agent-wallet

@missionsquad/agent-wallet is a TypeScript SDK and CLI for secure wallet-based signing on TRON and EVM chains.

The package is sign-only:

• create or import wallets
• resolve the active wallet
• sign transactions, messages, and typed data
• optionally use hosted adapters such as Privy

It does not broadcast transactions for you.

Install

npm install @missionsquad/agent-wallet
# or
pnpm add @missionsquad/agent-wallet

Install the CLI globally if needed:

npm install -g @missionsquad/agent-wallet

Quick Start

SDK

import { resolveWallet } from "@missionsquad/agent-wallet";

const wallet = await resolveWallet({ network: "tron:nile" });
const signature = await wallet.signMessage(new TextEncoder().encode("hello"));

resolveWallet automatically uses ~/.agent-wallet unless AGENT_WALLET_DIR is set.

CLI

Create an encrypted wallet:

agent-wallet start

List wallets:

agent-wallet list

Sign a message:

agent-wallet sign msg "MESSAGE" -n tron -p 'StrongPassword123!@#'

Wallet Types

| Wallet Type | Source | Networks | Password Required | Notes | |-------------|--------|----------|-------------------|-------| | local_secure | CLI config | EVM + TRON | Yes | Encrypted on disk; recommended. | | raw_secret | CLI config / env | EVM + TRON | No | Plaintext in config or env; dev only. | | privy | CLI config | EVM + TRON | No | Hosted signing through Privy. |

Public API

import {
  resolveWallet,
  resolveWalletProvider,
  ConfigWalletProvider,
  EnvWalletProvider,
  TenantWalletProvider,
} from "@missionsquad/agent-wallet";

resolveWallet

Returns a ready-to-sign Wallet:

const wallet = await resolveWallet({ network: "eip155:1" });
const signed = await wallet.signTransaction({ to: "0x...", value: 0 });

resolveWalletProvider

Returns either ConfigWalletProvider or EnvWalletProvider based on local config and environment.

TenantWalletProvider

TenantWalletProvider is intended for managed multi-tenant server deployments where each tenant owns one encrypted wallet directory:

import { TenantWalletProvider } from "@missionsquad/agent-wallet";

const provider = new TenantWalletProvider({
  tenantId: "41...",
  walletDir: "/srv/app/data/tenants/41.../agent-wallet",
  masterPassword: "derived-server-side-password",
  network: "tron",
});

const created = await provider.createPrimaryTronWallet();

Design rules:

• one wallet per tenant (primary)
• encrypted local_secure storage
• no runtime_secrets.json required for managed tenant directories

Environment Variables

| Variable | Description | |---|---| | AGENT_WALLET_DIR | Wallet directory (default ~/.agent-wallet) | | AGENT_WALLET_PASSWORD | Password for local_secure wallets | | AGENT_WALLET_PRIVATE_KEY | Env fallback private key | | AGENT_WALLET_MNEMONIC | Env fallback mnemonic | | AGENT_WALLET_MNEMONIC_ACCOUNT_INDEX | Mnemonic derivation index |

Examples

• TRON sign & broadcast
• BSC sign & broadcast
• Switch active wallet
• TRON x402 typed data
• BSC x402 typed data
• Dual-sign typed data from private key
• Privy sign consistency
• Verify TRON Privy typed-data

Documentation

• Getting started
• How to add a Privy wallet

Development

pnpm install
pnpm test
pnpm build

License

MIT