Addresses review findings:
- Remove insecure automatic encrypted-file credential-store fallback.
now only uses real OS/keyctl-backed stores,
or remains unavailable. Headless users must use explicit
HERMES_KEYSTORE_PASSPHRASE if desired.
- Add shared wallet runtime so tools/CLI/approval use the same configured
providers and persisted policy state.
- Inject keystore-backed secrets into gateway/headless startup too, so
migrated .env stubs don't break messaging deployments.
- Persist wallet policy state (freeze, daily totals, rate-limit timestamps,
cooldown timestamps) across invocations.
- Persist transaction history to disk across invocations.
- Make owner-approved sends execute through the same runtime/policy path and
record policy state after successful approved sends.
- Fix wallet export by allowing explicit CLI export reads of sealed keys via
dedicated requester path () instead of generic CLI reads.
- Make CLI wallet sends evaluate policy before execution and honor freeze.
- Align docs with actual crypto primitive (XSalsa20-Poly1305 via SecretBox)
and current policy-config scope.
Validation:
- 129 tests passing
- freeze persistence verified manually
- wallet export verified manually
New agent-facing tools:
- wallet_address: Get a wallet's deposit address for receiving funds
- wallet_networks: List all supported chains (mainnet + testnet) and
which ones have active wallets
Improvements:
- RPC endpoint overrides from config.yaml (wallet.rpc_endpoints section)
- Better module docstring with full tool inventory
- Toolset updated with all 7 tools
Tested end-to-end with Hermes agent on Solana mainnet:
- Agent correctly discovers and uses all 7 wallet tools
- Policy engine properly gates user wallet sends (require_approval)
- Balance checks, address sharing, network listing all working
