Skip to main content
WalletSuite Logo
DAO labs · treasury ops

Governed agent wallets for DAO treasury ops

Agent-driven treasury moves with an exportable JSONL audit trail. MPC by default; self-hosted OWS available for teams that require keys on their own servers.

Book 20 minRead the security model
Labs agent · .mcp.json
read + prepare + sign, OWS agent
{
  "mcpServers": {
    "walletsuite": {
      "command": "walletsuite-mcp",
      "env": {
        "WALLETSUITE_API_KEY": "$WALLETSUITE_API_KEY",
        "MCP_BANDS": "read,prepare,sign",
        "OWS_ENABLED": "true",
        "OWS_AUTH_MODE": "agent",
        "OWS_AGENT_TOKEN": "$LABS_AGENT_TOKEN"
      }
    }
  }
}
§ 01Problem

Forum-first governance, self-custody non-negotiable

Labs entities adjacent to DAOs run internal tooling for treasury operations, SubDAO automation, and validator ops. Governance cultures are forum-first: every automated move is retrospectively reviewable by a DAO, often by outside parties. Self-custody is a hard requirement — no third party can hold keys, and no third party can retain transaction metadata.

Most agent-wallet infrastructure fails one of those constraints. Hosted services retain metadata on the vendor side. Shared policy engines log to a vendor SIEM. Neither shape fits a labs entity that needs to defend every automated move on a public forum weeks later.

Band filtering scopes agent capability at the tool-visibility layer. Policy gates enforce declarative rules — chain allowlist, expiry, per-agent scope. The audit trail lands at ~/.walletsuite/audit-trail.jsonl: hash-chained, append-only, single-writer, local to the host. No third-party collector receives a byte. The JSONL is directly exportable for DAO forum posts, SIEM ingestion, or external governance review.

§ 02Pattern

MPC or OWS, scoped agent tokens

Two non-custodial paths. In MPC mode, signing is split between WalletSuite’s co-signing service and your owner share — both signatures are required for any transaction, and you operate no signing infrastructure. In OWS mode, the entire vault runs on your servers: the owner (a labs engineer or ops lead) bootstraps it interactively, keys stay AES-256-GCM encrypted at rest, and they decrypt in-memory only during a signing call. Either way, you generate scoped agent tokens bound to specific wallets and policies — each agent process runs with its own token, its own band cap, and its own policy set.

Invariant
WalletSuite never holds unilateral signing power. In MPC mode, both signatures are required — we hold one share, you hold the other. In OWS mode, we hold no shares; the vault and passphrase stay with the labs team. The audit trail is a governance artifact produced by design, not bolted on.
§ 03What this unblocks

Four properties that drop out of the pattern.

  1. 01
    Two-layer pattern: MCP upstream where the curator agent reasons over model output and governance state; deterministic execution after the multisig co-signs.
  2. 02
    Every agent-initiated action is signed, policy-evaluated, and traceable to a specific agent token.
  3. 03
    The audit trail is directly exportable to a DAO forum post as JSONL — no transformation, no vendor-side extraction.
  4. 04
    Non-custodial by architecture — pick MPC for hosted signing, self-hosted OWS for keys on your servers.
Design partner program

Now reviewing a limited number of design partners.

Book 20 minOr email us
See all use cases