MPC Agent Wallet SDK
A 2-of-3 threshold MPC wallet SDK built for AI agents. The AI agent can't sign transactions alone - it needs approval from either a user or recovery guardian.
Key Features
- 2-of-3 Threshold Signing: AI agent holds 1 share, user holds 1 share, recovery guardian holds 1 share. Any 2 can sign.
- Policy Engine: Configurable rules enforced before signing (spending limits, whitelists, time bounds)
- Rust Core: High-performance cryptographic operations with WASM compilation support
- Chain Agnostic: Works with EVM, Solana and Bitcoin
Architecture
┌─────────────────────────────────────────────────────────────┐
│ SDK Layer │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ TypeScript │ │ Python │ │ WASM │ │
│ │ SDK │ │ SDK │ │ Bindings │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
└─────────┼─────────────────┼─────────────────┼───────────────┘
│ │ │
┌─────────┴─────────────────┴─────────────────┴───────────────┐
│ Rust Core │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ DKLs23 MPC │ │ Policy │ │ Key Share │ │
│ │ Engine │ │ Engine │ │ Storage │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────┘
Security Model
| Party | Role | Purpose |
|---|---|---|
| Agent | AI assistant | Initiates transactions |
| User | Account owner | Primary approval authority |
| Recovery | Guardian | Backup approval for recovery |
Key Properties:
- AI agent cannot sign transactions alone
- User maintains full control over their wallet
- Recovery guardian enables wallet recovery without seed phrases
- All transactions pass through configurable policy engine
Crates
| Crate | Description |
|---|---|
mpc-wallet-core |
Core MPC engine, policy enforcement, storage |
mpc-wallet-wasm |
WebAssembly bindings for browser/Node.js |
mpc-wallet-relay |
Message relay service for MPC coordination |
mpc-wallet-cli |
CLI tool for testing and development |
Packages (SDKs)
| Package | Description |
|---|---|
@mpc-wallet/sdk |
TypeScript SDK for Node.js and browsers |
mpc-wallet |
Python SDK |
Quick Start
Installation
# Clone the repository
# Build the project
# Run tests
CLI Usage
# Run local DKG simulation
# Show wallet info
# Test policy engine
Rust API
use ;
// Configure policy
let policy = default
.with_spending_limits
.with_whitelist;
let engine = new;
// Create transaction
let tx = new;
// Sign with policy enforcement (requires 2-of-3 parties)
let signature = sign_with_policy.await?;
Policy Engine
The policy engine evaluates transactions before signing:
Supported Policies
| Policy | Description |
|---|---|
| Spending Limits | Per-transaction, daily, weekly limits |
| Address Whitelist | Only allow specific recipients |
| Address Blacklist | Block specific addresses |
| Time Bounds | Restrict to business hours |
| Contract Restrictions | Limit allowed contract interactions |
Example
use *;
let policy = new
.spending_limits
.whitelist
.blacklist
.time_bounds
.contract_restrictions
.additional_approval_threshold // >50 ETH needs Recovery
.build;
Key Share Storage
Key shares are encrypted at rest using ChaCha20-Poly1305:
use *;
// Create encrypted storage
let store = new?;
// Encrypt and store a key share
let encryption_key = generate_encryption_key;
let encrypted = encrypt?;
store.store.await?;
// Load and decrypt
let encrypted = store.load.await?;
let key_share = encrypted.decrypt?;
Development
Prerequisites
- Rust 1.75+
- For WASM:
wasm-pack
Running Tests
# All tests
# Core library tests
# With logging
RUST_LOG=debug
Project Structure
mpc-agent-wallet/
├── crates/
│ ├── mpc-wallet-core/ # Core Rust library
│ │ ├── src/
│ │ │ ├── keygen/ # Distributed key generation
│ │ │ ├── sign/ # Threshold signing
│ │ │ ├── chain/ # Chain adapters (EVM, Solana)
│ │ │ ├── policy.rs # Policy engine
│ │ │ ├── storage.rs # Key share storage
│ │ │ └── mpc/ # MPC coordination
│ │ └── Cargo.toml
│ ├── mpc-wallet-wasm/ # WASM bindings
│ ├── mpc-wallet-relay/ # Relay service
│ └── mpc-wallet-cli/ # CLI tool
├── packages/
│ ├── mpc-wallet-sdk/ # TypeScript SDK
│ │ ├── src/
│ │ │ ├── wallet.ts # Main wallet class
│ │ │ ├── keygen.ts # Key generation
│ │ │ ├── signing.ts # Threshold signing
│ │ │ ├── policy.ts # Policy engine
│ │ │ ├── chains/ # Chain adapters
│ │ │ └── storage/ # Key storage
│ │ └── package.json
│ └── mpc-wallet-python/ # Python SDK
│ ├── src/mpc_wallet/
│ │ ├── wallet.py # Main wallet class
│ │ ├── keygen.py # Key generation
│ │ ├── signing.py # Threshold signing
│ │ ├── policy.py # Policy engine
│ │ ├── chains/ # Chain adapters
│ │ └── storage/ # Key storage
│ └── pyproject.toml
├── contracts/ # Smart contracts (Foundry)
│ ├── src/
│ │ ├── MpcSmartAccount.sol # ERC-4337 MPC smart account
│ │ ├── MpcSmartAccountFactory.sol # Account factory
│ │ ├── interfaces/ # Contract interfaces
│ │ └── modules/
│ │ ├── MpcRecoveryModule.sol # Key recovery
│ │ └── MpcSpendingLimitHook.sol # Spending limits
│ ├── test/ # Foundry tests
│ └── script/ # Deployment scripts
├── Cargo.toml # Workspace
└── README.md
Documentation
| Document | Description |
|---|---|
| Quick Start | Get started with the SDK |
| Architecture | System design and data flows |
| Security Model | Threat model and mitigations |
| Integration Guide | Integrate with AI frameworks |
| TypeScript API | TypeScript SDK reference |
| Python API | Python SDK reference |
Examples
| Example | Description |
|---|---|
| Basic Wallet | Minimal wallet setup and signing |
| ElizaOS Plugin | Integration with ElizaOS AI framework |
| LangChain Tool | LangChain tools for LLM applications |
| Telegram Bot | Transaction approval via Telegram |
| DeFi Agent | Automated DeFi strategy execution |
Smart Contracts
The contracts/ directory contains ERC-4337 smart account contracts:
# Install dependencies
# Build
# Test
# Deploy (local)
See contracts/README.md for detailed documentation.
License
Licensed under MIT OR Apache-2.0.
Contributing
Contributions welcome! Please read the contributing guidelines first.
Built for AI agents that need secure blockchain access with human oversight.