Doesn’t this mean you have access to all the private keys and can take all the crypto from the wallets? Even if you of course pinky swear you would never take it.
Good question. The server sees the key at generation. It's not stored. The wallet is a normal Ethereum wallet, and this design is what lets agents provision one from a Python sandbox, an MCP tool, or any pure-HTTP environment where running Node or installing crypto libs isn't an option. Compared to embedded-wallet services like Privy or Magic — which see the key, store it persistently, and bind it to your OAuth identity — Aethergent never ties the wallet to who you are. It generates it, sends it to you, then immediately discards it. TEE generation with attestation is on the roadmap.
But that isn’t verifiable right? It is only what you claim. It requires that people believe you have no intention to ever take the money that you could take.
Today it isn't verifiable. That's exactly what TEE attestation fixes. Until that's deployed, yes, you're trusting me.
For testing, dev work, and ephemeral agent flows that's a reasonable tradeoff for the convenience. For valuable wallets it's not, and you should generate locally, until TEE attestation ships, at which point these keys become safe to use for valuable wallets too.