what is Steward?

Steward is a governance layer for autonomous AI agents. it provides encrypted wallet management, credential storage, policy enforcement, API proxy with credential injection, and audit logging, so agents can interact with blockchains and third-party APIs without ever touching raw private keys or API credentials.

wallet vault

AES-256-GCM encrypted key storage with multi-chain signing (EVM + Solana). agents request signatures, they never see private keys.

secret vault

encrypted credential storage with automatic injection. agents never see API keys. Steward’s proxy injects them at request time.

policy engine

declarative policies evaluated before every action. spending limits, rate limits, address whitelists, time windows, all configurable per agent.

API proxy

all third-party API calls flow through Steward. credentials injected at the proxy, costs tracked, everything audited.

the problem

today, most agent platforms inject plaintext credentials directly into agent containers:

# what agent containers look like today
OPENAI_API_KEY=sk-proj-abc123...
ANTHROPIC_API_KEY=sk-ant-def456...
EVM_PRIVATE_KEY=0xdeadbeef...
DATABASE_URL=postgres://user:pass@host/db

any code operating from the container, including code triggered by prompt injection, can read these credentials, exfiltrate them, or drain wallets. there is no spending control, no audit trail, and rotating a credential means redeploying every container that uses it.

the solution

with Steward, agent containers only receive two environment variables:

# what agent containers look like with Steward
STEWARD_PROXY_URL=http://steward-proxy:8080
STEWARD_AGENT_TOKEN=stwd_jwt_...

every API call and every transaction flows through Steward, where it is authenticated, policy-checked, logged, and metered before being forwarded with the real credentials injected.

who uses Steward?

waifu.fun is the inaugural agent platform. Sol, the first live agent on waifu.fun, trades Hyperliquid perps under a constrained Steward policy: long-only, BTC/ETH/BNB, $100 per position, 5x max leverage,$ 300 daily open budget. her LLM never holds the key. read more in the waifu.fun integration page.
Milady Cloud runs production deployments managing 17+ AI agents across 6 nodes with on-chain transactions on Base mainnet.
agent developers building autonomous agents that need wallet access or API credential management.
platform operators running multi-tenant agent hosting who need security, cost control, and compliance.
desktop apps. local mode with PGLite means Steward can run as an embedded sidecar with no third-party dependencies.

what’s new

Steward has grown beyond wallet management into a full agent infrastructure platform:

API proxy. route any HTTP API call through Steward for credential injection, cost tracking, and audit logging.
webhook events. get notified on tx.pending, tx.signed, spend.threshold, policy.violation, and more.
approval workflow. large transactions queue for human review. approve or deny via API or the <ApprovalQueue> component.
control plane config. per-tenant configuration of policy exposure, UI feature flags, themes, and approval rules.
embeddable React UI. drop @stwd/react into any app for wallet overview, transaction history, policy controls, and approval queues.
local mode. run Steward without any third-party database using the built-in PGLite (Postgres-in-WASM) backend.
aggregated dashboard. single API call returns agent balances, spend stats, recent transactions, policy summary, and pending approvals.

quick links

quickstart

get up and running with Steward in 5 minutes.

architecture

understand how the four pillars work together.

React components

drop-in UI for wallet management and policy controls.

local mode

run Steward locally with PGLite, no database required.

SDK reference

install the TypeScript SDK and start building.

API reference

explore the full REST API.