Forem: Wallet Guy

Hardware Security for Trading Bots: D'CENT Integration with Human-in-the-Loop Approval

Wallet Guy — Tue, 05 May 2026 08:30:43 +0000

Hardware wallets are great for holding crypto, but automated trading bots need a different security model — one that balances execution speed with human oversight. D'CENT hardware wallet integration provides a solution where your bot executes instantly within policy limits, but escalates high-risk trades for hardware-backed human approval.

Why Hardware Security Matters for Trading Bots

Trading bots handle significant capital and operate 24/7 in adversarial environments. A compromised hot wallet can drain funds in minutes, while a cold wallet can't execute trades automatically. The traditional security-versus-automation tradeoff forces you to choose between protecting funds and capturing opportunities.

D'CENT integration bridges this gap with conditional hardware signing. Your bot operates autonomously for routine trades under policy limits, but routes large positions or unusual patterns through hardware verification. This creates a security perimeter that adapts to transaction risk rather than blocking all automation.

How D'CENT Integration Works

WAIaaS connects to D'CENT hardware wallets through the signing SDK, creating multiple approval channels based on transaction tier. The policy engine evaluates each trade and routes it through the appropriate signing flow:

# Check current D'CENT connection status
curl http://127.0.0.1:3100/v1/signing/status \
  -H "X-Master-Password: my-secret-password"

The signing channels include push notifications to your mobile device, Telegram integration, and direct hardware wallet prompts. Each channel handles different security tiers from the 4-tier policy system.

Multi-Tier Trading Authorization

Set up spending limits that match your trading strategy:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 1000,
      "notify_max_usd": 5000,
      "delay_max_usd": 20000,
      "delay_seconds": 300,
      "daily_limit_usd": 50000
    }
  }'

This configuration allows your bot to execute trades up to $1,000 instantly, sends notifications for trades up to $5,000, delays trades up to $20,000 for 5 minutes (giving you time to cancel), and requires hardware approval for anything larger.

Hardware-Backed Transaction Approval

When a trade exceeds policy limits, WAIaaS queues it for hardware approval:

# Bot attempts large trade via session auth
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "50000000000"
  }'

# Response indicates approval required
{
  "id": "tx_abc123",
  "status": "PENDING_APPROVAL",
  "tier": "APPROVAL",
  "message": "Transaction requires hardware wallet approval"
}

You receive a push notification with transaction details, review on your D'CENT device, and approve or reject with hardware-backed signatures. The bot continues operating normally for smaller trades while waiting for your decision on the large one.

Cross-Protocol Trading Security

Trading bots often need access to multiple DeFi protocols and chains. D'CENT integration works across all 15 integrated DeFi protocols and 18 supported networks:

# Set up protocol-specific policies
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "CONTRACT_WHITELIST",
    "rules": {
      "contracts": [
        {"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"},
        {"address": "dRiftyHA39MWEi3m9aunc5MzRF1JYuBsbn6VPcn33UH", "name": "Drift", "chain": "solana"}
      ]
    }
  }'

Your bot can trade on Jupiter, hedge on Drift perpetuals, and bridge assets via LI.FI — all through the same wallet with consistent security policies. Hardware approval applies across all protocols, so a large position on any platform requires the same verification.

Multi-Chain Hardware Security

For cross-chain arbitrage or multi-chain strategies, D'CENT provides unified hardware security:

# Execute cross-chain bridge with hardware approval for large amounts
curl -X POST http://127.0.0.1:3100/v1/actions/lifi/bridge \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "fromChain": "ethereum",
    "toChain": "polygon",
    "fromToken": "USDC",
    "toToken": "USDC",
    "amount": "25000"
  }'

The hardware wallet verifies cross-chain transactions with full context about destination chains and amounts, preventing approval of malicious bridge transactions that could drain funds on remote chains.

Gas Optimization with Hardware Security

Trading bots need efficient gas management, especially during high volatility. WAIaaS combines gas conditional execution with hardware security:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "ContractCall",
    "to": "0x...",
    "data": "0x...",
    "gasCondition": {
      "maxGasPrice": "20000000000",
      "timeout": 3600
    }
  }'

Trades execute only when gas prices meet your threshold, and hardware approval requirements remain consistent regardless of gas conditions. This prevents the common bot failure mode where high gas costs make profitable trades unprofitable, or where urgent trades get stuck in hardware approval workflows.

Implementation for Trading Bots

Set up D'CENT integration for a production trading bot:

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Check if hardware approval is available
const signingStatus = await client.getSigningStatus();
if (!signingStatus.channels.includes('dcent-hardware')) {
  console.warn('Hardware signing not configured');
}

// Execute trade with automatic tier routing
try {
  const trade = await client.executeAction('jupiter-swap', 'swap', {
    inputMint: 'So11111111111111111111111111111111111111112',
    outputMint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v',
    amount: tradeAmount,
  });

  if (trade.status === 'PENDING_APPROVAL') {
    // Large trade queued for hardware approval
    console.log(`Trade ${trade.id} requires hardware approval`);
    // Continue with other strategies while waiting
  } else {
    // Trade executed or queued normally
    console.log(`Trade ${trade.id} status: ${trade.status}`);
  }
} catch (error) {
  // Handle policy violations, insufficient balance, etc.
}

Quick Start: Hardware-Secured Trading Bot

Here's how to set up D'CENT integration for your trading bot:

Install and configure WAIaaS with D'CENT support:

npm install -g @waiaas/cli
waiaas init
waiaas start

Create a trading wallet with spending policies:

waiaas wallet create --name trading-bot --chain solana
waiaas quickset --mode mainnet

Configure D'CENT hardware wallet connection through the admin UI:

# Open admin interface
open http://127.0.0.1:3100/admin
# Navigate to Signing Channels → D'CENT Setup

Set up tiered approval policies for your trading strategy:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: your-password" \
  -d '{
    "walletId": "your-wallet-id",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 500,
      "notify_max_usd": 2000,
      "delay_max_usd": 10000,
      "delay_seconds": 600
    }
  }'

Test hardware approval flow with a large transaction:

# This should trigger D'CENT approval
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Authorization: Bearer your-session-token" \
  -d '{"type": "TRANSFER", "to": "test-address", "amount": "15000", "dryRun": true}'

Your trading bot now has hardware-backed security for large trades while maintaining automation for routine operations. The D'CENT device provides an additional security layer without blocking time-sensitive arbitrage opportunities.

What's Next

D'CENT integration gives trading bots the security of hardware wallets with the speed of hot wallets through intelligent tier-based routing. This approach scales from individual traders to institutional trading operations that need both automation and compliance controls.

Ready to secure your trading infrastructure? Check out the WAIaaS GitHub repository for complete setup instructions, or visit waiaas.ai to learn more about hardware wallet integration and policy-based security.

Production AI Agent Wallet: GHCR Image with Auto-Provision and Healthcheck

Wallet Guy — Mon, 04 May 2026 15:17:50 +0000

Production AI agent wallet infrastructure doesn't have to mean trusting third parties with your private keys or accepting rate limits from hosted services. Self-hosting your wallet-as-a-service gives you complete control over your AI agent's financial operations, from private key storage to transaction policies, all running on your own infrastructure.

Why Self-Hosting Matters for AI Agents

When your AI agent manages real funds, custody becomes critical. Hosted solutions create single points of failure — API outages, account suspensions, or service shutdowns can instantly disable your autonomous systems. Self-hosting eliminates these dependencies while ensuring your private keys never leave your infrastructure.

The stakes extend beyond uptime. AI agents often require custom transaction policies, specialized DeFi integrations, or compliance with specific regulatory requirements. Self-hosted infrastructure gives you the flexibility to configure these systems exactly as needed, without waiting for a SaaS provider to support your use case.

WAIaaS: Production-Ready Self-Hosted Wallet Infrastructure

WAIaaS delivers enterprise-grade wallet infrastructure through a single Docker image. The platform provides 39 REST API route modules, supports 15 DeFi protocol providers, and includes comprehensive policy management with 21 policy types across 4 security tiers.

The Docker image ghcr.io/minhoyoo-iotrust/waiaas:latest includes auto-provisioning capabilities that generate secure master passwords on first startup. Default port binding runs on 127.0.0.1:3100:3100, keeping your wallet API isolated to localhost by default.

Auto-Provisioning for Secure Deployment

Starting a production wallet should be both secure and simple. WAIaaS supports auto-provisioning with Docker Secrets for production environments:

# Quick start with auto-generated security
docker run -d \
  --name waiaas \
  -p 127.0.0.1:3100:3100 \
  -v waiaas-data:/data \
  -e WAIAAS_AUTO_PROVISION=true \
  ghcr.io/minhoyoo-iotrust/waiaas:latest

# Retrieve auto-generated master password
docker exec waiaas cat /data/recovery.key

The auto-provision feature generates cryptographically secure master passwords and stores them in /data/recovery.key. This eliminates the bootstrap problem of securely distributing initial credentials to your deployment environment.

Production Docker Compose Configuration

The included docker-compose.yml provides production-ready defaults with healthchecks and restart policies:

services:
  daemon:
    image: ghcr.io/minhoyoo-iotrust/waiaas:latest
    container_name: waiaas-daemon
    ports:
      - "127.0.0.1:3100:3100"
    volumes:
      - waiaas-data:/data
    environment:
      - WAIAAS_DATA_DIR=/data
      - WAIAAS_DAEMON_HOSTNAME=0.0.0.0
    env_file:
      - path: .env
        required: false
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3100/health"]
      interval: 30s
      timeout: 5s
      start_period: 10s
      retries: 3

volumes:
  waiaas-data:
    driver: local

The healthcheck monitors the /health endpoint every 30 seconds, ensuring container orchestration systems can detect and restart failed instances. Named volumes preserve wallet data across container updates.

Docker Secrets for Production

Production deployments require secure credential management. WAIaaS includes a production secrets overlay via docker-compose.secrets.yml:

# Create secret files
mkdir -p secrets
echo "your-secure-password" > secrets/master_password.txt
chmod 600 secrets/master_password.txt

# Deploy with secrets overlay
docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d

This approach keeps sensitive credentials outside of environment variables and container images, following Docker security best practices.

Setting Up Your Self-Hosted AI Agent Wallet

Step 1: Deploy with Docker Compose

Clone the repository and start the services:

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

The daemon starts on port 3100 with automatic provisioning enabled. Check the logs to confirm successful startup:

docker compose logs -f

Step 2: Create Your First Wallet

Use the CLI to create a wallet for your AI agent:

# Install the CLI
npm install -g @waiaas/cli

# Initialize configuration
waiaas init

# Create a Solana wallet
curl -X POST http://127.0.0.1:3100/v1/wallets \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(docker exec waiaas cat /data/recovery.key)" \
  -d '{"name": "trading-agent", "chain": "solana", "environment": "mainnet"}'

The wallet creation returns a unique identifier and public address. Store the wallet ID for session creation.

Step 3: Create an AI Agent Session

Sessions provide scoped access for AI agents without exposing the master password:

curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(docker exec waiaas cat /data/recovery.key)" \
  -d '{"walletId": "<wallet-uuid-from-step-2>"}'

The response includes a session token (wai_sess_...) that your AI agent uses for transactions. Sessions support configurable TTL, maximum renewals, and absolute lifetime limits.

Step 4: Configure Security Policies

Self-hosted infrastructure means you control the security model. Create spending limits and transaction policies:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(docker exec waiaas cat /data/recovery.key)" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 5000
    }
  }'

The policy engine implements 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL) with default-deny enforcement. Transactions execute immediately for small amounts, require delays for medium amounts, and demand human approval for large transactions.

Step 5: Test Agent Integration

Your AI agent can now interact with the wallet through the REST API:

# Check balance
curl http://127.0.0.1:3100/v1/wallet/balance \
  -H "Authorization: Bearer wai_sess_<your-session-token>"

# Send tokens
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<your-session-token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.001"
  }'

Monitoring and Maintenance

Self-hosted infrastructure requires operational visibility. WAIaaS includes comprehensive monitoring through structured logs and health endpoints.

The included healthcheck monitors daemon availability, but production deployments should also monitor wallet balances, policy violations, and transaction success rates. The Admin Web UI at /admin provides a dashboard for wallet management, session control, and DeFi positions.

For automated maintenance, the Docker image supports watchtower auto-updates. Configure watchtower to monitor the ghcr.io/minhoyoo-iotrust/waiaas:latest tag for security updates:

docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower \
  --interval 3600 \
  waiaas-daemon

Beyond Basic Deployment

Self-hosting enables advanced configurations impossible with hosted services. The 15-package monorepo includes specialized components for different deployment scenarios.

The push-relay service provides mobile notifications for transaction approvals. Deploy it alongside the main daemon for complete self-hosted infrastructure:

# Both services from the same codebase
docker compose up daemon push-relay

For high-availability deployments, the stateless API design allows horizontal scaling behind a load balancer. Store the SQLite database on shared storage or migrate to PostgreSQL for multi-instance deployments.

The OpenAPI 3.0 spec at /doc and interactive documentation at /reference support custom client development. Self-hosted infrastructure means you can modify the API surface or add custom endpoints without vendor approval.

Your self-hosted WAIaaS instance provides complete sovereignty over your AI agent's financial infrastructure. From private key storage to transaction policies, everything runs under your control on your infrastructure.

Ready to deploy your own instance? Start with the WAIaaS GitHub repository for the complete source code and deployment guides, or visit waiaas.ai for additional documentation and community resources.

Claude Desktop + NFTs: MCP Tools for AI Agent NFT Management

Wallet Guy — Mon, 04 May 2026 08:44:02 +0000

NFT management through Claude Desktop becomes dramatically simpler when your AI agent can directly interact with blockchain networks. WAIaaS provides 45 MCP tools that transform Claude into a capable NFT portfolio manager, eliminating the need to switch between multiple interfaces for discovery, transfers, and metadata analysis.

Why AI-Native NFT Management Matters

Traditional NFT management requires juggling multiple platforms—OpenSea for browsing, MetaMask for transactions, various analytics tools for portfolio tracking. Each context switch breaks your workflow and requires manual coordination between discovery and action.

With Model Context Protocol integration, Claude can seamlessly handle the entire NFT lifecycle: discovering collections, analyzing metadata, executing transfers, and tracking portfolio changes—all within a single conversation thread. This unified approach reduces friction and enables more sophisticated NFT strategies that combine market analysis with immediate execution.

MCP Tools for Complete NFT Control

WAIaaS integrates NFT functionality directly into Claude through its MCP server. Once configured, your agent gains access to comprehensive NFT capabilities across both EVM chains (ERC-721/ERC-1155) and Solana (Metaplex) with built-in metadata caching for fast responses.

Quick MCP Setup

First, configure Claude Desktop to connect with WAIaaS:

# Install and setup WAIaaS
npm install -g @waiaas/cli
waiaas init
waiaas start
waiaas quickset --mode mainnet    # Creates wallets + MCP sessions
waiaas mcp setup --all           # Auto-registers with Claude Desktop

This automatically adds the MCP server configuration to your claude_desktop_config.json:

{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_eyJhbGciOiJIUzI1NiJ9...",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}

Core NFT Tools Available to Claude

Once configured, Claude gains access to these NFT-specific MCP tools:

list-nfts — Browse entire NFT collection with metadata
get-nft-metadata — Detailed analysis of individual NFTs
transfer-nft — Execute NFT transfers with policy enforcement
get-assets — Portfolio view including NFT valuations

Practical NFT Operations

Portfolio Discovery: Claude can analyze your complete NFT holdings across networks:

User: "Show me all my NFTs and highlight any that might be valuable"

Claude: I'll check your NFT collection across all networks.

*calls list-nfts tool*

You have 23 NFTs across Ethereum and Solana:

Ethereum (12 NFTs):
- Bored Ape #4532 - Floor: 12.3 ETH
- 3 Pudgy Penguins - Floor: 2.1 ETH each
- CryptoPunk #8745 - Rare traits detected

Solana (11 NFTs):
- DeGods #1234 - High rarity score
- 5 Okay Bears - Active community
- Magic Eden verified collections

The Bored Ape and CryptoPunk show significant value. Would you like detailed trait analysis for any specific pieces?

Metadata Analysis: Deep dive into NFT characteristics and provenance:

User: "Analyze the rarity and traits of my Bored Ape #4532"

Claude: *calls get-nft-metadata tool*

Bored Ape #4532 Analysis:
- Background: Orange (12% rarity)
- Eyes: Laser Eyes (1.2% rarity) ⭐
- Mouth: Grin (5.8% rarity)
- Hat: Party Hat (3.4% rarity) ⭐

Rarity Score: 8.2/10 (Top 5%)
Last Sale: 15.2 ETH (3 months ago)
Current Floor: 12.3 ETH

The Laser Eyes trait is particularly rare and drives significant value premium. This piece ranks in the top 5% by rarity.

Smart Transfer Execution: NFT transfers with built-in policy protection:

# Behind the scenes: Claude calls the transfer-nft tool
curl -X POST http://127.0.0.1:3100/v1/transactions/nft-transfer \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "contractAddress": "0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D",
    "tokenId": "4532",
    "to": "0x742d35Cc6664C8532D24C15D8eb18C9C95F5FB45",
    "standard": "ERC721"
  }'

Policy-Protected NFT Operations

WAIaaS applies the same 4-tier security model to NFT operations. You can configure policies that require approval for high-value transfers:

# Create NFT-specific policies
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT", 
    "rules": {
      "instant_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300
    }
  }'

This ensures that valuable NFT transfers require human approval, while smaller transfers execute instantly.

Cross-Chain NFT Management

Claude can manage NFTs across both Ethereum and Solana ecosystems seamlessly:

User: "Compare my NFT portfolios on Ethereum vs Solana"

Claude: *calls list-nfts and get-assets tools*

Portfolio Comparison:

Ethereum NFTs (Total Value: ~45 ETH):
- Blue-chip focus: BAYC, CryptoPunks, Azuki  
- Higher individual values
- Established marketplace liquidity
- Gas costs impact smaller trades

Solana NFTs (Total Value: ~120 SOL):
- Diverse collection: DeGods, Okay Bears, Magic Eden drops
- More experimental/utility-focused
- Lower transaction costs enable frequent trading
- Faster settlement times

Strategy Recommendation: Your Ethereum holdings are wealth preservation plays, while Solana NFTs offer more trading flexibility due to low fees.

Quick Start: Your First AI NFT Operation

Get Claude managing NFTs in under 5 minutes:

Setup WAIaaS: npm install -g @waiaas/cli && waiaas init && waiaas start
Create session: waiaas quickset --mode mainnet
Register MCP: waiaas mcp setup --all
Restart Claude Desktop to load the new MCP server
Try it: Ask Claude "Show me all my NFTs" or "What's the rarity of my [collection] #[id]?"

Claude now has direct access to your NFT portfolio and can execute transfers, analyze metadata, and track portfolio performance—all through natural conversation.

For developers building more complex NFT applications, the same MCP tools work programmatically through the REST API, enabling hybrid approaches where Claude handles discovery and analysis while custom code manages bulk operations.

Ready to give your AI agent NFT superpowers? Check out MCP Tools for Claude Desktop: Complete Wallet Integration Guide for the full setup process, or explore Policy Engine Deep Dive: 4-Tier Security for AI Agent Transactions to understand how transaction policies protect your valuable NFT transfers.

The combination of AI reasoning with direct blockchain access opens up entirely new possibilities for NFT portfolio management. Start experimenting at GitHub or learn more at waiaas.ai.

Risk Management for Perpetual Trading Bots: Leverage and Position Limits

Wallet Guy — Sun, 03 May 2026 14:14:52 +0000

Your perpetual trading bot needs bulletproof risk management to survive volatile markets. Without proper leverage limits and position controls, even profitable strategies can blow up accounts during extreme price moves or flash crashes.

Why Risk Management Is Critical for Automated Trading

Trading bots operate 24/7 without human oversight, making automated risk controls essential. A single misconfigured position or runaway leverage can wipe out weeks of profits in minutes. Traditional exchanges offer basic position limits, but they can't coordinate risk across multiple protocols or implement sophisticated pre-trade checks.

Professional trading operations need infrastructure that enforces risk rules at the wallet level — before transactions hit the blockchain. This means position sizing, leverage caps, and exposure limits that work across Hyperliquid, Drift, Jupiter, and any other protocol your bot trades on.

Built-in Risk Controls for Trading Infrastructure

WAIaaS provides wallet-as-a-service infrastructure specifically designed for automated trading systems. Instead of building risk management from scratch, you get 21 policy types that enforce limits before transactions execute.

The policy engine operates with 4 security tiers: INSTANT execution for small trades, NOTIFY for medium positions (with alerts), DELAY for large trades (with cancellation windows), and APPROVAL for maximum positions requiring human oversight.

Perpetual Futures Risk Policies

For perpetual trading specifically, WAIaaS enforces three critical policy types:

PERP_MAX_LEVERAGE prevents your bot from exceeding safe leverage ratios:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "PERP_MAX_LEVERAGE",
    "rules": {
      "maxLeverage": 5.0,
      "leverageTiers": {
        "BTC-USD": 3.0,
        "ETH-USD": 4.0,
        "ALT-USD": 2.0
      }
    }
  }'

PERP_MAX_POSITION_USD caps position sizes across all perpetual markets:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "PERP_MAX_POSITION_USD",
    "rules": {
      "maxPositionUsd": 50000,
      "marketLimits": {
        "BTC-USD": 25000,
        "ETH-USD": 15000,
        "SOL-USD": 10000
      }
    }
  }'

PERP_ALLOWED_MARKETS restricts trading to approved perpetual contracts:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "PERP_ALLOWED_MARKETS",
    "rules": {
      "allowedMarkets": [
        "BTC-USD",
        "ETH-USD",
        "SOL-USD"
      ]
    }
  }'

Multi-Tier Spending Limits

The SPENDING_LIMIT policy creates automatic circuit breakers based on trade size:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 1000,
      "notify_max_usd": 5000,
      "delay_max_usd": 20000,
      "delay_seconds": 300,
      "daily_limit_usd": 50000,
      "monthly_limit_usd": 500000
    }
  }'

Small positions under $1,000 execute instantly. Medium positions ($1,000-$5,000) execute with notifications sent to your monitoring systems. Large positions ($5,000-$20,000) are delayed 5 minutes, giving you time to cancel if needed. Positions over $20,000 require manual approval.

Rate Limiting for High-Frequency Strategies

RATE_LIMIT policies prevent runaway bot behavior:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "RATE_LIMIT",
    "rules": {
      "maxTransactions": 100,
      "period": "hourly"
    }
  }'

Hyperliquid Integration for Perpetual Trading

WAIaaS includes native Hyperliquid support for perpetual futures, spot trading, and sub-accounts. Your bot can execute sophisticated strategies across multiple markets:

# Open BTC perpetual position with built-in risk checks
curl -X POST http://127.0.0.1:3100/v1/actions/hyperliquid/place-order \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "asset": "BTC",
    "isBuy": true,
    "sz": "0.5",
    "limitPx": "45000",
    "orderType": "limit",
    "reduceOnly": false
  }'

The policy engine validates leverage ratios and position sizes before the order hits Hyperliquid's API. If your bot tries to exceed configured limits, the transaction is blocked with a clear error message:

{
  "error": {
    "code": "POLICY_DENIED",
    "message": "Position would exceed PERP_MAX_POSITION_USD limit of 50000",
    "domain": "POLICY",
    "retryable": false
  }
}

Cross-Protocol Risk Management

Professional trading strategies often span multiple protocols — arbitrage between Jupiter and Hyperliquid, hedging spot positions with perpetuals, or managing collateral across lending protocols. WAIaaS tracks exposure across all 15 integrated DeFi protocols.

The ACTION_CATEGORY_LIMIT policy sets spending limits by DeFi category:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ACTION_CATEGORY_LIMIT",
    "rules": {
      "categoryLimits": {
        "swap": {"daily_limit_usd": 100000},
        "lending": {"daily_limit_usd": 50000},
        "derivatives": {"daily_limit_usd": 200000}
      }
    }
  }'

Your bot can swap on Jupiter, lend on AAVE, and trade perps on Hyperliquid — but each category has separate risk budgets.

Gas-Conditional Execution for MEV Protection

Trading bots often compete for block space with MEV bots and arbitrageurs. WAIaaS includes gas conditional execution — transactions only execute when gas prices meet your threshold:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "ContractCall",
    "to": "0x...",
    "data": "0x...",
    "gasCondition": {
      "maxGasPrice": "20000000000",
      "timeout": 300
    }
  }'

Your arbitrage opportunity gets queued until gas drops below 20 gwei, then executes automatically. No more paying 100+ gwei for unprofitable trades during network congestion.

Transaction Simulation and Dry-Run Testing

Before risking real funds, test your trading logic with the dry-run API:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.1",
    "dryRun": true
  }'

This validates policies, checks balances, and estimates gas costs without broadcasting to the network. Essential for testing new strategies or debugging policy configurations.

Quick Start: Set Up Risk-Controlled Trading Infrastructure

Deploy with Docker:

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

Create trading wallets:

npm install -g @waiaas/cli
waiaas init
waiaas start
waiaas quickset --mode mainnet

Configure perpetual trading policies:

# Set maximum leverage limits
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(cat ~/.waiaas/master.password)" \
  -d '{
    "walletId": "<your-wallet-id>",
    "type": "PERP_MAX_LEVERAGE",
    "rules": {"maxLeverage": 5.0}
  }'

Start trading with risk controls:

# Execute Hyperliquid trade with automatic risk validation
curl -X POST http://127.0.0.1:3100/v1/actions/hyperliquid/place-order \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{"asset": "BTC", "isBuy": true, "sz": "0.1", "limitPx": "45000"}'

Monitor positions and policy compliance:

# Check current DeFi positions across all protocols
curl http://127.0.0.1:3100/v1/defi/positions \
  -H "Authorization: Bearer wai_sess_<token>"

Your trading infrastructure now enforces leverage limits, position caps, and spending controls automatically — no manual intervention required.

Building High-Frequency Trading Bots with WAIaaS: Gas Optimization and Multi-Protocol Access

Cross-Chain Arbitrage Automation: Bridge MEV with LI.FI and Across Integration

MEV Bot Infrastructure: Account Abstraction and Gasless Transactions for Competitive Execution

What's Next

Ready to build bulletproof trading infrastructure? Check out the complete documentation and get started with risk-controlled perpetual trading at waiaas.ai. The full source code and deployment guides are available at github.com/minhoyoo-iotrust/WAIaaS.

Contract and Token Whitelists: How to Lock Down Your AI Agent's Spending

Wallet Guy — Sun, 03 May 2026 08:17:55 +0000

Contract and token whitelists are your first line of defense when giving an AI agent spending power in DeFi. Without explicit guardrails, an autonomous agent with wallet access can drain funds, approve unlimited token transfers, or interact with malicious contracts—turning innovation into financial catastrophe.

Why Whitelist Security Matters

Traditional web applications fail gracefully. A bug might crash a server or corrupt some data. But crypto applications fail expensively. A single malicious transaction can empty a wallet permanently. When you add AI agents to the equation—with their tendency toward unpredictable behavior and susceptibility to prompt injection—the stakes become even higher.

The problem isn't theoretical. We've seen autonomous trading bots lose millions due to oracle manipulation, smart contracts drain funds through reentrancy attacks, and AI systems get tricked into signing malicious transactions through carefully crafted inputs. Default-allow security models don't work when every transaction can be irreversible.

The Default-Deny Security Model

WAIaaS implements a default-deny security architecture across 21 policy types, with contract and token whitelists forming the foundation. When an AI agent attempts a transaction, the system starts from a position of "no" and only permits explicitly authorized actions.

Here's how the three core whitelist policies work:

ALLOWED_TOKENS: Token Transfer Whitelist

By default, your AI agent cannot transfer any tokens—not even native ETH or SOL. You must explicitly whitelist each token the agent is allowed to touch:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {
          "address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", 
          "symbol": "USDC", 
          "chain": "solana"
        },
        {
          "address": "native:solana", 
          "symbol": "SOL", 
          "chain": "solana"
        }
      ]
    }
  }'

Without this policy configured, any attempt to send tokens results in immediate denial. With it configured, the agent can only transfer the specific tokens you've authorized—USDC and SOL in this example.

CONTRACT_WHITELIST: Smart Contract Interaction Control

Smart contract calls are even more dangerous than simple transfers. A single approve() call can grant unlimited spending power to a malicious contract. The contract whitelist prevents your agent from interacting with any smart contract you haven't explicitly approved:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "CONTRACT_WHITELIST",
    "rules": {
      "contracts": [
        {
          "address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", 
          "name": "Jupiter", 
          "chain": "solana"
        },
        {
          "address": "0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D",
          "name": "Uniswap V2 Router",
          "chain": "ethereum"
        }
      ]
    }
  }'

This configuration allows your agent to swap tokens on Jupiter (Solana) and Uniswap V2 (Ethereum), but blocks all other contract interactions.

APPROVED_SPENDERS: Token Approval Restrictions

Token approvals deserve special attention because they can grant persistent spending power to third parties. The approved spenders whitelist controls which contracts can receive approval to spend your tokens:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "APPROVED_SPENDERS",
    "rules": {
      "spenders": [
        {
          "address": "0xDEF1C0ded9bec7F1a1670819833240f027b25EfF",
          "name": "0x Protocol",
          "maxAmount": "1000000000"
        }
      ]
    }
  }'

The maxAmount field prevents unlimited approvals—a common attack vector where malicious contracts request type(uint256).max approval amounts.

Layered Security Beyond Whitelists

Whitelists provide the foundation, but WAIaaS implements defense in depth with multiple security layers:

Spending Limits: Even whitelisted actions can be restricted by amount. Small transactions execute instantly, medium amounts trigger notifications, large amounts require time delays, and the biggest transactions need explicit human approval:

{
  "type": "SPENDING_LIMIT",
  "rules": {
    "instant_max_usd": 10,
    "notify_max_usd": 100,
    "delay_max_usd": 1000,
    "delay_seconds": 300
  }
}

Time Restrictions: Limit agent activity to specific hours when you're available to monitor:

{
  "type": "TIME_RESTRICTION", 
  "rules": {
    "allowedHours": {"start": 9, "end": 17},
    "timezone": "UTC"
  }
}

Rate Limits: Prevent rapid-fire transactions that could indicate compromise:

{
  "type": "RATE_LIMIT",
  "rules": {
    "maxTransactions": 10,
    "period": "hourly"
  }
}

Authentication and Authorization Architecture

WAIaaS uses three distinct authentication methods, each serving a different role in the security model:

masterAuth: Administrative control (Argon2id password hashing)
sessionAuth: AI agent transaction execution (JWT HS256 tokens)
ownerAuth: Human approval override (SIWS/SIWE signatures)

The AI agent operates with limited sessionAuth permissions. When policies require human approval, the transaction enters a pending state until the fund owner provides ownerAuth approval through WalletConnect, Telegram, or push notifications.

Monitoring and Emergency Response

Security doesn't end at prevention. WAIaaS includes comprehensive monitoring and emergency response capabilities:

Transaction Monitoring: Every transaction is logged with full context—policy evaluations, approval flows, and execution results. The 39 REST API route modules provide detailed audit trails.

Real-time Notifications: The system can alert you immediately when transactions approach policy limits or require approval. Integration with 3 signing channels (push-relay, Telegram, WalletConnect) ensures you never miss critical decisions.

Kill Switch: Owners can instantly disable agent permissions or kill pending transactions through the emergency interface.

Quick Start: Securing Your AI Agent

Here's how to set up whitelist-based security for a trading agent:

Start WAIaaS with auto-provision:

npm install -g @waiaas/cli
waiaas init --auto-provision
waiaas start

Create a trading wallet:

waiaas wallet create --name trading-bot --chain solana

Configure token whitelist (allow only USDC and SOL):

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <your-password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},
        {"address": "native:solana", "symbol": "SOL", "chain": "solana"}
      ]
    }
  }'

Set contract whitelist (allow only Jupiter for swapping):

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <your-password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "CONTRACT_WHITELIST",
    "rules": {
      "contracts": [
        {"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"}
      ]
    }
  }'

Test the restrictions:

# This will work (USDC is whitelisted)
curl -X POST http://localhost:3100/v1/transactions/send \
  -H "Authorization: Bearer <session-token>" \
  -d '{"type": "TokenTransfer", "token": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "amount": "1"}'

# This will be denied (BONK not whitelisted)
curl -X POST http://localhost:3100/v1/transactions/send \
  -H "Authorization: Bearer <session-token>" \
  -d '{"type": "TokenTransfer", "token": "DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263", "amount": "1000"}'

Your AI agent now operates within strict boundaries—it can only touch approved tokens and interact with approved contracts. Any attempt to step outside these constraints results in immediate denial.

AI Agent Security: 3-Layer Defense Against Crypto Exploits

Self-Hosted Crypto Wallets: Why AI Agents Need Local Control

What's Next

Contract and token whitelists provide the foundation for AI agent security, but they're just the beginning. Explore the full 21-policy security framework, set up human-approval workflows for high-value transactions, and implement comprehensive monitoring. Get started at GitHub or learn more at waiaas.ai.

When AI Agents Trade Autonomously: Building Economic Actors That Never Sleep

Wallet Guy — Sat, 02 May 2026 14:14:03 +0000

AI agents will need to pay for compute, data, and API calls autonomously — but most lack the economic infrastructure to participate in real transactions. The missing piece isn't smarter models or better reasoning; it's wallet infrastructure that lets agents operate as independent economic actors without human intermediaries for every payment.

The Autonomous Agent Economy Is Already Here

We're witnessing the emergence of AI agents that don't just answer questions — they take actions. They trade stocks, manage DeFi positions, execute complex workflows, and consume paid APIs. But there's a fundamental bottleneck: these agents still depend on humans to handle their economic interactions.

Consider an AI trading bot that identifies arbitrage opportunities across multiple DEXs. It can analyze markets, calculate optimal routes, and determine profitable trades faster than any human. But when it comes time to execute — to actually move funds, swap tokens, or pay for premium market data — it hits a wall. The agent needs a human to approve transactions, top up balances, or manage API credits.

This creates a paradox: we have agents sophisticated enough to outperform humans at complex economic reasoning, but they can't autonomously pay for a $0.01 API call.

The Infrastructure Gap: Wallets for Agents

Traditional wallet infrastructure was designed for humans. It assumes someone is present to approve transactions, manage private keys, and handle security decisions. But autonomous agents operate differently:

They need to transact 24/7 across global markets
They require programmatic access without GUI interactions
They must handle micropayments efficiently (paying per API call, per computation)
They need sophisticated policy controls to prevent runaway spending
They require audit trails for compliance and debugging

WAIaaS bridges this gap with wallet infrastructure purpose-built for AI agents. Instead of retrofitting human-centered wallets, it starts from the agent's requirements: REST APIs, session-based authentication, programmable policies, and autonomous transaction execution.

Session-Based Authentication: Agents Without Private Keys

The fundamental challenge is giving agents transaction capabilities without exposing private keys. WAIaaS solves this with session-based authentication:

# Create a session for your AI agent (one-time setup)
curl -X POST http://127.0.0.1:3100/v1/sessions \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{"walletId": "<wallet-uuid>"}'

The agent receives a session token with limited capabilities and lifetime. It can transact within predefined policies, but cannot access the underlying private keys:

# Agent checks its balance autonomously
curl http://127.0.0.1:3100/v1/wallet/balance \
  -H "Authorization: Bearer wai_sess_eyJhbGciOiJIUzI1NiJ9..."

# Agent executes DeFi trade
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

Policy-Driven Autonomy: Smart Guardrails

True autonomy doesn't mean unlimited freedom. The most successful autonomous agents operate within clearly defined boundaries. WAIaaS implements this through 21 policy types with 4 security tiers: INSTANT, NOTIFY, DELAY, and APPROVAL.

For an AI trading agent, you might configure:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 100,
      "notify_max_usd": 1000,
      "delay_max_usd": 5000,
      "delay_seconds": 300,
      "daily_limit_usd": 10000
    }
  }'

This creates a four-tier system:

Trades under $100: Execute immediately
$100-$1000: Execute and notify the owner
$1000-$5000: Wait 5 minutes (allowing cancellation), then execute
Above $5000: Require explicit human approval

You can layer multiple policies. Add contract whitelists to restrict which DEXs the agent can use, time restrictions for trading hours, or token whitelists to prevent the agent from buying speculative assets.

x402 HTTP Payments: Agents as API Customers

One of the most immediate use cases for autonomous agent payments is API consumption. The x402 HTTP payment protocol lets agents automatically pay for API calls without pre-funded accounts or subscription management.

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Agent makes HTTP request, automatically pays if 402 Payment Required
const response = await client.x402Fetch('https://api.premium-data.com/market-data', {
  method: 'GET',
  headers: { 'Accept': 'application/json' }
});

const marketData = await response.json();

Behind the scenes, if the API returns a 402 status code, WAIaaS automatically:

Parses the payment request
Checks agent policies (is this domain whitelisted? Is the amount within limits?)
Executes payment
Retries the original request with payment proof

This enables new business models. API providers can charge per-call instead of managing subscriptions. Agents can dynamically discover and pay for services they need. The economic friction between agents and services disappears.

Multi-Chain DeFi Operations

Autonomous agents excel at complex DeFi strategies that require 24/7 monitoring and rapid execution. WAIaaS supports 15 DeFi protocols across multiple chains, enabling agents to:

Provide liquidity across AMMs and rebalance based on fee returns
Execute yield farming strategies, automatically compounding rewards
Manage lending positions, adjusting collateral to maintain healthy ratios
Execute cross-chain arbitrage via bridging protocols

An agent monitoring Aave positions can automatically supply additional collateral if the health factor drops:

# Agent checks current DeFi positions
curl http://127.0.0.1:3100/v1/defi/positions \
  -H "Authorization: Bearer wai_sess_<token>"

# If health factor is low, supply more collateral
curl -X POST http://127.0.0.1:3100/v1/actions/aave-v3/supply \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "asset": "0xA0b86a33E6441d89C6fE6D9E9Dc3A6E7e57B4F2a",
    "amount": "1000000000000000000"
  }'

Real-World Implementation: MCP Integration

The Model Context Protocol (MCP) provides a standardized way for AI assistants to access external tools and data. WAIaaS offers 45 MCP tools that turn any MCP-compatible AI assistant into an autonomous economic agent.

Setting up Claude Desktop with WAIaaS takes minutes:

# Install CLI and start daemon
npm install -g @waiaas/cli
waiaas init
waiaas start

# Create wallets and sessions, auto-configure MCP
waiaas quickset --mode mainnet
waiaas mcp setup --all

Now Claude can autonomously:

Check wallet balances: "What's my current portfolio value?"
Execute trades: "Swap 0.1 SOL for USDC on Jupiter"
Manage DeFi positions: "Show my lending positions and health factors"
Pay for premium data: "Get the latest options flow data for AAPL"

The agent operates within your predefined policies, with full transaction history and the ability to require approval for large operations.

Security Model: Three Layers of Protection

Autonomous agents handling real funds require robust security. WAIaaS implements three layers:

Layer 1: Session Authentication
Agents never access private keys directly. Sessions provide limited capabilities with configurable TTL and renewal limits.

Layer 2: Policy Engine

21 policy types enforce spending limits, contract whitelists, time restrictions, and more. Default-deny architecture blocks transactions unless explicitly allowed.

Layer 3: Human Override
Fund owners retain ultimate control through WalletConnect integration. Kill switches, transaction approval, and emergency recovery ensure humans can intervene when needed.

This creates the optimal balance: agents operate autonomously within safe boundaries, but humans maintain oversight and control.

Getting Started: Deploy an Economic Agent

Ready to build your first autonomous economic agent? Here's the minimal setup:

Step 1: Start WAIaaS Infrastructure

npm install -g @waiaas/cli
waiaas init
waiaas start
waiaas quickset --mode mainnet  # Creates wallets + sessions

Step 2: Configure Your AI Agent
Add MCP integration to Claude Desktop or use the SDK directly:

import { WAIaaSClient } from '@waiaas/sdk';

const agent = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

Step 3: Set Policies
Define what your agent can do autonomously:

# Allow small transactions instantly, require approval for large ones
waiaas policies create --type SPENDING_LIMIT \
  --instant-max 50 --delay-max 500 --approval-above 1000

Step 4: Fund and Deploy
Transfer initial funds to your agent's wallet and let it start operating. Monitor via the admin UI at http://localhost:3100/admin.

The agent can now participate in the economy: paying for APIs, executing trades, managing DeFi positions, and more — all within the guardrails you've defined.

The Road Ahead: Agents as Economic Participants

We're at the beginning of a fundamental shift. AI agents are evolving from tools that provide information to autonomous actors that take economic action. This requires infrastructure that doesn't exist in traditional fintech or DeFi — it needs to be built specifically for agents.

The implications extend beyond individual agents. We're heading toward agent-to-agent commerce, where AI systems automatically discover, negotiate with, and pay each other for services. Imagine an AI researcher that automatically purchases compute from cloud providers, pays for academic paper access, and compensates data providers — all without human intervention.

This future requires wallet infrastructure designed for autonomy, not retrofitted from human-centered systems. WAIaaS provides that foundation today.

For more insights on AI agent infrastructure, check out How to Set Up AI Agents with Wallet Access Using MCP and Why AI Agents Need Their Own Wallets for deeper technical details.

What's Next

The autonomous agent economy is emerging now, not in some distant future. The question isn't whether AI agents will need economic capabilities — it's whether you'll be ready to deploy them safely and effectively.

Start experimenting with autonomous agents today. Explore the full codebase on GitHub or learn more at waiaas.ai. The infrastructure for the agent economy is here — what will you build with it?

7-Stage Transaction Validation: How AI Agents Execute Safe DeFi Operations

Wallet Guy — Sat, 02 May 2026 08:02:17 +0000

Giving an AI agent access to your DeFi portfolio without proper guardrails is like handing over your bank account with a sticky note saying "please be careful." Most wallet-as-a-service solutions either give agents unlimited access or rely on simple spending limits that don't account for the complexity of DeFi operations. WAIaaS takes a different approach with a 7-stage transaction pipeline that validates every operation through multiple security layers before execution.

Why Multi-Stage Validation Matters

DeFi operations carry amplified risks compared to simple transfers. When your AI agent interacts with lending protocols, DEXs, or yield farms, a single malicious or misconfigured transaction can:

Approve unlimited token spending to untrusted contracts
Deposit funds into high-risk lending pools
Execute leveraged positions beyond your risk tolerance
Interact with unaudited or compromised protocols

Traditional approaches either block AI agents entirely or use crude spending limits that don't distinguish between sending $100 to your friend versus approving $100 to an experimental DeFi protocol. WAIaaS recognizes that transaction amount alone doesn't determine risk—context matters.

The 7-Stage Transaction Pipeline

WAIaaS processes every transaction through seven sequential stages, each with specific validation logic and security checks. Here's how an AI agent's Jupiter swap request gets validated:

Stage 1: Validate

The pipeline first validates the transaction structure, network compatibility, and basic feasibility checks.

# Example: AI agent requests SOL → USDC swap
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

Stage 1 validates:

Transaction type matches expected schema (7 types: Transfer, TokenTransfer, ContractCall, Approve, Batch, NftTransfer, ContractDeploy)
Target network is active and RPC accessible
Basic parameter validation (addresses, amounts, gas estimates)

Stage 2: Authentication

Three authentication methods provide different security contexts:

# sessionAuth — AI agent operations (transactions, queries)
-H "Authorization: Bearer wai_sess_eyJhbGciOiJIUzI1NiJ9..."

# masterAuth — system administration (policies, wallet creation)
-H "X-Master-Password: my-secret-password"  

# ownerAuth — fund owner (approvals, emergency controls)
-H "X-Owner-Signature: <ed25519-or-secp256k1-signature>"
-H "X-Owner-Message: <signed-message>"

Session tokens include TTL, renewal limits, and absolute lifetime bounds. The pipeline verifies the session is valid, not expired, and authorized for the requested operation.

Stage 3: Policy Engine

This is where WAIaaS's security model shines. The policy engine evaluates 21 different policy types against the transaction, assigning one of four security tiers:

# Create a comprehensive DeFi policy
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 50,
      "notify_max_usd": 200,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 2000
    }
  }'

Default-Deny Protection: The policy engine implements default-deny for critical operations. Without explicit ALLOWED_TOKENS and CONTRACT_WHITELIST policies, agents cannot transfer tokens or interact with smart contracts.

Four Security Tiers:

INSTANT: Execute immediately (low-risk operations under threshold)
NOTIFY: Execute immediately, send notification to owner
DELAY: Queue for time delay, owner can cancel during delay period
APPROVAL: Require explicit human approval before execution

For our Jupiter swap example, the policy engine checks:

SPENDING_LIMIT: Is 1 SOL under the appropriate tier threshold?
ALLOWED_TOKENS: Is SOL → USDC swap permitted?
CONTRACT_WHITELIST: Is Jupiter router address approved?
RATE_LIMIT: Has the agent exceeded transaction frequency limits?

Stage 4: Wait (Conditional)

If the policy engine assigns DELAY tier, the transaction enters a waiting period. During this time:

Transaction is queued with visible countdown timer
Owner receives notification with cancellation option
Agent receives pending status, not failure
Emergency kill switch can cancel all pending transactions

{
  "id": "tx_abc123",
  "status": "PENDING_DELAY",
  "delayUntil": "2024-03-15T10:35:00Z",
  "delaySeconds": 300,
  "cancellable": true
}

Stage 5: Execute

For approved transactions, the execution stage handles the actual blockchain interaction:

Gas price conditional execution (wait for gas below threshold)
Nonce management and transaction ordering
Multi-chain RPC routing
Dry-run simulation before real execution

The pipeline supports complex transaction types including ERC-4337 Account Abstraction UserOps and batch transactions.

Stage 6: Confirm

Final stage monitors blockchain confirmation and updates transaction status:

Block confirmation tracking
Failed transaction detection and retry logic
Balance updates and cache invalidation
Notification dispatch for completed operations

Real-World Policy Configuration

Here's how to configure policies that make sense for AI agents operating in DeFi:

Token Whitelist (Required for Agent Operations):

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {
      "tokens": [
        {"address": "So11111111111111111111111111111111111111112", "symbol": "SOL", "chain": "solana"},
        {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"}
      ]
    }
  }'

DeFi Protocol Whitelist:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "CONTRACT_WHITELIST", 
    "rules": {
      "contracts": [
        {"address": "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4", "name": "Jupiter", "chain": "solana"},
        {"address": "KLend2g3cP87fffoy8q1mQqGKjrxjC8boSyAYavgmjD", "name": "Kamino", "chain": "solana"}
      ]
    }
  }'

Lending Risk Controls:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "LENDING_LTV_LIMIT",
    "rules": {
      "maxLtv": 0.65,
      "assetWhitelist": ["SOL", "USDC", "ETH"]
    }
  }'

Security Through Multiple Layers

WAIaaS implements defense in depth through three distinct security layers:

Layer 1: Session Authentication + Time Limits

JWT session tokens with configurable TTL and renewal limits
Per-session absolute lifetime bounds
Immediate revocation capability

Layer 2: Policy Engine + Time Delays

21 policy types covering spending, contracts, networks, DeFi parameters
Time delays allow human intervention before execution
Default-deny for undefined scenarios

Layer 3: Human Approval + Kill Switch

WalletConnect integration for mobile approval workflows
Telegram and push notification channels for approval requests
Emergency kill switch to halt all agent operations

Quick Start: Secure AI Agent Setup

Here's how to set up a DeFi-capable AI agent with proper security guardrails:

Install and initialize WAIaaS:

npm install -g @waiaas/cli
waiaas init
waiaas start

Create wallet and session:

waiaas wallet create --name defi-agent --chain solana --environment mainnet
waiaas session prompt --wallet-name defi-agent

Configure security policies:

# Spending limits with 4-tier security
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100, 
      "delay_max_usd": 500,
      "delay_seconds": 600,
      "daily_limit_usd": 1000
    }
  }'

# Allow specific tokens and protocols
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "ALLOWED_TOKENS",
    "rules": {"tokens": [{"address": "So11111111111111111111111111111111111111112", "symbol": "SOL", "chain": "solana"}]}
  }'

Test the pipeline with a dry run:

curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "TRANSFER",
    "to": "recipient-address",
    "amount": "0.01",
    "dryRun": true
  }'

Set up approval channels for high-value transactions:

waiaas owner connect  # WalletConnect for mobile approvals
waiaas notification setup  # Configure push notifications

The 7-stage pipeline ensures your AI agent operates within defined boundaries while maintaining the flexibility to execute complex DeFi strategies. Each stage provides specific validation logic, and the policy engine gives you granular control over risk parameters.

For developers building autonomous trading systems or yield optimization bots, this approach provides the security foundation needed to deploy AI agents with real funds. The pipeline processes over 683 test cases across all transaction types and DeFi protocols, ensuring robust validation of edge cases and attack vectors.

Related posts that dive deeper:

What's Next

The 7-stage transaction pipeline provides the security foundation, but WAIaaS offers additional capabilities for production AI agents including cross-chain bridging, NFT management, and x402 HTTP payment protocols. Explore the full codebase at GitHub or learn more about self-hosted deployment at waiaas.ai.

15 DeFi Protocols, 631 Tests: Building Reliable Multi-Protocol Trading Infrastructure

Wallet Guy — Fri, 01 May 2026 14:20:51 +0000

Your arb bot spotted the opportunity — Jupiter has USDC 2 basis points cheaper than the CEX. But by the time your bot assembles the wallet connection, builds the transaction, handles gas estimation, and executes the swap, the opportunity is gone. You need trading infrastructure that executes in milliseconds, not seconds.

Building reliable trading infrastructure across 15 DeFi protocols isn't just about connecting to APIs. It's about gas optimization, execution reliability, and risk controls that keep your bot profitable when markets move fast. One failed transaction or missed arbitrage opportunity costs more than robust infrastructure saves.

Why Multi-Protocol Trading Infrastructure Matters

Professional trading operations don't stick to one DEX. They arbitrage between Jupiter and Drift on Solana, hedge positions across Aave and Hyperliquid, and bridge liquidity via LI.FI when opportunities emerge on different chains. Each protocol has different APIs, different transaction patterns, and different failure modes.

Your trading bot needs to execute complex strategies: spot a price difference on Jupiter, immediately hedge with a perpetual position on Drift, maybe stake the proceeds on Jito for yield. These multi-step strategies require atomic execution — if step 2 fails, you're left with unwanted exposure.

Traditional approaches force you to integrate each protocol separately: Jupiter's SDK for swaps, Drift's SDK for perps, Aave's contracts for lending. Managing 15 different SDKs, keeping them updated, handling their different error patterns — that's months of infrastructure work before you write a single trading strategy.

The Multi-Protocol Approach

WAIaaS provides a unified API layer across 15 DeFi protocols with 631+ tests ensuring execution reliability. Instead of managing multiple SDKs, your bot makes simple HTTP calls to a local daemon that handles protocol-specific complexity.

Here's how your bot executes a cross-protocol strategy:

# Check positions across all protocols
curl http://127.0.0.1:3100/v1/defi/positions \
  -H "Authorization: Bearer wai_sess_<token>"

# Response shows unified view
{
  "positions": [
    {"protocol": "jupiter-swap", "type": "swap", "value_usd": 0},
    {"protocol": "drift", "type": "perp", "market": "SOL-PERP", "size": "-1.5", "pnl_usd": 125.50},
    {"protocol": "jito-staking", "type": "stake", "amount": "45.2", "rewards_usd": 12.30}
  ]
}

Execute a Jupiter swap when gas conditions are favorable:

# Set gas condition — only execute when gas < 0.0001 SOL
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000",
    "gasCondition": {"maxGasPrice": "100000"}
  }'

The transaction queues until gas price meets your threshold, then executes automatically. No polling, no gas price monitoring — the infrastructure handles timing.

Production-Grade Execution Pipeline

Every transaction flows through a 7-stage pipeline designed for trading reliability:

Validation — Check balance, validate addresses, ensure sufficient gas
Authentication — Verify session token, check permissions
Policy — Apply spending limits, gas conditions, protocol restrictions
Wait — Queue for gas conditions or rate limits
Execute — Submit to blockchain with retry logic
Confirm — Monitor for confirmation, handle reorgs
Notify — Update bot with final status

This pipeline prevents the common trading bot failures: insufficient balance checks, gas estimation errors, dropped transactions, missed confirmations.

Here's how your bot handles a complex arbitrage strategy:

# Build batch transaction — buy on Jupiter, hedge on Drift
curl -X POST http://127.0.0.1:3100/v1/transactions/send \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "type": "BATCH",
    "transactions": [
      {
        "type": "ACTION",
        "provider": "jupiter-swap",
        "action": "swap",
        "params": {
          "inputMint": "So11111111111111111111111111111111111111112",
          "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
          "amount": "1000000000"
        }
      },
      {
        "type": "ACTION",
        "provider": "drift",
        "action": "place_order",
        "params": {
          "market": "SOL-PERP",
          "side": "short",
          "size": "1.0",
          "orderType": "market"
        }
      }
    ]
  }'

Both transactions execute atomically — if the Drift order fails, the Jupiter swap is reverted. No partial fills, no unwanted exposure.

Risk Controls for Automated Trading

Trading bots need automated risk controls. WAIaaS provides 21 policy types with 4 security tiers specifically designed for algorithmic trading.

Set position size limits per protocol:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "PERP_MAX_POSITION_USD",
    "rules": {
      "maxPositionUsd": 10000,
      "protocols": ["drift", "hyperliquid"]
    }
  }'

Implement gas-conditional trading — only execute when profitable:

{
  "type": "GAS_CONDITION",
  "rules": {
    "maxGasPrice": "100000",
    "maxSlippage": "0.005"
  }
}

Your bot submits trades anytime. The policy engine ensures they only execute when gas costs preserve profitability.

Cross-Chain Arbitrage Infrastructure

Real arbitrage opportunities span chains. WAIaaS handles cross-chain complexity through integrated bridging protocols.

Execute Ethereum → Solana arbitrage:

# Step 1: Bridge USDC from Ethereum to Solana via LI.FI
curl -X POST http://127.0.0.1:3100/v1/actions/lifi/bridge \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "fromChain": "ethereum-mainnet",
    "toChain": "solana-mainnet",
    "token": "0xA0b86a33E6441c4ED7a4c03b6d80b1f3aFF6A4F7",
    "amount": "1000000000"
  }'

# Step 2: Auto-execute Jupiter swap once bridge completes
# (WAIaaS monitors bridge status, executes follow-up automatically)

The infrastructure tracks bridge completions and executes follow-up trades without manual intervention. Cross-chain arbitrage becomes a single API call.

Quick Start for Trading Bots

Get your trading infrastructure running in minutes:

Deploy with Docker — Production-ready deployment

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

Create trading wallet

docker exec waiaas-daemon waiaas-cli wallet create \
  --name trading-bot \
  --chain solana \
  --environment mainnet

Generate session token for your bot

docker exec waiaas-daemon waiaas-cli session create \
  --wallet-id <wallet-uuid>
# Returns: wai_sess_eyJhbGciOiJIUzI1NiJ9...

Configure trading policies

curl -X POST http://localhost:3100/v1/policies \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 1000,
      "daily_limit_usd": 50000
    }
  }'

Start trading — Your bot makes HTTP calls, WAIaaS handles execution

export WAIAAS_SESSION_TOKEN="wai_sess_..."
# Your trading bot is now live

Your trading infrastructure is now handling gas optimization, transaction reliability, and cross-protocol execution. Focus on strategy, not plumbing.

Performance and Reliability

With 631+ tests across 15 protocols, WAIaaS infrastructure handles the edge cases that break trading bots: failed transactions, network congestion, protocol upgrades, slippage protection. The 7-stage execution pipeline ensures your trades execute reliably even when market conditions change rapidly.

Gas conditional execution means your arbitrage strategies remain profitable even during network congestion. Transaction batching reduces MEV exposure. Cross-chain bridging opens opportunities beyond single-chain trading.

Trading bot development shifts from months of infrastructure work to days of strategy implementation.

For more trading infrastructure insights, check out Building AI Trading Bots with MCP Integration and Docker Deployment for Production Trading.

What's Next

Your trading bot needs reliable infrastructure that executes in milliseconds, not seconds. WAIaaS provides the multi-protocol foundation that lets you focus on profitable strategies instead of wallet plumbing.

Ready to build serious trading infrastructure? Get started at GitHub or explore the full platform at waiaas.ai.

All 45 MCP Tools Explained: Complete Reference for Claude AI Agents

Wallet Guy — Fri, 01 May 2026 08:27:10 +0000

MCP tools transform Claude from a text-only assistant into an agent capable of executing onchain transactions, managing DeFi positions, and handling cryptocurrency operations. WAIaaS provides 45 specialized MCP tools that integrate seamlessly with Claude Desktop, giving your AI agent comprehensive blockchain capabilities without requiring custom integrations or complex setup.

Why MCP Integration Matters for AI Agents

Most AI agents can only read blockchain data or generate transaction code that humans must execute manually. This creates a frustrating gap between what the agent knows and what it can actually do. The Model Context Protocol (MCP) bridges this gap by providing a standardized way for Claude to call external tools directly.

With WAIaaS MCP integration, Claude can check wallet balances, execute DeFi swaps, manage lending positions, transfer NFTs, and even handle micropayments for API calls — all autonomously within the conversation. This transforms Claude from a helpful advisor into an active participant in your onchain workflows.

Complete MCP Tool Reference

WAIaaS provides 45 MCP tools organized into five categories. Here's the complete reference:

Wallet Management Tools

get-balance — Returns native token balance and USD value

# What Claude sees when you ask "What's my balance?"
{
  "balance": "2.5",
  "symbol": "SOL", 
  "usd_value": 425.50,
  "chain": "solana",
  "network": "mainnet"
}

get-address — Get wallet's public address
get-wallet-info — Complete wallet metadata including creation date and chain
get-assets — List all token holdings with balances and USD values
get-tokens — Available tokens for the current network
list-credentials — Show configured RPC endpoints and API keys

Transaction Tools

send-token — Transfer native tokens or SPL/ERC-20 tokens
transfer-nft — Transfer NFTs with automatic metadata resolution
send-batch — Execute multiple transactions atomically
sign-transaction — Sign arbitrary transactions without broadcasting
sign-message — Sign messages for authentication or proofs
get-transaction — Retrieve transaction details and status
list-transactions — Transaction history with filtering options
simulate-transaction — Dry-run transactions before execution

Example of Claude using send-token:

# User: "Send 0.1 SOL to Alice"
# Claude calls send-token MCP tool:
{
  "type": "TRANSFER",
  "to": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "amount": "0.1"
}

DeFi Integration Tools

get-defi-positions — View lending, staking, and LP positions across all protocols
get-health-factor — Current liquidation risk for lending positions
action-provider — Execute actions on any of the 15 supported DeFi protocols

The action-provider tool works with these protocols:

jupiter-swap — Solana's best-price DEX aggregator
lido-staking — Ethereum liquid staking
jito-staking — Solana liquid staking
aave-v3 — Cross-chain lending and borrowing
kamino — Solana lending with leveraged strategies
hyperliquid — Perpetual futures trading
polymarket — Prediction market trading
lifi — Cross-chain bridging
across — Fast cross-chain transfers
zerox-swap — Professional-grade DEX trading
pendle — Yield tokenization and trading

Example DeFi interaction:

# User: "Swap 100 USDC for SOL on Jupiter"
# Claude calls action-provider with jupiter-swap:
{
  "provider": "jupiter-swap",
  "action": "swap",
  "params": {
    "inputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "outputMint": "So11111111111111111111111111111111111111112", 
    "amount": "100000000"
  }
}

Policy and Security Tools

get-policies — View active spending limits and security rules
approve-token — Approve ERC-20 token spending for DeFi protocols
get-provider-status — Check if DeFi providers are operational

Advanced Protocol Tools

build-userop — Create ERC-4337 UserOperations for gasless transactions
sign-userop — Sign UserOperations for Account Abstraction
call-contract — Execute arbitrary smart contract calls
encode-calldata — Generate transaction calldata for contracts
get-nonce — Get current transaction nonce
resolve-asset — Resolve token symbols to addresses

Web3 Authentication Tools

erc8128-sign-request — Sign HTTP requests with wallet for API authentication
erc8128-verify-signature — Verify ERC-8128 HTTP signatures
wc-connect, wc-disconnect, wc-status — WalletConnect session management

Reputation and Trust Tools

erc8004-get-agent-info — Retrieve onchain agent metadata
erc8004-get-reputation — Check agent reputation score
erc8004-get-validation-status — Verify agent trustworthiness

NFT Tools

list-nfts — Show all NFTs in wallet with metadata
get-nft-metadata — Detailed NFT information and attributes

Network and Infrastructure Tools

get-rpc-proxy-url — Get proxied RPC endpoints for better reliability
list-sessions — Active AI agent sessions
list-incoming-transactions — Monitor incoming transfers
get-incoming-summary — Summary of recent deposits
list-offchain-actions — Pending transactions requiring approval

Micropayment Tools

x402-fetch — HTTP requests with automatic cryptocurrency payment for 402 Payment Required responses

Example of Claude using x402-fetch:

# User: "Get premium market data from that paid API"
# Claude calls x402-fetch, automatically pays the microfee, gets the data
{
  "url": "https://api.example.com/premium-data",
  "method": "GET",
  "auto_pay": true,
  "max_payment_usd": 0.10
}

Quick Setup Guide

Here's how to connect Claude Desktop to WAIaaS:

Step 1: Start WAIaaS daemon

npm install -g @waiaas/cli
waiaas quickstart

Step 2: Create a session for Claude

waiaas quickset --mode mainnet
# Creates wallets + MCP sessions, prints config

Step 3: Add to Claude Desktop config
Open ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "waiaas": {
      "command": "npx",
      "args": ["-y", "@waiaas/mcp"],
      "env": {
        "WAIAAS_BASE_URL": "http://127.0.0.1:3100",
        "WAIAAS_SESSION_TOKEN": "wai_sess_eyJhbGciOiJIUzI1NiJ9...",
        "WAIAAS_DATA_DIR": "~/.waiaas"
      }
    }
  }
}

Step 4: Restart Claude Desktop and test
Ask Claude: "What's my wallet balance?" You should see your actual onchain balance with USD values.

Step 5: Set up security policies

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <your-password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT", 
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300
    }
  }'

Real-World Usage Examples

With all 45 MCP tools available, Claude can handle sophisticated onchain workflows:

Portfolio Management: "Show me my DeFi positions across all protocols and suggest rebalancing opportunities"

Claude calls get-defi-positions, analyzes yield rates, suggests optimal allocation

Cross-Chain Operations: "Bridge 500 USDC from Ethereum to Arbitrum using the cheapest route"

Claude calls action-provider with lifi, compares bridge costs, executes optimal route

Automated Trading: "If SOL drops below $100, swap half my SOL for USDC"

Claude monitors prices, uses simulate-transaction for safety, executes conditional swaps

NFT Management: "List my NFTs by floor price and transfer the least valuable one to my cold wallet"

Claude calls list-nfts, fetches floor prices, identifies target NFT, executes transfer

Micropayment Workflows: "Get the latest research report from three different crypto data providers"

Claude uses x402-fetch to automatically pay for premium API access across multiple services

The key advantage is that Claude sees all wallet state, understands DeFi protocols, and can execute multi-step operations autonomously while respecting your security policies.

Ready to give your Claude agent onchain superpowers? Get started at GitHub or visit the official documentation to explore advanced configuration options.

What's Next

These 45 MCP tools provide the foundation for sophisticated AI agent workflows. Explore advanced patterns like multi-wallet strategies, automated yield farming, and cross-protocol arbitrage as you build more complex onchain agents.

20 CLI Commands for Complete Self-Hosted AI Wallet Management

Wallet Guy — Thu, 30 Apr 2026 15:21:02 +0000

Self-hosted AI wallet management requires a command-line interface that balances security with simplicity, and WAIaaS delivers exactly that with 20 CLI commands designed for complete wallet infrastructure control. When you're managing crypto wallets for AI agents on your own infrastructure, you need tools that respect your sovereignty while providing enterprise-grade functionality. The alternative—trusting third parties with your agents' private keys—compromises the very principles that make crypto valuable in the first place.

Why Self-Hosted Wallet Management Matters

Running your own wallet infrastructure isn't just about privacy—it's about control. Third-party wallet services can rate-limit your API calls, freeze accounts based on algorithmic decisions, or simply disappear overnight. When your AI agents need to execute hundreds of transactions per day across multiple DeFi protocols, these limitations become operational risks.

Self-hosted solutions also eliminate the custody problem entirely. Your private keys never leave your server, your transaction policies are enforced locally, and you decide which networks and protocols your agents can access. It's the difference between renting someone else's infrastructure and owning your own.

The WAIaaS CLI: 20 Commands for Complete Control

WAIaaS provides a comprehensive CLI that handles everything from initial setup to production wallet management. Let's walk through the key commands organized by use case.

Installation and Setup Commands

The foundation starts with getting WAIaaS running on your infrastructure:

npm install -g @waiaas/cli
waiaas init                        # Create data directory + config.toml
waiaas start                       # Start daemon (sets master password on first run)
waiaas status                      # Check daemon health
waiaas stop                        # Graceful shutdown

The init command creates your local data directory and configuration file, establishing the foundation for your self-hosted setup. The start command launches the daemon process that handles all wallet operations, while status and stop give you operational control.

For completely automated deployment, you can use auto-provisioning:

waiaas init --auto-provision     # Generates random master password → recovery.key
waiaas start                     # No password prompt needed

Wallet Management Commands

Creating and managing wallets is where the CLI really shines:

waiaas wallet create --name "trading-bot" --chain solana --environment mainnet
waiaas wallet info <wallet-id>   # Display wallet details and address

The wallet create command supports both EVM and Solana chains across 18 different networks. Each wallet gets a unique identifier and can be configured with specific policies and permissions.

Session and Authentication Commands

WAIaaS uses a three-tier authentication system, and the CLI manages all aspects:

waiaas session prompt <wallet-id>    # Create session for AI agent
waiaas owner connect                 # Connect wallet owner for approvals
waiaas owner status                  # Check owner connection status
waiaas owner disconnect              # Disconnect owner
waiaas set-master                    # Update master password

The session system is crucial for AI agent operations. Sessions provide scoped access tokens that agents can use without exposing master credentials. The owner commands handle the human-in-the-loop approval system for high-value transactions.

Backup and Recovery Commands

Self-hosted infrastructure requires robust backup strategies:

waiaas backup create --output backup-$(date +%Y%m%d).tar.gz
waiaas backup list                   # Show available backups
waiaas backup inspect backup.tar.gz  # Verify backup contents
waiaas restore backup.tar.gz         # Restore from backup

These commands handle complete system state including wallets, policies, transaction history, and configuration. The backup format is portable across different WAIaaS installations.

Quick Setup Commands

For rapid deployment, WAIaaS provides convenience commands:

waiaas quickstart              # Interactive setup wizard
waiaas quickset --mode mainnet # Create wallets + MCP sessions in one step

The quickset command is particularly powerful—it creates both EVM and Solana wallets, generates session tokens, and outputs the complete MCP configuration for Claude Desktop integration.

Integration Commands

Modern AI workflows require seamless integration with AI frameworks:

waiaas mcp setup --all         # Auto-register all wallets with Claude Desktop
waiaas notification setup      # Configure push notifications
waiaas update                  # Update to latest version

The MCP setup command automatically configures Claude Desktop to use your self-hosted WAIaaS instance, eliminating manual JSON configuration.

Advanced CLI Features

Beyond the basic commands, the CLI provides sophisticated functionality for production deployments.

Docker Integration

While the CLI handles local development perfectly, production deployments often use Docker:

# The CLI works seamlessly with Docker deployments
docker run -d \
  --name waiaas \
  -p 127.0.0.1:3100:3100 \
  -v waiaas-data:/data \
  -e WAIAAS_AUTO_PROVISION=true \
  ghcr.io/minhoyoo-iotrust/waiaas:latest

# CLI can manage the containerized instance
waiaas status    # Works with Docker deployment
waiaas backup create    # Backs up containerized data

Policy Management via CLI

While policies can be managed through the REST API or admin UI, the CLI provides direct access for automation:

# Create spending limits via API using CLI-managed sessions
curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <from-cli-setup>' \
  -d '{
    "walletId": "<from-wallet-create>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300
    }
  }'

Session Token Management

The CLI makes it easy to generate and manage session tokens for multiple AI agents:

# Create dedicated sessions for different agents
waiaas session prompt $(waiaas wallet info --json | jq -r '.id') --name "trading-agent"
waiaas session prompt $(waiaas wallet info --json | jq -r '.id') --name "defi-manager"

Each session can have different policies and permissions, allowing fine-grained access control.

Quick Start: Self-Hosted AI Wallet in 5 Steps

Here's how to get a complete self-hosted AI wallet infrastructure running:

Install and Initialize

   npm install -g @waiaas/cli
   waiaas init --auto-provision
   waiaas start

Create Wallets and Sessions

   waiaas quickset --mode mainnet

Set Up AI Integration

   waiaas mcp setup --all

Test the Setup
Open Claude Desktop and ask: "Check my wallet balance"
Configure Backups

   waiaas backup create --output initial-backup.tar.gz

Your AI agents now have access to a fully self-hosted wallet infrastructure with 39 REST API endpoints, 45 MCP tools, and integration with 15 DeFi protocols.

Production Considerations

Self-hosting in production requires additional considerations:

Security Hardening

waiaas set-master    # Replace auto-generated password
rm recovery.key      # Remove auto-provision key after securing
waiaas backup create # Regular automated backups

Monitoring and Maintenance

waiaas status        # Health checks
waiaas backup list   # Verify backup schedule
waiaas update        # Keep current with security updates

Network Configuration

The default binding is 127.0.0.1:3100 for security. Production deployments should use reverse proxies and proper TLS termination.

What's Next

The CLI provides the foundation, but WAIaaS offers much more for self-hosters: Docker deployment with automatic updates, comprehensive backup systems, and integration with 15 DeFi protocols. Your self-hosted infrastructure can scale from simple token transfers to complex multi-protocol trading strategies.

Ready to take control of your AI agent's financial infrastructure? Clone the repository at https://github.com/minhoyoo-iotrust/WAIaaS and start with waiaas init. For complete documentation and deployment guides, visit https://waiaas.ai.

TypeScript SDK Deep Dive: 40+ Methods for AI Agent Wallet Control

Wallet Guy — Thu, 30 Apr 2026 08:37:37 +0000

Your Claude agent can browse the web, write code, and manage files. But can it swap tokens, check DeFi positions, or pay for its own API calls? WAIaaS TypeScript SDK gives AI agents everything they need for blockchain interactions through 40+ wallet control methods.

Why AI Agents Need Wallet SDKs

Most AI agents today can read from the blockchain but can't write to it. They can fetch token prices but can't execute trades. They can analyze DeFi protocols but can't manage positions. Without wallet functionality, agents remain observers rather than participants in the crypto economy.

The challenge isn't just technical — it's also about security. AI agents need the ability to transact, but with proper guardrails to prevent catastrophic mistakes. They need session-based authentication that can be revoked, spending limits that prevent ruination, and policy engines that encode human judgment.

WAIaaS TypeScript SDK: Full Wallet Control

The WAIaaS TypeScript SDK provides 40+ methods that transform AI agents from blockchain observers into active participants. Unlike simple RPC wrappers, it provides session authentication, built-in error handling, and integration with WAIaaS's policy engine.

Installation and Setup

npm install @waiaas/sdk

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

The SDK requires a session token that you create once through the CLI or admin interface. Sessions can have TTLs, renewal limits, and absolute lifetimes — giving you precise control over how long agents can operate autonomously.

Core Wallet Methods

Every AI agent needs to know where it stands financially. The SDK provides comprehensive wallet introspection:

// Get native token balance
const balance = await client.getBalance();
console.log(`${balance.balance} ${balance.symbol}`);

// Get all token balances
const assets = await client.getAssets();
assets.forEach(asset => {
  console.log(`${asset.balance} ${asset.symbol} (${asset.usdValue} USD)`);
});

// Get wallet address
const address = await client.getAddress();
console.log(`Wallet: ${address}`);

These methods work across all 18 networks supported by WAIaaS, from Ethereum mainnet to Solana devnet.

Transaction Methods

The SDK handles 7 transaction types through a unified interface:

// Simple transfer
const tx = await client.sendToken({
  to: 'recipient-address',
  amount: '0.1',
});

// Token transfer with specific mint
const tokenTx = await client.sendToken({
  type: 'TokenTransfer',
  to: 'recipient-address',
  amount: '100',
  token: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v', // USDC
});

// Contract interaction
const contractTx = await client.executeTransaction({
  type: 'ContractCall',
  to: 'contract-address',
  data: '0x...',
  value: '0',
});

The SDK automatically handles chain-specific details like gas estimation on EVM chains and priority fees on Solana.

DeFi Integration Methods

Rather than building separate integrations for each protocol, the SDK provides a unified DeFi interface across 15 protocol providers:

// Get all DeFi positions
const positions = await client.getDeFiPositions();
positions.forEach(position => {
  console.log(`${position.protocol}: ${position.type} - ${position.value} USD`);
});

// Execute DeFi action (Jupiter swap example)
const swapResult = await client.executeAction('jupiter-swap', 'swap', {
  inputMint: 'So11111111111111111111111111111111111111112', // SOL
  outputMint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v', // USDC
  amount: '1000000000', // 1 SOL
});

This works across protocols like Jupiter, Uniswap, Aave, Lido, and 11 others. The agent doesn't need to understand protocol-specific APIs.

Advanced Methods

The SDK includes specialized methods for complex use cases:

// Dry-run transactions before execution
const simulation = await client.simulateTransaction({
  type: 'Transfer',
  to: 'recipient',
  amount: '1.0',
  dryRun: true,
});

// Sign arbitrary messages
const signature = await client.signMessage('Hello, blockchain!');

// x402 HTTP payments — agent pays for API calls automatically
const response = await client.x402Fetch('https://api.example.com/premium-endpoint');

The x402 method is particularly powerful — it lets agents pay for premium APIs automatically when they encounter HTTP 402 (Payment Required) responses.

Error Handling

The SDK provides structured error handling with specific error codes:

import { WAIaaSClient, WAIaaSError } from '@waiaas/sdk';

try {
  const tx = await client.sendToken({ to: '...', amount: '1000.0' });
} catch (error) {
  if (error instanceof WAIaaSError) {
    switch (error.code) {
      case 'INSUFFICIENT_BALANCE':
        console.log('Not enough funds');
        break;
      case 'POLICY_DENIED':
        console.log('Blocked by spending limit');
        break;
      case 'TOKEN_EXPIRED':
        console.log('Session expired, need to refresh');
        break;
    }
  }
}

This allows agents to make intelligent decisions when transactions fail — like trying smaller amounts when hitting spending limits.

Transaction Lifecycle Management

Unlike simple send-and-forget APIs, the SDK helps agents manage the complete transaction lifecycle:

// Submit transaction
const result = await client.sendToken({
  to: 'recipient-address',
  amount: '0.1',
});

// Poll for confirmation
const POLL_TIMEOUT_MS = 60_000;
const startTime = Date.now();

while (Date.now() - startTime < POLL_TIMEOUT_MS) {
  const tx = await client.getTransaction(result.id);

  if (tx.status === 'COMPLETED') {
    console.log(`Confirmed! Hash: ${tx.txHash}`);
    break;
  }

  if (tx.status === 'FAILED') {
    console.error(`Failed: ${tx.error}`);
    break;
  }

  // Still pending, wait and retry
  await new Promise(resolve => setTimeout(resolve, 2000));
}

This pattern is essential for agents that need to know when transactions actually settle before proceeding.

Integration with Policy Engine

The SDK automatically enforces the 21 policy types configured in WAIaaS. When an agent attempts a transaction that violates policy, the SDK returns structured information about why it was blocked:

try {
  await client.sendToken({ to: 'unknown-address', amount: '100' });
} catch (error) {
  if (error.code === 'POLICY_DENIED') {
    // Could be SPENDING_LIMIT, WHITELIST, ALLOWED_TOKENS, etc.
    console.log(`Blocked by policy: ${error.message}`);
  }
}

This allows agents to adapt their behavior based on policy constraints rather than blindly retrying failed transactions.

Real Agent Example

Here's how an AI trading agent might use multiple SDK methods together:

async function tradingAgent() {
  // 1. Check current positions
  const balance = await client.getBalance();
  const positions = await client.getDeFiPositions();

  console.log(`Current balance: ${balance.balance} ${balance.symbol}`);
  console.log(`Active DeFi positions: ${positions.length}`);

  // 2. Decide if we should trade (agent logic here)
  if (shouldSwapToUSDC(balance, positions)) {
    try {
      // 3. Execute swap with dry-run first
      const simulation = await client.executeAction('jupiter-swap', 'swap', {
        inputMint: 'So11111111111111111111111111111111111111112',
        outputMint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v',
        amount: (parseFloat(balance.balance) * 0.1).toString(),
        dryRun: true,
      });

      if (simulation.success) {
        // 4. Execute for real
        const swap = await client.executeAction('jupiter-swap', 'swap', {
          inputMint: 'So11111111111111111111111111111111111111112',
          outputMint: 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v',
          amount: (parseFloat(balance.balance) * 0.1).toString(),
        });

        console.log(`Swap initiated: ${swap.id}`);
      }
    } catch (error) {
      console.error(`Trading failed: ${error.message}`);
    }
  }
}

Quick Start: Add Wallet to Your Agent

Step 1: Install and start WAIaaS

npm install -g @waiaas/cli
waiaas init && waiaas start
waiaas quickset --mode mainnet

Step 2: Install SDK in your agent project

npm install @waiaas/sdk

Step 3: Add wallet functionality

import { WAIaaSClient } from '@waiaas/sdk';

const wallet = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Your agent can now check balances, send tokens, interact with DeFi

Step 4: Set spending policies

waiaas policy add --type SPENDING_LIMIT --instant 10 --notify 100 --delay 1000

Step 5: Test with a simple balance check

const balance = await wallet.getBalance();
console.log(`Agent wallet: ${balance.balance} ${balance.symbol}`);

Ready to give your AI agents the financial tools they need? Check out the GitHub repository for the complete codebase or visit waiaas.ai to get started. Your agents are about to become a lot more capable.

Docker Compose for Crypto Wallets: Self-Hosted AI Agent Infrastructure

Wallet Guy — Wed, 29 Apr 2026 15:25:35 +0000

Docker Compose makes it possible to run your own crypto wallet infrastructure for AI agents in just one command, giving you complete control over your private keys without trusting any third-party service. Self-hosted wallet infrastructure eliminates custody risks while providing unlimited API access without rate limits or monthly fees.

Why Self-Custody Matters for AI Agents

When your AI agents handle real money, custody becomes critical. Hosted wallet services create a fundamental contradiction: you're building autonomous agents while surrendering control to centralized providers. Every transaction flows through someone else's infrastructure, subject to their terms, rate limits, and potential service interruptions.

Self-hosting puts you back in control. Your private keys never leave your server. Your transaction policies run on your hardware. Your AI agents operate with the sovereignty that crypto was designed to enable. It's the difference between renting computational power and owning your infrastructure.

WAIaaS: Docker-First Wallet Infrastructure

WAIaaS delivers enterprise-grade wallet functionality through a 15-package monorepo designed for self-hosting. The Docker deployment supports 2 Docker images (the main daemon plus push-relay for notifications), auto-provision for zero-touch setup, and production secrets overlay via docker-compose.secrets.yml.

The architecture provides 39 REST API route modules accessible through a simple session-based authentication system. AI agents authenticate with JWT tokens while owners retain ultimate control through cryptographic signatures. This separation lets you grant spending permissions without giving up custody.

Quick Start: Zero to Running

Clone and start — that's it:

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

For completely hands-off deployment with auto-generated credentials:

docker run -d \
  --name waiaas \
  -p 127.0.0.1:3100:3100 \
  -v waiaas-data:/data \
  -e WAIAAS_AUTO_PROVISION=true \
  ghcr.io/minhoyoo-iotrust/waiaas:latest

# Retrieve auto-generated master password
docker exec waiaas cat /data/recovery.key

The default port binding (127.0.0.1:3100:3100) keeps your API private to localhost unless you explicitly expose it. Auto-provision generates a secure master password and saves it to /data/recovery.key for later hardening.

Production Deployment with Secrets

For production environments, use Docker Secrets to avoid environment variable exposure:

# Create secret files
mkdir -p secrets
echo "your-secure-password" > secrets/master_password.txt
chmod 600 secrets/master_password.txt

# Deploy with secrets overlay
docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d

The secrets overlay supports production patterns like external secret management and automated rotation. The daemon runs as non-root (UID 1001) with healthcheck endpoints and restart policies.

Multi-Chain Support Out of the Box

WAIaaS supports 2 chain types (evm, solana) across 18 networks, from Ethereum mainnet to Solana devnet. Chain configuration happens through environment variables:

WAIAAS_RPC_SOLANA_MAINNET=https://api.mainnet-beta.solana.com
WAIAAS_RPC_EVM_ETHEREUM_MAINNET=https://eth-mainnet.g.alchemy.com/v2/YOUR-KEY
WAIAAS_DAEMON_PORT=3100
WAIAAS_DAEMON_LOG_LEVEL=info

No external dependencies beyond your chosen RPC providers. You can use public endpoints for testing or private RPC services for production workloads.

Policy-Driven Security

Self-hosting doesn't mean self-endangering. WAIaaS includes a sophisticated policy engine with 21 policy types and 4 security tiers (INSTANT/NOTIFY/DELAY/APPROVAL) that let you define exactly what your AI agents can do.

Create spending limits that escalate based on transaction size:

curl -X POST http://localhost:3100/v1/policies \
  -H 'Content-Type: application/json' \
  -H 'X-Master-Password: <password>' \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "SPENDING_LIMIT",
    "rules": {
      "instant_max_usd": 10,
      "notify_max_usd": 100,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "daily_limit_usd": 500,
      "monthly_limit_usd": 5000
    }
  }'

The policy system follows default-deny enforcement — transactions are blocked unless explicitly allowed by ALLOWED_TOKENS or CONTRACT_WHITELIST policies. This prevents your agents from interacting with unknown contracts or tokens without your approval.

Time-based restrictions, rate limiting, and network restrictions provide additional guardrails. Your agents operate within bounds you define, with escalation paths for larger transactions.

API-First Architecture

The 39 REST API endpoints expose every wallet function through consistent HTTP interfaces. AI agents authenticate with session tokens and interact through standard HTTP:

# Check wallet balance (sessionAuth)
curl http://127.0.0.1:3100/v1/wallet/balance \
  -H "Authorization: Bearer wai_sess_eyJhbGciOiJIUzI1NiJ9..."

# Execute DeFi action (sessionAuth)
curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{
    "inputMint": "So11111111111111111111111111111111111111112",
    "outputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
    "amount": "1000000000"
  }'

The API includes OpenAPI 3.0 spec auto-generated at /doc with interactive Scalar API reference UI at /reference. Standard error codes and consistent response formats make integration straightforward.

The 7-stage transaction pipeline (validate, auth, policy, wait, execute, confirm) provides full visibility into transaction state. Dry-run API support lets you test transactions before execution.

DeFi Integration Without Vendor Lock-in

WAIaaS integrates 15 DeFi protocol providers covering swaps, lending, staking, and bridges. Your agents can interact with Jupiter, Aave, Lido, Hyperliquid, and other major protocols without depending on external aggregator APIs.

curl -X POST http://127.0.0.1:3100/v1/actions/lido-staking/stake \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer wai_sess_<token>" \
  -d '{"amount": "1000000000000000000"}'

Cross-chain bridging via LI.FI and Across protocols enables multi-chain strategies. Liquid staking via Lido (EVM) and Jito (Solana) generates yield. Hyperliquid integration provides perpetual futures, spot trading, and sub-accounts.

All DeFi interactions respect your policy constraints and follow the same authentication model. No separate API keys or external service dependencies.

Monitoring and Observability

The Admin Web UI (Preact) provides wallet management, policy editor, and DeFi positions dashboard through a clean interface at /admin. Real-time monitoring shows transaction status, policy violations, and system health.

Incoming transaction monitoring with real-time notifications ensures you know when funds arrive. Push notifications through Telegram or custom webhooks keep you informed of significant events.

Structured logging and health check endpoints support standard monitoring tools. The Docker healthcheck uses curl -f http://localhost:3100/health with configurable intervals.

Quick Start: From Zero to AI Agent Trading

Here's how to get a trading AI agent running against your self-hosted infrastructure:

1. Deploy WAIaaS

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

2. Create Wallet and Session

# Install CLI
npm install -g @waiaas/cli

# Quick setup with auto-generated wallets
waiaas init --auto-provision
waiaas start
waiaas quickset --mode mainnet

3. Configure Policies

# Set spending limits for safety
waiaas policy create spending-limit \
  --instant-max 10 \
  --daily-limit 500

4. Connect Your AI Agent

# Install SDK in your AI agent project
npm install @waiaas/sdk

import { WAIaaSClient } from '@waiaas/sdk';

const client = new WAIaaSClient({
  baseUrl: 'http://127.0.0.1:3100',
  sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});

// Your agent can now trade autonomously within policy limits
const balance = await client.getBalance();
const positions = await client.getDeFiPositions();

5. Scale and Monitor

Access the admin dashboard at http://localhost:3100/admin to monitor positions and adjust policies as your agent's strategy evolves.

Self-hosted wallet infrastructure gives you the foundation to build sophisticated AI trading systems without custody compromises. Your keys, your server, your rules.

What's Next

Self-hosting WAIaaS puts you in complete control of your AI agent's financial infrastructure while maintaining enterprise-grade security and DeFi access. Check out the full documentation and source code at https://github.com/minhoyoo-iotrust/WAIaaS, or visit https://waiaas.ai to explore the complete platform capabilities.

Forem: Wallet Guy

Hardware Security for Trading Bots: D'CENT Integration with Human-in-the-Loop Approval

Why Hardware Security Matters for Trading Bots

How D'CENT Integration Works

Multi-Tier Trading Authorization

Hardware-Backed Transaction Approval

Cross-Protocol Trading Security

Multi-Chain Hardware Security

Gas Optimization with Hardware Security

Implementation for Trading Bots

Quick Start: Hardware-Secured Trading Bot

What's Next

Production AI Agent Wallet: GHCR Image with Auto-Provision and Healthcheck

Why Self-Hosting Matters for AI Agents

WAIaaS: Production-Ready Self-Hosted Wallet Infrastructure

Auto-Provisioning for Secure Deployment

Production Docker Compose Configuration

Docker Secrets for Production

Setting Up Your Self-Hosted AI Agent Wallet

Step 1: Deploy with Docker Compose

Step 2: Create Your First Wallet

Step 3: Create an AI Agent Session

Step 4: Configure Security Policies

Step 5: Test Agent Integration

Monitoring and Maintenance

Beyond Basic Deployment

Claude Desktop + NFTs: MCP Tools for AI Agent NFT Management

Why AI-Native NFT Management Matters

MCP Tools for Complete NFT Control

Quick MCP Setup

Core NFT Tools Available to Claude

Practical NFT Operations

Policy-Protected NFT Operations

Cross-Chain NFT Management

Quick Start: Your First AI NFT Operation

Risk Management for Perpetual Trading Bots: Leverage and Position Limits

Why Risk Management Is Critical for Automated Trading

Built-in Risk Controls for Trading Infrastructure

Perpetual Futures Risk Policies

Multi-Tier Spending Limits

Rate Limiting for High-Frequency Strategies

Hyperliquid Integration for Perpetual Trading

Cross-Protocol Risk Management

Gas-Conditional Execution for MEV Protection

Transaction Simulation and Dry-Run Testing

Quick Start: Set Up Risk-Controlled Trading Infrastructure

Related Posts

What's Next

Contract and Token Whitelists: How to Lock Down Your AI Agent's Spending

Why Whitelist Security Matters

The Default-Deny Security Model

ALLOWED_TOKENS: Token Transfer Whitelist

CONTRACT_WHITELIST: Smart Contract Interaction Control

APPROVED_SPENDERS: Token Approval Restrictions

Layered Security Beyond Whitelists

Authentication and Authorization Architecture

Monitoring and Emergency Response

Quick Start: Securing Your AI Agent

What's Next

When AI Agents Trade Autonomously: Building Economic Actors That Never Sleep

The Autonomous Agent Economy Is Already Here

The Infrastructure Gap: Wallets for Agents

Session-Based Authentication: Agents Without Private Keys

Policy-Driven Autonomy: Smart Guardrails

x402 HTTP Payments: Agents as API Customers

Multi-Chain DeFi Operations

Real-World Implementation: MCP Integration

Security Model: Three Layers of Protection

Getting Started: Deploy an Economic Agent

The Road Ahead: Agents as Economic Participants

What's Next

7-Stage Transaction Validation: How AI Agents Execute Safe DeFi Operations

Why Multi-Stage Validation Matters

The 7-Stage Transaction Pipeline

Stage 1: Validate

Stage 2: Authentication

Stage 3: Policy Engine

Stage 4: Wait (Conditional)

Stage 5: Execute

Stage 6: Confirm