Giving an AI agent access to a crypto wallet is like handing your car keys to a teenager. Sure, they might be a great driver most of the time, but do you really want to find out what happens when they're not? The same principle applies to autonomous AI agents handling real money—you need guardrails, oversight, and the ability to slam the brakes when something goes wrong.
Why Agent Transaction Approval Matters
AI agents are getting smarter, but they're not getting more cautious. They'll happily execute any transaction that seems reasonable based on their training, whether it's swapping tokens, approving unlimited spending, or interacting with unvetted smart contracts. Without proper controls, a single prompt injection, logic error, or market manipulation could drain your entire treasury.
The challenge isn't just technical—it's about maintaining control over your funds while still allowing agents the autonomy they need to be useful. You want your trading bot to capitalize on arbitrage opportunities, but not to YOLO your entire position into a meme coin because it misunderstood context. You want your DeFi agent to optimize yields, but not to deposit funds into an unaudited protocol that launched yesterday.
This is where human-in-the-loop systems become critical. By requiring human approval for high-risk transactions, you maintain the speed and efficiency of automation while adding a crucial safety valve for situations that require human judgment.
The 3-Layer Security Architecture
WAIaaS implements a three-layer security model that progressively filters transactions based on risk:
Layer 1: Session Authentication and Default-Deny Policies
Every AI agent operates through a session token with limited permissions. The policy engine uses a default-deny approach—transactions are blocked unless explicitly allowed by configured policies.
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "ALLOWED_TOKENS",
"rules": {
"tokens": [
{"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
]
}
}'
With 21 policy types available, you can create precise rules. For example, the CONTRACT_WHITELIST policy ensures agents can only interact with contracts you've pre-approved, while SPENDING_LIMIT implements amount-based tiers that automatically escalate high-value transactions to human review.
Layer 2: 4-Tier Security Based on Transaction Risk
WAIaaS classifies every transaction into one of four security tiers: INSTANT, NOTIFY, DELAY, or APPROVAL. This happens automatically based on your configured policies.
curl -X POST http://localhost:3100/v1/policies \
-H 'Content-Type: application/json' \
-H 'X-Master-Password: <password>' \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 10,
"notify_max_usd": 100,
"delay_max_usd": 1000,
"delay_seconds": 300,
"daily_limit_usd": 500
}
}'
Here's how it works:
- INSTANT: Low-risk transactions (under $10 in this example) execute immediately
- NOTIFY: Medium-risk transactions (under $100) execute but trigger notifications
- DELAY: High-risk transactions (under $1,000) are queued for a 5-minute delay, giving you time to cancel
- APPROVAL: Very high-risk transactions require explicit human approval before execution
Layer 3: Multiple Approval Channels
When a transaction requires human approval, WAIaaS offers three different channels to reach you:
1. WalletConnect Integration
WalletConnect provides a familiar mobile wallet experience for approving agent transactions. Your agent initiates a transaction, and you receive a standard wallet approval request on your phone.
# Agent initiates transaction
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Authorization: Bearer wai_sess_<token>" \
-d '{"type": "TRANSFER", "to": "recipient", "amount": "5000"}'
# Transaction enters APPROVAL tier due to high amount
# WalletConnect session displays transaction details
# You approve/reject via your mobile wallet
The key advantage here is security through familiarity—you're using the same approval flow you already know and trust from existing DeFi interactions.
2. Telegram Bot Notifications
For developers who live in Telegram, the built-in bot sends transaction approval requests directly to your DM. You can review transaction details and approve/reject with inline buttons, all without leaving your chat interface.
The 7-stage transaction pipeline ensures proper validation, authentication, policy checking, optional delays, execution, and confirmation—with human approval seamlessly integrated at the appropriate stage.
3. Push Relay for Custom Integrations
The push-relay service provides a webhook-based notification system that you can integrate with any external service—Slack, Discord, email, SMS, or your own custom dashboard.
# Configure webhook endpoint
curl -X POST http://localhost:3100/v1/notifications \
-H 'X-Master-Password: <password>' \
-d '{
"type": "webhook",
"endpoint": "https://your-server.com/approve-transaction",
"events": ["transaction.approval_required"]
}'
This flexibility means you can build approval workflows that fit your existing operational procedures.
Real-World Security Scenarios
Consider these practical examples of how the multi-layer approach protects against different risk scenarios:
Prompt Injection Attack: An attacker tricks your agent into attempting a large token transfer. The transaction hits the SPENDING_LIMIT policy, gets classified as APPROVAL tier, and pauses for human review. You see the suspicious recipient address and reject the transaction.
Smart Contract Vulnerability: Your agent tries to interact with a newly deployed DeFi protocol that hasn't been audited. The CONTRACT_WHITELIST policy blocks the transaction entirely since the contract isn't pre-approved.
Market Manipulation: During extreme market volatility, your trading agent attempts to execute a series of high-value swaps. The RATE_LIMIT policy triggers after the first few transactions, forcing a cooling-off period and human review of the strategy.
Token Approval Abuse: Your agent tries to approve unlimited token spending for a DEX interaction. The APPROVE_AMOUNT_LIMIT policy blocks unlimited approvals and enforces specific amount limits you've configured.
Dry-Run Mode: Test Before You Execute
Before committing to any transaction, you can simulate it using the dry-run API:
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
-H "Authorization: Bearer wai_sess_<token>" \
-d '{
"type": "TRANSFER",
"to": "recipient-address",
"amount": "0.1",
"dryRun": true
}'
This shows you exactly what policies would trigger, which security tier the transaction would fall into, and what approvals would be required—all without risking any funds.
Implementation: Getting Started with Secure Agent Wallets
Setting up human-in-the-loop controls takes just a few steps:
- Deploy WAIaaS with Docker:
git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d
- Create a wallet with initial policies:
# Install CLI
npm install -g @waiaas/cli
# Initialize and create wallet
waiaas init
waiaas start
waiaas wallet create --name "secure-agent" --chain solana
- Configure security policies:
# Set spending limits with escalating approvals
waiaas quickset --mode mainnet
# This creates default policies including spending limits and token whitelists
- Set up approval channels (choose one or all):
# WalletConnect
waiaas owner connect
# Telegram (follow setup prompts)
waiaas notification setup
# Custom webhooks via API (see documentation)
- Test with your agent:
# Your agent gets a session token and can now make secure transactions
# Low amounts execute instantly, high amounts require your approval
The system is designed to be secure by default—even if you forget to configure specific policies, the default-deny approach means your agent can't access funds or contracts you haven't explicitly allowed.
What's Next
Human-in-the-loop transaction approval is just the foundation of secure agent operations. WAIaaS also provides features like cross-chain bridging, DeFi position monitoring, and integration with 14 different protocols—all with the same security-first approach. To dive deeper into the technical implementation or start building your own secure agent workflows, check out the full documentation and examples at https://github.com/minhoyoo-iotrust/WAIaaS or visit the official site at https://waiaas.ai.
Top comments (0)