Wallets

Inspect balances and request transactions without exposing private keys to agents.

Wallet types#

WalletCustodyBest for
Local walletEncrypted with the operating system keychainDevelopment and bounded automated actions
Phantom or SolflareExternal wallet signsUser-controlled interactive signing
Agent walletLocal wallet assigned to a named agentPolicy-limited agent workflows

The key boundary#

Wallet secrets stay in the Electron main process. The renderer and agents send typed requests across IPC; they do not receive private-key bytes. Local keypairs are decrypted only for the signing operation and cleared from memory afterward.

Read actions#

  • Inspect SOL and token balances for tracked addresses.
  • Review token accounts and transaction history.
  • Fetch prices and portfolio context without requesting a signature.

Transactions and approvals#

Swaps, transfers, launches, and program writes pass through Daemon policy before signing. The request records its network and action parameters; gated requests wait for approval, and mainnet actions re-check the cluster at execution time.

Before approving#

  • Confirm the selected wallet and network.
  • Check the recipient, program, token mint, amount, fees, and expected balance changes.
  • Treat an unknown program or unexpected mainnet target as a reason to deny the request.
  • Keep agent wallets funded only for the work they are expected to perform.