https://github.com/steward-fi/steward

Agent wallet infrastructure — encrypted keys, policy enforcement, credential proxy, auth platform. Self-hostable, multi-tenant, open source.
https://github.com/steward-fi/steward

ai-agents authentication bun open-source policy-engine typescript wallet

Last synced: 15 days ago
JSON representation

Agent wallet infrastructure — encrypted keys, policy enforcement, credential proxy, auth platform. Self-hostable, multi-tenant, open source.

• Host: GitHub
• URL: https://github.com/steward-fi/steward
• Owner: Steward-Fi
• License: mit
• Created: 2026-03-13T15:22:44.000Z (3 months ago)
• Default Branch: develop
• Last Pushed: 2026-04-20T11:09:40.000Z (about 2 months ago)
• Last Synced: 2026-04-20T13:50:47.881Z (about 2 months ago)
• Topics: ai-agents, authentication, bun, open-source, policy-engine, typescript, wallet
• Language: TypeScript
• Homepage: https://steward.fi
• Size: 3.08 MB
• Stars: 2
• Watchers: 0
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# Steward

Auth + wallet infrastructure for autonomous agents. Open source. Self-hostable. Policy-enforced at the signing layer.

[![npm](https://img.shields.io/npm/v/@stwd/sdk)](https://www.npmjs.com/package/@stwd/sdk)

[![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)

[![API](https://img.shields.io/badge/API-live-brightgreen)](https://api.steward.fi)

[![Docs](https://img.shields.io/badge/docs-steward.fi-blue)](https://docs.steward.fi)

---

## The Problem

AI agents need wallet keys, API keys, database credentials. Today these live as plaintext environment variables, one prompt injection away from exfiltration. No spending controls, no audit trail, no kill switch.

Existing embedded-wallet platforms were built for consumer apps, not agents. They're closed source, can't be self-hosted, charge per-transaction fees, and have no concept of policy enforcement or autonomous operation.

## The Solution

Steward sits between agents and everything they access. Four pillars:

1. **Vault** — AES-256-GCM encrypted keys. EVM (7 chains) + Solana. Keys never exist in plaintext outside a signing operation.

2. **Policy Engine** — 6 composable rule types evaluated before every action. Spending limits, rate limits, address whitelists, time windows, auto-approve thresholds.

3. **Auth** — Passkeys, email magic links, SIWE, Google/Discord OAuth. JWT sessions with refresh token rotation.

4. **Proxy Gateway** — Credential injection for any third-party API. Agents never see raw keys. Full audit trail.

---

## Architecture

```

Agent / App              Steward                        External

┌─────────────┐    ┌──────────────────────┐    ┌──────────────────┐

│ STEWARD_URL │───>│ Auth (JWT/passkey)   │    │ Chains (EVM/Sol) │

│ STEWARD_JWT │    │ Policy Engine        │───>│ OpenAI/Anthropic  │

│             │    │ Wallet Vault         │    │ Any API           │

│ No API keys │    │ Secret Vault         │    └──────────────────┘

│ No priv keys│    │ Proxy Gateway        │

└─────────────┘    │ Audit Log            │

                   └──────────────────────┘

```

---

## Quick Start

```bash

npm install @stwd/sdk

```

```typescript

import { StewardClient } from "@stwd/sdk";

const steward = new StewardClient({

  baseUrl: "https://api.steward.fi",

  apiKey: "stw_your_tenant_key",

  tenantId: "my-app",

});

// Create an agent with EVM + Solana wallets

const agent = await steward.createWallet("trading-bot", "Trading Bot");

console.log(agent.walletAddresses); // { evm: "0x...", solana: "..." }

// Sign a transaction (policy-enforced)

const result = await steward.signTransaction("trading-bot", {

  to: "0xRecipient",

  value: "10000000000000000", // 0.01 ETH

  chainId: 8453, // Base

});

```

See the full [Quickstart Guide](docs/quickstart.mdx) for auth setup and policies. See the [Deployment Guide](docs/deployment.md) for self-hosting.

---

## Auth Widget

Drop-in React components for login and wallet management:

```bash

npm install @stwd/react @stwd/sdk

```

```tsx

import { StewardProvider, StewardLogin, StewardAuthGuard } from "@stwd/react";

import "@stwd/react/styles.css";

function App() {

  return (

    

      }>

        

      

    

  );

}

```

Components: `StewardLogin`, `StewardAuthGuard`, `StewardUserButton`, `StewardTenantPicker`, `WalletOverview`, `PolicyControls`, `ApprovalQueue`, `SpendDashboard`, `TransactionHistory`.

---

## Packages

| Package | Version | Description |

|---|---|---|

| [`@stwd/sdk`](https://www.npmjs.com/package/@stwd/sdk) | ![npm](https://img.shields.io/npm/v/@stwd/sdk) | TypeScript client for browser + Node. Zero deps. |

| [`@stwd/react`](https://www.npmjs.com/package/@stwd/react) | ![npm](https://img.shields.io/npm/v/@stwd/react) | Drop-in React components: login, wallet, policies, approvals. |

| [`@stwd/eliza-plugin`](https://www.npmjs.com/package/@stwd/eliza-plugin) | ![npm](https://img.shields.io/npm/v/@stwd/eliza-plugin) | ElizaOS integration: sign, transfer, balance, approval evaluator. |

| `@stwd/api` | — | Hono REST API. 30+ endpoints, multi-tenant, dual auth. |

| `@stwd/vault` | — | Wallet + secret encryption. AES-256-GCM, EVM + Solana. |

| `@stwd/policy-engine` | — | Composable policy evaluation. 6 rule types, 1000+ lines of tests. |

| `@stwd/proxy` | — | API proxy with credential injection, alias system, audit trail. |

| `@stwd/auth` | — | Passkeys (WebAuthn), email magic links, SIWE, OAuth. |

| `@stwd/webhooks` | — | HMAC-signed event delivery with retries. |

| `@stwd/db` | — | Drizzle ORM schema, migrations, PGLite adapter. |

| `@stwd/shared` | — | Types, chain metadata, constants. |

---

## Self-Hosting

Steward runs anywhere. Two options:

**Docker (recommended for production):**

```bash

git clone https://github.com/Steward-Fi/steward.git && cd steward

cp .env.example .env

# Set STEWARD_MASTER_PASSWORD, POSTGRES_PASSWORD, STEWARD_PLATFORM_KEYS,

# STEWARD_SESSION_SECRET, and STEWARD_JWT_SECRET in .env

docker compose up -d

curl http://127.0.0.1:3200/ready

```

This starts the API (`:3200`), proxy (`:8080`), Postgres, and Redis. API migrations run automatically on startup unless `SKIP_MIGRATIONS` is set.

**Embedded mode (no third-party dependencies):**

```bash

bun run start:local

```

Uses PGLite (in-process Postgres via WASM). Data persists to `~/.steward/data/`. Good for local development, CLI agents, and desktop apps.

**Required env vars:**

| Variable | Description |

|---|---|

| `STEWARD_MASTER_PASSWORD` | Derives all vault encryption keys. **No recovery if lost.** |

| `DATABASE_URL` | Postgres connection string (not needed in embedded mode) |

| `STEWARD_SESSION_SECRET` | JWT signing secret (defaults to master password) |

| `REDIS_URL` | Redis for rate limiting + token store (optional) |

| `RESEND_API_KEY` | For email magic link auth (optional) |

| `PASSKEY_RP_ID` | WebAuthn relying party domain (optional) |

| `GOOGLE_CLIENT_ID` / `GOOGLE_CLIENT_SECRET` | Google OAuth (optional) |

| `DISCORD_CLIENT_ID` / `DISCORD_CLIENT_SECRET` | Discord OAuth (optional) |

Full list in [`.env.example`](.env.example). See [Deployment Guide](docs/deployment.md) for production setup.

---

## Features

- [x] **Vault**: AES-256-GCM encrypted wallets, EVM (7 chains) + Solana

- [x] **Policy Engine**: 6 composable types (spending-limit, approved-addresses, rate-limit, time-window, auto-approve-threshold, allowed-chains)

- [x] **Auth**: Passkeys (WebAuthn), email magic links, SIWE, Google OAuth, Discord OAuth

- [x] **JWT Sessions**: Access + refresh token rotation, revoke single/all sessions

- [x] **Cross-Tenant Identity**: One user, one wallet, multiple apps

- [x] **Multi-Tenant API**: Full tenant isolation at middleware + DB level

- [x] **Proxy Gateway**: Credential injection, alias system, spend tracking, audit trail

- [x] **React Components**: Login widget, wallet overview, policy controls, approval queue

- [x] **TypeScript SDK**: Typed client, browser + Node, all wallet/policy/auth ops

- [x] **ElizaOS Plugin**: Sign, transfer, balance, approval evaluator

- [x] **Embedded Mode**: PGLite, zero third-party dependencies, same API surface

- [x] **Docker**: Multi-stage Dockerfile, docker-compose with Postgres + Redis

- [x] **Webhooks**: HMAC-signed events (tx.signed, tx.pending, policy.violation, etc.)

- [x] **Per-Tenant CORS**: Configurable allowed origins per tenant

---

## What Steward Offers

- **Open Source** — MIT licensed, full source available.

- **Self-Hostable** — Docker, embedded PGLite, or hosted.

- **Full Auth Surface** — Passkey / email / SIWE / OAuth.

- **Policy Enforcement at the Vault Layer** — 6 composable rule types evaluated before any signature is produced; compromised app code cannot bypass.

- **Agent-Native** — Built from day one for autonomous operation: approval queues, audit log, kill-switch.

- **Credential Proxy** — Inject keys for any third-party API; agents never see raw secrets.

---

## Supported Chains

Ethereum · Base · Polygon · Arbitrum · BSC · Base Sepolia · BSC Testnet · Solana

---

## Building With

[ElizaOS](https://elizaos.ai) · [Milady](https://milady.gg) · [Babylon](https://babylon.market) · [Hyperscape](https://hyperscape.ai) · [Strata Reserve](https://stratareserve.co)

---

## Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, coding standards, and PR guidelines.

## Links

- **Website:** [steward.fi](https://steward.fi)

- **Docs:** [docs.steward.fi](https://docs.steward.fi)

- **API:** [api.steward.fi](https://api.steward.fi)

- **npm:** [@stwd/sdk](https://www.npmjs.com/package/@stwd/sdk) · [@stwd/react](https://www.npmjs.com/package/@stwd/react) · [@stwd/eliza-plugin](https://www.npmjs.com/package/@stwd/eliza-plugin)

## License

[MIT](LICENSE)