WAIaaS Wallet — Self-Hosted Wallet for AI Agents
Your private keys should never live inside your agent process. If your agent is compromised, the attacker gets the keys. WAIaaS separates key custody into an isolated daemon with a policy engine that limits what any agent session can do.
What is WAIaaS?
WAIaaS (Wallet-as-a-Service for AI Agents) is a self-hosted local daemon that manages crypto wallets on behalf of AI agents. Unlike cloud wallet services (Coinbase CDP, Privy, Circle), WAIaaS runs entirely on your machine — no third-party API keys, no custodial risk.
Why use WAIaaS instead of raw keypairs?
| Approach | Key exposure | Spending limits | Human approval | Kill switch |
|---|
| Raw keypair in agent | Agent process holds key | None | None | Kill process |
| Cloud WaaS (CDP, Privy) |
Third-party holds key | Varies | Varies | API call |
|
WAIaaS |
Isolated daemon holds key |
Per-token, per-tx, cumulative |
SIWE/SIWS/WalletConnect |
Instant via Admin UI |
Key features
- - Self-hosted: Local daemon, no third-party dependency
- Policy engine: Default-deny, token whitelist, per-token spending limits, cumulative caps
- Owner approval: High-value transactions require human signature (SIWE/SIWS/WalletConnect/D'CENT)
- Multi-chain: EVM (Ethereum, Base, Arbitrum, Polygon, Optimism) + Solana in one daemon
- 59+ MCP tools: Wallet ops, DeFi (swap/lend/stake/bridge/perp), NFT, x402, ERC-4337, ERC-8004
- Kill switch: Instantly freeze any wallet from Admin UI or API
- RPC proxy: Use as
--rpc-url for Forge, Hardhat, ethers.js — every tx goes through policy engine
Quick Start
1. Install and start the daemon
CODEBLOCK0
The quickset command creates Solana + EVM wallets automatically, issues MCP session tokens, and outputs a ready-to-use MCP config snippet.
For testing, use waiaas quickset --mode testnet to create Solana Devnet + EVM Sepolia wallets.
2. Configure spending policies (recommended before connecting agents)
Set up spending limits and token whitelists via Admin UI at http://127.0.0.1:3100/admin. WAIaaS uses default-deny policy — agents cannot transact until policies are configured. This ensures human oversight before any agent gains financial capabilities.
3. Connect MCP server
Pass the session token via environment variable (do not hardcode tokens in config files):
CODEBLOCK1
Or auto-register with all wallets:
CODEBLOCK2
Security note: Store session tokens in environment variables or a secrets manager, not in plaintext config files. Session tokens are time-limited JWTs and can be revoked from the Admin UI at any time.
Available MCP Tools (59+)
Wallet Management
- -
connect_info — Self-discovery: wallets, policies, capabilities. Call this first. - INLINECODE5� — Wallet balance (native + USD)
- INLINECODE6� — Public address
- INLINECODE7� — All held assets (native + tokens)
- INLINECODE8� — Chain, address, environment, networks
- INLINECODE9� — Registered tokens for a network
- INLINECODE10� — Resolve CAIP-19 asset ID to metadata
Transactions
- -
send_token — Send native (SOL/ETH) or tokens (ERC-20/SPL) - INLINECODE12� — Call whitelisted smart contracts
- INLINECODE13� — Approve spender (requires APPROVED_SPENDERS policy)
- INLINECODE14� — Atomic multi-instruction transaction (Solana)
- INLINECODE15� — Sign without broadcasting
- INLINECODE16� — Personal sign or EIP-712 typed data
- INLINECODE17� — Dry-run with policy evaluation, no side effects
- INLINECODE18� — Encode EVM function call to hex
Transaction History
- -
list_transactions — Outgoing transaction history (paginated) - INLINECODE20� — Single transaction details
- INLINECODE21� — Incoming transfers (paginated, filterable)
- INLINECODE22� — Period-based incoming summary (daily/weekly/monthly)
DeFi (via Action Providers)
- - Swap: Jupiter (Solana), 0x (EVM), DCent Aggregator
- Bridge: LI.FI cross-chain, Across Protocol
- Lending: Aave V3 (EVM), Kamino (Solana)
- Staking: Lido (ETH), Jito (SOL)
- Yield: Pendle yield trading
- Perp: Drift (Solana), Hyperliquid (10 tools)
- Prediction: Polymarket (8 tools)
NFT
- -
list_nfts — List owned NFTs (ERC-721/1155/Metaplex) - INLINECODE24� — NFT metadata and attributes
- INLINECODE25� — Transfer NFT (requires approval tier)
Advanced
- -
x402_fetch — HTTP 402 automatic payment - INLINECODE27� /
wc_status / wc_disconnect — WalletConnect pairing - INLINECODE30� /
sign_userop — ERC-4337 Account Abstraction - INLINECODE32� — ERC-8004 Trustless Agent identity
- INLINECODE33� — ERC-8128 Signed HTTP Requests
- INLINECODE34� — EVM RPC proxy for Forge/Hardhat/ethers.js
- INLINECODE35� /
list_offchain_actions — Credential vault and off-chain history
Example Workflows
Check balance and send tokens
CODEBLOCK3
DeFi operations
CODEBLOCK4
x402 automatic payment
CODEBLOCK5
Security Model
WAIaaS enforces a 3-layer security model:
- 1. Session authentication: Agents use time-limited JWT session tokens. No master password exposure.
- Policy engine: Default-deny. Configure ALLOWEDTOKENS, CONTRACTWHITELIST, SPENDINGLIMIT, RATELIMIT per wallet.
- Owner approval + Kill switch: High-value transactions require human signature. Instant wallet freeze via Admin UI.
Transaction tiers:
- -
AUTO_SIGN — Within policy limits, auto-approved - INLINECODE38� — Delayed execution with notification
- INLINECODE39� — Requires owner wallet signature (SIWE/SIWS/WalletConnect)
- INLINECODE40� — Denied by policy
Links
- - Website: https://waiaas.ai
- GitHub: https://github.com/minhoyoo-iotrust/WAIaaS
- npm:
@waiaas/cli, @waiaas/sdk, �INLINECODE43 - Docker: �INLINECODE44
- Admin UI:
http://127.0.0.1:3100/admin (after daemon start)
WAIaaS 钱包 — AI 代理的自托管钱包
你的私钥绝不应存在于代理进程中。 如果代理被攻破,攻击者将获得密钥。WAIaaS 将密钥托管隔离到独立的守护进程中,并配备策略引擎,限制任何代理会话的操作范围。
什么是 WAIaaS?
WAIaaS(面向AI代理的钱包即服务)是一个自托管的本地守护进程,代表AI代理管理加密钱包。与云钱包服务(Coinbase CDP、Privy、Circle)不同,WAIaaS完全运行在你的机器上——无需第三方API密钥,无托管风险。
为什么使用 WAIaaS 而非原始密钥对?
| 方案 | 密钥暴露 | 支出限制 | 人工审批 | 紧急终止 |
|---|
| 代理中的原始密钥对 | 代理进程持有密钥 | 无 | 无 | 终止进程 |
| 云WaaS(CDP、Privy) |
第三方持有密钥 | 视情况而定 | 视情况而定 | API调用 |
|
WAIaaS |
隔离守护进程持有密钥 |
按代币、按交易、累计 |
SIWE/SIWS/WalletConnect |
通过管理界面即时生效 |
主要特性
- - 自托管:本地守护进程,无第三方依赖
- 策略引擎:默认拒绝、代币白名单、按代币支出限制、累计上限
- 所有者审批:高价值交易需要人工签名(SIWE/SIWS/WalletConnect/DCENT)
- 多链:单个守护进程支持EVM(以太坊、Base、Arbitrum、Polygon、Optimism)+ Solana
- 59+ MCP工具:钱包操作、DeFi(兑换/借贷/质押/跨链/永续合约)、NFT、x402、ERC-4337、ERC-8004
- 紧急终止:通过管理界面或API即时冻结任意钱包
- RPC代理:可用作Forge、Hardhat、ethers.js的--rpc-url——每笔交易都经过策略引擎
快速开始
1. 安装并启动守护进程
bash
npm install -g @waiaas/cli
waiaas init # 创建数据目录 + config.toml
waiaas start # 启动守护进程(首次运行设置主密码)
waiaas quickset --mode mainnet # 一步创建钱包 + MCP会话
quickset命令会自动创建Solana + EVM钱包,签发MCP会话令牌,并输出可直接使用的MCP配置片段。
如需测试,使用waiaas quickset --mode testnet创建Solana Devnet + EVM Sepolia钱包。
2. 配置支出策略(建议在连接代理前完成)
通过管理界面http://127.0.0.1:3100/admin设置支出限制和代币白名单。WAIaaS采用默认拒绝策略——代理在策略配置完成前无法进行交易。这确保在任何代理获得财务能力之前有人工监督。
3. 连接MCP服务器
通过环境变量传递会话令牌(不要在配置文件中硬编码令牌):
bash
将会话令牌设置为环境变量
export WAIAAS
SESSIONTOKEN=<来自quickset的会话令牌>
然后配置OpenClaw MCP
openclaw config set mcpServers.waiaas.command npx
openclaw config set mcpServers.waiaas.args [@waiaas/mcp]
openclaw config set mcpServers.waiaas.env.WAIAAS
SESSIONTOKEN \${WAIAAS
SESSIONTOKEN}
或自动注册所有钱包:
bash
waiaas mcp setup --all
安全提示: 将会话令牌存储在环境变量或密钥管理器中,而非明文配置文件中。会话令牌是限时JWT,可随时通过管理界面撤销。
可用MCP工具(59+)
钱包管理
- - connectinfo — 自我发现:钱包、策略、能力。首先调用此方法。
- getbalance — 钱包余额(原生币 + 美元)
- getaddress — 公开地址
- getassets — 所有持有资产(原生币 + 代币)
- getwalletinfo — 链、地址、环境、网络
- gettokens — 网络已注册代币
- resolveasset — 解析CAIP-19资产ID为元数据
交易
- - sendtoken — 发送原生币(SOL/ETH)或代币(ERC-20/SPL)
- callcontract — 调用白名单智能合约
- approvetoken — 批准支出方(需要APPROVEDSPENDERS策略)
- sendbatch — 原子多指令交易(Solana)
- signtransaction — 签名但不广播
- signmessage — 个人签名或EIP-712类型数据
- simulatetransaction — 带策略评估的预演,无副作用
- encode_calldata — 将EVM函数调用编码为十六进制
交易历史
- - listtransactions — 外出交易历史(分页)
- gettransaction — 单笔交易详情
- listincomingtransactions — 转入交易(分页,可筛选)
- getincomingsummary — 基于周期的转入摘要(每日/每周/每月)
DeFi(通过操作提供商)
- - 兑换:Jupiter(Solana)、0x(EVM)、DCent聚合器
- 跨链:LI.FI跨链、Across协议
- 借贷:Aave V3(EVM)、Kamino(Solana)
- 质押:Lido(ETH)、Jito(SOL)
- 收益:Pendle收益交易
- 永续合约:Drift(Solana)、Hyperliquid(10个工具)
- 预测:Polymarket(8个工具)
NFT
- - listnfts — 列出拥有的NFT(ERC-721/1155/Metaplex)
- getnftmetadata — NFT元数据和属性
- transfernft — 转移NFT(需要审批层级)
高级功能
- - x402fetch — HTTP 402自动支付
- wcconnect / wcstatus / wcdisconnect — WalletConnect配对
- builduserop / signuserop — ERC-4337账户抽象
- erc8004 — ERC-8004无信任代理身份
- erc8128 — ERC-8128签名HTTP请求
- getrpcproxyurl — 用于Forge/Hardhat/ethers.js的EVM RPC代理
- listcredentials / listoffchainactions — 凭证库和链下历史
示例工作流
检查余额并发送代币
你:我的钱包余额是多少?
代理:[调用connectinfo,然后getbalance]
你的钱包在Base上持有2.5 ETH($4,250)和1,000 USDC。
你:发送100 USDC到0xAlice...
代理:[先调用simulatetransaction,然后sendtoken]
模拟:100 USDC转账,费用约$0.02,策略层级AUTO_SIGN。
交易已发送!TX: 0xabc...(2秒确认)
DeFi操作
你:在Base上将500 USDC兑换为ETH
代理:[调用action0xswapquote,然后action0xswapexecute]
通过0x聚合器将500 USDC兑换为0.29 ETH。TX: 0xdef...
你:在Arbitrum上向Aave存入1 ETH
代理:[调用actionaavesupply]
在Arbitrum上向Aave V3存入1 ETH。当前APY:2.1%。TX: 0xghi...
x402自动支付
你:获取https://api.example.com/data的高级API
代理:[调用x402_fetch — 如果收到402响应则自动支付]
通过x402支付0.01 USDC。响应:{ data: ... }
安全模型
WAIaaS实施三层安全模型:
- 1. 会话认证:代理使用限时JWT会话令牌。不暴露主密码。
- 策略引擎:默认拒绝。为每个钱包配置ALLOWEDTOKENS、CONTRACTWHITELIST、SPENDINGLIMIT、RATELIMIT。
- 所有者审批 + 紧急终止:高价值交易需要人工签名。通过管理界面即时冻结钱包。
交易层级:
- - AUTO_SIGN — 在策略限制内,自动批准
