Wallet-as-Signer Architecture

Non-custodial signing authority

One of the foundational principles of PILSO OS is that your wallet is the only signing authority. The agent can think, plan, and propose — but only your wallet can act

1. No private keys ever exposed: LLMs, MCP servers, and PILSO runtime tools never access your keys, directly or indirectly.

2. Transaction signing happens locally: You review and approve every transaction through a trusted UI like MetaMask or your hardware wallet.

3. LLMs are non-custodial co-pilots: Even if an agent makes a mistake, it cannot deploy or move funds without your signature.

This architecture guarantees that no private key ever leaves your custody, and no AI agent, tool, or script can perform a blockchain action without explicit user-side approval.

What “Wallet-as-Signer” means

In PILSO, the agent does not have access to your wallet. Instead, it works alongside it.

Here's the separation:

Component
Role

Agent (LLM)

Understands user intent, constructs tool call sequence

MCP Tools

Prepare transaction payloads or data

Wallet

Signs transactions and messages after final review

Blockchain

Executes signed payloads and updates state

This separation enforces zero custody, zero delegation, and full user control.

Example Flow

1. User prompt → “Transfer 0.5 ETH to Bob”
2. Agent processes request and calls `erc20.transfer`
3. `erc20-mcp` prepares a transaction payload
4. CLI receives unsigned tx and routes it to MetaMask
5. MetaMask prompts the user → sign or reject
6. Signed tx is broadcasted to Ethereum

Throughout this process:

  • The agent builds the logic

  • The wallet holds the power

Why This Model Matters (Especially in AI x Crypto)

Most LLM-agent crypto tools today fall into one of two dangerous patterns:

  1. Custodial wrappers Agents sign using backend-held keys or embedded wallets

  2. Trusted bots Agents are allowed to act via proxy signers or browser injection hacks

Both of these break the trust boundary. In contrast, PILSO ensures that signing always requires human review through the user’s wallet — regardless of what the agent proposes.

Future Expansion

As signing layers evolve, PILSO’s wallet interface layer can be extended to include:

  • Account abstraction wallets

  • ZK signature verification

  • MPC or threshold signer services

  • Institutional custody APIs (Fireblocks, Gnosis, etc.)

The wallet-as-signer model is robust, upgradeable, and central to how agents will operate safely at scale.

PreviousLLM & Role DesignNextNever share your private keys

Last updated