Governance infrastructure for AI agents

Agents don't need keys.
They need permission.

Every credential encrypted. Every call proxied. Every dollar tracked. Open-source middleware that sits between your agents and everything they touch.

Launch DashboardView Source

The problem

Your agent has the same access as you.
That's the problem.

01

Keys live in env vars

Private keys and API credentials as plaintext environment variables. One prompt injection away from total compromise.

02

No boundaries

No spending limits, no rate limits, no approved address lists. Agents sign whatever they want, call whatever they want.

03

No visibility

No audit trail. No cost attribution. When something goes wrong, you find out from your bank statement.

Architecture

Three layers between your agent
and the real world.

01

Vault

AES-256-GCM encryption at rest

  • Wallet private keys encrypted, never exposed to agents
  • API credentials stored and injected at the proxy layer
  • Scoped tokens for agent authentication
02

Policy Engine

Default deny, explicit allow

  • Per-agent spending limits — daily, monthly, per-transaction
  • Rate limiting with sliding windows per API, per agent
  • Approved address and contract allowlists
03

Proxy Gateway

The only door out

  • Every outbound call flows through Steward
  • Credentials injected at the edge, stripped from logs
  • Full cost attribution and audit trail per agent
Agent
SDK / HTTP
Policy Engine
Evaluate rules
Proxy
Inject credentials
Vault
Sign or forward

SDK

Sign transactions.
Proxy APIs.
Enforce everything.

TypeScript SDK for policy-checked signing and credential-injected API proxying. Works with any agent framework.

npm i @stwd/sdk
sign-transaction.ts
typescript
// Policy-enforced signing// Policy-enforced signing// Policy-enforced signing// Policy-enforced signing// Policy-enforced signing// Policy-enforced signing// Policy-enforced signing-enforced signing
const tx = await steward.signTransaction(agentId, {
  to: "0xDEX...",
  value: "100000000000000000",
})
api-proxy.ts
typescript
// Credentials injected — agent never sees the key// Costs tracked, rate-limited, audited// Costs tracked, rate-limited, audited// Costs tracked, rate-limited, audited// Costs tracked, rate-limited, audited// Costs tracked, rate-limited, audited// Costs tracked, rate-limited, audited, rate-limited, audited
policies.ts
typescript
await steward.setPolicies(agentId, [
  { type: "spending-limit",
    config: { maxPerTx: "1e18",
              maxPerDay: "10e18" } },
  { type: "rate-limit",
    config: { window: "1m",
              maxRequests: 60 } },
  { type: "approved-addresses",
    config: { addresses: [
      "0xUniswap...",
      "0xTreasury..."] } },
])
AES-256-GCM
Encryption at rest
Default deny
Policy model
7 EVM + Solana
Chains supported
< 50ms
Proxy overhead

Works with any agent framework

Multi-tenant by default

One Steward instance for thousands of agents across isolated tenants. Each tenant gets its own policies, credentials, and webhook endpoints. Self-hosted. No per-transaction toll.

DeFi & Trading
Trading bots, yield agents, and liquidity managers with enforced spending limits and approved counterparties
AI Agent Platforms
ElizaOS, LangChain, AutoGPT — any framework that needs secure wallet and API access for its agents
Treasuries & Rewards
DAO treasuries, perks systems, and micro-payment agents with multi-party approval flows
RWA & Settlement
Commodity finance, collateral management, and tokenized asset operations

Open source

Infrastructure you own, not a dependency you rent.

MIT-licensed. Self-hostable. No per-transaction fees.

Browse the sourcenpm i @stwd/sdk