Auth + wallet infrastructure for autonomous agents. Open source. Self-hostable. Policy-enforced at the signing layer.
AI agents need wallet keys, API keys, database credentials. Today these live as plaintext environment variables, one prompt injection away from exfiltration. No spending controls, no audit trail, no kill switch.
Auth platforms like Privy were built for consumer apps, not agents. They're closed source, can't be self-hosted, charge per-transaction fees, and have no concept of policy enforcement or autonomous operation.
Steward sits between agents and everything they access. Four pillars:
- Vault — AES-256-GCM encrypted keys. EVM (7 chains) + Solana. Keys never exist in plaintext outside a signing operation.
- Policy Engine — 6 composable rule types evaluated before every action. Spending limits, rate limits, address whitelists, time windows, auto-approve thresholds.
- Auth — Passkeys, email magic links, SIWE, Google/Discord OAuth. JWT sessions with refresh token rotation.
- Proxy Gateway — Credential injection for any third-party API. Agents never see raw keys. Full audit trail.
Agent / App Steward External
┌─────────────┐ ┌──────────────────────┐ ┌──────────────────┐
│ STEWARD_URL │───>│ Auth (JWT/passkey) │ │ Chains (EVM/Sol) │
│ STEWARD_JWT │ │ Policy Engine │───>│ OpenAI/Anthropic │
│ │ │ Wallet Vault │ │ Any API │
│ No API keys │ │ Secret Vault │ └──────────────────┘
│ No priv keys│ │ Proxy Gateway │
└─────────────┘ │ Audit Log │
└──────────────────────┘
npm install @stwd/sdkimport { StewardClient } from "@stwd/sdk";
const steward = new StewardClient({
baseUrl: "https://api.steward.fi",
apiKey: "stw_your_tenant_key",
tenantId: "my-app",
});
// Create an agent with EVM + Solana wallets
const agent = await steward.createWallet("trading-bot", "Trading Bot");
console.log(agent.walletAddresses); // { evm: "0x...", solana: "..." }
// Sign a transaction (policy-enforced)
const result = await steward.signTransaction("trading-bot", {
to: "0xRecipient",
value: "10000000000000000", // 0.01 ETH
chainId: 8453, // Base
});See the full Quickstart Guide for auth setup, policies, and self-hosting.
Drop-in React components for login and wallet management:
npm install @stwd/react @stwd/sdkimport { StewardProvider, StewardLogin, StewardAuthGuard } from "@stwd/react";
import "@stwd/react/styles.css";
function App() {
return (
<StewardProvider
client={stewardClient}
auth={{ baseUrl: "https://api.steward.fi" }}
>
<StewardAuthGuard fallback={<StewardLogin methods={["passkey", "email", "google"]} />}>
<Dashboard />
</StewardAuthGuard>
</StewardProvider>
);
}Components: StewardLogin, StewardAuthGuard, StewardUserButton, StewardTenantPicker, WalletOverview, PolicyControls, ApprovalQueue, SpendDashboard, TransactionHistory.
| Package | Version | Description |
|---|---|---|
@stwd/sdk |
|
TypeScript client for browser + Node. Zero deps. |
@stwd/react |
 |
Drop-in React components: login, wallet, policies, approvals. |
@stwd/eliza-plugin |
 |
ElizaOS integration: sign, transfer, balance, approval evaluator. |
@stwd/api |
— | Hono REST API. 30+ endpoints, multi-tenant, dual auth. |
@stwd/vault |
— | Wallet + secret encryption. AES-256-GCM, EVM + Solana. |
@stwd/policy-engine |
— | Composable policy evaluation. 6 rule types, 1000+ lines of tests. |
@stwd/proxy |
— | API proxy with credential injection, alias system, audit trail. |
@stwd/auth |
— | Passkeys (WebAuthn), email magic links, SIWE, OAuth. |
@stwd/webhooks |
— | HMAC-signed event delivery with retries. |
@stwd/db |
— | Drizzle ORM schema, migrations, PGLite adapter. |
@stwd/shared |
— | Types, chain metadata, constants. |
Steward runs anywhere. Two options:
Docker (recommended for production):
git clone https://github.com/Steward-Fi/steward.git && cd steward
cp .env.example .env
# Set STEWARD_MASTER_PASSWORD and POSTGRES_PASSWORD in .env
docker compose up -dThis starts the API (:3200), proxy (:8080), Postgres, and Redis.
Embedded mode (no third-party dependencies):
bun run start:localUses PGLite (in-process Postgres via WASM). Data persists to ~/.steward/data/. Good for local development, CLI agents, and desktop apps.
Required env vars:
| Variable | Description |
|---|---|
STEWARD_MASTER_PASSWORD |
Derives all vault encryption keys. No recovery if lost. |
DATABASE_URL |
Postgres connection string (not needed in embedded mode) |
STEWARD_SESSION_SECRET |
JWT signing secret (defaults to master password) |
REDIS_URL |
Redis for rate limiting + token store (optional) |
RESEND_API_KEY |
For email magic link auth (optional) |
PASSKEY_RP_ID |
WebAuthn relying party domain (optional) |
GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET |
Google OAuth (optional) |
DISCORD_CLIENT_ID / DISCORD_CLIENT_SECRET |
Discord OAuth (optional) |
Full list in .env.example. See Deployment Guide for production setup.
- Vault: AES-256-GCM encrypted wallets, EVM (7 chains) + Solana
- Policy Engine: 6 composable types (spending-limit, approved-addresses, rate-limit, time-window, auto-approve-threshold, allowed-chains)
- Auth: Passkeys (WebAuthn), email magic links, SIWE, Google OAuth, Discord OAuth
- JWT Sessions: Access + refresh token rotation, revoke single/all sessions
- Cross-Tenant Identity: One user, one wallet, multiple apps
- Multi-Tenant API: Full tenant isolation at middleware + DB level
- Proxy Gateway: Credential injection, alias system, spend tracking, audit trail
- React Components: Login widget, wallet overview, policy controls, approval queue
- TypeScript SDK: Typed client, browser + Node, all wallet/policy/auth ops
- ElizaOS Plugin: Sign, transfer, balance, approval evaluator
- Embedded Mode: PGLite, zero third-party dependencies, same API surface
- Docker: Multi-stage Dockerfile, docker-compose with Postgres + Redis
- Webhooks: HMAC-signed events (tx.signed, tx.pending, policy.violation, etc.)
- Per-Tenant CORS: Configurable allowed origins per tenant
| Steward | Privy (Stripe) | Vincent (Lit) | Turnkey | Crossmint | AgentKit (Coinbase) | |
|---|---|---|---|---|---|---|
| Open Source | ✅ MIT | ❌ | ✅ | ❌ | ❌ | ✅ |
| Self-Hostable | ✅ | ❌ | ❌ (needs Lit network) | ❌ | ❌ | ✅ |
| Auth | ✅ Passkey/email/SIWE/OAuth | ✅ All methods | ❌ | ❌ | ❌ | ❌ |
| Policy Enforcement | ✅ 6 types, vault-level | Partial (app-layer) | ✅ On-chain | ❌ | ✅ | ❌ |
| Agent-Native | ✅ | Bolted on | ✅ | Partial | ✅ | ✅ |
| Credential Proxy | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
Steward is the only platform that checks all six boxes. The proxy gateway (credential injection for any API, not just wallets) is unique.
Ethereum · Base · Polygon · Arbitrum · BSC · Base Sepolia · BSC Testnet · Solana
ElizaOS · Milady · Babylon · Hyperscape · Strata Reserve
See CONTRIBUTING.md for development setup, coding standards, and PR guidelines.
- Website: steward.fi
- Docs: docs.steward.fi
- API: api.steward.fi
- npm: @stwd/sdk · @stwd/react · @stwd/eliza-plugin