Seashail

Security Model

Threat model, policy enforcement, encrypted keys, and concurrency guarantees.

Threat Model

Seashail assumes the agent process may be malicious or compromised. The binary is the security boundary:

  • The agent can request reads and propose writes.
  • Seashail enforces a policy engine on every write.
  • Key material is encrypted at rest and decrypted only for signing.

Key Storage

  • Generated wallets use Shamir Secret Sharing (2-of-3).
  • Imported wallets are encrypted at rest using AES-256-GCM with a passphrase-derived key.

Policy Engine

Every write is gated by:

  • per-tx USD caps
  • daily USD caps (UTC)
  • slippage caps (swaps)
  • recipient allowlisting (sends)
  • contract allowlisting (swaps)
  • operation toggles
  • tiered approvals via MCP elicitation

Concurrency / Multi-Agent

MCP is stdio-based, so multiple clients will spawn multiple seashail mcp processes. To avoid split-brain state, seashail mcp proxies to a singleton local daemon that owns the keystore.

Guarantees:

  • The daemon holds an exclusive filesystem lock at data_dir/seashail-daemon.lock so only one process owns keys/state.
  • All connected clients share the same in-memory passphrase session.
  • All state mutations are serialized inside the daemon for correctness.

Scam Blocklist

Optional signed scam-address blocklist (Phase 2+).

MCP Tools

Tool inventory (implemented surfaces only) and where to find detailed reference docs.

On this page

Threat ModelKey StoragePolicy EngineConcurrency / Multi-Agent