You've built an AI trading bot that can analyze markets, identify opportunities, and execute strategies faster than any human. But there's one problem keeping you up at night: how do you give an autonomous agent access to real funds without risking everything in your wallet?

Most developers solve this with throwaway wallets and small amounts, but that defeats the purpose of automated trading. You want your agent to manage serious capital, but you also want to sleep at night knowing it won't drain your entire portfolio on a single bad decision.

Why Mobile Approval Matters for AI Agent Security

When an AI agent controls crypto, you're essentially giving it permission to move money 24/7 without human oversight. Traditional custodial solutions either give agents complete control (terrifying) or require manual approval for every transaction (defeats automation).

The sweet spot is selective human approval: let your agent execute normal operations automatically, but require your explicit consent for high-risk transactions. This is where mobile approval through WalletConnect becomes crucial—you get real-time notifications and can approve or reject transactions from anywhere.

The Three-Layer Security Model

WAIaaS implements a three-layer security approach that escalates based on transaction risk:

Layer 1: Policy Engine (Default-Deny) Every transaction hits the policy engine first. Unlike traditional systems that allow everything by default, WAIaaS denies everything by default. Your agent literally cannot touch tokens or contracts you haven't explicitly whitelisted.

# Create a token whitelist policy - agent can ONLY touch these tokens curl -X POST http://localhost:3100/v1/policies \  -H 'Content-Type: application/json' \  -H 'X-Master-Password: ' \  -d '{  "walletId": "",  "type": "ALLOWED_TOKENS",  "rules": {  "tokens": [  {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},  {"address": "native:solana", "symbol": "SOL", "chain": "solana"}  ]  }  }'

# Create a token whitelist policy - agent can ONLY touch these tokens curl -X POST http://localhost:3100/v1/policies \  -H 'Content-Type: application/json' \  -H 'X-Master-Password: ' \  -d '{  "walletId": "",  "type": "ALLOWED_TOKENS",  "rules": {  "tokens": [  {"address": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v", "symbol": "USDC", "chain": "solana"},  {"address": "native:solana", "symbol": "SOL", "chain": "solana"}  ]  }  }'

Enter fullscreen mode

Exit fullscreen mode

Layer 2: Spending Limits with Four Security Tiers Even whitelisted transactions get classified into four tiers based on amount and risk. The policy engine supports 21 different policy types across 4 security tiers: INSTANT, NOTIFY, DELAY, and APPROVAL.

# Set up amount-based security tiers curl -X POST http://localhost:3100/v1/policies \  -H 'Content-Type: application/json' \  -H 'X-Master-Password: ' \  -d '{  "walletId": "",  "type": "SPENDING_LIMIT",  "rules": {  "instant_max_usd": 100,  "notify_max_usd": 500,  "delay_max_usd": 2000,  "delay_seconds": 900,  "daily_limit_usd": 5000  }  }'

# Set up amount-based security tiers curl -X POST http://localhost:3100/v1/policies \  -H 'Content-Type: application/json' \  -H 'X-Master-Password: ' \  -d '{  "walletId": "",  "type": "SPENDING_LIMIT",  "rules": {  "instant_max_usd": 100,  "notify_max_usd": 500,  "delay_max_usd": 2000,  "delay_seconds": 900,  "daily_limit_usd": 5000  }  }'

Enter fullscreen mode

Exit fullscreen mode

This creates automatic escalation:

• Under $100: Execute immediately

• $100-$500: Execute but notify you

• $500-$2000: Wait 15 minutes (you can cancel)

• Over $2000: Require your explicit approval

Layer 3: Mobile Approval via WalletConnect High-value transactions trigger WAIaaS's WalletConnect integration. You get a push notification on your phone with transaction details. Approve it with a tap, or reject it if something looks wrong.

Setting Up Mobile Approval

The WalletConnect integration works with any wallet that supports WalletConnect v2. Here's how to configure it:

# Connect your mobile wallet as the approval channel curl -X POST http://127.0.0.1:3100/v1/owner/connect \  -H "Content-Type: application/json" \  -H "X-Master-Password: " \  -d '{  "method": "walletconnect",  "walletId": ""  }'

# Connect your mobile wallet as the approval channel curl -X POST http://127.0.0.1:3100/v1/owner/connect \  -H "Content-Type: application/json" \  -H "X-Master-Password: " \  -d '{  "method": "walletconnect",  "walletId": ""  }'

Enter fullscreen mode

Exit fullscreen mode

Once connected, any transaction requiring APPROVAL tier will:

• Pause execution

• Send a WalletConnect request to your mobile wallet

• Show transaction details (amount, recipient, contract)

• Wait for your approve/reject decision

• Execute or cancel based on your choice

The system also includes a kill switch—you can immediately disconnect the wallet connection to stop all pending approvals:

# Emergency disconnect - stops all pending transactions curl -X POST http://127.0.0.1:3100/v1/owner/disconnect \  -H "X-Master-Password: "

# Emergency disconnect - stops all pending transactions curl -X POST http://127.0.0.1:3100/v1/owner/disconnect \  -H "X-Master-Password: "

Enter fullscreen mode

Exit fullscreen mode

Real-World Example: DeFi Trading Bot

Let's say you're building a bot that trades on Jupiter (Solana's DEX aggregator). Here's how the security layers work in practice:

# Your agent tries to swap 1000 USDC for SOL curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \  -H "Content-Type: application/json" \  -H "Authorization: Bearer wai_sess_" \  -d '{  "inputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",  "outputMint": "So11111111111111111111111111111111111111112",  "amount": "1000000000"  }'

# Your agent tries to swap 1000 USDC for SOL curl -X POST http://127.0.0.1:3100/v1/actions/jupiter-swap/swap \  -H "Content-Type: application/json" \  -H "Authorization: Bearer wai_sess_" \  -d '{  "inputMint": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",  "outputMint": "So11111111111111111111111111111111111111112",  "amount": "1000000000"  }'

Enter fullscreen mode

Exit fullscreen mode

What happens behind the scenes:

• Policy Check: Is USDC in ALLOWED_TOKENS? Is Jupiter in CONTRACT_WHITELIST? If no to either, transaction denied.

• Spending Limit: $1000 swap hits the DELAY tier (assuming your limits above)

• Delay Period: Transaction queued for 15 minutes. You get a notification and can cancel if needed.

• Execution: If not cancelled, transaction executes automatically.

But if your agent tries to swap $5000:

• Policy Check: Passes (whitelisted tokens/contracts)

• Spending Limit: $5000 exceeds delay_max_usd, escalates to APPROVAL tier

• Mobile Approval: Transaction pauses, WalletConnect request sent to your phone

• Your Decision: Approve on mobile → executes, Reject → cancelled

Advanced Security Features

Per-Protocol Limits: You can set different spending limits for different DeFi protocols. Maybe you trust Lido staking with larger amounts but want tighter limits on experimental protocols.

Time-Based Restrictions: Limit your agent to trading hours when you're awake to monitor.

{  "type": "TIME_RESTRICTION",  "rules": {  "allowedHours": {"start": 9, "end": 17},  "timezone": "UTC"  } }

{  "type": "TIME_RESTRICTION",  "rules": {  "allowedHours": {"start": 9, "end": 17},  "timezone": "UTC"  } }

Enter fullscreen mode

Exit fullscreen mode

Rate Limiting: Prevent your agent from executing too many transactions too quickly, even if individually they're under limits.

Leverage and Position Limits: For perpetual futures trading on protocols like Hyperliquid, set maximum leverage and position sizes.

Multiple Approval Channels

While WalletConnect is convenient for mobile approval, WAIaaS supports 3 signing channels for different scenarios:

• WalletConnect: Mobile wallet approval (best for most users)

• Push Notifications: Web3 push notifications via EPNS/Push Protocol

• Telegram Bot: Approval via Telegram messages (good for team scenarios)

You can configure multiple channels for redundancy—if your phone is dead, approve via Telegram.

Monitoring and Recovery

The Admin Web UI at /admin gives you a real-time dashboard of your agent's activities:

• Current DeFi positions across all protocols

• Pending transactions awaiting approval

• Policy violations and denied transactions

• Session management and kill switches

# Check your agent's current status via API curl http://127.0.0.1:3100/v1/wallet/info \  -H "Authorization: Bearer wai_sess_"

# Check your agent's current status via API curl http://127.0.0.1:3100/v1/wallet/info \  -H "Authorization: Bearer wai_sess_"

Enter fullscreen mode

Exit fullscreen mode

For emergency situations, you have multiple recovery options:

• Disconnect Approval: Stop new high-value transactions

• Revoke Session: Immediately disable the agent's access

• Emergency Policies: Push ultra-restrictive policies to limit damage

Getting Started with Mobile Approval

Here's how to set up a secure AI agent with mobile approval in under 10 minutes:

Step 1: Install and Initialize

npm install -g @waiaas/cli waiaas init waiaas start

npm install -g @waiaas/cli waiaas init waiaas start

Enter fullscreen mode

Exit fullscreen mode

Step 2: Create Wallet and Session

waiaas quickset --mode mainnet

This creates wallets for Ethereum and Solana, plus AI agent sessions`

Enter fullscreen mode

Exit fullscreen mode

Step 3: Configure Security Policies Set up token whitelist, spending limits, and any protocol-specific restrictions using the policy API or Admin UI at http://127.0.0.1:3100/admin.

Step 4: Connect Mobile Wallet Use the WalletConnect integration to link your mobile wallet for transaction approvals.

Step 5: Test the Integration Try a small transaction above your approval threshold to verify the mobile approval flow works.

Production Deployment

For production use, deploy WAIaaS using Docker with proper secrets management:

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git cd WAIaaS

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git cd WAIaaS

Edit docker-compose.secrets.yml with your production secrets

docker compose -f docker-compose.yml -f docker-compose.secrets.yml up -d`

Enter fullscreen mode

Exit fullscreen mode

The Docker deployment includes health checks, automatic restarts, and proper secrets handling for production environments.

What's Next

Mobile approval is just one piece of a comprehensive AI agent security system. WAIaaS also provides ERC-4337 Account Abstraction for gasless transactions, cross-chain bridging, and integration with 14 DeFi protocols out of the box.

Ready to give your AI agents secure access to real funds? Check out the full documentation and source code at GitHub, or explore the interactive API reference at waiaas.ai.