{"id":"minhoyoo-iotrust-waiaas","name":"WAIaaS","homepage":"https://waiaas.ai","repo_url":"https://github.com/minhoyoo-iotrust/WAIaaS","category":"infrastructure","subcategories":[],"tags":["ai-agent","blockchain","wallet","defi","mcp","local-daemon","policy-engine","solana","evm","self-custody"],"what_it_does":"WAIaaS is a self-hosted wallet-as-a-service daemon that sits between AI agents and blockchains (Solana + EVM) to perform on-chain transactions with a policy engine and multiple authentication roles, exposing interfaces including a REST API, TypeScript/Python SDKs, an MCP server, and CLI/Admin UI.","use_cases":["Enable AI agents to execute on-chain token transfers and contract calls from a local, self-hosted service","Apply spending limits, token/contract allowlists, and value-based transaction tiers (INSTANT/NOTIFY/DELAY/APPROVAL)","Support agent integrations via MCP (for MCP-capable agents) or via REST/skills/SDKs (for others)","Run wallet operations across Solana and EVM in a unified policy-controlled workflow","Manage agent session tokens and notifications from an admin UI"],"not_for":["Production custody without careful security hardening and operational controls","Use cases requiring hosted/non-self-managed custody or fully managed key management by a third party","Environments where agents must not be able to initiate any transaction flow (even gated)","Teams that need a formally specified OpenAPI contract, published SLAs, and verifiable idempotency guarantees"],"best_when":"You want local, self-hosted agent-to-blockchain transaction capability with policy gating and explicit owner oversight for higher-value actions.","avoid_when":"You cannot ensure secure operation of the daemon (host security, secrets handling, network exposure controls) or you rely on undocumented/unknown API behaviors for critical automation.","alternatives":["Direct wallet signing libraries (ethers/viem/web3js, Solana web3.js) with agent-side policy enforcement","Managed wallet custody APIs (e.g., institution-grade custodians) with agent authorization and approval workflows","MPC-based wallet services or threshold-signing solutions","Other agent tool frameworks that integrate signing via standard connectors without a dedicated wallet daemon"],"af_score":60.2,"security_score":57.2,"reliability_score":21.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:34:27.078319+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript","Python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["masterAuth","ownerAuth","sessionAuth"],"oauth":false,"scopes":false,"notes":"README describes a 3-tier authentication model (daemon operator, fund owner, and AI agent session). It does not specify OAuth or fine-grained OAuth scopes; it appears to use local tokens/roles and JWT/session lifetimes managed via Admin UI/daemon config."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted; pricing not indicated."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.2,"security_score":57.2,"reliability_score":21.2,"mcp_server_quality":70.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":55.0,"tls_enforcement":60.0,"auth_strength":80.0,"scope_granularity":45.0,"dependency_hygiene":35.0,"secret_handling":55.0,"security_notes":"Security model emphasizes defense-in-depth (Kill Switch, AutoStop, audit logging, multi-role auth, approval tiers). However, from the provided README alone there is no verifiable detail about TLS requirements, cryptographic key storage practices, dependency vulnerability status, or structured error/security guarantees. Rate limit settings exist in the admin UI, but the clarity of enforcement and error semantics is not evidenced.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":10.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Value-based policy tiers depend on USD price oracles; behavior may vary with oracle availability/latency and price movements.","Autonomous/auto-provision flows generate and store a recovery key; ensure it is protected and not accidentally exposed to the agent runtime.","Because it is a local daemon, agent connectivity and network exposure (127.0.0.1 vs LAN) can materially affect security and reliability.","Idempotency guarantees for transaction submission are not documented in the provided README."]}}