Skip to content
Stendar SDK

Security Model

This SDK executes real financial operations. Treat security as a first-class runtime feature, not an add-on.

Stendar is infrastructure software only and does not provide investment, legal, accounting, tax, brokerage, or custodial services.

Core Guardrails

Section titled “Core Guardrails”
  • Fail-closed policies: policy evaluation errors deny execution.
  • Simulation-first flow: runtime simulates before signing or broadcasting.
  • Wallet boundary: signing is delegated to wallet adapters; runtime does not custody funds.
  • Auditability: AuditLogger writes hash-chained JSONL entries.
  • Bridge safety: bridge paths avoid implicit replay and surface explicit status.
  • No committed secrets: .env, private keys, wallet JSON, bearer tokens, and provider keys must stay outside git.
  • Controlled agent surface: external agents should use MCP control or full mode when they need proposal, approval, and audit semantics.

SDK Audit Logging

Section titled “SDK Audit Logging”

The core SDK AuditLogger can be used by strategy/runtime integrations.

import { AuditLogger } from '@stendar/core';


const audit = new AuditLogger({
  enabled: true,
});


audit.log({
  actor: { type: 'agent', id: 'strategy-engine' },
  action: 'execute_swap',
  resource: 'solana-mainnet',
  outcome: 'success',
  details: { strategy: 'dca-sol' },
});


const verification = await audit.verify();
console.log(verification.valid);

Runtime Policy Behavior

Section titled “Runtime Policy Behavior”
  • Attach PolicyRule[] to DeFiRuntime to enforce spending, rate, protocol, token, slippage, drawdown, exposure, and time-window constraints.
  • Unknown or malformed Policy v2 evaluations must not auto-allow money-affecting execution.
  • Use dry-run and preview flows before live execution.
  • Prefer explicit approvals for high-notional or high-risk actions.
  • Public LangChain and Vercel AI adapters expose direct in-process runtime tools. Use them only from applications that also own policy attachment, approval UX, and audit logging.
  • MCP control and full modes require local-runtime bearer authentication and disable direct runtime execution tools unless explicitly overridden.

Provider And Wallet Boundary

Section titled “Provider And Wallet Boundary”
  • Treat RPC/provider responses as untrusted until validated.
  • Keep wallet private keys and signing credentials out of code, logs, docs, and issue reports.
  • Use environment variables or secret managers for local development credentials.
  • Rotate provider credentials if logs, screenshots, or artifacts accidentally include token-like values.

Threat Model Areas

Section titled “Threat Model Areas”

Key categories covered in the repository threat model:

  • malicious provider/plugin behavior
  • compromised RPC/provider responses
  • agent prompt-injection misuse
  • policy bypass attempts
  • replay or duplicate transaction submission
  • wallet secret leakage
  • package supply-chain compromise

See the repository-level Threat Model for the public SDK-focused model.