One primitive, five operating postures.
Every vertical runs the same two knobs — MCP band cap and OWS signing mode. Pick the posture that matches how your team already operates.
Strategy agents get read and prepare. Operators own sign and broadcast. Keys stay on your infrastructure.
Curator agent recommends. Broadcast stays with your multisig. Every recommendation is a structured payload for your review queue.
Bands as a reusable primitive at the MCP tool-visibility layer. Prepared payloads sign with whatever signer your stack already uses.
Agent-driven treasury moves with exportable JSONL audit. Self-hosted OWS — keys never leave your infrastructure.
Human-in-loop doesn’t scale at market-making volume. Policy gates at the signing layer do. Every attempt is audit evidence.
What every page answers
Server-side key isolation
MCP server holds no private keys. Signing happens via your OWS vault.
Band filtering at startup
Out-of-band tools never enter the registry — agents cannot see what was never registered.
Policy gates before signing
Chain allowlist, expiry, declarative rules — evaluated before the vault decrypts.
Tamper-evident audit
Every sign and broadcast is a SHA-256 hash-chained JSONL event on your disk.
Self-hosted, non-custodial
Runs in your environment. AES-256-GCM at rest. Decrypted in-memory only during signing.
MCP-compatible
LangChain, CrewAI, Pydantic AI, Claude Agent SDK, or custom MCP runtimes in Python or TypeScript.
Now reviewing a limited number of design partners.
Reference-customer pricing. Contact us to discuss fit.