for monitoring agents, account activity, and positions.
- Rollout constraints. Robinhood Agentic Trading covers long equities and options orders today; crypto and futures are announced, not shipped, and must not be assumed.
The Robinhood boundary, exactly
Live-capable order tools — place_equity_order, cancel_equity_order, place_option_order, cancel_option_order — are Robinhood MCP tools. They are not HISS tools, and HISS has no rail to call them. Orders your agent places appear in the Activity section of your Agentic account and in your Robinhood history; you are ultimately responsible for the trades your AI agent places. Source: Trading with your agent (Robinhood Support). Last verified: 2026-07-07.
Setup guide: Bankrbot × Robinhood MCP · machine-readable rules: /SKILL.md · /api/bankrbot/schema.