auth + wallet infrastructure for autonomous agents. open source. self-hostable. policy enforced at the signing layer.
AI agents need wallet keys, API keys, database credentials. today these live as plaintext environment variables, one prompt injection away from exfiltration. no spending controls, no audit trail, no kill switch.
existing embedded-wallet platforms were built for consumer apps, not agents. they're closed source, can't be self-hosted, charge per-transaction fees, and have no concept of policy enforcement or autonomous operation.
Steward sits between agents and everything they access. four pillars:
- vault. AES-256-GCM encrypted keys. EVM (7 chains) + Solana. keys never exist in plaintext outside a signing operation.
- policy engine. 6 composable rule types evaluated before every action. spending limits, rate limits, address whitelists, time windows, auto-approve thresholds.
- auth. passkeys, email magic links, SIWE, Google/Discord OAuth. JWT sessions with refresh token rotation.
- proxy gateway. credential injection for any third-party API. agents never see raw keys. full audit trail.
Steward is the signing layer behind every agent on waifu.fun. Sol, the inaugural agent, trades Hyperliquid perps under a constrained Steward policy. her LLM never holds the key; the LLM sends signing requests, the policy engine evaluates, the vault signs (or refuses) and emits an audit event.
read how waifu.fun wires Steward for a concrete example.
agent / app Steward third-party
┌─────────────┐ ┌──────────────────────┐ ┌──────────────────┐
│ STEWARD_URL │───>│ auth (JWT/passkey) │ │ chains (EVM/Sol) │
│ STEWARD_JWT │ │ policy engine │───>│ OpenAI/Anthropic │
│ │ │ wallet vault │ │ any API │
│ no API keys │ │ secret vault │ └──────────────────┘
│ no priv keys│ │ proxy gateway │
└─────────────┘ │ audit log │
└──────────────────────┘
npm install @stwd/sdkimport { StewardClient } from "@stwd/sdk";
const steward = new StewardClient({
baseUrl: "https://api.steward.fi",
apiKey: "stw_your_tenant_key",
tenantId: "my-app",
});
// create an agent with EVM + Solana wallets
const agent = await steward.createWallet("trading-bot", "Trading Bot");
console.log(agent.walletAddresses); // { evm: "0x...", solana: "..." }
// sign a transaction (policy-enforced)
const result = await steward.signTransaction("trading-bot", {
to: "0xRecipient",
value: "10000000000000000", // 0.01 ETH
chainId: 8453, // Base
});see the full quickstart guide for auth setup and policies. see the deployment guide for self-hosting.
drop-in React components for login and wallet management:
npm install @stwd/react @stwd/sdkimport { StewardProvider, StewardLogin, StewardAuthGuard } from "@stwd/react";
import "@stwd/react/styles.css";
function App() {
return (
<StewardProvider
client={stewardClient}
auth={{ baseUrl: "https://api.steward.fi" }}
>
<StewardAuthGuard fallback={<StewardLogin methods={["passkey", "email", "google"]} />}>
<Dashboard />
</StewardAuthGuard>
</StewardProvider>
);
}components: StewardLogin, StewardAuthGuard, StewardUserButton, StewardTenantPicker, WalletOverview, PolicyControls, ApprovalQueue, SpendDashboard, TransactionHistory.
| package | version | description |
|---|---|---|
@stwd/sdk |
TypeScript client for browser + Node. zero deps. | |
@stwd/react |
drop-in React components: login, wallet, policies, approvals. | |
@stwd/eliza-plugin |
ELIZA OS integration: sign, transfer, balance, approval evaluator. | |
@stwd/api |
internal | Hono REST API. 30+ endpoints, multi-tenant, dual auth. |
@stwd/vault |
internal | wallet + secret encryption. AES-256-GCM, EVM + Solana. |
@stwd/policy-engine |
internal | composable policy evaluation. 6 rule types, 1000+ lines of tests. |
@stwd/proxy |
internal | API proxy with credential injection, alias system, audit trail. |
@stwd/auth |
internal | passkeys (WebAuthn), email magic links, SIWE, OAuth. |
@stwd/webhooks |
internal | HMAC-signed event delivery with retries. |
@stwd/db |
internal | Drizzle ORM schema, migrations, PGLite adapter. |
@stwd/shared |
internal | types, chain metadata, constants. |
Steward runs anywhere. two options:
docker (recommended for production):
git clone https://github.com/Steward-Fi/steward.git && cd steward
cp .env.example .env
# set STEWARD_MASTER_PASSWORD, POSTGRES_PASSWORD, STEWARD_PLATFORM_KEYS,
# STEWARD_SESSION_SECRET, and STEWARD_JWT_SECRET in .env
docker compose up -d
curl http://127.0.0.1:3200/readystarts the API (:3200), proxy (:8080), Postgres, and Redis. API migrations run automatically on startup unless SKIP_MIGRATIONS is set.
embedded mode (no third-party dependencies):
bun run start:localuses PGLite (in-process Postgres via WASM). data persists to ~/.steward/data/. good for local development, CLI agents, and desktop apps.
required env vars:
| variable | description |
|---|---|
STEWARD_MASTER_PASSWORD |
derives all vault encryption keys. no recovery if lost. |
DATABASE_URL |
Postgres connection string (not needed in embedded mode) |
STEWARD_SESSION_SECRET |
JWT signing secret (defaults to master password) |
REDIS_URL |
Redis for rate limiting + token store (optional) |
RESEND_API_KEY |
for email magic link auth (optional) |
PASSKEY_RP_ID |
WebAuthn relying party domain (optional) |
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET |
Google OAuth (optional) |
DISCORD_CLIENT_ID / DISCORD_CLIENT_SECRET |
Discord OAuth (optional) |
full list in .env.example. see deployment guide for production setup.
- vault: AES-256-GCM encrypted wallets, EVM (7 chains) + Solana
- policy engine: 6 composable types (spending-limit, approved-addresses, rate-limit, time-window, auto-approve-threshold, allowed-chains)
- auth: passkeys (WebAuthn), email magic links, SIWE, Google OAuth, Discord OAuth
- JWT sessions: access + refresh token rotation, revoke single/all sessions
- cross-tenant identity: one user, one wallet, multiple apps
- multi-tenant API: full tenant isolation at middleware + DB level
- proxy gateway: credential injection, alias system, spend tracking, audit trail
- React components: login widget, wallet overview, policy controls, approval queue
- TypeScript SDK: typed client, browser + Node, all wallet/policy/auth ops
- ELIZA OS plugin: sign, transfer, balance, approval evaluator
- embedded mode: PGLite, zero third-party dependencies, same API surface
- docker: multi-stage Dockerfile, docker-compose with Postgres + Redis
- webhooks: HMAC-signed events (tx.signed, tx.pending, policy.violation, etc.)
- per-tenant CORS: configurable allowed origins per tenant
- open source. MIT licensed, full source available.
- self-hostable. docker, embedded PGLite, or hosted.
- full auth surface. passkey / email / SIWE / OAuth.
- policy enforcement at the vault layer. 6 composable rule types evaluated before any signature is produced. compromised app code cannot bypass.
- agent-native. built from day one for autonomous operation: approval queues, audit log, kill-switch.
- credential proxy. inject keys for any third-party API. agents never see raw secrets.
Ethereum, Base, Polygon, Arbitrum, BSC, Base Sepolia, BSC Testnet, Solana
- waifu.fun (inaugural agent runtime; Sol signs through Steward)
- ELIZA OS
- Milady
- Babylon
- Hyperscape
- Strata Reserve
see CONTRIBUTING.md for development setup, coding standards, and PR guidelines.
- website: steward.fi
- docs: docs.steward.fi
- API: api.steward.fi
- npm: @stwd/sdk, @stwd/react, @stwd/eliza-plugin