feat: add WaaP wallet provider with 2PC split-custody key management

[lebraat]

Description

Added WaaP (Wallet as a Protocol) as a new EVM wallet provider for AgentKit, alongside the existing cdp, privy, viem, and zeroDev providers.

WaaP is a non-custodial wallet infrastructure that uses two-party computation (2PC) for key management — the private key is split between the user and a secure enclave, so neither party ever holds the complete key. This gives AgentKit developers a wallet provider option with split-custody security and human-in-the-loop transaction approval via Telegram or email.

What's included:

• waapWalletProvider.ts — Full EvmWalletProvider implementation that delegates signing operations to the @human.tech/waap-cli binary
• Unit tests (waapWalletProvider.test.ts) — 613 lines covering all provider methods
• Integration tests (waapWalletProvider.integration.test.ts) — end-to-end tests against testnet
• LangChain example chatbot (langchain-waap-chatbot)
• Vercel AI SDK example chatbot (vercel-ai-sdk-waap-chatbot)
• README updates documenting the new provider
• WaaP logo asset (assets/wallets/waap.svg)

How it works:

The provider wraps the waap-cli binary, which handles all cryptographic operations server-side via 2PC. Read-only blockchain queries go through a standard viem PublicClient. The provider implements the full EvmWalletProvider interface:

• getAddress() / getBalance() / getNetwork()
• signMessage() / signTypedData() / sign()
• signTransaction() / sendTransaction()
• nativeTransfer()
• readContract() / waitForTransactionReceipt()
• exportWallet() for session persistence

Setup:

npm install -g @human.tech/waap-cli
waap-cli signup  # or waap-cli login

Then configure the provider:

import { WaapWalletProvider } from "@coinbase/agentkit";

const provider = WaapWalletProvider.configureWithWallet({
  chainId: "84532", // Base Sepolia
  email: "agent@example.com",
  password: process.env.WAAP_PASSWORD,
});

Key differentiators vs existing providers:

• Split custody: 2PC key splitting — no single entity holds the full key
• Human-in-the-loop: Configurable Telegram/email approval for high-value transactions
• Multi-chain: All EVM chains supported (not limited to Base)
• Agent isolation: Unique agent wallets via email notation (me+agent1@example.com)

More info: docs.waap.xyz | human.tech

Tests

End-to-end testing against Base Sepolia using waap-cli directly (the same binary the wallet provider wraps):

Network: Base Sepolia (chain ID: 84532)
Wallet: 0x7b34298D3Ed49aB848393EA35236908eDd1108Fa

--- Account creation (waap-cli signup) ---

📝 Creating account for daniel+evm-agentkit-test@holonym.id ...
  ✅ Account created. Fetching JWT + user key ...
🔑 Initializing new keyshare (Keygen Round 1) ...
🔑 Completing keyshare (Keygen Round 2) ...
  ✅ Keyshare successfully generated and registered
  ✅ Session saved to ~/.waap-cli/session.json
🎉 Account created and logged in!
EvmWalletAddress: 0x7b34298D3Ed49aB848393EA35236908eDd1108Fa

--- Address retrieval (waap-cli whoami) ---

EvmWalletAddress: 0x7b34298D3Ed49aB848393EA35236908eDd1108Fa
SuiWalletAddress: 0x06c8fa82a853fcee38e65bf334235358018f43e69614e91f6c2295cded09c838

--- Message signing (waap-cli sign-message) ---

Prompt: waap-cli sign-message --message "hello agentkit"

🖋️  Signing message …
   Digest: 0x03a56aa321691b769f3f0aa6d306adaaade1db0c2379a1332a426502d6bb7013
  📡 Contacting policy engine ...
  🛡️  Policy engine decision: Done
  🔏 Completing signature ...
  ✅ Signature verified
✅ Signed message Successfully!
Signature: 0x1f0bbd2882bbcbfd0bc480ca9c197e7ae895cdbd0476ca98f658bace92bc331b128a9e9d21235e562c8dc83fab2eb48b90e95a8cde3b84afc52c5780951286aa1b

--- Transaction sending (waap-cli send-tx) ---

Prompt: waap-cli send-tx --to 0x000000000000000000000000000000000000dEaD --value 0.00005 --chain-id 84532

📋 Transaction details:
   From:    0x7b34298D3Ed49aB848393EA35236908eDd1108Fa
   To:      0x000000000000000000000000000000000000dEaD
   Value:   0.00005 ETH  ChainId: 84532
   Nonce: 0  Gas: 21000
🖋️  Signing (0xc72f101a7453b38e…)
  📡 Contacting policy engine ...
  🛡️  Policy engine decision: Done
  🔏 Completing signature ...
  ✅ Signature verified
📡 Broadcasting ...
✅ Transaction submitted: 0xd2358899fb129d88a982458bea47b05b2075c7940942bfcb859d84177ebb2258

Verified on Base Sepolia explorer:
https://sepolia.basescan.org/tx/0xd2358899fb129d88a982458bea47b05b2075c7940942bfcb859d84177ebb2258

Unit tests: 613 lines covering all wallet provider methods including edge cases for CLI output parsing, error handling, and transaction building.

Integration tests: End-to-end tests against Base Sepolia covering login, address retrieval, message signing, typed data signing, and transaction sending.

Checklist

• Added documentation to all relevant README.md files
• Added a changelog entry

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 0 Sum 1