OpenWallet (OWS): a local, policy-gated wallet for the agent era
MoonPay's Open Wallet Standard is a local-first, multi-chain wallet with policy-gated signing, a CLI, SDKs, and an MCP server. How it works on Solana, and the honest read.
OpenWallet — the Open Wallet Standard (OWS) — is an open standard (open-sourced by MoonPay in February 2026) for local wallet storage, delegated agent access, and policy-gated signing. The problem it targets is specific and timely: the moment you give an AI agent the ability to transact, you've usually handed it a raw private key. OWS is an attempt to make that safe — and Solana is a first-class chain in it.
One seed, nine chains
A single seed phrase derives accounts across nine chain families — Solana, EVM, Bitcoin, Cosmos, Tron, TON, Spark, Filecoin, and the XRP Ledger. Keys live in ~/.ows/: not a browser extension, not the cloud, not scattered across tool-specific config dirs.
The key-handling model
This is the part worth reading carefully:
- Keys are encrypted at rest with AES-256-GCM.
- They're decrypted only to produce a signature, held in protected memory that can't be swapped to disk, and wiped immediately after.
- A pre-signing policy engine evaluates every transaction before any key is touched — spending limits, contract allowlists, chain restrictions, and time-bound authorizations enforced at the wallet layer.
That policy layer is the real idea. An agent can hold a delegated capability ("spend up to 50 USDC/day to these programs") without ever holding an unbounded key.
How you use it
# install the CLI + standard
curl -fsSL https://openwallet.sh/install.sh | bash
# or via npm — provides the `ows` command
npm install -g @open-wallet-standard/core
ows wallet create
ows address --chain solana # derive the Solana account
ows sign --chain solana --tx <...> # policy engine runs first, then signsBeyond the CLI it ships Node.js and Python SDK bindings and — notably — an MCP server interface, so a Claude- or Cursor-style agent can request a signature through a tool call that the policy engine still gates. (If your Solana agent already speaks x402, OWS is a plausible place for the signing key to live.)
Who's behind it
OWS came out of MoonPay's push to open-source "the wallet layer for the agent economy" (alongside MoonPay Agents). It lists contributions from 15+ organizations spanning the stack — including the Solana Foundation, Ethereum Foundation, PayPal, Circle, OKX, Ripple, Tron, TON Foundation, Base, Polygon, Sui, Dynamic, and Filecoin Foundation. Available today on GitHub, npm, and PyPI.
The honest read
The design is genuinely good — local-first keys, encrypted at rest, policy-gated signing, agent-native bindings — and it addresses a real, currently-ugly problem (agents with naked keys). Two caveats. First, it's a standard plus a reference implementation, and a standard's value is adoption; the contributor list is impressive, but whether wallets and agent frameworks actually converge on ~/.ows is the open question. Second, "local" means the security boundary is your machine — the policy engine protects against a misbehaving agent, not against a compromised host or a user who approves a bad policy. For agent and automation use cases on Solana it's one of the more thoughtful answers to key custody; for a custodial product you'd still reach for an HSM/MPC provider.
References
- openwallet.sh · docs
- open-wallet-standard/core (GitHub) · @open-wallet-standard/core (npm)
- Solana AI agents — the wallet problem this solves
- Embedded wallet showdown — the custodial side of the spectrum
Agents need wallets, and a wallet is just a key plus the rules around it. OWS's bet is that those rules belong in an open, local standard — not locked inside each app.