leashd
DocsFAQCommunityGitHubGet started
DocumentationHow it worksInstallQuickstartMCP integrationSelf-hostHosted vs self-host

leashd docs

You hold the keys. leashd holds the policy. leashd is a non-custodial spend-governance layer for AI agents. The control plane (this dashboard) authors signed policies and stores a tamper-evident audit log. leashd runs on your machine, verifies each policy signature, and gates every payment your agent attempts before it touches a rail.

The control plane never holds your funds and never sees a key: leashd holds your wallet connection locally and your keys never leave your machine. Enforcement happens locally in leashd: it pulls the signed policy, verifies it, and authorises, caps, or denies each spend on the spot. If the control plane is unreachable, leashd keeps enforcing the last verified policy, so your agent is never unleashed by an outage.

How it works

Think of leashd as a bouncer with a rulebook standing between your AI agent and your money. The agent wants to pay, the bouncer checks the rulebook (budget left? recipient allowed? under the limit? kill-switch off?), then lets it through or blocks it, and writes every decision in a logbook. The bouncer (leashd) runs on your machine and holds your wallet connection locally. The rulebook and logbook live in this dashboard.

A concrete run: your research agent wants to pay 50 sat for an API call.

  1. The agent never gets your wallet. It gets a policy-gated pay tool over MCP that points at leashd.
  2. The agent calls pay 50 sat to api.foo.com.
  3. leashd checks your policy locally: allowlisted recipient, under the per-transaction max, daily budget remaining, kill-switch off.
  4. Allowed: leashd tells your own Lightning wallet (over NWC) to pay the invoice. The sats go directly from your wallet to the API. leashd never touches them.
  5. Denied or capped: leashd returns a structured refusal to the agent. No money moves.
  6. Either way, leashd writes a signed event and pushes it to your Audit feed.
  AI agent --pay 50 sat--> leashd (your machine)
                              |  check policy (caps . allowlist . kill-switch)
                              |- allowed -> your wallet (NWC) --> api.foo.com
                              |- capped/denied -> refusal back to agent
                              '- signed audit event --> dashboard feed

That is the whole idea: a prepaid card with a hard limit and an itemised statement for your AI. Even a fully compromised agent, or a breach of leashd itself, cannot move funds, because the keys never leave your machine.

Install

leashd is in early access. Install from source for now; a published one-line install is on the way. The build requires node 22.5 or newer and pnpm.

# install from source (requires node >= 22.5 and pnpm)
git clone https://github.com/brainbytes-dev/leashd
cd leashd && pnpm install

Quickstart

1
Create a workspace and agent

In the dashboard, open Agents and create your first agent. You will get a one-time token shown once. Copy it now; it is the credential leashd uses to authenticate.

LEASH_AGENT_TOKEN=lsh_live_xxxxxxxxxxxxxxxx
2
Set a policy

Open Policies and define caps and an allowlist. A spend over a cap is capped; an endpoint outside the allowlist is denied. The control plane signs the policy and leashd verifies the signature before enforcing it.

{
  "caps": { "perTxnSat": 10000, "dailySat": 100000 },
  "allowlist": ["api.example.com", "*.lightning.dev"]
}
3
Run leashd

Run leashd with your env. It connects out to the control plane, pulls the signed policy, and listens locally as an MCP server.

LEASH_AGENT_TOKEN=lsh_live_xxxxxxxxxxxxxxxx \
LEASH_API_URL=https://leashd.dev \
pnpm --filter @repo/leashd dev
4
Spend is now policy-gated

Every pay call your agent makes routes through leashd, which authorises (allowed), throttles (capped), or blocks (denied) it against the verified policy. Each decision lands in your signed audit feed.

View the Audit feed

MCP integration

Wire leashd into your agent stack. For Claude Code, add it to your .mcp.json:

{
  "mcpServers": {
    "leash": {
      "command": "leashd",
      "args": ["--mcp"],
      "env": {
        "LEASH_AGENT_TOKEN": "lsh_live_xxxxxxxxxxxxxxxx",
        "LEASH_API_URL": "https://leashd.dev"
      }
    }
  }
}

Self-host

Runs entirely on your machine.

leashd is non-custodial by design: enforcement, your wallet connection, and your keys never leave your machine. The control plane that signs policies and stores the audit log can be self-hosted from the open-source repo, or you can use the hosted one at leashd.dev.

The full source, including the control plane, lives on GitHub.

Hosted vs self-host

In both setups, leashd runs locally and is the only thing that holds a wallet connection or moves money. The control plane is never in the money path: it stores signed policy and audit metadata, never a key or a fund. The only difference is who runs that control plane.

Self-hostHosted (leashd.dev)
leashd (enforcement, keys)your machineyour machine
Control plane (policy + audit)your infrawe run it
Custody risk in the cloudnonenone

Why use the hosted control plane

  • No infra to run. You run only leashd locally. No Postgres, Next.js app, auth, backups, or control-plane updates to maintain.

  • Fleet aggregation. Run agents on 5, 20, or 100 machines: the control plane distributes one signed policy to all of them and aggregates every audit feed into a single view. Self-hosted, you wire that up yourself.

  • Team and RBAC. Shared policies, roles, and org-wide rules across a team.

  • Alerting, retention, export. Alerts on policy events, long audit retention, and exportable logs for EU AI Act Article 12 grade record-keeping.

  • Managed, with zero custody risk. The usual fear of money in the cloud does not apply: the control plane can never touch your funds, because the keys never leave your machine. SaaS convenience, no custody risk.

Ready to start? Open the dashboard.

leashd

Non-custodial spend governance for autonomous AI agents.

Donate sats
Product
DocsFAQGet started
Project
GitHubCommunity
Legal
PrivacyTerms

Built by BrainBytes Studio, an indie solo-dev shop.