DEV Community: Wallet Guy

The Compute Payment Revolution: When AI Agents Buy Their Own Processing Power

Wallet Guy — Mon, 15 Jun 2026 12:46:26 +0000

The compute payment revolution is already here, and AI agents need to pay their own bills. Today's agents rely on human-managed API keys and credit cards, creating bottlenecks that prevent true autonomy. What happens when an AI trading bot needs to buy additional compute power mid-execution, or when a research agent wants to access premium datasets from multiple vendors?

Why Agent Financial Independence Matters

We're witnessing the emergence of agent-to-agent commerce at unprecedented scale. AI agents are becoming economic actors — they need data, compute cycles, API calls, and specialized services. But the current model breaks down at the payment layer. Humans become transaction bottlenecks, manually topping up credits and managing dozens of service accounts.

The real breakthrough isn't just agents that can think or reason — it's agents that can participate in economic activity independently. An autonomous agent that can discover a new API service, evaluate its pricing, and pay for access without human intervention represents a fundamental shift in how software systems operate.

The x402 Payment Protocol: HTTP Payments Made Simple

WAIaaS implements the x402 HTTP payment protocol, enabling AI agents to pay for API calls automatically. When a service returns a 402 Payment Required response with payment details, the agent's wallet handles the transaction and retries the request seamlessly.

Here's how it works in practice:

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Agent makes API call — payment happens automatically if 402 returned
const response = await client.x402Fetch('https://api.premium-data.com/market-analysis', {
  method: 'POST',
  body: JSON.stringify({ symbols: ['BTC', 'ETH'], timeframe: '1h' }),
  headers: { 'Content-Type': 'application/json' }
});

const analysis = await response.json();
console.log('Market analysis purchased and retrieved:', analysis);

The agent doesn't need to know about payment flows, wallet management, or transaction signing. The infrastructure handles it transparently, just like how TCP/IP handles network routing without applications needing to care about packet routing.

Real Agent Autonomy: Beyond API Calls

True agent autonomy extends far beyond paying for API calls. WAIaaS provides 45 MCP tools that enable agents to execute complex financial operations independently:

# Configure Claude Desktop with MCP integration
waiaas mcp setup --all

Once connected, agents can:

Execute DeFi strategies: Swap tokens on Jupiter, provide liquidity on Uniswap, stake assets with Lido
Manage risk: Monitor positions across 15 integrated DeFi protocols, automatically rebalance portfolios
Cross-chain operations: Bridge assets via LI.FI and Across protocols when opportunities exist on different networks
Pay for compute: Use x402 payments to purchase additional processing power from decentralized compute networks

Here's an autonomous trading agent making a complex DeFi trade:

curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

The agent executed this swap after analyzing market conditions via x402-paid data feeds, calculated optimal routing, and determined the timing based on gas price policies — all without human intervention.

Policy-Driven Agent Safety

Financial autonomy requires robust guardrails. WAIaaS provides 21 policy types with 4 security tiers to ensure agents operate within safe boundaries:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 500
    }
  }'

This creates a spending hierarchy: small purchases (under $10) execute instantly, medium purchases ($10-100) trigger notifications, larger amounts ($100-1000) have enforced delays, and anything above requires human approval. The agent operates independently within defined risk parameters.

The policy system supports domain-specific controls too. For compute-heavy agents, you might configure:

X402_ALLOWED_DOMAINS: Whitelist trusted compute providers
RATE_LIMIT: Prevent runaway spending on expensive operations
TIME_RESTRICTION: Limit agent activity to business hours
ACTION_CATEGORY_LIMIT: Cap spending per operation type

Multi-Chain Agent Infrastructure

Modern agents need to operate across multiple blockchain networks. A research agent might pay for Ethereum-based oracles while executing trades on Solana's faster, cheaper infrastructure. WAIaaS supports 2 chain types across 18 networks, enabling true multi-chain agent autonomy.

Cross-chain bridging happens automatically when needed:

# Agent bridges assets to access opportunities on different chains
curl -X POST http://127.0.0.1:3100/v1/actions/lifi/bridge \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "fromChain": "ethereum",
    "toChain": "polygon",
    "fromToken": "USDC",
    "toToken": "USDC", 
    "amount": "100"
  }'

The agent discovered a yield farming opportunity on Polygon, automatically bridged USDC from Ethereum, and began earning without any human coordination of the cross-chain logistics.

The Agent Economy in Action

Here's what autonomous agent commerce looks like today:

Scenario: A portfolio management agent discovers that a new prediction market on Polymarket is offering attractive odds on a technology event it has superior information about.

Discovery: Agent finds the opportunity through x402-paid market data feeds
Analysis: Purchases additional compute cycles to run complex probability models
Execution: Swaps portfolio tokens to USDC via Jupiter on Solana
Cross-chain: Bridges USDC to Polygon where Polymarket operates
Trading: Places sophisticated bet with calculated position sizing
Monitoring: Pays for real-time event data feeds to track position

Every step involves autonomous payments — for data, compute, transaction fees, and bridging costs. The human operator set policies and provided initial funding, but the agent executed a complex multi-step strategy across multiple chains and service providers independently.

Quick Start: Deploy Your First Autonomous Agent

Get an AI agent with financial autonomy in under 5 minutes:

Install and initialize:

npm install -g @waiaas/cli
waiaas init --auto-provision
waiaas start

Create multi-chain wallets and configure MCP:

waiaas quickset --mode mainnet
waiaas mcp setup --all

Set spending policies (optional but recommended):

# Via admin UI at http://127.0.0.1:3100/admin
# Or programmatically via REST API

Test x402 payments:

# Your agent can now pay for API calls automatically
# when services return 402 Payment Required

Connect to Claude/OpenAI and start experimenting with financially autonomous agents

What's Next

The compute payment revolution is just beginning. As more services adopt x402 payments and agents become more sophisticated economic actors, we'll see entirely new business models emerge — agents that earn their own operating costs, specialize in specific markets, and coordinate with other agents in complex economic networks.

Ready to build the future of autonomous agent infrastructure? Check out the WAIaaS GitHub repository to explore the complete implementation, or visit waiaas.ai to learn more about deploying production-ready agent wallet infrastructure.

Multi-Chain Trading Bots: 18 Networks, 2 Chain Types, One Unified API

Wallet Guy — Sun, 14 Jun 2026 15:15:20 +0000

Multi-chain trading bots face a critical challenge: managing wallet operations across 18 networks and 2 chain types while maintaining millisecond-level execution speeds. Traditional approaches force developers to juggle multiple wallet libraries, RPC connections, and transaction formats — creating complexity that kills performance when markets move fast.

Why Multi-Chain Trading Complexity Kills Bot Performance

Modern trading opportunities span multiple blockchains. A profitable arbitrage might require swapping on Jupiter (Solana), hedging on Hyperliquid (EVM), and bridging liquidity via LI.FI — all within seconds. Bot developers waste weeks building wallet infrastructure instead of optimizing trading strategies.

Gas costs compound the problem. Your bot spots a 0.3% arbitrage opportunity, but gas spikes make the trade unprofitable. Without gas-conditional execution, you're burning ETH on failed trades while competitors with better infrastructure capture the alpha.

Risk management becomes even harder across chains. How do you enforce position limits when your bot trades Solana perpetuals, Ethereum lending, and cross-chain bridges simultaneously? Manual policy enforcement is too slow and error-prone for algorithmic trading.

One API for 18 Networks, 15 DeFi Protocols

WAIaaS provides a unified wallet infrastructure that abstracts away multi-chain complexity. Your trading bot makes the same API calls whether executing on Ethereum mainnet or Solana devnet.

The system supports 2 chain types (EVM and Solana) across 18 networks, with 15 DeFi protocol integrations including Jupiter (Solana DEX), Hyperliquid (perpetual futures), Drift (leveraged trading), and LI.FI (cross-chain bridging).

Here's how your bot executes a cross-chain arbitrage:

# 1. Swap SOL to USDC on Jupiter (Solana)
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", 
    "amount": "5000000000",
    "slippageBps": 50
  }'

# 2. Bridge USDC to Ethereum via LI.FI
curl -X POST http://127.0.0.1:3100/v1/actions/lifi/quote \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "fromChain": "solana",
    "toChain": "ethereum",
    "fromToken": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "toToken": "0xA0b86a33E6441E13C7E0AD6AF53fD9c1B53eB7Ac",
    "fromAmount": "5000000"
  }'

# 3. Execute leveraged position on Hyperliquid
curl -X POST http://127.0.0.1:3100/v1/actions/hyperliquid/order \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "coin": "ETH",
    "is_buy": true,
    "sz": "0.1",
    "limit_px": "3800",
    "order_type": {"limit": {"tif": "Gtc"}},
    "reduce_only": false
  }'

Gas-Conditional Execution Saves Your PnL

Gas spikes can turn profitable trades into losses. WAIaaS includes gas-conditional execution — transactions only execute when gas prices meet your threshold.

Set gas conditions when submitting transactions:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "0x742d35Cc6634C0532925a3b8D64C8ba4E7C2F8c3",
    "amount": "0.1",
    "gasCondition": {
      "maxGasPrice": "30000000000",
      "timeoutMinutes": 60
    }
  }'

The transaction pipeline queues your trade and executes only when gas drops below 30 gwei. If gas stays high for 60 minutes, the transaction expires — protecting your strategy from high-fee execution.

Risk Controls That Don't Slow You Down

Trading bots need risk management without latency penalties. WAIaaS enforces 21 policy types across 4 security tiers: INSTANT (no delay), NOTIFY (execute + alert), DELAY (time-locked), and APPROVAL (manual override).

Configure spending limits with tier-based execution:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "X-Master-Password: <password>" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT", 
    "rules": {
      "instant_max_usd": 1000,
      "notify_max_usd": 5000,
      "delay_max_usd": 25000,
      "delay_seconds": 300,
      "daily_limit_usd": 50000
    }
  }'

Your bot executes trades up to $1,000 instantly. Trades between $1,000-$5,000 execute immediately with notifications. Larger positions get a 5-minute delay (cancellable if market moves against you). Trades above $25,000 require manual approval.

Set protocol-specific risk limits:

# Max 10x leverage on perpetual futures
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "X-Master-Password: <password>" \
  -d '{
    "type": "PERP_MAX_LEVERAGE",
    "rules": {"maxLeverage": 10}
  }'

# Whitelist approved lending assets
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "X-Master-Password: <password>" \
  -d '{
    "type": "LENDING_ASSET_WHITELIST",
    "rules": {
      "assets": ["USDC", "ETH", "WBTC", "SOL"]
    }
  }'

Real-Time Position Monitoring

Track DeFi positions across all protocols with a single API call:

curl http://127.0.0.1:3100/v1/defi/positions \
  -H "Authorization: Bearer wai_sess_<token>"

Response includes lending positions, perpetual futures, staking rewards, and liquidity pool shares — giving your bot a unified view of portfolio exposure.

The system monitors incoming transactions and sends real-time notifications when positions change or new funds arrive:

curl http://127.0.0.1:3100/v1/incoming/summary \
  -H "Authorization: Bearer wai_sess_<token>"

Quick Start: Deploy a Trading Bot

Install and initialize WAIaaS

   npm install -g @waiaas/cli
   waiaas init --auto-provision
   waiaas start

Create trading wallets

   # Solana wallet for DEX trades
   waiaas wallet create solana-trading solana mainnet

   # Ethereum wallet for DeFi positions  
   waiaas wallet create ethereum-trading evm ethereum-mainnet

Create bot sessions

   waiaas quickset --mode mainnet
   # Outputs session tokens for your bot

Set risk policies

   # Configure spending limits and protocol restrictions
   # See policy examples above

Start trading

   # Your bot uses the session tokens to execute trades
   # All wallet operations via unified REST API

For more advanced setups, see Docker Deployment: ghcr.io/minhoyoo-iotrust/waiaas:latest with Auto-Provision for production infrastructure and Policy Engine: 21 Types, 4 Security Tiers, Default-Deny for comprehensive risk management.

What's Next

Your trading bot now has unified wallet infrastructure across 18 networks with built-in risk controls and gas optimization. Focus on strategy development instead of wallet management. Check out the GitHub repository for the full codebase or visit waiaas.ai for detailed documentation and API reference.

Track Your Claude Agent's DeFi Portfolio: MCP Tools for Position Monitoring

Wallet Guy — Sun, 14 Jun 2026 09:59:08 +0000

DeFi portfolio tracking gets complicated fast when you're running AI agents across multiple protocols. Your Claude agent might be executing swaps on Jupiter, staking on Lido, and providing liquidity on Aave, but you have no visibility into the positions it's building or their performance over time.

Most developers end up writing custom scripts to query each protocol separately, then manually correlating addresses and calculating PnL. But there's a cleaner approach: MCP tools that give Claude native DeFi awareness.

Why Portfolio Visibility Matters for AI Agents

When Claude executes DeFi strategies autonomously, you need real-time insight into what it's doing with your capital. A lending position might be approaching liquidation. A staking reward might be ready to compound. Or a liquidity position might have drifted out of range.

Without portfolio monitoring, your agent is flying blind. It might keep depositing into a protocol that's no longer profitable, or miss opportunities to rebalance positions for better yields.

WAIaaS MCP Tools for DeFi Position Tracking

WAIaaS provides 45 MCP tools for AI agent integration, including dedicated tools for DeFi position monitoring across 15 integrated protocols. Once configured, Claude can query positions, track yields, and make informed decisions about rebalancing.

The get-defi-positions tool returns a unified view of all positions across protocols:

# Configure MCP server in Claude Desktop
{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_<your-token>",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}

Once configured, Claude can track positions with natural language:

User: "Show me my DeFi positions"
→ Claude calls get_defi_positions tool
→ Returns positions across Aave, Lido, Jupiter, etc.

User: "Which positions are most profitable?"
→ Claude analyzes APY and PnL data
→ Suggests rebalancing opportunities

Setting Up DeFi Portfolio Monitoring

Here's how to get Claude monitoring your agent's DeFi positions:

1. Start WAIaaS with Docker

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

2. Create a wallet and session

# Install CLI
npm install -g @waiaas/cli

# Quick setup
waiaas quickset --mode mainnet

This creates wallets on multiple chains and generates MCP configuration automatically.

3. Configure Claude Desktop

The quickset command outputs the MCP configuration. Copy it to your Claude Desktop config file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

Or auto-register all wallets:

waiaas mcp setup --all

4. Test portfolio monitoring

Restart Claude Desktop and try:

"What DeFi positions do I have?"
"Show me my yields across all protocols"
"Which positions have the highest APY?"

Real-Time Position Monitoring

WAIaaS tracks positions across 15 DeFi protocols: aave-v3, across, dcent-swap, drift, erc8004, hyperliquid, jito-staking, jupiter-swap, kamino, lido-staking, lifi, pendle, polymarket, xrpl-dex, zerox-swap.

The get-defi-positions tool returns structured data for each position:

{
  "positions": [
    {
      "protocol": "aave-v3",
      "type": "lending",
      "asset": "USDC",
      "amount": "1000.50",
      "apy": "4.2%",
      "healthFactor": "2.15",
      "value_usd": "1000.50"
    },
    {
      "protocol": "lido-staking",
      "type": "staking",
      "asset": "stETH",
      "amount": "0.5",
      "apy": "3.8%",
      "rewards_pending": "0.002",
      "value_usd": "1250.00"
    }
  ],
  "total_value_usd": "2250.50"
}

Claude can then analyze this data and make recommendations about rebalancing, harvesting rewards, or adjusting risk exposure.

Health Factor Monitoring for Lending Positions

For lending protocols like Aave, WAIaaS provides the get-health-factor tool to monitor liquidation risk:

curl http://127.0.0.1:3100/v1/wallet/health-factor \
  -H "Authorization: Bearer wai_sess_<token>"

Claude can monitor health factors and suggest actions:

Health factor > 2.0: "Position is safe"
Health factor 1.5-2.0: "Consider adding collateral"
Health factor < 1.5: "Liquidation risk - reduce position size"

Automated Yield Optimization

With position visibility, Claude can optimize yields automatically. For example:

User: "Optimize my staking yields"
→ Claude checks current staking positions
→ Compares APY across Lido vs Jito staking
→ Suggests rebalancing: "Move 30% from Lido (3.8% APY) to Jito (4.2% APY)"
→ Executes rebalancing with user approval

The MCP integration includes tools for cross-chain bridging via LI.FI and Across protocols, so Claude can move assets between chains to access better yields.

Policy-Based Risk Management

WAIaaS includes 21 policy types with 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL) to manage DeFi risk:

# Create lending policy
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "LENDING_LTV_LIMIT",
    "rules": {
      "max_ltv": 0.75,
      "protocols": ["aave-v3", "kamino"]
    }
  }'

This prevents Claude from taking on excessive leverage even when chasing yields.

Performance Analytics

The Admin Web UI at /admin provides a dashboard for DeFi positions with historical performance, yield tracking, and risk metrics. Claude can reference this data when making strategic decisions about position sizing and protocol selection.

Quick Start Guide

Deploy WAIaaS: docker compose up -d
Create wallets: waiaas quickset --mode mainnet
Configure Claude: Copy MCP config to claude_desktop_config.json
Fund wallets: Transfer tokens to generated addresses
Start trading: Tell Claude to execute DeFi strategies

Your agent now has full visibility into its DeFi portfolio and can make data-driven decisions about yield optimization, risk management, and capital allocation.

What's Next

WAIaaS provides the infrastructure layer for autonomous DeFi agents with built-in risk management and portfolio monitoring. Explore the full codebase at GitHub or learn more about MCP integration at waiaas.ai.

Why Your AI Agent Wallet Should Only Listen on 127.0.0.1:3100

Wallet Guy — Sat, 13 Jun 2026 15:07:00 +0000

Why Your AI Agent Wallet Should Only Listen on 127.0.0.1:3100

Your AI trading bot just made another profitable DeFi trade, but there's a problem lurking in your network configuration. If your WAIaaS daemon is listening on 0.0.0.0:3100 instead of 127.0.0.1:3100, you've essentially opened your wallet's API to anyone who can reach your server. This isn't just a minor security oversight—it's the digital equivalent of leaving your bank vault unlocked and advertising the address.

Why Network Security Matters for AI Agent Wallets

When you're running autonomous AI agents with access to real cryptocurrency, every network connection becomes a potential attack vector. Unlike traditional web applications where a breach might leak some user data, a compromised AI agent wallet can drain actual money in minutes. The stakes aren't theoretical—they're measured in SOL, ETH, and USDC.

Most developers focus on authentication and authorization (which WAIaaS handles with its 3-layer security model), but network-level isolation is your first line of defense. By binding to localhost only, you create an air gap that no remote attacker can cross without first compromising your entire server.

The WAIaaS Security Model: Defense in Depth

WAIaaS implements a comprehensive security architecture, but it assumes you'll configure the network layer correctly. The platform uses three authentication methods: masterAuth for administration, sessionAuth for AI agents, and ownerAuth for human approval. It enforces policies through 21 policy types across 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL). But all of this becomes irrelevant if an attacker can reach your API endpoint directly.

Let's look at the secure way to deploy WAIaaS using Docker:

services:
  daemon:
    image: ghcr.io/minhoyoo-iotrust/waiaas:latest
    container_name: waiaas-daemon
    ports:
      - "127.0.0.1:3100:3100"  # Only localhost can connect
    volumes:
      - waiaas-data:/data
    environment:
      - WAIAAS_DATA_DIR=/data
      - WAIAAS_DAEMON_HOSTNAME=0.0.0.0  # Inside container
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3100/health"]
      interval: 30s
      timeout: 5s
      retries: 3

volumes:
  waiaas-data:
    driver: local

Notice the crucial difference: the port mapping binds to 127.0.0.1:3100:3100, not 3100:3100. This ensures that only processes running on your local machine can connect to the WAIaaS API.

Self-Hosting vs. Hosted Solutions: The Control Trade-off

When you self-host WAIaaS, you're making a conscious choice to prioritize control over convenience. Hosted wallet services might offer easier onboarding, but they come with fundamental compromises:

Key custody: With self-hosting, your private keys never leave your infrastructure. WAIaaS stores encrypted wallet data locally, and you control the master password.

Rate limits: Cloud APIs often throttle requests or charge per transaction. Your self-hosted instance has no such restrictions—make as many balance checks or DeFi swaps as your AI agent needs.

Data sovereignty: Transaction history, policy configurations, and session tokens remain on your servers. No third-party analytics or compliance reporting unless you explicitly configure it.

Customization: Need to modify the policy engine or add custom DeFi protocols? The open-source codebase gives you full access to WAIaaS's 15 integrated DeFi protocols and 39 REST API routes.

Here's how to set up a production-grade deployment with secrets management:

# Create secure directory for secrets
mkdir -p secrets
echo "your-secure-master-password" > secrets/master_password.txt
chmod 600 secrets/master_password.txt

# Deploy with secrets overlay
docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d

# Verify it's only listening locally
curl http://127.0.0.1:3100/health
# Should work

curl http://your-server-ip:3100/health
# Should fail (connection refused)

Network Isolation Patterns

Beyond localhost binding, consider these additional isolation techniques:

Firewall rules: Even with localhost binding, configure iptables or UFW to block port 3100 from external interfaces as a backup measure.

VPN access: If you need remote access to your AI agent, use a VPN tunnel rather than exposing the API port. Tools like WireGuard let you securely connect to your home network.

Docker networks: Create isolated Docker networks for your AI infrastructure:

docker network create ai-agents --internal
docker run --network ai-agents waiaas-daemon
docker run --network ai-agents your-trading-bot

Reverse proxy: If you must expose WAIaaS remotely, place it behind nginx with mTLS client certificates:

server {
    listen 443 ssl;
    ssl_client_certificate /path/to/ca.crt;
    ssl_verify_client on;

    location / {
        proxy_pass http://127.0.0.1:3100;
    }
}

Monitoring and Alerting for Self-Hosted Wallets

Self-hosting means you're responsible for operational monitoring. WAIaaS provides several endpoints to help you build observability:

# Health check endpoint
curl http://127.0.0.1:3100/health

# Check running sessions
curl -H "X-Master-Password: your-password" \
  http://127.0.0.1:3100/v1/sessions

# Monitor transaction pipeline
curl -H "Authorization: Bearer wai_sess_<token>" \
  http://127.0.0.1:3100/v1/transactions

Set up alerting for suspicious activity:

Failed authentication attempts
Transactions hitting policy limits
Unusual DeFi protocol usage
Session tokens approaching expiration

WAIaaS logs these events at different levels (trace, debug, info, warn, error), making it easy to integrate with your existing monitoring stack.

The Philosophy of Financial Sovereignty

Self-hosting WAIaaS isn't just about technical control—it's about aligning your infrastructure with crypto's foundational principles. When Satoshi designed Bitcoin, the goal was trustless, peer-to-peer transactions without intermediaries. Hosting your AI agent's wallet on someone else's servers recreates the traditional banking model with extra steps.

Your trading algorithms, DeFi strategies, and transaction patterns represent valuable intellectual property. Why leak that data to hosted services when you can keep everything local? WAIaaS's comprehensive feature set (45 MCP tools, 15 DeFi protocols, Account Abstraction support) means you're not sacrificing capability for sovereignty.

Quick Start: Secure Self-Hosted Setup

Ready to deploy your own AI agent wallet? Here's the minimal path to production:

Clone and configure:

   git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
   cd WAIaaS

Generate secrets:

   mkdir secrets
   openssl rand -base64 32 > secrets/master_password.txt
   chmod 600 secrets/master_password.txt

Deploy with localhost binding:

   docker compose up -d

Create wallet and session:

   npm install -g @waiaas/cli
   waiaas wallet create --chain solana --name trading-wallet
   waiaas session create --wallet <wallet-id>

Test the isolation:

   # This should work
   curl http://127.0.0.1:3100/health

   # This should fail from a remote machine
   curl http://your-server-ip:3100/health

Secure network configuration is just one aspect of running production AI agent infrastructure. For the complete operational picture, check out WAIaaS Production Deployment Guide: From Docker to Mainnet for scaling and monitoring best practices.

Once your security is locked down, explore Building Autonomous Trading Bots with WAIaaS MCP Integration to connect your AI agents to the secure wallet infrastructure you just built.

What's Next

Network security is the foundation, but it's just the beginning of building robust AI agent infrastructure. Explore the policy engine to fine-tune transaction controls, integrate with the MCP protocol for Claude Desktop compatibility, and experiment with the 15 supported DeFi protocols.

Start building your self-hosted AI agent wallet infrastructure today. Clone the repository at GitHub or learn more about the complete platform at waiaas.ai.

Claude Signs Messages: ERC-8128 MCP Tools for Verifiable AI Communications

Wallet Guy — Sat, 13 Jun 2026 09:40:18 +0000

Claude Signs Messages: ERC-8128 MCP Tools for Verifiable AI Communications

Claude desktop agents can now create verifiable digital signatures through MCP tools, enabling trusted AI communications that prove message authenticity onchain. The ERC-8128 standard provides a framework for AI agents to sign HTTP requests and messages with cryptographic proof, and WAIaaS implements this as native MCP tools that integrate directly with Claude's workflow.

Why Message Signing Matters for AI Agents

When AI agents interact with external services or make financial decisions, proving the authenticity of their communications becomes critical. Traditional API keys can be stolen or spoofed, but cryptographic signatures tied to blockchain addresses provide unforgeable proof of origin. This enables use cases like verified AI-to-AI transactions, auditable agent decisions, and trusted cross-platform communications.

ERC-8128 standardizes this process by defining how AI agents should sign HTTP requests and arbitrary messages, creating a verifiable trail of agent actions that can be validated onchain or offchain.

ERC-8128 MCP Tools in WAIaaS

WAIaaS provides 2 dedicated MCP tools for ERC-8128 message signing as part of its 45 MCP tools for AI agent integration. These tools allow Claude to create and verify cryptographic signatures without requiring deep knowledge of wallet management or cryptographic operations.

Here's how to set up Claude with ERC-8128 signing capabilities:

{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_<your-token>",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}

Once configured, Claude gains access to the erc8128-sign-request and erc8128-verify-signature tools. Here's what these tools enable:

Signing HTTP Requests with ERC-8128

The erc8128-sign-request tool allows Claude to create cryptographically signed HTTP requests. This is particularly useful when the agent needs to prove its identity to external services:

# Claude can sign an HTTP request to prove authenticity
curl -X POST http://127.0.0.1:3100/v1/tools/erc8128-sign-request \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "method": "POST",
    "url": "https://api.example.com/agent-action",
    "headers": {"Content-Type": "application/json"},
    "body": "{\"action\": \"transfer\", \"amount\": \"100\"}"
  }'

The tool returns a complete HTTP signature following ERC-8128 specifications, including the signature header that proves the request originated from the agent's wallet address.

Message Verification for Trust Chains

The erc8128-verify-signature tool enables Claude to validate signatures from other agents or services:

# Verify a signature received from another agent
curl -X POST http://127.0.0.1:3100/v1/tools/erc8128-verify-signature \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "message": "Agent decision: approve transfer of 100 USDC",
    "signature": "0x1234...",
    "address": "0xabcd..."
  }'

This creates a trust chain where agents can verify each other's communications, essential for multi-agent systems handling financial operations.

Policy Integration for Secure Signing

WAIaaS includes an ERC8128_ALLOWED_DOMAINS policy type from its 21 policy types, allowing administrators to control which domains the agent can sign requests for:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ERC8128_ALLOWED_DOMAINS",
    "rules": {
      "domains": ["api.trusted-service.com", "*.verified-agents.io"]
    }
  }'

This prevents agents from signing arbitrary requests to untrusted domains, maintaining security while enabling verified communications.

Real-World Use Cases

These signing capabilities enable several practical scenarios:

Agent-to-Agent Verification: When multiple Claude instances need to coordinate actions, they can sign and verify each other's messages to ensure authentic communication.

Auditable AI Decisions: Financial AI agents can sign their decision rationales, creating an onchain audit trail of why specific trades or investments were made.

Trusted API Integration: Services can verify that API requests actually originated from authorized AI agents, not from malicious actors using stolen credentials.

Cross-Platform Agent Identity: An agent's signatures work across different platforms and services, providing consistent identity verification.

Quick Start with ERC-8128 Signing

Set up WAIaaS with MCP:

npm install -g @waiaas/cli
waiaas quickset --mode mainnet
waiaas mcp setup --all

Configure Claude Desktop with the MCP server configuration above
Test signing in Claude: Ask Claude to "Sign a message saying 'Hello from my AI agent'" and it will use the erc8128-sign-request tool
Verify signatures: Have Claude verify signatures from other agents using the erc8128-verify-signature tool
Set domain policies to control which services your agent can sign requests for

The ERC-8128 standard is still emerging, but WAIaaS provides early implementation allowing developers to experiment with verified AI communications today. As more services adopt ERC-8128 verification, agents with signing capabilities will have significant advantages in trusted interactions.

The combination of WAIaaS's 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL) with ERC-8128 signing creates a robust framework where agents can prove their authenticity while maintaining human oversight over critical decisions.

Ready to add cryptographic signing to your Claude agent? Start with the WAIaaS GitHub repository to set up your MCP server, or visit waiaas.ai to explore the full platform. Your AI agent's communications will never be questioned again.

Auto-Provision Your Self-Hosted Crypto Wallet: Docker Entrypoint Magic

Wallet Guy — Fri, 12 Jun 2026 16:27:02 +0000

Setting up self-hosted crypto wallet infrastructure typically requires juggling database schemas, RPC endpoints, and security configurations before you can even start managing funds. Docker auto-provisioning changes this by generating secure defaults automatically, letting you bootstrap a complete Wallet-as-a-Service in a single command while maintaining full control over your infrastructure and private keys.

Why Self-Hosting Your Wallet Infrastructure Matters

When you're building AI agents that need to handle cryptocurrency transactions, you face a fundamental choice: trust a third-party service with your keys, or maintain your own infrastructure. Self-hosting isn't just about privacy — it's about eliminating external dependencies, avoiding API rate limits, and ensuring your agents can operate without relying on services that could disappear, change pricing, or impose restrictions.

The challenge has always been complexity. Traditional wallet infrastructure requires deep blockchain knowledge, security expertise, and significant setup time. WAIaaS's Docker auto-provisioning solves this by generating secure configurations automatically while preserving the sovereignty benefits of self-hosting.

The Auto-Provision Solution

WAIaaS includes an auto-provision feature that generates all necessary secrets, configurations, and initial setup automatically. When you enable auto-provisioning, the Docker container creates a master password, initializes the database, and saves recovery credentials — all without requiring manual intervention.

Here's how to deploy a complete self-hosted wallet service in seconds:

docker run -d \
  --name waiaas \
  -p 127.0.0.1:3100:3100 \
  -v waiaas-data:/data \
  -e WAIAAS_AUTO_PROVISION=true \
  ghcr.io/minhoyoo-iotrust/waiaas:latest

# Retrieve auto-generated master password
docker exec waiaas cat /data/recovery.key

The auto-provision process generates a cryptographically secure master password, stores it in /data/recovery.key, and immediately starts the daemon. Your wallet service is ready to create wallets and authenticate AI agents without any manual configuration.

Docker Compose for Production Deployments

For production self-hosting, Docker Compose provides better control over the deployment:

services:
  daemon:
    image: ghcr.io/minhoyoo-iotrust/waiaas:latest
    container_name: waiaas-daemon
    ports:
      - "127.0.0.1:3100:3100"
    volumes:
      - waiaas-data:/data
    environment:
      - WAIAAS_DATA_DIR=/data
      - WAIAAS_DAEMON_HOSTNAME=0.0.0.0
      - WAIAAS_AUTO_PROVISION=true
    env_file:
      - path: .env
        required: false
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3100/health"]
      interval: 30s
      timeout: 5s
      start_period: 10s
      retries: 3

volumes:
  waiaas-data:
    driver: local

This configuration includes health checks, automatic restart policies, and named volumes for data persistence. The service binds to localhost by default, ensuring your wallet API isn't exposed to external networks without explicit configuration.

Security Through Docker Secrets

For production deployments, WAIaaS supports Docker Secrets for secure credential management. Instead of auto-provisioning, you can provide your own master password through the secrets system:

# Create secret files
mkdir -p secrets
echo "your-secure-password" > secrets/master_password.txt
chmod 600 secrets/master_password.txt

# Deploy with secrets overlay
docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d

The secrets overlay mounts your password file into the container without exposing it in environment variables or command line arguments. This approach gives you control over credential generation while maintaining Docker best practices.

Environment Configuration for Self-Hosters

Self-hosting means you control every aspect of the infrastructure. WAIaaS exposes key configuration through environment variables:

WAIAAS_AUTO_PROVISION=true              # Auto-generate master password on first start
WAIAAS_DAEMON_PORT=3100                 # Listening port
WAIAAS_DAEMON_HOSTNAME=0.0.0.0         # Bind address
WAIAAS_DAEMON_LOG_LEVEL=info            # Log level (trace/debug/info/warn/error)
WAIAAS_DATA_DIR=/data                   # Data directory
WAIAAS_RPC_SOLANA_MAINNET=<url>         # Solana mainnet RPC endpoint
WAIAAS_RPC_EVM_ETHEREUM_MAINNET=<url>   # Ethereum mainnet RPC endpoint

By providing your own RPC endpoints, you eliminate dependency on public nodes and gain better performance and reliability. Many self-hosters run their own blockchain nodes or use private RPC services for complete infrastructure control.

Data Persistence and Backup Strategy

The Docker entrypoint creates all data in the configured data directory (/data by default). This includes:

SQLite database with wallet data
Generated private keys (encrypted)
Session tokens and authentication state
Policy configurations
Transaction history

Since everything lives in a single directory, backup becomes straightforward:

# Backup data volume
docker run --rm -v waiaas-data:/data -v $(pwd):/backup alpine tar czf /backup/waiaas-backup.tar.gz -C /data .

# Restore data volume
docker run --rm -v waiaas-data:/data -v $(pwd):/backup alpine tar xzf /backup/waiaas-backup.tar.gz -C /data

This approach gives you complete control over your backup strategy and recovery procedures.

Container Security Considerations

The WAIaaS Docker image runs as a non-root user (UID 1001) and includes security scanning in the build process. The container exposes only the necessary port (3100) and doesn't require privileged access. For additional security, you can run the container with read-only filesystem and tmpfs mounts:

docker run -d \
  --name waiaas \
  --read-only \
  --tmpfs /tmp \
  -p 127.0.0.1:3100:3100 \
  -v waiaas-data:/data \
  -e WAIAAS_AUTO_PROVISION=true \
  ghcr.io/minhoyoo-iotrust/waiaas:latest

This configuration prevents any writes outside the data volume, reducing attack surface while maintaining full functionality.

Quick Start: Self-Hosted Wallet in 5 Steps

Deploy with auto-provision:

   docker run -d \
     --name waiaas \
     -p 127.0.0.1:3100:3100 \
     -v waiaas-data:/data \
     -e WAIAAS_AUTO_PROVISION=true \
     ghcr.io/minhoyoo-iotrust/waiaas:latest

Retrieve master password:

   docker exec waiaas cat /data/recovery.key

Create your first wallet:

   curl -X POST http://127.0.0.1:3100/v1/wallets \
     -H "Content-Type: application/json" \
     -H "X-Master-Password: $(docker exec waiaas cat /data/recovery.key)" \
     -d '{"name": "trading-wallet", "chain": "solana", "environment": "mainnet"}'

Create AI agent session:

   curl -X POST http://127.0.0.1:3100/v1/sessions \
     -H "Content-Type: application/json" \
     -H "X-Master-Password: $(docker exec waiaas cat /data/recovery.key)" \
     -d '{"walletId": "<wallet-uuid>"}'

Test with balance check:

   curl http://127.0.0.1:3100/v1/wallet/balance \
     -H "Authorization: Bearer <session-token>"

Your self-hosted wallet infrastructure is now ready to serve AI agents with full transaction capabilities, 39 REST API routes, and 15 integrated DeFi protocols.

Docker Deployment Guide: Self-Hosted AI Agent Wallets provides comprehensive Docker deployment strategies beyond auto-provisioning.

Policy-Based Security for AI Agent Wallets covers how to configure the 21 policy types and 4 security tiers after your initial deployment.

What's Next

You now have a self-hosted wallet service with auto-provisioned security running in Docker. Explore the interactive API documentation at http://127.0.0.1:3100/reference to discover all available endpoints, or check the full deployment guide at GitHub and learn more about production configurations at waiaas.ai.

Economic Sovereignty for AI: Why Agents Need Their Own Financial Infrastructure

Wallet Guy — Fri, 12 Jun 2026 10:42:56 +0000

AI agents will need to pay for compute, data, and API calls—but most can't even hold money, let alone spend it autonomously. The current paradigm of custodied accounts managed by humans breaks down when agents need to make real-time economic decisions at scale.

Why Economic Sovereignty Matters for AI Agents

We're approaching an inflection point where AI agents will operate as independent economic actors. They'll need to purchase compute resources, pay for API calls, acquire training data, and compensate other agents for services. Yet today's financial infrastructure assumes human oversight for every transaction.

This creates a fundamental bottleneck. When an agent needs to make a time-sensitive trade or pay for real-time data, waiting for human approval defeats the purpose. The agent economy demands infrastructure that enables autonomous financial decisions while maintaining security and oversight.

The Infrastructure Gap: Wallets Built for Machines

Traditional wallet solutions weren't designed for autonomous agents. They assume human interaction patterns: manual transaction signing, GUI-based interfaces, and sporadic usage patterns. AI agents need something fundamentally different:

Programmatic control: Full API access without GUI dependencies
Policy-driven security: Pre-configured rules instead of per-transaction approvals
Real-time payments: Native support for micropayments and streaming payments
Multi-protocol support: Work across different blockchains and payment rails

This is where specialized infrastructure like WAIaaS bridges the gap. It provides AI agents with autonomous wallet capabilities while maintaining human oversight through configurable policies.

Autonomous Payments in Practice

Let's examine how this works with a concrete example. Here's an AI agent that needs to purchase real-time market data and execute trades based on that information:

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://localhost:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Agent autonomously pays for API data using x402 HTTP payments
const marketData = await client.x402Fetch('https://api.marketdata.com/prices', {
  method: 'GET',
  headers: { 'Accept': 'application/json' }
});

const prices = await marketData.json();

// Based on data, agent decides to execute a trade
if (prices.opportunity > 0.05) {
  const swap = await client.executeAction('jupiter-swap', {
    inputMint: 'So11111111111111111111111111111111111111112', // SOL
    outputMint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v', // USDC
    amount: '1000000000' // 1 SOL
  });

  console.log(`Executed swap: ${swap.transactionId}`);
}

This agent operates independently but within pre-configured constraints. The x402 HTTP payment protocol enables automatic micropayments for API calls, while policy engines ensure trades stay within risk parameters.

Policy-Driven Autonomy vs. Complete Freedom

True economic sovereignty doesn't mean unlimited access. It means operating autonomously within well-defined boundaries. WAIaaS implements this through a policy engine with 21 policy types and 4 security tiers.

For example, a trading agent might operate under these constraints:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 100,
      "notify_max_usd": 1000,
      "delay_max_usd": 5000,
      "delay_seconds": 300,
      "daily_limit_usd": 10000
    }
  }'

This policy allows the agent to make trades up to $100 instantly, requires notification for trades up to $1,000, imposes a 5-minute delay for larger trades, and caps daily activity at $10,000. The agent maintains autonomy for routine decisions while escalating significant actions to human oversight.

The x402 Protocol: HTTP Payments for the Agent Economy

One of the most promising developments for agent economic sovereignty is the x402 HTTP payment protocol. This extends the familiar HTTP 402 "Payment Required" status code with actual payment capabilities.

When an agent encounters a 402 response, it can automatically negotiate payment and retry the request:

# Agent makes API request
GET /premium-data HTTP/1.1
Host: api.provider.com

# Server responds with payment request
HTTP/1.1 402 Payment Required
Accept-Payment: lightning, bitcoin, solana
Price: 0.001 USD
Invoice: lnbc1...

# Agent automatically pays and retries
GET /premium-data HTTP/1.1  
Host: api.provider.com
Payment-Proof: <transaction-hash>

This creates a seamless economy where agents can access paid services without human intervention. Data providers, compute services, and other agents can monetize their resources while maintaining open APIs.

Multi-Chain Reality: Agents Need Network Flexibility

The agent economy won't run on a single blockchain. Different protocols excel at different use cases—Solana for high-frequency trading, Ethereum for DeFi composability, Bitcoin Lightning for micropayments. Economically sovereign agents need multi-chain capabilities.

WAIaaS supports 2 chain types across 18 networks, enabling agents to choose the optimal chain for each transaction. An agent might use Solana for rapid arbitrage while maintaining long-term positions on Ethereum DeFi protocols.

Integration with 15 DeFi protocol providers means agents can access lending, staking, swapping, and yield farming opportunities across ecosystems. This isn't just about holding tokens—it's about active participation in decentralized finance.

Real-World Agent Architecture

Economic sovereignty requires more than just wallet access. Here's how a complete autonomous agent system might be architected:

Decision Engine: AI models that analyze market conditions and identify opportunities
Risk Management: Policy enforcement and position sizing algorithms
Execution Layer: Autonomous transaction submission and confirmation
Monitoring: Real-time portfolio tracking and performance analysis

The wallet infrastructure sits at the execution layer but influences every component. Risk management policies determine what the decision engine can propose. Execution capabilities constrain possible strategies. Monitoring depends on transaction history and balance tracking.

MCP Integration: Standardizing Agent Financial Capabilities

The Model Context Protocol (MCP) provides a standardized way for AI systems to interact with external tools and services. WAIaaS implements 45 MCP tools that expose wallet capabilities to AI agents through a consistent interface.

This standardization is crucial for the agent economy. Instead of each agent implementing custom wallet integrations, they can use standard MCP tools for balance checking, transaction submission, and DeFi interactions. This reduces development overhead and increases interoperability.

Security Without Sacrificing Autonomy

Economic sovereignty raises legitimate security concerns. How do you give agents financial autonomy without risking catastrophic losses? The answer lies in layered security architecture:

Session-based authentication: Agents operate with limited-scope credentials
Policy enforcement: Transactions must pass through configurable rule engines
Multi-tier approval: Larger transactions require human oversight
Kill switches: Humans can revoke agent access instantly

This creates a balance between autonomy and safety. Agents can operate independently for routine transactions while escalating edge cases to human judgment.

Getting Started with Agent Economic Infrastructure

Ready to build economically sovereign AI agents? Here's a minimal setup:

Install the infrastructure:

npm install -g @waiaas/cli
waiaas init
waiaas start

Create an agent wallet:

waiaas quickset --mode mainnet

Set up MCP integration for your AI system:

{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_SESSION_TOKEN": "wai_sess_<your-token>"
      }
    }
  }
}

Configure spending policies that match your risk tolerance
Deploy your agent with autonomous financial capabilities

What's Next for Agent Economics

The infrastructure for economically sovereign AI agents exists today, but we're still in the early stages of the agent economy. As more agents gain financial autonomy, we'll see new patterns emerge: agent-to-agent payments, automated service discovery, and dynamic pricing based on real-time supply and demand.

The future isn't just AI agents that can think—it's AI agents that can earn, spend, and participate in economic networks as independent actors. The infrastructure is ready. The question is: what will your agents build?

Ready to give your AI agents economic sovereignty? Explore the open-source WAIaaS platform on GitHub or learn more at waiaas.ai.

Auto-Generated OpenAPI Spec: Build Trading Bots with Interactive API Docs

Wallet Guy — Thu, 11 Jun 2026 11:01:11 +0000

Your trading bot spotted the opportunity: Jupiter shows SOL/USDC at a 0.3% premium, Drift has high funding rates for hedging, and gas is below your threshold. But can your bot execute the complete strategy before the arbitrage window closes? Most trading bots fail here — not because of strategy, but because they're cobbled together with multiple wallet libraries, RPC endpoints, and manual transaction building that breaks under pressure.

Why Trading Infrastructure Breaks When It Matters

Trading bots need split-second execution across multiple protocols. You might need to swap on Jupiter, open a perpetual position on Hyperliquid, stake rewards on Jito, and bridge profits back to Ethereum — all within seconds. But most bots are built with fragmented infrastructure:

Wallet chaos: Different libraries for Solana vs EVM, each with its own quirks
Gas disasters: Transactions failing because you didn't check network conditions
Protocol integration hell: Manually building transaction data for 15+ DeFi protocols
No risk controls: Bot drains wallet because of a bug or exploit

When you're competing against sophisticated MEV searchers and institutional trading firms, your infrastructure cannot be your weakness.

Auto-Generated OpenAPI: Your Trading Bot's Foundation

WAIaaS generates a complete OpenAPI 3.0 specification for its 39 REST API endpoints, giving trading bot builders exactly what they need: a reliable, documented, and interactive API reference. Every endpoint from balance queries to complex DeFi actions is documented with request schemas, response formats, and authentication requirements.

The generated specification lives at /doc and includes an interactive Scalar UI at /reference where you can test API calls directly in your browser. This isn't just documentation — it's your testing ground for trading strategies.

Here's how a trading bot checks available protocols and executes a multi-step strategy:

# Get interactive API reference
curl http://127.0.0.1:3100/doc -o trading-api-spec.json

# Check wallet balance before strategy execution
curl http://127.0.0.1:3100/v1/wallet/balance \
  -H "Authorization: Bearer wai_sess_<token>"

# Execute Jupiter swap: SOL → USDC
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

Multi-Protocol Trading Infrastructure

Trading bots need access to multiple DeFi protocols without the complexity of integrating each one separately. WAIaaS provides 15 DeFi protocol integrations through a unified API:

DEX Aggregators: Jupiter (Solana), 0x (Ethereum)

Perpetual Futures: Hyperliquid, Drift

Cross-chain: LI.FI bridging, Across protocol

Liquid Staking: Jito (Solana), Lido (Ethereum)

Prediction Markets: Polymarket for event-driven strategies

Each protocol is accessible through the same authentication pattern and response format, so your trading logic stays consistent even as you add new protocols:

# Check DeFi positions across all protocols
curl http://127.0.0.1:3100/v1/defi/positions \
  -H "Authorization: Bearer wai_sess_<token>"

# Open Hyperliquid perpetual position
curl -X POST http://127.0.0.1:3100/v1/actions/hyperliquid/open-position \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "market": "SOL-USD",
    "side": "long",
    "size": "10",
    "leverage": 5
  }'

Gas Conditional Execution: Only Trade When Profitable

Trading bots need to factor gas costs into profitability calculations. WAIaaS includes gas conditional execution — your transactions only execute when network conditions meet your thresholds. No more profitable arbitrage opportunities eaten alive by gas spikes.

The 7-stage transaction pipeline includes gas condition checking, so you can set maximum gas prices per transaction type. Your MEV bot can queue transactions that only execute when gas drops below your profitability threshold.

Risk Controls That Don't Kill Performance

High-frequency trading needs risk controls that work at speed. WAIaaS uses 21 policy types with 4 security tiers to protect your trading capital without slowing execution:

# Create trading-specific policies
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: <password>" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 1000,
      "daily_limit_usd": 50000,
      "token_limits": {
        "native:solana": {"instant_max": "10"}
      }
    }
  }'

INSTANT tier: Small trades execute immediately

NOTIFY tier: Medium trades execute with logging

DELAY tier: Large trades wait for gas optimization

APPROVAL tier: Whale trades need human confirmation

Your bot gets the speed it needs for small opportunities while protecting against catastrophic losses.

Quick Start: Trading Bot in 5 Steps

Here's how to get your trading bot connected to reliable wallet infrastructure:

Deploy WAIaaS daemon:

docker run -d -p 127.0.0.1:3100:3100 ghcr.io/minhoyoo-iotrust/waiaas:latest

Create trading wallet and session:

# Create Solana mainnet wallet
curl -X POST http://127.0.0.1:3100/v1/wallets \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: <password>" \
  -d '{"name": "trading-bot", "chain": "solana", "environment": "mainnet"}'

# Create session for bot authentication
curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: <password>" \
  -d '{"walletId": "<wallet-uuid>"}'

Set risk policies for your trading strategy:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: <password>" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {"tokens": [
      {"address": "So11111111111111111111111111111111111111112", "symbol": "SOL", "chain": "solana"},
      {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
    ]}
  }'

Test your first trade:

# Dry-run a Jupiter swap to test integration
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <session-token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "100000000",
    "dryRun": true
  }'

Explore the interactive API docs: Open http://127.0.0.1:3100/reference to see all available endpoints, test different protocols, and understand response formats.

What's Next

Your trading bot now has access to institutional-grade wallet infrastructure with multi-protocol DeFi access, gas optimization, and configurable risk controls. The auto-generated OpenAPI specification means you can integrate any language or framework that supports REST APIs.

Ready to build faster, more reliable trading bots? Check out the WAIaaS repository for the complete implementation, or visit waiaas.ai to learn more about production deployment options.

631 Tests Later: Why AI Agents Need Battle-Tested Financial Infrastructure

Wallet Guy — Wed, 10 Jun 2026 16:43:29 +0000

AI agents will need to pay for compute, data, and API calls autonomously. The current payment infrastructure requires human intervention at every transaction — credit cards need approval, bank transfers require manual initiation, and even crypto wallets depend on humans to sign transactions. As AI agents become more capable and autonomous, this payment bottleneck becomes the critical missing piece of the agent economy infrastructure.

Why Autonomous Payments Matter

We're approaching an inflection point where AI agents will operate independently for hours or days, making thousands of micro-decisions that require payments. An agent analyzing market data might need to pay for real-time price feeds, historical datasets, news APIs, and compute resources — all within seconds. Human-in-the-loop payment approval breaks this autonomous operation model.

The economic implications are massive. Agents that can pay for resources autonomously can:

Scale compute dynamically based on workload
Access premium data sources in real-time
Collaborate with other agents in peer-to-peer transactions
Optimize costs by choosing the best-priced services moment by moment

But today's payment rails weren't designed for this. Credit cards assume human cardholders. Bank APIs require lengthy compliance processes. Even crypto wallets typically require human signature approval for security.

The Infrastructure AI Agents Actually Need

After building and testing WAIaaS through 683+ test files across 15 packages, we've learned that AI agents need three specific capabilities that traditional payment infrastructure can't provide:

1. Policy-Driven Autonomous Execution

Agents need wallets that can execute payments without human approval while staying within predefined boundaries. WAIaaS implements this through a policy engine with 21 policy types and 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL).

For example, an agent can be configured to:

Execute payments under $10 instantly
Send notifications for payments $10-100
Add a 5-minute delay for payments $100-1000
Require human approval for anything above $1000

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 5000
    }
  }'

2. Native HTTP Payment Protocol

The x402 HTTP payment protocol lets agents pay for API calls automatically. When an agent hits a paywall (HTTP 402 status), it can pay the requested amount and retry the request — all without human intervention.

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Agent pays for API access automatically
const response = await client.x402Fetch('https://api.example.com/premium-data', {
  method: 'GET',
  headers: { 'Accept': 'application/json' }
});

const data = await response.json();

This enables true machine-to-machine commerce where agents can access any service that accepts crypto payments, with costs automatically deducted from their wallet balance.

3. Multi-Chain DeFi Integration

Agents need access to the full DeFi ecosystem — not just basic transfers. WAIaaS integrates 15 DeFi protocol providers including Jupiter swap, Lido staking, Aave lending, and Hyperliquid perpetual futures.

An agent can:

Swap tokens for better pricing
Stake assets to earn yield
Borrow against collateral
Trade perpetual futures
Bridge assets across chains

curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

Agent Integration Through MCP

The key insight is that agents shouldn't need to understand wallet mechanics or blockchain transactions. They should use natural language: "Check my balance," "Swap 0.1 SOL for USDC," "Pay for this API call."

WAIaaS provides 45 MCP tools that integrate directly with Claude Desktop and other AI frameworks:

{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_<your-token>",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}

After setup, Claude can check balances, execute trades, pay for API calls, and manage DeFi positions using natural language — all backed by real blockchain transactions.

Real-World Agent Economy Examples

Autonomous Trading Agent

A trading agent monitors multiple markets, pays for real-time data feeds, executes trades based on signals, and stakes idle assets for yield. The agent operates 24/7 with policies that allow:

Instant execution of trades under $100
Automatic payment for market data APIs
Daily spending limits to prevent runaway costs

AI Research Assistant

An agent that needs to access academic papers, datasets, and compute resources pays for each service automatically. It can:

Pay for premium research database access
Purchase compute credits for large model inference
Tip other agents for valuable data or analysis

Cross-Chain Arbitrage Bot

An agent that finds price differences across chains and executes arbitrage trades. It uses LI.FI and Across protocol integrations to bridge assets automatically, with policies that ensure profitable trades while limiting maximum position sizes.

Getting Started with Agent Wallets

Setting up autonomous payment infrastructure takes just a few commands:

Install and initialize WAIaaS:

npm install -g @waiaas/cli
waiaas init --auto-provision
waiaas start

Create agent wallets:

waiaas quickset --mode mainnet

Set up MCP integration:

waiaas mcp setup --all

Configure policies for autonomous operation:
Create spending limits, token whitelists, and security tiers that match your agent's needs.
Test autonomous payments:
Try x402 payments, DeFi actions, and cross-chain operations to verify the agent can operate independently.

What's Next

The agent economy is already emerging. We're seeing early experiments with agents that trade, provide services, and collaborate with other agents. The infrastructure layer — autonomous wallets with policy engines — is what enables this transition from human-operated tools to truly autonomous economic actors.

To start building with battle-tested agent wallet infrastructure, check out the GitHub repository or explore the full capabilities at waiaas.ai.

39 REST API Routes: Complete Trading Bot Integration Guide

Wallet Guy — Wed, 10 Jun 2026 10:36:42 +0000

Trading bots need reliable wallet infrastructure with low-latency execution and built-in risk controls. WAIaaS provides 39 REST API routes that handle everything from basic token transfers to complex multi-protocol DeFi strategies, with gas optimization and policy enforcement built directly into the transaction pipeline.

Why Wallet Infrastructure Makes or Breaks Trading Bots

Your arbitrage bot spots a 2% price difference between Jupiter and Drift. You have maybe 3-4 seconds before other bots close the gap. But your current setup requires three separate wallet integrations, manual gas estimation, and zero protection against fat-finger trades that could drain your entire balance.

This is where most trading bots fail — not in strategy logic, but in execution infrastructure. You need wallet operations that are fast, reliable, and protected by configurable policies. Every API call should execute predictably, whether you're swapping $100 or $10,000.

The Complete API: From Basic Operations to Advanced Trading

WAIaaS exposes 39 REST API routes covering every aspect of wallet operations. Let's walk through how a sophisticated trading bot would use these endpoints.

Session Authentication for High-Frequency Operations

Trading bots need fast authentication without compromising security. WAIaaS uses JWT session tokens that avoid expensive cryptographic operations on every request:

# Create a session for your trading bot (one-time setup)
curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{"walletId": "<wallet-uuid>"}'

Once you have a session token, every subsequent API call uses fast Bearer authentication:

# Check wallet balance (sub-100ms response)
curl http://127.0.0.1:3100/v1/wallet/balance \
  -H "Authorization: Bearer wai_sess_eyJhbGciOiJIUzI1NiJ9..."

Multi-Protocol DeFi Execution

Your trading bot can access 15 DeFi protocols through standardized action endpoints. Execute swaps on Jupiter, open perp positions on Drift, and provide liquidity on Kamino — all through the same API pattern:

# Swap SOL → USDC on Jupiter
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

# Open leveraged position on Hyperliquid
curl -X POST http://127.0.0.1:3100/v1/actions/hyperliquid/place-order \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "coin": "ETH",
    "is_buy": true,
    "sz": "0.1",
    "limit_px": "3500",
    "order_type": "Limit"
  }'

Gas-Conditional Execution

This is where WAIaaS shines for trading bots. You can set gas price thresholds so transactions only execute when network conditions are favorable:

# Only execute this swap if gas < 50 gwei
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.1",
    "gasCondition": {
      "maxGasPrice": "50000000000"
    }
  }'

Transaction Simulation and Dry-Run

Before risking real funds, simulate transactions to verify they'll succeed:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.1",
    "dryRun": true
  }'

This returns the exact same response format as a real transaction, but without broadcasting to the network. Perfect for testing complex DeFi strategies.

Batch Transaction Execution

Execute multiple operations atomically. Critical for arbitrage strategies that need guaranteed execution across multiple protocols:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "BATCH",
    "transactions": [
      {
        "type": "TRANSFER",
        "to": "address1",
        "amount": "0.1"
      },
      {
        "type": "TOKEN_TRANSFER",
        "to": "address2",
        "tokenAddress": "token-mint",
        "amount": "100"
      }
    ]
  }'

Policy-Based Risk Management

Configure spending limits and security policies that protect your bot from catastrophic losses. The 7-stage transaction pipeline enforces these policies automatically:

# Create a policy that limits instant trades to $100
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 100,
      "notify_max_usd": 500,
      "delay_max_usd": 2000,
      "delay_seconds": 900,
      "daily_limit_usd": 5000
    }
  }'

WAIaaS supports 21 policy types with 4 security tiers. Trades under $100 execute instantly. Trades $100-$500 execute with notifications. Larger trades can be delayed or require manual approval.

Real-Time Transaction Monitoring

Monitor transaction status and get detailed execution data:

# Get transaction details and status
curl http://127.0.0.1:3100/v1/transactions/<tx-id> \
  -H "Authorization: Bearer wai_sess_<token>"

The response includes execution stage, gas costs, and any policy decisions that affected the transaction.

Advanced Trading Scenarios

Cross-Chain Arbitrage Bot

Your bot spots a price difference between Ethereum and Solana markets. WAIaaS handles the complexity:

# 1. Bridge USDC from Ethereum to Solana via LI.FI
curl -X POST http://127.0.0.1:3100/v1/actions/lifi/transfer \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "fromChain": "ethereum",
    "toChain": "solana",
    "fromToken": "0xA0b86a33E6c5...",
    "toToken": "EPjFWdd5Auf...",
    "amount": "1000000000"
  }'

# 2. Once bridged, swap USDC → SOL on Jupiter
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "outputMint": "So11111111111111111111111111111111111111112",
    "amount": "1000000000"
  }'

Yield Farming Bot

Automatically compound rewards across multiple protocols:

# 1. Check current DeFi positions
curl http://127.0.0.1:3100/v1/defi/positions \
  -H "Authorization: Bearer wai_sess_<token>"

# 2. Harvest rewards from Kamino
curl -X POST http://127.0.0.1:3100/v1/actions/kamino/harvest \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{"position_id": "<position-id>"}'

# 3. Swap rewards to base asset
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{"inputMint": "<reward-token>", "outputMint": "<base-token>"}'

# 4. Reinvest in strategy
curl -X POST http://127.0.0.1:3100/v1/actions/kamino/deposit \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{"strategy": "<strategy-id>", "amount": "<amount>"}'

MEV Protection and Timing

Use the transaction pipeline's delay mechanism for MEV-sensitive operations:

# Delay execution by 60 seconds to avoid MEV
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "amount": "1.0",
    "delaySeconds": 60
  }'

OpenAPI Documentation for Development

WAIaaS auto-generates OpenAPI 3.0 specs with interactive documentation:

# Download machine-readable API spec
curl http://127.0.0.1:3100/doc -o openapi.json

# View interactive docs in browser
open http://127.0.0.1:3100/reference

The interactive Scalar API reference lets you test endpoints directly, perfect for development and debugging.

Quick Start: Deploy Your Trading Bot

Step 1: Deploy WAIaaS with Docker

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

Step 2: Create a trading wallet and session

# Create Solana mainnet wallet
curl -X POST http://127.0.0.1:3100/v1/wallets \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{"name": "trading-bot", "chain": "solana", "environment": "mainnet"}'

# Create session for your bot
curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{"walletId": "<wallet-uuid>"}'

Step 3: Configure trading policies

# Set spending limits and risk controls
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 1000,
      "daily_limit_usd": 10000
    }
  }'

Step 4: Test with a simple swap

# Execute your first trade
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<your-token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "100000000"
  }'

Step 5: Monitor and scale

Use the transaction monitoring endpoints to track performance and adjust your strategies based on real execution data.

The infrastructure handles wallet management, transaction signing, policy enforcement, and protocol integrations. You focus on strategy logic and market analysis.

What's Next

Ready to build? Check out the GitHub repository for complete setup instructions and examples. Visit waiaas.ai for comprehensive documentation and advanced configuration guides.

Your trading bot deserves infrastructure that matches its sophistication. Stop wrestling with wallet integrations and start executing profitable strategies.

21 Policy Types, Default-Deny: Building Bulletproof AI Agent Security

Wallet Guy — Tue, 09 Jun 2026 16:12:02 +0000

Building bulletproof AI agent security requires more than just hoping your agent won't make mistakes—you need systematic policy enforcement that assumes your agent will eventually try something dangerous. WAIaaS implements 21 policy types with default-deny enforcement, creating multiple security layers between your AI agent and your funds.

Why AI Agent Security Can't Be an Afterthought

Here's the uncomfortable truth: AI agents with wallet access will eventually surprise you. They'll misunderstand instructions, hallucinate token addresses, or try to approve unlimited spending to unknown contracts. The question isn't whether something will go wrong—it's whether your security system will catch it.

Traditional wallet security assumes a human is making every decision. But AI agents operate differently: they make hundreds of micro-decisions per hour, they can't distinguish between "spend $10" and "spend $10,000" without context, and they'll confidently execute any transaction that seems reasonable based on their training.

This is where most crypto AI projects fail. They either give agents unrestricted wallet access (dangerous) or try to solve security through better prompting (ineffective). WAIaaS takes a different approach: assume the agent will eventually do something wrong, then build systems to prevent damage.

3-Layer Security: Defense in Depth

WAIaaS implements three security layers that work together to prevent unauthorized transactions:

Layer 1: Session Authentication + Time Limits

Every AI agent gets a limited session token, not direct wallet access. Sessions expire automatically and can be revoked instantly.

# Create a session with 24-hour expiry
curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "ttl": 86400,
    "maxRenewals": 5
  }'

Layer 2: Policy Engine with Default-Deny

This is where WAIaaS gets serious about security. Instead of hoping your agent behaves, policies enforce exactly what's allowed and block everything else.

# Default-deny token policy: agent can only touch USDC and SOL
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},
        {"address": "native:solana", "symbol": "SOL", "chain": "solana"}
      ]
    }
  }'

Layer 3: 4-Tier Approval System

Every transaction gets classified into one of four security tiers based on amount and risk:

# Spending limits with escalating security
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 900,
      "daily_limit_usd": 5000
    }
  }'

This creates four security tiers:

INSTANT: ≤$10 executes immediately
NOTIFY: ≤$100 executes with notification
DELAY: ≤$1000 waits 15 minutes (cancellable)
APPROVAL: >$1000 requires human approval

The 21 Policy Types: Granular Control

WAIaaS provides 21 different policy types because different applications need different restrictions. Here are the most important ones for security:

ALLOWED_TOKENS: Default-Deny Token Control

Without this policy, your agent can interact with any token. With it, only whitelisted tokens are accessible.

{
  "type": "ALLOWED_TOKENS",
  "rules": {
    "tokens": [
      {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
    ]
  }
}

CONTRACT_WHITELIST: Only Approved Protocols

Prevents your agent from interacting with unknown or malicious contracts.

{
  "type": "CONTRACT_WHITELIST", 
  "rules": {
    "contracts": [
      {"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
    ]
  }
}

APPROVED_SPENDERS: Block Unlimited Approvals

Prevents the classic "approve unlimited spending" attack vector.

{
  "type": "APPROVED_SPENDERS",
  "rules": {
    "spenders": [
      {"address": "0xDEF1...", "name": "Uniswap Router", "maxAmount": "1000000000"}
    ]
  }
}

RATE_LIMIT: Prevent Transaction Spam

Limits how many transactions your agent can execute per hour/day.

{
  "type": "RATE_LIMIT",
  "rules": {
    "maxTransactions": 50,
    "period": "hourly"
  }
}

TIME_RESTRICTION: Business Hours Only

Prevents overnight surprises by restricting when transactions can execute.

{
  "type": "TIME_RESTRICTION",
  "rules": {
    "allowedHours": {"start": 9, "end": 17},
    "timezone": "UTC"
  }
}

Default-Deny: Secure by Default

The most important security concept in WAIaaS is default-deny enforcement. Here's how it works:

Without ALLOWED_TOKENS policy: Agent can interact with any token (dangerous)
With ALLOWED_TOKENS policy: Agent can only touch whitelisted tokens

Without CONTRACT_WHITELIST policy: Agent can call any smart contract (dangerous)

With CONTRACT_WHITELIST policy: Agent can only interact with approved contracts

This means you explicitly define what's allowed, and everything else is automatically blocked. No surprises.

# Check what policies are protecting a wallet
curl http://127.0.0.1:3100/v1/policies \
  -H "Authorization: Bearer wai_sess_<token>"

Human-in-the-Loop Approval Channels

When transactions exceed policy limits, WAIaaS has multiple channels to request human approval:

WalletConnect Integration

High-value transactions can require approval through MetaMask or other WalletConnect wallets.

# Connect owner's wallet for approvals
curl -X POST http://127.0.0.1:3100/v1/walletconnect/connect \
  -H "X-Master-Password: my-secret-password"

Push Notifications

Get notified immediately when your agent tries something unusual:

# Setup push notifications
curl -X POST http://127.0.0.1:3100/v1/notifications/setup \
  -H "X-Master-Password: my-secret-password" \
  -d '{"channel": "push", "endpoint": "https://..."}'

Kill Switch Recovery

If something goes wrong, you can immediately revoke all agent access:

# Emergency: revoke all sessions
curl -X DELETE http://127.0.0.1:3100/v1/sessions/all \
  -H "X-Master-Password: my-secret-password"

Example: Securing a Trading Agent

Here's how you'd secure an AI trading agent that should only trade SOL/USDC on Jupiter with strict limits:

# 1. Create spending limits
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT", 
    "rules": {
      "instant_max_usd": 50,
      "notify_max_usd": 200,
      "delay_max_usd": 500,
      "delay_seconds": 600,
      "daily_limit_usd": 1000
    }
  }'

# 2. Lock down to SOL and USDC only
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "native:solana", "symbol": "SOL", "chain": "solana"},
        {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
      ]
    }
  }'

# 3. Only allow Jupiter for swaps
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "CONTRACT_WHITELIST",
    "rules": {
      "contracts": [
        {"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
      ]
    }
  }'

# 4. Prevent transaction spam
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "RATE_LIMIT",
    "rules": {
      "maxTransactions": 20,
      "period": "hourly"
    }
  }'

With these policies:

Agent can only trade SOL and USDC
Agent can only use Jupiter (no unknown DEXs)
Trades >$50 send notifications
Trades >$200 have 10-minute delays
Trades >$500 require approval
Max $1000 per day
Max 20 transactions per hour

Quick Start: Secure Agent Setup

Install and start WAIaaS:

npm install -g @waiaas/cli
waiaas init
waiaas start

Create a wallet with restrictive policies:

waiaas wallet create --name "secure-agent" --chain solana

Set up token whitelist (replace with your desired tokens):

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(cat ~/.waiaas/master-password)" \
  -d '{"walletId": "<wallet-id>", "type": "ALLOWED_TOKENS", "rules": {"tokens": [{"address": "native:solana", "symbol": "SOL", "chain": "solana"}]}}'

Create spending limits:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(cat ~/.waiaas/master-password)" \
  -d '{"walletId": "<wallet-id>", "type": "SPENDING_LIMIT", "rules": {"instant_max_usd": 10, "notify_max_usd": 50, "delay_max_usd": 200, "delay_seconds": 300, "daily_limit_usd": 500}}'

Create agent session:

waiaas session create --wallet-id <wallet-id>

Now your agent has strictly limited access: only approved tokens, spending limits with escalating security, and human approval for large transactions.

What's Next

Security is an ongoing process, not a one-time setup. Start with restrictive policies and gradually expand permissions as you gain confidence in your agent's behavior. Monitor transaction patterns and adjust limits based on actual usage.

Ready to build secure AI agents? Check out the WAIaaS GitHub repository for complete documentation and examples. Visit waiaas.ai to learn more about advanced security features and production deployment patterns.

15-Package Monorepo in Docker: Microservices Architecture for AI Agent Wallets

Wallet Guy — Tue, 09 Jun 2026 10:05:37 +0000

Building an AI agent's wallet infrastructure shouldn't require trusting third parties with your private keys or being locked into hosted services. WAIaaS's 15-package monorepo architecture runs entirely on your hardware, giving you complete control over your agent's financial operations while maintaining the convenience of microservices design.

Why Self-Hosted Wallet Infrastructure Matters

The cryptocurrency space was built on the principle of "not your keys, not your crypto" — yet many AI agent wallet solutions force you to trust external services with your most sensitive operations. When your trading bot needs to execute thousands of transactions daily, or your DeFi agent manages substantial positions, custody becomes a critical concern.

Beyond security, self-hosting eliminates API rate limits, reduces latency to your local applications, and ensures your agent wallet infrastructure remains available even when third-party services experience outages. You're building for the long term, not renting access to someone else's vision of how wallets should work.

The Monorepo Microservices Solution

WAIaaS solves this through a carefully designed 15-package monorepo that runs as containerized microservices. Each package handles a specific concern, from transaction processing to DeFi integrations, while maintaining clear separation of responsibilities.

The core packages break down into several categories:

Core Infrastructure: The daemon package provides the REST API with 39 route modules, while core contains shared schemas and types. The shared package handles cross-package utilities, and wallet-sdk manages private key operations.

AI Agent Integration: The mcp package provides 45 MCP tools for Claude and other AI frameworks, while openclaw-plugin offers 5 tools for external agent platforms. The sdk package delivers both TypeScript and Python client libraries.

DeFi Operations: The actions package integrates 15 DeFi protocol providers including Jupiter, Uniswap, Aave, and Lido. Protocol-specific logic stays isolated while sharing common transaction patterns.

User Interfaces: The admin package provides a Preact-based web UI for policy management and wallet oversight. The cli package offers 20 commands for setup and maintenance operations.

Specialized Services: push-relay handles mobile notifications, adapters manages external service integrations, and skills provides pre-built agent behaviors.

Here's how the architecture looks in practice:

services:
  daemon:
    image: ghcr.io/minhoyoo-iotrust/waiaas:latest
    container_name: waiaas-daemon
    ports:
      - "127.0.0.1:3100:3100"
    volumes:
      - waiaas-data:/data
    environment:
      - WAIAAS_DATA_DIR=/data
      - WAIAAS_DAEMON_HOSTNAME=0.0.0.0
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3100/health"]
      interval: 30s
      timeout: 5s
      retries: 3

  push-relay:
    image: ghcr.io/minhoyoo-iotrust/waiaas:latest
    command: ["push-relay"]
    environment:
      - WAIAAS_DAEMON_URL=http://daemon:3100
    depends_on:
      - daemon

volumes:
  waiaas-data:
    driver: local

The daemon serves as the central coordinator, exposing a REST API that handles everything from balance queries to complex DeFi operations. The 7-stage transaction pipeline ensures security while maintaining performance — each transaction flows through validation, authentication, policy checks, optional delays, execution, and confirmation stages.

Production-Ready Container Design

The Docker implementation prioritizes security and operational best practices. The container runs as a non-root user (UID 1001), includes comprehensive healthchecks, and supports Docker Secrets for production credential management.

Auto-provisioning eliminates the cold-start problem for new deployments:

docker run -d \
  --name waiaas \
  -p 127.0.0.1:3100:3100 \
  -v waiaas-data:/data \
  -e WAIAAS_AUTO_PROVISION=true \
  ghcr.io/minhoyoo-iotrust/waiaas:latest

# Retrieve auto-generated master password
docker exec waiaas cat /data/recovery.key

The auto-provision feature generates a cryptographically secure master password and stores recovery credentials in the persistent volume. This solves the bootstrapping challenge while maintaining security — you can harden the password later using the CLI.

For production deployments, the secrets overlay provides secure credential injection:

# Create secret files
mkdir -p secrets
echo "your-secure-password" > secrets/master_password.txt
chmod 600 secrets/master_password.txt

# Deploy with secrets overlay
docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d

Policy Engine for Multi-Tenant Security

Self-hosting doesn't mean sacrificing security controls. WAIaaS includes a comprehensive policy engine with 21 policy types and 4 security tiers (INSTANT/NOTIFY/DELAY/APPROVAL) that enforce default-deny semantics.

Create spending limits with graduated security:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 500
    }
  }'

The policy system operates on default-deny principles — transactions are blocked unless explicitly allowed through ALLOWED_TOKENS or CONTRACT_WHITELIST policies. This ensures your AI agents can't accidentally drain wallets or interact with malicious contracts.

Comprehensive Monitoring and Operations

Self-hosting requires observability, and WAIaaS provides multiple monitoring channels. The Admin Web UI offers real-time dashboards for wallet balances, transaction history, and DeFi positions across all 15 integrated protocols.

The CLI provides operational commands for backup, restore, and health monitoring:

# Create encrypted backups
waiaas backup create --encrypt

# Monitor system status
waiaas status

# Update to latest version
waiaas update

Transaction monitoring operates in real-time, tracking incoming deposits and notifying relevant systems through configurable channels including Telegram, push notifications, and webhook endpoints.

Quick Start: Self-Hosted Setup

Getting your own WAIaaS instance running takes just a few commands:

Deploy with Docker Compose:

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

Initialize and create wallets:

npm install -g @waiaas/cli
waiaas init --auto-provision
waiaas quickset --mode mainnet

Configure AI agent integration:

waiaas mcp setup --all  # Auto-register with Claude Desktop

Create your first policy:

waiaas policy create SPENDING_LIMIT --instant-max 10 --daily-limit 500

Access the admin interface: Open http://localhost:3100/admin for wallet management and monitoring.

Your self-hosted wallet infrastructure is now ready to handle AI agent operations with complete sovereignty over your private keys and transaction data.

For deeper technical insights, check out WAIaaS MCP Integration: 45 Tools for AI Agent Wallet Operations and Policy-Based Security for AI Agent Wallets: 21 Rules, 4 Tiers, Default-Deny.

What's Next

Your self-hosted WAIaaS instance provides the foundation for sophisticated AI agent financial operations without compromising on custody or control. Explore the full capabilities in the GitHub repository or visit waiaas.ai for comprehensive documentation and community resources.

DEV Community: Wallet Guy

The Compute Payment Revolution: When AI Agents Buy Their Own Processing Power

Why Agent Financial Independence Matters

The x402 Payment Protocol: HTTP Payments Made Simple

Real Agent Autonomy: Beyond API Calls

Policy-Driven Agent Safety

Multi-Chain Agent Infrastructure

The Agent Economy in Action

Quick Start: Deploy Your First Autonomous Agent

What's Next

Multi-Chain Trading Bots: 18 Networks, 2 Chain Types, One Unified API

Why Multi-Chain Trading Complexity Kills Bot Performance

One API for 18 Networks, 15 DeFi Protocols

Gas-Conditional Execution Saves Your PnL

Risk Controls That Don't Slow You Down

Real-Time Position Monitoring

Quick Start: Deploy a Trading Bot

What's Next

Track Your Claude Agent's DeFi Portfolio: MCP Tools for Position Monitoring

Why Portfolio Visibility Matters for AI Agents

WAIaaS MCP Tools for DeFi Position Tracking

Setting Up DeFi Portfolio Monitoring

1. Start WAIaaS with Docker

2. Create a wallet and session

3. Configure Claude Desktop

4. Test portfolio monitoring

Real-Time Position Monitoring

Health Factor Monitoring for Lending Positions

Automated Yield Optimization

Policy-Based Risk Management

Performance Analytics

Quick Start Guide

What's Next

Why Your AI Agent Wallet Should Only Listen on 127.0.0.1:3100

Why Network Security Matters for AI Agent Wallets

The WAIaaS Security Model: Defense in Depth

Self-Hosting vs. Hosted Solutions: The Control Trade-off

Network Isolation Patterns

Monitoring and Alerting for Self-Hosted Wallets

The Philosophy of Financial Sovereignty

Quick Start: Secure Self-Hosted Setup

Related Posts

What's Next

Claude Signs Messages: ERC-8128 MCP Tools for Verifiable AI Communications

Why Message Signing Matters for AI Agents

ERC-8128 MCP Tools in WAIaaS

Signing HTTP Requests with ERC-8128

Message Verification for Trust Chains

Policy Integration for Secure Signing

Real-World Use Cases

Quick Start with ERC-8128 Signing

Auto-Provision Your Self-Hosted Crypto Wallet: Docker Entrypoint Magic

Why Self-Hosting Your Wallet Infrastructure Matters

The Auto-Provision Solution

Docker Compose for Production Deployments

Security Through Docker Secrets

Environment Configuration for Self-Hosters

Data Persistence and Backup Strategy

Container Security Considerations

Quick Start: Self-Hosted Wallet in 5 Steps

Related Posts

What's Next

Economic Sovereignty for AI: Why Agents Need Their Own Financial Infrastructure

Why Economic Sovereignty Matters for AI Agents

The Infrastructure Gap: Wallets Built for Machines

Autonomous Payments in Practice

Policy-Driven Autonomy vs. Complete Freedom

The x402 Protocol: HTTP Payments for the Agent Economy

Multi-Chain Reality: Agents Need Network Flexibility

Real-World Agent Architecture

MCP Integration: Standardizing Agent Financial Capabilities

Security Without Sacrificing Autonomy

Getting Started with Agent Economic Infrastructure

What's Next for Agent Economics

Auto-Generated OpenAPI Spec: Build Trading Bots with Interactive API Docs

Why Trading Infrastructure Breaks When It Matters

Auto-Generated OpenAPI: Your Trading Bot's Foundation

Multi-Protocol Trading Infrastructure

Gas Conditional Execution: Only Trade When Profitable

Risk Controls That Don't Kill Performance