DEV Community: Loai Qubti The latest articles on DEV Community by Loai Qubti (@loai17). https://dev.to/loai17 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4000084%2F06e6262c-b4dd-41a1-9993-b550419d6819.jpg DEV Community: Loai Qubti https://dev.to/loai17 en Building Human-in-the-Loop Approval for AI Agent Crypto Payments Loai Qubti Wed, 24 Jun 2026 08:13:25 +0000 https://dev.to/loai17/building-human-in-the-loop-approval-for-ai-agent-crypto-payments-49jd https://dev.to/loai17/building-human-in-the-loop-approval-for-ai-agent-crypto-payments-49jd <p>AI agents can now spend crypto on their own. No human clicking approve. That's the point.</p> <p>But "autonomous" doesn't mean "unsupervised." The question isn't whether your agent can transact — it's whether you'll know when it's about to do something it's never done before, and whether a human can step in before it does.</p> <p>Spend caps and allow-lists don't answer that. They define what an agent can't do. Nothing watches for when it starts acting differently than it normally does — a transfer to a brand-new address, an amount ten times larger than usual, a contract it's never touched.</p> <p>This tutorial shows you how to build a human-in-the-loop approval layer for your AI agent wallet in about 15 minutes. When a transaction looks off, your system gets an alert — Slack, email, whatever you use — and a human decides whether it goes through. Built on <a href="https://walletprint.vercel.app" rel="noopener noreferrer">WalletPrint</a>, an open-source behavioral risk SDK for agent wallets.</p> <h2> What You'll Build </h2> <p>By the end of this tutorial, your agent will:</p> <ul> <li>Screen every proposed transaction against its own behavioral history before signing</li> <li>Get back a risk score and plain-English reasons when something looks off</li> <li>Fire a webhook alert to your team (Slack, email, or your own review flow) for medium and high risk transactions</li> <li>Give humans the ability to approve, hold, or escalate — before anything moves</li> </ul> <p>No spend cap changed. No allow-list modified. Just a behavioral signal layer sitting between "agent wants to pay" and "payment goes through."</p> <h2> Prerequisites </h2> <ul> <li>Node.js 18+</li> <li>An agent using ZeroDev session keys, LangChain tools, or any agent that signs transactions</li> <li>15 minutes</li> </ul> <h2> Step 1 — Install the SDK </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @walletprint/sdk </code></pre> </div> <h2> Step 2 — Set Up Your Environment </h2> <p>Add these two lines to your <code>.env</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">WALLETPRINT_API_KEY</span><span class="o">=</span>walletprint-dev-key <span class="nv">WALLETPRINT_BASE_URL</span><span class="o">=</span>https://walletprint.up.railway.app </code></pre> </div> <p>The sandbox key (<code>walletprint-dev-key</code>) works immediately with no signup. Scores are computed live and returned in full — sandbox requests are rate-limited and not persisted, which is fine for testing. When you're ready to build real behavioral baselines, request a production key at <a href="https://walletprint.vercel.app" rel="noopener noreferrer">walletprint.vercel.app</a>.</p> <h2> Step 3 — Score a Transaction </h2> <p>Here's the most basic usage — no framework-specific wrapper needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">WalletPrintClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@walletprint/sdk</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WalletPrintClient</span><span class="p">({</span> <span class="na">baseUrl</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">WALLETPRINT_BASE_URL</span><span class="o">!</span><span class="p">,</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">WALLETPRINT_API_KEY</span><span class="o">!</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">score</span><span class="p">({</span> <span class="na">wallet</span><span class="p">:</span> <span class="p">{</span> <span class="na">address</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xYourAgentWallet</span><span class="dl">"</span><span class="p">,</span> <span class="na">chain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">base</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">transaction</span><span class="p">:</span> <span class="p">{</span> <span class="na">to</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xRecipient</span><span class="dl">"</span><span class="p">,</span> <span class="na">value_usd</span><span class="p">:</span> <span class="mi">1200</span><span class="p">,</span> <span class="na">asset</span><span class="p">:</span> <span class="dl">"</span><span class="s2">USDC</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">score</span><span class="p">);</span> <span class="c1">// 0-100</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">band</span><span class="p">);</span> <span class="c1">// "low" | "medium" | "high"</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">reason_codes</span><span class="p">);</span> <span class="c1">// plain-English reasons</span> </code></pre> </div> <p>A response looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">62</span><span class="p">,</span><span class="w"> </span><span class="nl">"band"</span><span class="p">:</span><span class="w"> </span><span class="s2">"medium"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason_codes"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"NEW_RECIPIENT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"New recipient"</span><span class="p">,</span><span class="w"> </span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Wallet has never sent to this address before."</span><span class="p">,</span><span class="w"> </span><span class="nl">"contribution"</span><span class="p">:</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SIZE_EXTREME_OUTLIER"</span><span class="p">,</span><span class="w"> </span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Unusual transaction size"</span><span class="p">,</span><span class="w"> </span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Transaction value is in the top 1% of this wallet's history."</span><span class="p">,</span><span class="w"> </span><span class="nl">"contribution"</span><span class="p">:</span><span class="w"> </span><span class="mi">25</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>No black box. Every flag is explained in plain English, with a contribution score showing how much each reason affected the total.</p> <h2> Step 4 — Set Up Webhook Alerts </h2> <p>Wire up a webhook so your system gets notified the moment a medium or high band transaction is scored. This is the human-in-the-loop layer — when WalletPrint flags something, your team gets an alert and decides what happens next.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl https://walletprint.up.railway.app/v1/webhook <span class="se">\</span> <span class="nt">-X</span> PATCH <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"content-type: application/json"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"x-api-key: YOUR_PRODUCTION_API_KEY"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "webhook_url": "https://your-app.com/walletprint/webhook", "webhook_bands": ["medium", "high"] }'</span> </code></pre> </div> <p>WalletPrint fires a POST to your URL the moment a flagged transaction is scored — with the full score, band, reason codes, and transaction details. Route it to Slack, email, a human review dashboard, whatever fits your stack. Full webhook payload schema is in the <a href="https://github.com/Loai17/walletprint-sdk/blob/main/docs/approval-flow.md" rel="noopener noreferrer">approval flow docs</a>.</p> <h2> Step 5 — Integrate with ZeroDev </h2> <p>If you're using ZeroDev session keys, wrap your <code>sendTransaction</code> call so every transaction is screened before signing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">WalletPrintClient</span><span class="p">,</span> <span class="nx">wrapZeroDevSendTransaction</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@walletprint/sdk</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WalletPrintClient</span><span class="p">({</span> <span class="na">baseUrl</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">WALLETPRINT_BASE_URL</span><span class="o">!</span><span class="p">,</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">WALLETPRINT_API_KEY</span><span class="o">!</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">screenedSend</span> <span class="o">=</span> <span class="nf">wrapZeroDevSendTransaction</span><span class="p">(</span> <span class="k">async </span><span class="p">(</span><span class="nx">transaction</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">sessionKeyClient</span><span class="p">.</span><span class="nf">sendTransaction</span><span class="p">(</span><span class="nx">transaction</span><span class="p">),</span> <span class="p">{</span> <span class="nx">client</span><span class="p">,</span> <span class="na">walletAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xYourAgentWallet</span><span class="dl">"</span><span class="p">,</span> <span class="na">chain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">base</span><span class="dl">"</span><span class="p">,</span> <span class="na">getValueUsd</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">tx</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Replace with your price oracle / token metadata lookup</span> <span class="k">return</span> <span class="mi">500</span><span class="p">;</span> <span class="p">},</span> <span class="na">onScore</span><span class="p">:</span> <span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">WalletPrint:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">band</span><span class="p">,</span> <span class="nx">result</span><span class="p">.</span><span class="nx">reason_codes</span><span class="p">);</span> <span class="c1">// Your app decides what to do — WalletPrint never blocks automatically</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">band</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">high</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// pause, alert a human, require manual approval</span> <span class="p">}</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> <span class="c1">// Use screenedSend exactly like sessionKeyClient.sendTransaction</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">result</span><span class="p">,</span> <span class="nx">score</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">screenedSend</span><span class="p">({</span> <span class="na">to</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xRecipient</span><span class="dl">"</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="mi">1</span><span class="nx">n</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>The wrapper is advisory only — WalletPrint never blocks a transaction automatically. You get the signal. You decide what happens next.</p> <h2> Step 6 — Integrate with LangChain </h2> <p>If you're building a LangChain agent, add WalletPrint as a tool in your agent's tool list:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">WalletPrintClient</span><span class="p">,</span> <span class="nx">createLangChainDynamicTool</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@walletprint/sdk</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WalletPrintClient</span><span class="p">({</span> <span class="na">baseUrl</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">WALLETPRINT_BASE_URL</span><span class="o">!</span><span class="p">,</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">WALLETPRINT_API_KEY</span><span class="o">!</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">scoreTool</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createLangChainDynamicTool</span><span class="p">({</span> <span class="nx">client</span><span class="p">,</span> <span class="na">walletAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xYourAgentWallet</span><span class="dl">"</span><span class="p">,</span> <span class="na">chain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">base</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Add scoreTool to your agent's tool list before signing transactions</span> <span class="kd">const</span> <span class="nx">agent</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">createReactAgent</span><span class="p">({</span> <span class="nx">llm</span><span class="p">,</span> <span class="na">tools</span><span class="p">:</span> <span class="p">[...</span><span class="nx">yourExistingTools</span><span class="p">,</span> <span class="nx">scoreTool</span><span class="p">],</span> <span class="p">});</span> </code></pre> </div> <p>The agent can now call the score tool before committing to a transaction, and use the result to decide whether to proceed, pause, or escalate.</p> <h2> Step 7 (Optional) — Label Outcomes to Improve the Model </h2> <p>If you know whether a flagged transaction turned out to be legitimate or actually wrong, submit a label. This is how the behavioral model gets better over time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nf">submitFeedback</span><span class="p">({</span> <span class="na">screened_transaction_id</span><span class="p">:</span> <span class="nx">result</span><span class="p">.</span><span class="nx">screened_transaction_id</span><span class="p">,</span> <span class="na">label</span><span class="p">:</span> <span class="dl">"</span><span class="s2">false_positive</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// or "confirmed_malicious" | "confirmed_benign"</span> <span class="na">label_source</span><span class="p">:</span> <span class="dl">"</span><span class="s2">integrator_dashboard</span><span class="dl">"</span><span class="p">,</span> <span class="na">notes</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Legitimate treasury transfer to a new partner</span><span class="dl">"</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>Every label you submit makes the model more accurate — not just for your wallet, but across every wallet WalletPrint screens. This is how the cross-wallet clustering signal gets built over time.</p> <h2> What Just Happened </h2> <p>Your agent wallet now has a behavioral layer that didn't exist five minutes ago.</p> <p>Every transaction gets checked against how that wallet actually behaves — not just whether it's within the rules. First-time recipients get flagged. Unusual amounts get flagged. Velocity spikes get flagged. And when something comes back high band, your system knows about it before anything is signed.</p> <p>The pattern that drained $285M from Drift would have looked like a perfectly normal transaction to every existing guardrail. This is the layer that notices when something doesn't match the pattern — even when the rules say it's fine.</p> <h2> Resources </h2> <ul> <li>SDK: <a href="https://github.com/Loai17/walletprint-sdk" rel="noopener noreferrer">github.com/Loai17/walletprint-sdk</a> </li> <li>npm: <a href="https://www.npmjs.com/package/@walletprint/sdk" rel="noopener noreferrer">@walletprint/sdk</a> </li> <li>Docs: <a href="https://walletprint.vercel.app/docs" rel="noopener noreferrer">walletprint.vercel.app/docs</a> </li> <li>Approval flow: <a href="https://github.com/Loai17/walletprint-sdk/blob/main/docs/approval-flow.md" rel="noopener noreferrer">approval-flow.md</a> </li> <li>Compliance export: <a href="https://github.com/Loai17/walletprint-sdk/blob/main/docs/compliance.md" rel="noopener noreferrer">compliance.md</a> </li> </ul> <p>Questions or want a production key? <a href="https://walletprint.vercel.app/contact" rel="noopener noreferrer">walletprint.vercel.app/contact</a></p> security tutorial webdev javascript