Skip to main content
Items are grouped by which axis they belong to: cross-cutting (every deployment), MCP-specific (only if you use the MCP server), and signing layer.

Cross-cutting (all surfaces)

API and authentication

  • Production API key created (not the Pilot key)
  • API key stored in an environment variable or secret manager — not hardcoded in source
  • API key is not committed to version control
  • Rate limits reviewed and understood — see Rate Limits

Error handling

All 6 error categories handled:
  • validation — fix input and retry
  • upstream — retry with exponential backoff
  • flow — execute the requiredAction field before retrying (MCP only)
  • auth — halt the agent, alert the operator
  • limit — back off, retry after the rate limit window
  • not_available — inform the user the feature is not enabled
See Structured Errors.

Security

  • No private keys or mnemonics in source control or tool arguments
  • No secrets passed as MCP tool parameters — all secrets via environment variables
  • HTTPS enforced for all external URLs
Before going live, review: Security Overview · Security Diligence · Build & Supply Chain.

MCP-specific (skip if using SDK or REST API only)

Band filtering

  • MCP_BANDS set to the minimum required level for each agent role
  • Read-only agents use MCP_BANDS=read (not full)
  • Each agent’s band level has a documented justification
  • Multi-agent setups use separate MCP instances with different band configs — see Band Filtering

MCP transport and runtime

  • Using the published npm package (@walletsuite/mcp-server) or official Docker image
  • Node.js 22+ verified
  • Health endpoint reachable for HTTP deployments — GET /health
  • Log output captured — WalletSuite MCP logs structured JSON to stderr
  • Client-side hooks enabled for broadcast confirmation (recommended for Claude Code) — see Install Guides
  • Docker deployments use the non-root mcp user (default in the published image)

Signing layer

Policy gates

  • At least one policy created with a destination allowlist, value cap (maxValueEth), or rate limit (rateLimitPerHour) - registration requires at least one constraint (MISSING_POLICY_GUARDRAIL). See Policy Gates
  • Spend limits configured when available
  • Policy tested: verified that signing to a non-allowlisted destination, above the value cap, or past the rate limit is denied
  • Policy denial returns a flow error with requiredAction — verify your agent handles it

MPC 2-of-2

  • Agent tokens issued with bound policies (destination allowlists, value caps, rate limits)
  • Agent tokens stored in a secret manager — not in source control
  • Token rotation policy documented (e.g., 90-day rotation)
  • Co-signing latency monitored (typical warm path: 200–600ms)
  • Customer-side share storage verified (encrypted at rest with WALLETSUITE_PASSPHRASE, off WalletSuite infrastructure)
  • Self-hosted MCP deployments verified to keep the customer-side share on your own infrastructure - see Self-Hosting over HTTP
  • Audit trail export to SIEM configured if long-term retention is required - see Audit Trail
  • Alerts configured for signing failures and policy denials
See Security Model and Key Management for the full signing-layer model.

Deployment validation

  • .env.example copied and populated with production values
  • Health check passing after deployment — curl http://localhost:3000/health (HTTP transports)
  • End-to-end test: read band query returns expected balance
  • End-to-end test: prepare band returns a valid unsigned tx
  • End-to-end test: signing flow completes (MPC co-sign), broadcast confirms on-chain in staging