DEV Community

Cover image for The Wallet Infrastructure Layer: Why AI Agents Can't Use Traditional Finance
Wallet Guy
Wallet Guy

Posted on

The Wallet Infrastructure Layer: Why AI Agents Can't Use Traditional Finance

The Wallet Infrastructure Layer: Why AI Agents Can't Use Traditional Finance

AI agents will need to pay for compute, data, and API calls — and the infrastructure to let them do that autonomously doesn't exist in traditional finance. Banks require humans. Custodied accounts require human approval loops. Credit cards require a person on the other end. The moment you ask an AI agent to handle money independently, you run into a wall that the existing financial system was never designed to climb over.

The Real Problem

Think about what an AI agent actually needs to participate in an economy. It needs to hold funds. It needs to send payments without waiting for a human to click "approve." It needs to interact with DeFi protocols, pay API providers, and manage multiple chains — all while staying within the limits its operator set.

Traditional finance infrastructure is built around a core assumption: a human is always in the loop. Every transaction gets reviewed. Every account is tied to a legal identity. Every authorization requires a signature from a person who can be held accountable. That's sensible design for human users. For autonomous agents, it's a complete mismatch.

The stakes are real. As AI agents are increasingly asked to do economically meaningful work — managing portfolios, executing trades, paying for API access, distributing funds — the infrastructure layer they run on determines how much autonomy they actually have. Give them a custodied wallet managed by a human operator, and you've just created a bottleneck. Every transaction becomes a support ticket. Every edge case stops the agent cold.

What agents need is wallet infrastructure designed from the start for autonomous operation: programmable spending controls, multiple security tiers, and the ability to execute transactions without a human in the critical path for routine operations.

What "Autonomous Wallet Infrastructure" Actually Means

WAIaaS (Wallet-as-a-Service for AI agents) is an open-source, self-hosted system built specifically for this problem. It exists today. You can run it with Docker in under five minutes. The architecture is worth understanding because it reflects a genuinely different set of assumptions about who (or what) is holding the wallet.

The core separation is this: the owner of the funds is a human. The operator of the wallet is an AI agent. WAIaaS keeps these roles clearly distinct through three authentication layers.

masterAuth (Argon2id) is the system administrator — the human who creates wallets, configures policies, and manages sessions. ownerAuth (SIWS/SIWE) is the fund owner — a human who can approve high-value transactions or invoke a kill switch if something goes wrong. sessionAuth (JWT HS256) is what the AI agent uses — a scoped token that grants the agent the ability to execute transactions within pre-approved limits.

This three-layer design means an agent can run independently for routine operations, while humans retain hard controls over anything beyond defined thresholds.

The Policy Engine: Where Rules Replace Humans

The reason autonomous operation is safe in WAIaaS is the policy engine. It has 21 policy types and four security tiers. Before a transaction executes, it runs through a 7-stage pipeline that includes validation, authentication, policy evaluation, and confirmation.

The four tiers are:

  • INSTANT — Execute immediately, no notification
  • NOTIFY — Execute immediately, send the owner a notification
  • DELAY — Queue for a configurable number of seconds, then execute (cancellable)
  • APPROVAL — Require explicit human approval via WalletConnect, Telegram, or push notification

A SPENDING_LIMIT policy ties transaction size to these tiers automatically:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 100,
      "notify_max_usd": 500,
      "delay_max_usd": 2000,
      "delay_seconds": 900,
      "daily_limit_usd": 5000
    }
  }'
Enter fullscreen mode Exit fullscreen mode

With this config, an agent paying a $12 API invoice executes immediately. A $300 transfer sends a notification but still goes through. A $1,500 transaction queues for 15 minutes, giving the owner time to cancel if something looks wrong. Anything over $2,000 requires explicit human approval. The agent doesn't stop — it just escalates correctly based on stakes.

Beyond spending limits, you can lock down which tokens an agent can move (ALLOWED_TOKENS), which contracts it can call (CONTRACT_WHITELIST), which networks it can operate on (ALLOWED_NETWORKS), and even which trading venues it can use (VENUE_WHITELIST). The policy system enforces default-deny on these dimensions: if ALLOWED_TOKENS is configured and a token isn't on the list, the transaction is blocked, period.

For DeFi operations specifically, there are policies for maximum leverage on perpetual futures (PERP_MAX_LEVERAGE), loan-to-value limits for lending protocols (LENDING_LTV_LIMIT), and position size caps (PERP_MAX_POSITION_USD). An agent running a trading strategy genuinely can't exceed the risk parameters its operator set — not through a bug, not through a misunderstanding.

x402: Machines That Pay for What They Use

One of the most forward-looking pieces of WAIaaS is its support for the x402 HTTP payment protocol. The idea is straightforward: when an AI agent makes an HTTP request to a paid API, the server returns a 402 Payment Required response. The agent automatically handles the payment and retries the request. No human approval. No credit card. No invoice cycle.

WAIaaS exposes this through both the REST API and the TypeScript SDK:

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// This automatically handles 402 Payment Required responses
const response = await client.x402Fetch('https://api.example.com/data');
Enter fullscreen mode Exit fullscreen mode

The agent calls x402Fetch instead of a plain HTTP fetch. If the server charges for access, the payment happens in the background. The X402_ALLOWED_DOMAINS policy type controls which endpoints the agent is permitted to pay automatically — so an agent can't be redirected into paying arbitrary addresses.

This is what autonomous economic participation looks like in practice. An agent that needs data pays for data. An agent that needs compute pays for compute. The whole cycle happens without a human approving each transaction, but within a policy envelope that keeps it safe.

Connecting an Agent: The MCP Path

The most common way to connect a capable AI agent like Claude to WAIaaS today is through the Model Context Protocol. WAIaaS provides 45 MCP tools covering wallet operations, transactions, DeFi, NFTs, and x402 payments.

Setup is a single CLI command:

waiaas mcp setup --all    # Auto-register all wallets with Claude Desktop
Enter fullscreen mode Exit fullscreen mode

Or you can configure it manually in claude_desktop_config.json:

{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_<your-token>",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

After that, Claude can check balances, send tokens, query DeFi positions across 15 integrated protocols, trade on Hyperliquid, swap on Jupiter, and pay x402-gated APIs — all through natural language. The agent doesn't need to know the underlying mechanics. It just calls tools.

If you're running multiple specialized agents — a trading agent, a data-fetching agent, a treasury management agent — you can give each one its own MCP server entry pointing at a different session token with different policy constraints. One agent can't touch the funds or the policy envelope of another.

The DeFi Layer: 15 Protocols, One Interface

For agents that need to do more than move money around, WAIaaS integrates 15 DeFi protocol providers: Aave v3, Across, D'CENT Swap, Drift, ERC-8004, Hyperliquid, Jito staking, Jupiter Swap, Kamino, Lido staking, LI.FI, Pendle, Polymarket, XRPL DEX, and 0x Swap.

An agent executing a Jupiter swap on Solana looks like this:

curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'
Enter fullscreen mode Exit fullscreen mode

That's an agent swapping SOL for USDC. The transaction runs through the full 7-stage pipeline — validated, policy-checked, executed, confirmed. If the agent's policy doesn't permit this token pair, the request fails with a clear POLICY_DENIED error rather than silently doing something unintended:

{
  "error": {
    "code": "POLICY_DENIED",
    "message": "Transaction denied by SPENDING_LIMIT policy",
    "domain": "POLICY",
    "retryable": false
  }
}
Enter fullscreen mode Exit fullscreen mode

Agents operating in financial markets also need to know what's about to happen before it happens. WAIaaS has a dry-run mode that simulates a transaction without executing it:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.1",
    "dryRun": true
  }'
Enter fullscreen mode Exit fullscreen mode

An agent can check whether a transaction would pass policy, estimate gas, and verify the outcome before committing. For autonomous systems operating at speed, that's a meaningful safety check.

Getting Running in Five Minutes

If you want to see this working today rather than just reading about it, the path is short:

Step 1: Start the daemon

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d
Enter fullscreen mode Exit fullscreen mode

Step 2: Initialize with auto-provision

npm install -g @waiaas/cli
waiaas init --auto-provision
waiaas start
Enter fullscreen mode Exit fullscreen mode

Step 3: Create wallets and sessions

waiaas quickset --mode mainnet
Enter fullscreen mode Exit fullscreen mode

Step 4: Connect to Claude Desktop

waiaas mcp setup --all
Enter fullscreen mode Exit fullscreen mode

Step 5: Set your policies

Use the Admin Web UI at /admin or the REST API to configure spending limits, token whitelists, and network restrictions before putting real funds in.

The Docker image is ghcr.io/minhoyoo-iotrust/waiaas:latest, bound to 127.0.0.1:3100 by default. For production deployments, there's a secrets overlay via docker-compose.secrets.yml that keeps credentials out of environment variables and in Docker Secrets instead.

The Infrastructure Question Is Already Here

It's tempting to frame autonomous agent finance as a future problem — something to solve when AI systems become capable enough to need it. But the infrastructure question is already here. AI agents are being deployed into workflows that involve real money today. The question isn't whether agents will need wallet infrastructure. It's whether that infrastructure will be purpose-built for autonomous operation, or whether builders will keep improvising around tools designed for humans.

The gap between "an agent that can talk about finance" and "an agent that can autonomously manage funds within defined constraints" is exactly the gap that purpose-built wallet infrastructure fills. The policy engine, the three-tier authentication model, x402 support, and the 15 DeFi protocol integrations exist because those requirements are real, not theoretical.

If you're building systems where AI agents need to handle money — even small amounts, even for simple API payments — it's worth understanding what the infrastructure layer actually needs to look like.

What's Next

The best starting point is the GitHub repository, where you'll find the full codebase, Docker setup instructions, and the CLI quickstart: https://github.com/minhoyoo-iotrust/WAIaaS. For a broader overview of what WAIaaS supports and the roadmap, the official site at https://waiaas.ai has the current documentation. The interactive API reference is available at /reference once you have a daemon running — it's the fastest way to understand what's actually available before writing any code.

Top comments (0)