Architecture
AgentaOS has two non-custodial wallet types, each with a different security model.Organization Wallet
Created duringagenta login when you activate your wallet with biometric auth.
| Property | Detail |
|---|---|
| Security | Passkey/WebAuthn with PRF (OPRF) |
| Key derivation | Private key derived from biometric via PRF extension, never stored |
| Standard | EIP-7702 |
| Purpose | Receive payments, settlement, treasury |
| Created by | Human (browser, biometric prompt) |
Agent Sub-accounts
Created viaagenta sub create. Each sub-account is an independent wallet for an AI agent.
| Property | Detail |
|---|---|
| Security | MPC threshold signing (CGGMP24) |
| Key split | 3 shares: signer (agent), server (AgentaOS), user (recovery) |
| Signing | Any 2 of 3 shares sign together. Full key never exists. |
| Purpose | Autonomous spending, API payments, x402 |
| Created by | Human or AI agent via CLI |
Three Signing Paths
| Path | Shares | When |
|---|---|---|
| Signer + Server | Agent share + Server share | Normal autonomous operation |
| User + Server | Recovery share + Server share | Browser manual signing |
| Signer + User | Agent share + Recovery share | Server down or bypass |
Security Guarantees
- Non-custodial: Neither wallet type gives any third party access to funds
- Organization wallet: Key derived from biometric, never stored on disk or server
- Sub-accounts: Key split across 3 parties, never reconstructed
- Server shares: Wiped from memory after every operation
- API keys: Stored as SHA-256 hashes, plaintext exists only on your machine