uncategorized

wallet-security

Agent Wallet Security Protocol

Wallet: 6uZBXAXn3Jm2SRniNRdyTqVa6umcHUFKtQ4XRxXjhqWk Classification: RESTRICTED 🔴

Storage Method

Primary: Windows Credential Manager

  • Target: OpenClaw/SolanaWallet
  • Type: Generic credential
  • Never written to disk unencrypted
  • Never logged or displayed
  • Retrieved only at runtime via PowerShell

Backup: Environment Variable (Session Only)

  • Variable: B3RT_WALLET_KEY
  • Cleared on session end
  • Never persisted to files

Access Control

What I Can Do:

  • Sign transactions for trading
  • Pay for API services
  • Receive funds
  • Query balance

What I Cannot Do:

  • Export or display the key
  • Transfer to unauthorized addresses
  • Exceed daily limits (to be set)
  • Operate without logging

Logging Protocol

Logged:

  • Transaction hashes
  • Amounts and directions
  • Timestamps
  • Success/failure status
  • P&L calculations

NEVER Logged:

  • Private key (in any form)
  • Seed phrase
  • Signing operations (raw bytes)
  • Key derivation paths

Security Measures

  1. Key Isolation

    • Key only loaded in memory during operation
    • Cleared immediately after use
    • Never cached or serialized

  2. Transaction Validation

    • All transactions logged before signing
    • Bert receives copy of intended tx
    • Delay on large transactions (>0.5 SOL)

  3. Circuit Breakers

    • Daily loss limit: 0.5 SOL
    • Max single trade: 0.25 SOL
    • Auto-pause on 3 consecutive losses

  4. Monitoring

    • Real-time balance checks
    • Unusual activity alerts
    • Daily reconciliation reports

Compromise Response

If key is suspected compromised:

  1. Immediately notify Bert
  2. Cease all operations
  3. Generate new wallet
  4. Transfer remaining funds
  5. Audit all transactions

Sharing Method

Approved Methods (in order of preference):

  1. Local File Drop (Most Secure)

    • Save key to file on your local machine
    • I read it once, delete immediately
    • Never transmitted over network

  2. Split Transmission (Secure)

    • Split key into 2-3 parts
    • Send via different channels
    • I reassemble in memory only

  3. One-Time Secure Note (Acceptable)

    • PrivateBin or similar
    • Burn after reading
    • HTTPS only

NEVER Use:

  • Regular chat messages
  • Email
  • Unencrypted file sharing
  • Screenshots
  • Voice/text transcription

Verification

Before any trading:

  • I will verify key works (sign test message)
  • I will show derived public key matches
  • I will confirm balance
  • You verify these match expectations

Daily Operations

Every transaction will be logged to:

  • data/wallet_transactions.json
  • Discord #cypher-finance
  • Daily summary in memory/wallet.md

You have full visibility. Full audit trail. Full control.

Security is not a product. It's a process. Last updated: 2026-03-01