Skip to main content
WalletSuite LogoWalletSuite
Agent protocols · framework vendors

Governed agent wallets for autonomous agent protocols

Bands as a reusable primitive at the MCP tool-visibility layer. Prepared payloads sign with whatever you already use.

Book 20 minRead the security model
Agent process · .mcp.json
read + prepare
{
  "mcpServers": {
    "walletsuite": {
      "command": "walletsuite-mcp",
      "env": {
        "WALLETSUITE_API_KEY": "$WALLETSUITE_API_KEY",
        "MCP_BANDS": "read,prepare"
      }
    }
  }
}
§ 01Problem

A primitive, not a re-implementation

Every autonomous agent framework ships a partial band filter. Some hardcode wallet wrappers per skill. Others bind each action to a Safe transaction service. Others expose skill-level permissions configured per-agent. All of them reinvent the same invariant — this agent can read but cannot broadcast — inside a specific framework’s wrapper layer.

Each reinvention is per-framework, non-reusable, and drifts from the signing substrate as the framework evolves. Bands live one layer below. An agent running through WalletSuite sees only the tools its band cap permits, enforced at MCP startup. The permission logic stops living in your framework’s wrappers and becomes a reusable primitive across every agent runtime — LangChain, CrewAI, Pydantic AI, Claude Agent SDK, custom in-house runtimes, any MCP-compatible framework.

The read and prepare bands return unsigned transaction payloads with everything a signer needs — nonce, gas parameters, calldata, value. How the payload is signed is your team’s choice: a Safe multisig flow, a hosted signer (Privy, Turnkey, custom), an HSM, a local wallet. WalletSuite never sees keys or signed payloads in read/prepare mode.

§ 02Pattern

One band cap, signing stays external

One MCP server configuration per agent runtime. MCP_BANDS controls what the agent sees — read-only research agents get read, execution-ready agents get read,prepare, full-broadcast agents get full (rare, usually operator-only). Read/prepare agents emit unsigned payloads for an external signer. Full-band agents use the bundled OWS vault on your infra.

Invariant
You do not have to re-implement band filtering per framework. One primitive at the MCP layer covers every agent in your fleet, regardless of runtime. Sign the prepared payload however your stack already signs.
§ 03What this unblocks

Three properties that drop out of the pattern.

  1. 01
    Your framework stops owning wallet-permission logic. One primitive, many runtimes.
  2. 02
    Your signing stack doesn’t change. Bands scope what an agent can call — signing happens wherever it already happens.
  3. 03
    Tool visibility is enforced at MCP startup. Prompt injection cannot call a tool the agent was never shown.
Design partner program

Now reviewing a limited number of design partners.

Book 20 minOr email us
See all use cases