# Virtual Accounts

Punks provides users with secure, non-custodial-style Virtual Accounts that act as programmable financial containers designed specifically for agent-driven payments. These accounts abstract away blockchain complexity while giving users full control over their spending, authentication, and authorization settings.

Each Virtual Account is created and managed through Privy, ensuring a high-security environment where sensitive operations—such as key handling, transaction signing, and authorization—remain isolated, encrypted, and fully protected. Unlike traditional custodial systems, Virtual Accounts are engineered so that users remain in full control of authentication and payment permissions while benefiting from seamless agent interactions.

#### User Authentication & Access Control

Virtual Accounts rely on Privy’s secure identity layer, enabling two-factor–style authentication using:

* Email Login – Simplifies onboarding while providing an accessible user entry point.\ <br>
* Passkey Authentication – Adds a cryptographically strong, phishing-resistant authentication factor using WebAuthn standards.\ <br>

Together, these mechanisms ensure that only the legitimate user can access and authorize the activities connected to their Virtual Account.

#### Security Architecture

The Virtual Account system is designed with multiple layers of defense:

* Isolated Key Management – Keys are securely stored and encrypted within Privy’s protected enclave, never exposed to the frontend or to agents.
* Transaction Permission Rules – Users can define spending limits per transaction, ensuring that agents can never exceed authorized amounts.
* Zero Direct Agent Access – Agents never interact with private keys. They only generate requests for payment, which must be validated and approved through the user's Virtual Account under predefined rules.
* Activity Monitoring & Logging – Every payment, authorization, and interaction is transparently logged and visible to the user.\ <br>

This security model ensures that Virtual Accounts behave like self-custodied smart wallets from a trust perspective—without burdening users with private key management.

#### Designed for Agent Payments

The Virtual Account is deeply integrated into the x402 payment flow:

* Users keep USDC and PunksCash balances within the account.
* Agents can request fees through x402, which the Virtual Account evaluates based on spending rules.
* If permitted, the Virtual Account signs and executes the payment automatically.
* Cashback in PunksCash is credited directly back into the Virtual Account.\ <br>

This creates a controlled environment where machine-native payments can occur safely, predictably, and in full alignment with the user’s permissions.

#### User Control & Financial Safety

Users retain full sovereignty over their Virtual Accounts. They can:

* Top up USDC balances
* Receive PunksCash rewards
* Adjust maximum spending limits
* View all past transactions
* Approve, decline, or revoke agent payment permissions\ <br>

Even in fully autonomous agent flows, the user remains the ultimate authority over all payments and access rights.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://punkscash.gitbook.io/punkscash/features/virtual-accounts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.