0xkey
Docs

Chapter 01

Agentic Wallet Infrastructure from First Principles

0xkey begins with a simple observation: wallets are becoming programmable actors. The infrastructure that controls them must be verifiable, policy-native, and usable by both humans and machines.

Abstract

Crypto wallets started as human tools: a person held a seed phrase, opened a wallet UI, reviewed a transaction, and signed. That model remains important, but it no longer describes the whole system. Modern applications coordinate users, servers, bots, and AI agents. Some of these actors need to sign frequently, some need delegated authority, and all of them need guardrails that can be audited after the fact.

0xkey is verifiable agentic wallet infrastructure. It provides the primitives for creating wallets, authenticating actors, evaluating policies, parsing transaction intent, and producing signatures in a trusted execution environment. The goal is not to replace every wallet or every smart account. The goal is to provide a safe control plane for cryptographic authority that applications can compose with their own product surfaces.

Meet actors where they are

Humans use passkeys, OAuth, OTP, and embedded wallet experiences. Machines use API keys and scoped credentials. Both should enter the same policy system.

Control curves, not chains

Signing systems should start from curves and signature schemes, then layer chain-specific convenience on top.

Move authorization into the TCB

The system must protect key usage, not only key storage. Authentication, policy evaluation, parsing, and signing belong inside the trusted boundary.

Design for delegation

Agents should not receive omnipotent keys. They should receive bounded capabilities with explicit policy, audit, and revocation semantics.

The agentic shift

The next wave of crypto applications will be operated by a mix of humans and software. An AI treasury agent may rebalance positions. A payments system may initiate recurring payouts. A game server may mint and trade assets on behalf of users. A business may need a human approval threshold before an automated wallet can move funds.

These workflows are not well served by seed phrases, static API keys, or a single hosted signer. They require a model where an actor can be authenticated, scoped, constrained, observed, and revoked. The wallet becomes a programmable resource, and the signer becomes part of a larger authorization system.

Design thesis

Agentic wallets need the speed of hot signing, the control surface of a policy engine, and the verifiability of hardware-backed execution. Removing any one of those properties either slows the product down or pushes trust into an opaque operator.

Shared cryptographic primitives

A wallet infrastructure platform should not begin with every chain as a bespoke product. Bitcoin, Ethereum, and many Cosmos systems rely on secp256k1. Solana and several newer ecosystems rely on Ed25519. Passkeys use P-256. The useful abstraction is therefore below the transaction and above the raw bytes: curves, signature schemes, key derivation, address derivation, and transaction-aware policy.

0xkey treats curve-level support as the base layer. Chain-specific helpers, transaction construction, parsers, and policy context are built above it so developers can move quickly without waiting for a monolithic custodian to support every workflow.

  • Keys and wallets are resources governed by organization policy rather than isolated accounts.
  • Signing operations are authorized against typed activity intent, not merely against a transport endpoint.
  • Transaction parsers enrich policy decisions with chain-specific metadata when the application needs semantic controls.

Policy-native control

The important question is not only whether a key can sign. It is who is requesting the signature, what the signature will authorize, which resource is affected, whether the request matches policy, and whether additional approval is required. 0xkey models these checks as part of the signing path rather than as an external advisory layer.

Policies can express simple permissions, denial rules, approval thresholds, and transaction-aware constraints. The same model works for a human administrator creating a wallet, a server rotating an API key, or an AI agent attempting a bounded transaction.

allow if:
  actor is an approved trading agent
  and transaction.chain == "ethereum"
  and transaction.to is in approved_contracts
  and transaction.value <= daily_budget_remaining
  and human approval exists when risk_score is high

Verify, then automate

Automation without verifiability asks developers to trust whoever operates the signer. 0xkey instead draws a boundary around the sensitive path and makes that boundary inspectable: the code that verifies stamps, evaluates policy, parses intent, protects key material, and signs outputs is designed to run in hardware-isolated enclaves with attestable measurements.

The untrusted parts of the system still matter. They terminate HTTP, route requests, persist encrypted state, cache read models, and provide product APIs. But they should not be able to forge identity, rewrite policy decisions, roll organization state backward, or use a private key without enclave-produced evidence.

A library, not a cage

0xkey is meant to compose. An application may use embedded wallets directly, pair 0xkey-controlled signers with smart accounts, use policy for offchain approvals before onchain settlement, or isolate agent credentials from user credentials. The platform should not force every developer into a single account model.

This is why the system is organized around activities, credentials, policies, wallets, private keys, parser output, and cryptographic proof. Those building blocks let applications choose their own user experience while keeping sensitive wallet authority inside a verifiable control plane.