Local Wallet Standard
An open, neutral standard for secure local wallet storage and agent access. One vault, one interface, every chain. Agents sign transactions without ever touching private keys. LWS exists to give every AI agent a wallet it can trust—and every user a wallet they control.
const result = await lws.signAndSend({ walletId: "agent-treasury", chainId: "eip155:8453", // Base transaction: { to: "0x4B08...4D2dB", value: "10000000000000000", // 0.01 ETH } }); // Policy engine evaluates -> Simulation runs -> Key signs in enclave // => { transactionHash: "0xabc...", status: "confirmed" }
Every CLI, agent, and script that touches a blockchain implements its own wallet management from scratch. Foundry stores keys one way. Hardhat expects environment variables. Your trading bot has its own keystore. Your AI agent can't access wallets created by your deployment tool. The result: N tools × M chains = N×M integration problems, and keys scattered across dotfiles, env vars, and proprietary formats with no shared security model.
dawn-cli ──── own keystore ──── EVM foundry ──── cast wallet ──── EVM hardhat ──── .env vars ──── EVM solana-cli ── own keystore ──── Solana agent-x ──── cloud API ──── EVM + Solana your-bot ──── custom JSON ──── ??? 6 tools. 6 key formats. 6 security models. None of them talk to each other.
dawn-cli ─────┐
foundry ─────┤
hardhat ─────┤
solana-cli ───┼──── LWS ──── All chains
agent-x ─────┤
your-bot ─────┘
Any tool. One vault. One security model.
A wallet created by one tool works in every other.
Five principles that make LWS different from every wallet SDK, cloud API, and ad-hoc keystore that came before it.
Private keys are encrypted at rest and decrypted only inside an isolated signing process. They are never exposed to agent prompts, LLM contexts, or parent processes.
CAIP-2 chain identifiers and CAIP-10 account identifiers. EVM, Solana, Tron, Cosmos, Bitcoin—all first-class citizens. No chain is special.
Every agent transaction passes through a policy engine before key material is touched. Policies are attached to API keys, scoping what each agent can do. The owner bypasses policies entirely—sudo access to all wallets.
CLI tools, MCP servers, REST APIs, and library imports all use the same abstract interface. A wallet created by one tool is usable by any other.
Permissionlessly extensible. New chains, policy types, and storage backends are added via plugins, not core spec changes. CC0 licensed. No vendor lock-in.
Agents talk to the Access Layer. The Access Layer enforces policies, delegates signing to an isolated enclave, and never exposes key material upstream.
Agent / CLI / App Signing Flow
(Claude, dawn-cli, custom)
│ 1. Agent calls lws.sign()
│ LWS Interface 2. Policy engine evaluates
▼ 3. Enclave decrypts key
┌─────────────────────┐ 4. Transaction signed
│ Access Layer │ 5. Key wiped from memory
│ MCP │ REST │ SDK │ 6. Signature returned
│ │ │ │ 7. Submit via RPC (optional)
│ ┌───┴──────┴──────┐ │
│ │ Policy Engine │ │ The agent NEVER sees
│ │ (pre-signing) │ │ the private key.
│ └────────┬────────┘ │
│ ┌────────▼────────┐ │ Chain plugins handle
│ │ Signing Enclave │ │ serialization, signing,
│ │ (isolated proc) │ │ broadcasting, and
│ └────────┬────────┘ │ simulation per-chain.
│ ┌────────▼────────┐ │
│ │ Wallet Vault │ │
│ │ ~/.lws/wallets/ │ │
│ └─────────────────┘ │
└─────────────────────┘
Agent calls lws_sign via MCP, REST, or SDK with a chain ID and transaction object.
Spending limits, allowlists, chain restrictions, and simulation requirements are evaluated before any key is touched.
Key is decrypted in the isolated enclave, transaction signed, key wiped from memory. Signed transaction returned to caller.
If RPC URLs are configured, the signed transaction is broadcast on-chain and the transaction hash is returned.
Private keys are decrypted only inside an isolated subprocess. Agents, LLMs, and parent processes never see raw key material. Following the Privy/Turnkey enclave model—locally.
CAIP-2 chain identifiers work for every chain. EVM, Solana, Cosmos, Bitcoin, Tron—and any future chain via the plugin system. Same interface, same vault, same policies.
No cloud accounts, no API keys, no network dependency. Everything runs on your machine. Wallets are encrypted with scrypt + AES-256-GCM and stored at ~/.lws/.
MCP server for AI agents (Claude, GPT, LangChain). REST API on localhost for scripts. Library SDK for embedding. All three share one implementation.
Every signing operation is logged to an append-only audit trail. Policy evaluations, simulation results, transaction hashes—all recorded in ~/.lws/logs/audit.jsonl.
Built on open standards: Keystore v3, BIP-39/44, CAIP-2/10, MCP. Import from MetaMask, export to any wallet. CC0 licensed—use it, fork it, extend it.
Install the CLI, create a wallet, create an API key with policies, and start signing. Works with any agent that supports MCP.
# Install npm install -g @lws/cli # Create a wallet lws wallet create --name "agent-treasury" --chain evm # => Created wallet 3198bc9c-... with account eip155:8453:0xab16... # Create a policy and an API key scoped to the wallet lws policy create --file safe-agent-policy.json lws key create --name "claude-agent" --wallet agent-treasury --policy safe-agent # => lws_key_a1b2c3d4e5f6... (shown once, store securely) # Start the MCP server (agents connect here) lws serve --mcp # Or start the REST API lws serve --rest --port 8402 # Sign a transaction directly lws tx sign --wallet agent-treasury \ --chain eip155:8453 \ --to 0x4B0897b0513fdC7C541B6d9D7E929C4e5364D2dB \ --value 0.01
{
"mcpServers": {
"lws": {
"command": "lws",
"args": ["serve", "--mcp"]
}
}
}
Eight sub-specifications, each covering a distinct concern. Add a new chain without touching the signing interface. Change the policy engine without touching storage.
Encrypted keystore format, vault directory structure, filesystem permissions, and audit logging.
CAIP-2 chain IDs, CAIP-10 account IDs, asset identification, and method invocation routing.
The core sign, signAndSend, signMessage, and simulate operations with error handling.
Spending limits, allowlists, denylists, simulation requirements, time restrictions, and custom rules.
Process-level isolation, enclave protocol, passphrase handling, threat model, and defense in depth.
MCP server tools, REST API endpoints, library SDK, and authentication for agent access.
Chain plugin interface, HD derivation, first-party plugins for EVM/Solana/Cosmos/Bitcoin/Tron.
Creation, import, export, backup, recovery, key rotation, and wallet discovery.
Existing solutions are cloud-first. LWS is local-first with an upgrade path to TEEs.
| Feature | LWS | Privy | Turnkey | Coinbase CDP | Lit Protocol |
|---|---|---|---|---|---|
| Local-first | Yes | No (cloud) | No (cloud) | No (cloud) | No (network) |
| Key isolation | OS process | TEE + SSS | AWS Nitro | TEE | DKG threshold |
| Multi-chain | Plugin system | Tiered support | Curve primitives | EVM + Solana | ECDSA chains |
| Policy engine | Pre-signing | Pre-signing | API-level | Session caps | On-chain |
| Agent interface | MCP + REST | REST + SDK | REST | AgentKit | Vincent SDK |
| Open standard | CC0 | Proprietary | Proprietary | Partial (x402) | Open source |
| Network required | No* | Yes | Yes | Yes | Yes |
* Network required only for transaction broadcasting and balance queries, not for signing.
LWS synthesizes ideas from the best wallet infrastructure in the industry.
Spec structure, scheme/network/transport separation, contribution templates
Policy engine design, key sharding concepts, CAIP-2 chain identifiers
ActionProvider/WalletProvider pattern, MCP tool exposure
Proven encrypted storage format since 2015
Chain-agnostic identifiers for chains, accounts, and methods
Session keys, programmable validation, paymaster sponsorship
TEE-based signing, sub-100ms latency targets
lock/unlock/import/export interface patterns
Feature-based capability registration
Dual-key model, on-chain policy enforcement
Decentralized key management, IPFS-published policies
Session authorization model, relay architecture
Read the spec. Build an implementation. Join the standard.