I Built Autonomous Agents That Trade on Solana Without Seeing Private Keys

I wanted to test out a theory where I have autonomous agents make trading decisions on Solana without handing them private keys. So I built something to simulate that. Think of a situation where you're building an agent that decides to buy 0.5 SOL worth of a certain token, and it needs to sign a real transaction on-chain. Ordinarily, there's really no way this would work without you giving the agent access to a private key. But the issue here is that the moment you give it access to a private key, you've introduced a massive attack surface. A bug in the agent's decision logic, for instance, could drain a wallet. A compromised dependency could also exfiltrate your keys. Let's see how my simulation played out. What We're Building With Autarch, as I strangely named it, is a TypeScript monorepo running on Solana devnet. The stack: pnpm workspaces — three packages with strict dependency boundaries @solana/kit — Solana's SDK for key derivation and transaction building BIP44 HD derivation — o