Open source · TypeScript · Multi-chain

Your AI agent,
on a leash you designed.

Envoy is a multi-chain runtime for AI-native blockchain agents: typed adapters, MCP tools, on-chain session keys, ERC-4626 vaults, Tezos staking and swaps, and Solana liquid staking under one interface.

Install in 2 minutes View on GitLab

The problem

AI agents can drain your wallet at 3am.

AI agents are fast, tireless, and they make mistakes you won't catch until it's too late. Give an agent access to your keys and it will use them — correctly, then incorrectly, then catastrophically.

⚠ Without Envoy

[03:47:16] Agent: initiating transfer 50,000 XTZ → tz1unknown...
[03:47:17] Transfer confirmed. Task complete ✓

$ you wake up. your wallet is empty. the agent was "helping".

✓ With Envoy: blocked — exceeds daily limit · recipient not whitelisted

"A policy layer that sits between agent intent and chain execution."

Features

From guarded transfers to agent-native DeFi flows.

⛓

Multi-chain, one interface

Tezos, Etherlink, Solana, EVM. One adapter surface for balances, sends, signing, policy checks, and protocol-specific operations.

🧰

Typed MCP server

Expose Envoy to Claude and other MCP clients with structured tools for balances, transfers, signing, session keys, staking, swaps, and vault operations.

🔐

On-chain session keys

Scoped session keys for EVM and Tezos let agents operate with contract allowlists, spend limits, entrypoint restrictions, and explicit revocation paths.

🏦

Vaults, staking, swaps

ERC-4626 deposit, withdraw, redeem, preview, and max queries. Etherlink Morpho vault support. Tezos delegation and QuipuSwap. Solana Marinade and Jito flows.

🛡

Policy and audit

YAML-defined limits, allowlists, rate limits, and rejection reasons. Every approved or blocked action can be traced back to the rule that fired.

⚡

TypeScript-first shipping

ESM-native workspace packages, runnable examples, GitLab Pages output, and an MCP package you can start directly or embed in a larger agent stack.

Tezosstable

Etherlinkstable

Solanastable

EVMstable

Quickstart

Start with the SDK. Add the MCP surface when you need tools.

# Install npm install @envoy/core @envoy/tezos @envoy/mcp-server # policy.yaml kind: transfer limits: daily_max_xtz: 500 allowlist: - tz1alice... - tz1bob... # agent.ts import { TezosAdapter } from '@envoy/tezos' import { PolicyEngine } from '@envoy/core' const agent = new PolicyEngine({ adapter: new TezosAdapter({ rpc: 'https://rpc.tezos.example' }), policy: './policy.yaml' }) await agent.transfer({ to: 'tz1alice...', amount: 100 }) // ✓ allowed await agent.transfer({ to: 'tz1unknown', amount: 50000 }) // ✗ blocked # optional: expose tools to an MCP client npx @envoy/mcp-server

Envoy SDK — Complete Reference

Overview

Envoy is an open-source TypeScript runtime for multi-chain AI agents. It solves the gap between agent autonomy and operator control while exposing a broader execution surface than simple transfers: typed MCP tools, session keys, vaults, staking, swaps, and chain-specific signing flows.

Envoy sits between agent intent and chain execution. Calls can be routed through a policy engine, an MCP server, or direct adapters. Allowed actions are forwarded to the relevant chain or protocol adapter; blocked actions are logged and returned as typed errors.

Unified adapter interface across Tezos, Etherlink, Solana, and EVM chains
Typed MCP tool surface for transfers, signing, staking, swaps, vaults, and liquid staking
On-chain session keys for EVM and Tezos with scoped permissions and revocation
YAML-defined policies, structured errors, and audit logging
TypeScript-first, ESM-native, tree-shakeable packages
License: MIT — source at https://gitlab.com/MBourgoin/envoy

Installation

Install core plus the adapter or MCP package for your target workflow:

npm install @envoy/core @envoy/tezos
npm install @envoy/core @envoy/solana
npm install @envoy/core @envoy/evm
npm install @envoy/core @envoy/etherlink
npm install @envoy/mcp-server

All packages require Node.js 22+ and are ESM-native. Import with import { ... } from '@envoy/core' or start the MCP server with npx @envoy/mcp-server.

Package Reference

@envoy/core: Core library. Exports shared types, errors, policy primitives, liquid-staking interfaces, and session-token/session-key support types.
@envoy/tezos: Tezos L1 adapter. Supports XTZ and token flows, delegation management, reward estimation, QuipuSwap v2 operations, and Tezos session-key enforcement. Status: stable.
@envoy/etherlink: Etherlink adapter. Supports standard EVM-style operations plus Morpho and ERC-4626 vault-style flows on Etherlink. Status: stable.
@envoy/solana: Solana adapter. Supports SOL and SPL transfers, sign-and-broadcast, Jupiter-aware rules, and liquid staking adapters for Marinade and Jito. Status: stable.
@envoy/evm: Generic EVM adapter. Supports transfers, typed data signing, ERC-1271 verification, smart accounts, session keys, and generic ERC-4626 vault support. Status: stable.
@envoy/mcp-server: MCP server exposing the Envoy surface as typed tools for balances, transfers, signing, session keys, Tezos staking, Solana liquid staking, and generic vault operations.

Recent Capabilities

ERC-4626 vault tooling with deposit, withdraw, redeem, preview, and max view operations, including per-request key wrapping in the MCP layer
Etherlink Morpho vault support with slippage-aware withdraw handling
Tezos native staking tools for setting, withdrawing, and querying delegates, plus APY estimation
QuipuSwap v2 support for Tezos token swap flows
Solana liquid staking tools for Marinade and Jito, including delayed unstake and position queries
EVM and Tezos session keys exposed through the MCP server with structured audit logging

Policy YAML Schema

Create a policy.yaml file and pass its path to PolicyEngine. All fields are optional unless marked required.

# policy.yaml — full schema

kind: transfer          # required — identifies this as a transfer policy
version: "1"            # optional schema version

limits:
  daily_max_xtz: 500      # max XTZ transferable per 24h rolling window
  per_tx_max_xtz: 100     # max XTZ per single transaction
  daily_max_sol: 10       # max SOL per 24h (Solana adapter)
  per_tx_max_sol: 2       # max SOL per transaction
  daily_max_usd: 1000     # USD-equivalent cap (requires price oracle)

allowlist:              # optional — if present, only these recipients are allowed
  - tz1alice...         # Tezos addresses (tz1, tz2, tz3, KT1)
  - tz1bob...
  - 0xAbcd...           # EVM / Etherlink addresses
  - So1ana...           # Solana base58 pubkey

denylist:               # optional — these recipients are always blocked
  - tz1hacker...

rate_limit:
  max_tx_per_hour: 10   # max transactions per 60-minute rolling window
  max_tx_per_day: 50

time_window:            # optional — restrict to specific hours (UTC)
  allowed_hours:
    start: 8            # 08:00 UTC
    end: 22             # 22:00 UTC
  allowed_days:
    - monday
    - tuesday
    - wednesday
    - thursday
    - friday

require_confirmation: false   # if true, every tx requires out-of-band approval
audit_log: true               # default true — log all decisions to audit trail

API Reference

PolicyEngine

import { PolicyEngine } from '@envoy/core'
import { TezosAdapter } from '@envoy/tezos'

const engine = new PolicyEngine({
  adapter: new TezosAdapter({ rpc: 'https://rpc.tezos.example' }),
  policy: './policy.yaml',           // path to YAML file, or inline object
  auditLog: true,                    // default true
})

engine.transfer(params)

Execute a transfer. Throws PolicyViolationError if blocked by policy.

await engine.transfer({
  to: 'tz1alice...',    // recipient address
  amount: 100,          // amount in chain-native unit (XTZ, SOL, etc.)
  token: 'XTZ',         // optional — default is native token
  memo: 'payment',      // optional
})

engine.check(params)

Dry-run policy check without executing the transaction. Returns { allowed: boolean, reasons: string[] }.

const result = await engine.check({
  to: 'tz1unknown...',
  amount: 50000,
})
// result.allowed === false
// result.reasons === ['exceeds daily_max_xtz (500)', 'recipient not in allowlist']

engine.getAuditLog()

Returns the audit log as an array of decision records.

const log = engine.getAuditLog()
// [{ timestamp, action: 'transfer', allowed: false, reasons: [...], params: {...} }, ...]

TezosAdapter

import { TezosAdapter } from '@envoy/tezos'

const adapter = new TezosAdapter({
  rpc: 'https://mainnet.api.tez.ie',   // Tezos RPC node URL
  signer: mySigner,                     // optional — Taquito InMemorySigner or similar
  network: 'mainnet',                   // 'mainnet' | 'ghostnet' | custom
})

SolanaAdapter

import { SolanaAdapter } from '@envoy/solana'

const adapter = new SolanaAdapter({
  rpc: 'https://api.mainnet-beta.solana.com',
  keypair: myKeypair,                   // @solana/web3.js Keypair
})

EvmAdapter

import { EvmAdapter } from '@envoy/evm'

const adapter = new EvmAdapter({
  rpc: 'https://mainnet.infura.io/v3/YOUR_KEY',
  privateKey: '0x...',                  // or use a Signer
  chainId: 1,                           // 1=Ethereum, 137=Polygon, etc.
})

PolicyViolationError

try {
  await engine.transfer({ to: 'tz1bad...', amount: 99999 })
} catch (err) {
  if (err instanceof PolicyViolationError) {
    console.log(err.reasons)  // string[] — why it was blocked
    console.log(err.action)   // 'transfer'
    console.log(err.params)   // original params
  }
}

Examples

Example 1: Balance check (read-only, no policy needed)

import { TezosAdapter } from '@envoy/tezos'
const adapter = new TezosAdapter({ rpc: 'https://mainnet.api.tez.ie' })
const balance = await adapter.getBalance('tz1alice...')
console.log(balance) // XTZ in mutez

Example 2: Policy-controlled transfer

import { PolicyEngine } from '@envoy/core'
import { TezosAdapter } from '@envoy/tezos'

const engine = new PolicyEngine({
  adapter: new TezosAdapter({ rpc: 'https://mainnet.api.tez.ie', signer }),
  policy: { limits: { daily_max_xtz: 500 }, allowlist: ['tz1alice...'] },
})

await engine.transfer({ to: 'tz1alice...', amount: 100 })   // OK
await engine.transfer({ to: 'tz1unknown...', amount: 100 }) // throws PolicyViolationError

Example 3: Solana SOL transfer with rate limiting

import { PolicyEngine } from '@envoy/core'
import { SolanaAdapter } from '@envoy/solana'
import { Keypair } from '@solana/web3.js'

const engine = new PolicyEngine({
  adapter: new SolanaAdapter({ rpc: 'https://api.mainnet-beta.solana.com', keypair }),
  policy: { limits: { per_tx_max_sol: 1 }, rate_limit: { max_tx_per_hour: 5 } },
})

await engine.transfer({ to: 'So1ana...', amount: 0.5 })  // OK

Supported Chains

Chain	Package	Status	Native token	Notes
Tezos	@envoy/tezos	stable	XTZ	FA1.2 and FA2 tokens supported
Etherlink	@envoy/etherlink	stable	XTZ (via EVM)	Tezos EVM L2
Solana	@envoy/solana	stable	SOL	SPL token support
EVM (generic)	@envoy/evm	stable	ETH/MATIC/etc.	Ethereum, Polygon, Arbitrum, Base, etc.

Your AI agent,on a leash you designed.

Your AI agent,
on a leash you designed.