Documentation Index

Fetch the complete documentation index at: https://docs.steward.fi/llms.txt

Use this file to discover all available pages before exploring further.

​

Architecture

Steward is the single chokepoint between an AI agent and the outside world. Every API call, every transaction, every secret access flows through Steward, gets policy-checked, gets logged, gets metered.

​

Three Pillars

​

High-Level Flow

​

Request Flow: API Proxy

When an agent makes an API call (e.g., to OpenAI):

​

Request Flow: Wallet Signing

When an agent needs to sign a transaction:

​

Deployment Modes

Steward currently supports two database modes:

• Hosted/PostgreSQL mode — API and proxy processes connect to PostgreSQL using DATABASE_URL. This is what Docker Compose and production-style deployments use.
• Embedded/PGLite mode — bun run start:local runs the API against PGLite, persisted at ~/.steward/data unless STEWARD_PGLITE_MEMORY=true is set. This is intended for local development, desktop sidecars, and tests.

​

Deployment Topology

​

Multi-Tenant Isolation

Steward is multi-tenant by design:

• Tenants are isolated at the database level — each tenant’s agents, secrets, and policies are scoped
• Agents authenticate with JWTs scoped to their tenant and agent ID
• Secrets are encrypted with per-tenant encryption keys (key hierarchy: master → tenant → secret)
• Policies are evaluated per-agent within their tenant context

​

Tech Stack