Vault that holds the agent’s funds, and an AgentCap that authorizes the agent to act against them.
Vault
TheVault is a shared object that holds the agent’s coins. It is multi-asset: balances live in dynamic fields keyed by coin type. The operator funds it with a budget asset at provision time; assets the agent acquires through permitted swaps settle back into it.
Funds leave the vault only through a gated path. vault::withdraw_with_receipt<T> calls policy::check_and_consume<T> before releasing any Coin<T>, so every outflow is policy-checked. The owner holds an OwnerCap, which authorizes lifecycle operations: pause, unpause, revoke, set caps, and the kill-and-drain that sweeps the vault back to the owner.
Read live balances with vaultBalances(client, vaultId).
AgentCap
TheAgentCap is the agent’s capability. It is non-transferable: declared key-only with no store, so once minted to the agent’s address it cannot be given away or sold.
vault::withdraw_with_receipt checks vault_id; policy::check_and_consume checks policy_id. A cap pointing at the wrong policy aborts wrong_policy.
This is why an agent needs only its private key. The key owns the AgentCap; agentRefs(client, address) reads the cap and derives the vault and policy ids from it. See the SDK reference.
How they fit together
Next: on-chain enforcement
How check_and_consume aborts, and what each abort code means.