ERC8128_ALLOWED_DOMAINS Policy: Restrict Your AI Agent's Message Signing to Trusted Services

AI agents with message-signing capabilities need strict guardrails to prevent signing unauthorized messages that could compromise your security. The ERC8128_ALLOWED_DOMAINS policy in WAIaaS creates a whitelist of trusted domains where your AI agent can use cryptographic message signing, blocking all other requests by default.

Without proper controls, an AI agent with signing privileges could potentially sign authentication messages for malicious services, authorize unintended actions, or leak sensitive information through signed data. This represents a significant security risk when deploying autonomous agents in production environments.

The Risk: Unrestricted Message Signing

When AI agents have access to private keys for message signing, they can interact with any service that accepts cryptographic signatures for authentication or authorization. This includes:

• Web3 authentication systems that use "Sign-In with Ethereum" (SIWE)
• API services that require cryptographic proof of identity
• Smart contract interactions that rely on off-chain signatures
• Third-party applications requesting signed data for verification

Without restrictions, a compromised or misbehaving agent could sign messages for untrusted services, potentially leading to unauthorized access or data exposure.

The Solution: Domain-Based Message Signing Control

WAIaaS implements the ERC8128_ALLOWED_DOMAINS policy to restrict where your AI agent can sign messages. This policy creates a whitelist of trusted domains and blocks all signing requests from unauthorized sources.

Here's how to create an ERC8128_ALLOWED_DOMAINS policy that only allows your agent to sign messages for specific trusted services:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ERC8128_ALLOWED_DOMAINS",
    "rules": {
      "domains": ["api.example.com", "*.openai.com", "app.uniswap.org"]
    }
  }'

This policy configuration allows message signing only for:

• api.example.com (exact domain match)
• Any subdomain of openai.com (wildcard pattern)
• app.uniswap.org (exact domain match)

All other signing requests will be denied with a POLICY_DENIED error.

How Domain Validation Works

When your AI agent attempts to sign a message, WAIaaS validates the request through its 7-stage transaction pipeline. The policy engine checks the requesting domain against your whitelist during the policy validation stage:

1. Stage 1: Validate the signing request format
2. Stage 2: Authenticate the session (sessionAuth via JWT)
3. Stage 3: Policy check - Verify domain against ERC8128_ALLOWED_DOMAINS whitelist
4. Stage 4: Apply any configured delays
5. Stage 5: Execute the signing operation
6. Stage 6: Confirm completion
7. Stage 7: Log and notify

If the domain isn't whitelisted, the request fails at Stage 3 with no possibility of execution.

Advanced Domain Patterns

The ERC8128_ALLOWED_DOMAINS policy supports flexible matching patterns for complex deployment scenarios:

{
  "domains": [
    "api.mycompany.com",
    "*.dev.mycompany.com",
    "localhost:3000",
    "127.0.0.1:8080"
  ]
}

This configuration allows:

• Production API (api.mycompany.com)
• Any development subdomain (*.dev.mycompany.com)
• Local development with port (localhost:3000)
• IP address with port for testing (127.0.0.1:8080)

Integration with Security Tiers

ERC8128_ALLOWED_DOMAINS works alongside WAIaaS's 4 security tiers. Even if a domain is whitelisted, you can still require additional approval for high-risk signing operations by combining it with other policies:

# Create a spending limit policy that requires approval for high-value operations
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT", 
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300
    }
  }'

This creates layered security: domain restriction plus amount-based controls with the 4-tier system (INSTANT, NOTIFY, DELAY, APPROVAL).

Default-Deny Security Model

WAIaaS follows a default-deny security model. Without an ERC8128_ALLOWED_DOMAINS policy, message signing requests may be blocked entirely. This prevents unauthorized signing operations even if other security policies are misconfigured.

You can check your current policies to verify domain restrictions are in place:

curl http://localhost:3100/v1/policies \
  -H "Authorization: Bearer wai_sess_<token>"

This returns all active policies, including any ERC8128_ALLOWED_DOMAINS configurations.

MCP Integration for Domain-Aware Agents

When using WAIaaS with the Model Context Protocol (MCP), your AI agent can check domain policies before attempting signing operations. The MCP integration provides 45 tools, including domain validation capabilities.

Your Claude Desktop configuration can include domain-specific session tokens:

{
  "mcpServers": {
    "waiaas-signing": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_<token>",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}

Monitoring and Alerts

WAIaaS provides real-time monitoring of policy violations. When the ERC8128_ALLOWED_DOMAINS policy blocks a signing request, you'll receive notifications through your configured channels (push notifications, Telegram, or WalletConnect).

You can also review policy violations in the Admin Web UI at /admin or through the API:

curl http://localhost:3100/v1/transactions?status=POLICY_DENIED \
  -H "Authorization: Bearer wai_sess_<token>"

This returns all transactions that were blocked by policy enforcement, helping you identify potential security threats or legitimate requests that need policy updates.

Quick Start: Securing Message Signing

Here's how to set up domain-restricted message signing for your AI agent:

1. Install WAIaaS CLI:

   npm install -g @waiaas/cli
   waiaas init
   waiaas start

1. Create a wallet and session:

   waiaas quickset --mode mainnet

1. Create the ERC8128_ALLOWED_DOMAINS policy:

   curl -X POST http://localhost:3100/v1/policies \
     -H 'Content-Type: application/json' \
     -H 'X-Master-Password: <password>' \
     -d '{
       "walletId": "<wallet-uuid>",
       "type": "ERC8128_ALLOWED_DOMAINS",
       "rules": {
         "domains": ["api.yourservice.com", "*.trusted-partner.com"]
       }
     }'

1. Test the policy by attempting to sign a message from an unauthorized domain (should fail)

2. Set up MCP integration for your AI agent framework

The ERC8128_ALLOWED_DOMAINS policy gives you granular control over where your AI agent can use its signing capabilities, preventing unauthorized access while maintaining functionality for trusted services. Combined with WAIaaS's other security features, it creates a robust foundation for deploying autonomous agents in production environments.

What's Next

Ready to secure your AI agent's message signing? Check out the complete implementation at GitHub or explore all security features at waiaas.ai. The 21 policy types and 4-tier security system provide comprehensive protection for any autonomous agent deployment.