Skip to main content

API and Authentication

  • Production API key created (not the Pilot key)
  • API key stored in an environment variable or secret manager — not hardcoded in source
  • API key is not committed to version control
  • Rate limits reviewed and understood — see Rate Limits

Band Filtering

  • MCP_BANDS set to the minimum required level for each agent role
  • Read-only agents use MCP_BANDS=read (not full)
  • Each agent’s band level has a documented justification
  • Multi-agent setups use separate MCP instances with different band configs — see Band Filtering

OWS Local Signing (If Enabled)

  • OWS_VAULT_PATH points to a secure, backed-up location (default: ~/.ows)
  • Owner passphrase stored securely — not in .env files committed to git
  • Agent tokens created with restrictive policies:
    • Chain allowlist configured (only the chains the agent needs)
    • Expiry set on every agent token
      • Custom policy (no explicit expiresAt) defaults to 30 days
      • Wallet default policy (created alongside the wallet) defaults to 90 days
      • expiryMode: one_year preset caps at 1 year but cannot outlive the bound policy
  • Agent token files have mode 0600 (readable only by owner)
  • RPC URLs configured for each signing chain:
    • OWS_ETHEREUM_RPC_URL — for Ethereum signing/broadcasting
    • OWS_TRON_RPC_URL — for Tron signing/broadcasting
  • All RPC URLs use HTTPS (HTTP allowed only for localhost in development)
  • OWS signing tested in staging before production deployment
See OWS Local Signing for the full setup guide.

Policy Gates (If Using Agent Mode)

  • At least one policy created with chain restrictions — see Policy Gates
  • Policy expiry configured
  • Spend limits configured when available
  • Policy tested: verified that signing for unauthorized chains is denied
  • Policy denial returns a flow error with requiredAction — verify your agent handles it

Error Handling

All 6 error categories handled:
  • validation — fix input and retry
  • upstream — retry with exponential backoff
  • flow — execute the requiredAction field before retrying
  • auth — halt the agent, alert the operator
  • limit — back off, retry after the rate limit window
  • not_available — inform the user the feature is not enabled
See Structured Errors for the full error taxonomy.

Monitoring

  • Audit trail location configured and accessible — default: ~/.walletsuite/audit-trail.jsonl
  • Health endpoint reachable for HTTP deployments — GET /health
  • Log output captured — WalletSuite MCP logs structured JSON to stderr
  • Alerts configured for signing failures and policy denials (if applicable)

Security

  • No private keys, mnemonics, or passphrases in source control or tool arguments
  • No secrets passed as MCP tool parameters — all secrets via environment variables
  • HTTPS enforced for all external URLs
  • Client-side hooks enabled for broadcast confirmation (recommended for Claude Code) — see Install Guides
  • Docker deployments use the non-root mcp user (default in the published image)
Before going live, review the full trust model and diligence path: Security Overview · Security Diligence · Build & Supply Chain.

Deployment

  • Using the published npm package (@walletsuite/mcp-server) or official Docker image
  • Node.js 22+ verified
  • .env.example copied and populated with production values
  • Health check passing after deployment — curl http://localhost:3000/health