Self-Hosted RPC for Claude: Why Your MCP Agent Needs Private Blockchain Access
One Line in claude_desktop_config.json. Your Claude Agent Now Has a Wallet.
MCP developers building with Claude know the frustration: your agent can reason, plan, and execute — but the moment a task requires sending tokens, checking a DeFi position, or paying for an API call onchain, you hit a wall. WAIaaS is an MCP server that solves this in a single config entry, giving Claude 45 onchain tools without writing a single line of wallet code.
Why This Matters for MCP Developers
Claude's Model Context Protocol is powerful precisely because it lets you extend the model's capabilities through tools. You can give Claude access to databases, APIs, file systems — anything. But blockchain actions have always been the awkward exception. Signing transactions requires private keys. Private keys require secure storage. Secure storage requires a policy engine so your agent doesn't drain its wallet on a bad decision. That's weeks of infrastructure work before you've written a single agent prompt.
The stakes are real. An AI agent with unrestricted wallet access is a security liability. An AI agent with no wallet access can't participate in the onchain economy that's increasingly where AI-to-AI commerce happens — through micropayments, prediction markets, lending protocols, and automated trading. MCP developers need a middle path: easy to connect, safe to run.
What WAIaaS Actually Is
WAIaaS is a self-hosted Wallet-as-a-Service — an open-source daemon you run locally or on your own server. It exposes a REST API with 39 route modules and, crucially for MCP developers, a full MCP server package (@waiaas/mcp) with 45 tools covering every onchain action Claude might need.
The daemon handles everything you don't want to write yourself:
- Secure key storage with three auth layers: master password (Argon2id), owner signature (SIWS/SIWE), and per-session JWT tokens
- A 7-stage transaction pipeline that validates, checks policy, waits for conditions, executes, and confirms
- 21 policy types across 4 security tiers (INSTANT, NOTIFY, DELAY, APPROVAL) so you control exactly what your agent can do autonomously
- 15 DeFi protocol integrations including Jupiter, Aave v3, Hyperliquid, Lido, Jito, Polymarket, and more
- Support for 18 networks across EVM and Solana
You run it. Your keys never leave your infrastructure.
The One-Line Setup (It's Actually a JSON Block, But You Know What We Mean)
After you've started the WAIaaS daemon (more on that below), connecting Claude Desktop takes one addition to your config file:
{
"mcpServers": {
"waiaas": {
"command": "npx",
"args": ["-y", "@waiaas/mcp"],
"env": {
"WAIAAS_BASE_URL": "http://127.0.0.1:3100",
"WAIAAS_SESSION_TOKEN": "wai_sess_<your-token>",
"WAIAAS_DATA_DIR": "~/.waiaas"
}
}
}
}
That's ~/Library/Application Support/Claude/claude_desktop_config.json on macOS. Restart Claude Desktop and your agent has a wallet. No SDK to integrate, no signing logic to implement, no key management to build.
The MCP server uses stdio transport and registers all 45 tools automatically. Claude can discover them, reason about which one to use, and call them — exactly like any other MCP tool.
What Claude Can Do After Setup
Here's what the 45 MCP tools actually cover. These aren't abstract capabilities — these are things you can ask Claude to do in plain English the moment setup is complete:
Wallet & Balance
get-balance— check native token balanceget-assets— list all token balancesget-address— retrieve wallet addressget-wallet-info— full wallet metadataget-nonce— current transaction nonce
Transactions
send-token— transfer native tokens or ERC-20/SPL tokenssend-batch— batch multiple transfers in one transactiontransfer-nft— move ERC-721, ERC-1155, or Solana NFTssimulate-transaction— dry-run before executionget-transaction/list-transactions— history and statussign-transaction/sign-message— arbitrary signing
DeFi
action-provider— route to any of the 15 integrated DeFi protocolsget-defi-positions— aggregate positions across lending, staking, and liquidityget-health-factor— Aave v3 liquidation risk monitoringapprove-token— manage token approvalshyperliquid— perpetual futures and spot tradingpolymarket— prediction market positions
Account Abstraction
build-userop— construct ERC-4337 UserOperationssign-userop— sign for bundler submission
NFTs
list-nfts— enumerate NFT holdingsget-nft-metadata— fetch metadata with caching
x402 Payments
x402-fetch— make HTTP requests that automatically handle 402 Payment Required responses
WalletConnect
wc-connect/wc-disconnect/wc-status— connect to dApps for human-in-the-loop approval flows
The practical result looks like this in Claude Desktop:
User: "Check my wallet balance"
→ Claude calls get_balance tool → returns balance
User: "Swap 0.1 SOL for USDC on Jupiter"
→ Claude calls execute_action tool with jupiter-swap provider
User: "Show my DeFi positions across all protocols"
→ Claude calls get_defi_positions tool → returns lending/staking positions
Multi-Wallet MCP: One Agent Per Purpose
A pattern that works well for MCP developers is running separate MCP server instances for separate concerns. WAIaaS supports this cleanly — you configure multiple entries in your Claude Desktop config, each pointing to a different wallet with different policies:
{
"mcpServers": {
"waiaas-trading": {
"command": "npx",
"args": ["-y", "@waiaas/mcp"],
"env": {
"WAIAAS_BASE_URL": "http://127.0.0.1:3100",
"WAIAAS_AGENT_ID": "019c47d6-51ef-7f43-a76b-d50e875d95f4",
"WAIAAS_AGENT_NAME": "trading-agent",
"WAIAAS_DATA_DIR": "~/.waiaas"
}
},
"waiaas-solana": {
"command": "npx",
"args": ["-y", "@waiaas/mcp"],
"env": {
"WAIAAS_BASE_URL": "http://127.0.0.1:3100",
"WAIAAS_AGENT_ID": "019c4cd2-86e8-758f-a61e-9c560307c788",
"WAIAAS_AGENT_NAME": "solana-wallet",
"WAIAAS_DATA_DIR": "~/.waiaas"
}
}
}
}
Your trading agent might have a SPENDING_LIMIT policy capped at $100 instant execution, while your Solana wallet has a tighter ALLOWED_TOKENS whitelist. Both share the same daemon. Claude sees them as separate tool namespaces.
The Policy Layer: Why This Is Safe to Actually Run
Giving an AI agent a wallet without guardrails is how you lose funds. WAIaaS's policy engine is the reason this setup is practical rather than just a demo.
The default-deny model means transactions are blocked unless you explicitly allow them. If you haven't configured an ALLOWED_TOKENS policy, token transfers fail. If you haven't configured a CONTRACT_WHITELIST, contract calls fail. This is intentional.
When you're ready to grant capabilities, you add them precisely:
curl -X POST http://127.0.0.1:3100/v1/policies \
-H "Content-Type: application/json" \
-H "X-Master-Password: my-secret-password" \
-d '{
"walletId": "<wallet-uuid>",
"type": "SPENDING_LIMIT",
"rules": {
"instant_max_usd": 100,
"notify_max_usd": 500,
"delay_max_usd": 2000,
"delay_seconds": 900,
"daily_limit_usd": 5000
}
}'
This single policy means: transactions under $100 execute immediately, $100–$500 execute with a notification to you, $500–$2000 go into a 15-minute queue you can cancel, and anything above $2000 requires your explicit approval via WalletConnect or Telegram.
Your Claude agent can be fully autonomous within the bounds you set, and human-in-the-loop for anything that matters. That's the right default for production agent workflows.
Quick Start: From Zero to Claude with a Wallet
Here's the fastest path from nothing to a working MCP agent:
Step 1: Install the CLI and initialize
npm install -g @waiaas/cli
waiaas init
waiaas start
Step 2: Create wallets and sessions in one command
waiaas quickset --mode mainnet
quickset creates wallets across chains and generates the MCP session tokens you need. It prints the exact JSON block to paste into your Claude Desktop config.
Step 3: Auto-register with Claude Desktop
waiaas mcp setup --all
This writes the MCP server config directly to your Claude Desktop config file. Restart Claude Desktop.
Step 4: Verify with a balance check
Ask Claude: "What's my wallet balance?" — if the get-balance tool returns a result, you're connected.
Step 5: Set policies before funding
Before sending real funds to the wallet, configure at minimum a SPENDING_LIMIT and ALLOWED_TOKENS policy using the API examples above. The admin web UI at http://127.0.0.1:3100/admin provides a visual policy editor if you prefer not to use curl.
If You Want to Go Deeper: The REST API and SDK
The MCP interface is the fastest path to Claude integration, but WAIaaS also exposes a full REST API (39 route modules) and TypeScript/Python SDKs for programmatic access. If you're building agent workflows in code rather than through Claude Desktop, the TypeScript SDK is zero-dependency and mirrors the MCP tool set:
import { WAIaaSClient } from '@waiaas/sdk';
const client = new WAIaaSClient({
baseUrl: 'http://127.0.0.1:3100',
sessionToken: process.env.WAIAAS_SESSION_TOKEN,
});
const balance = await client.getBalance();
console.log(`${balance.balance} ${balance.symbol}`);
const tx = await client.sendToken({
to: 'recipient-address...',
amount: '0.1',
});
console.log(`Transaction: ${tx.id}`);
The interactive API reference lives at http://127.0.0.1:3100/reference once your daemon is running — it's an auto-generated OpenAPI 3.0 interface that lets you test every endpoint directly.
What's Next
If you're running multiple agents or want to understand how to structure policies for different risk profiles, the WAIaaS documentation covers the full set of 21 policy types and how to combine them for common agent use cases. The GitHub repository includes a full 15-package monorepo with 683+ test files — it's worth reading the policy engine code directly if you want to understand the security model before putting real funds on the table.
The self-hosted model means your agent's wallet infrastructure stays under your control. No third-party custodian, no API rate limits on someone else's RPC, no vendor lock-in. You run the daemon, you hold the keys.
Get started: Star the repo and follow the quickstart at github.com/minhoyoo-iotrust/WAIaaS, or read the full documentation at waiaas.ai.