Greenhouse
Greenhouse· Custody

Self-custody, with grown-ups.

Coinbase Custody and Fireblocks lock you into their key topology. Greenhouse is open — FROST threshold signing across your own devices, with Garden as one possible signer, never enough to move funds alone.

Open GardenSee how it works
Garden Financial · v1.3.2 — DesktopLIVE
Search…⌘K
AACME Holdings

Self-Custody & Vault

Updated Apr 29 at 14:02
GREENHOUSE · /crypto/custody-accounts

Transfer · cold/01 → ops/03 · USDC

FROST 2-of-3 · policy-checked
tx_9b1a2 / 3 signed
S-01CFO
S-02CEO
S-03ops/03
S-04Auditor
S-05Guardian
AMOUNT$8,041.06USDC · Solana · settle T+0
  • Policy check within $5,000/day band
  • Allowlist vendor_9b matched
  • Threshold2 of 3 reached
FIG. 0.A — GARDEN DESKTOP / DASHBOARDThe actual UI. No marketing simulator.
Sign envelope

Every spend, six policy checks and a partial-signature collection.

When a transfer is drafted, Garden evaluates six policy checks (threshold, allowlist, daily cap, sage screen, off-hours guardrail, step-up) and starts collecting partial signatures across the ring. The aggregate Schnorr signature posts to chain and to Bean as a balanced journal entry — atomically.

GREENHOUSE · /custody/transfers/draft_02e1

Transfer · 120,400.00 USDC · cold/01 → northwood:0x8f1c…

2 of 3 signed · awaiting ops/03
AMOUNT$120,400.00 USDC
FROMgreenhouse:cold/01addr · 0x4f1a…be17
TOnorthwood:treasury/euaddr · 0x8f1c…9214
CHAIN · RAILBase · USDCgas sponsored · 0.04 USDC
FROST signers · 2-of-3 threshold
  • 1
    CFOYubiKey 5C · sn 19284441did:oas:org:acme:cfo
    signed@ 16:41:24
  • 2
    CEOLedger Nano X · acme/02did:oas:org:acme:ceo
    signed@ 16:42:11
  • 3
    ops/03Garden Apex · this machinedid:agent:basil/ops-03
    pending
  • 4
    AuditorTrezor Safe 3 · colddid:oas:org:acme:auditor
    offline
  • 5
    GuardianCold paper · Shamir 2-of-3guardians@anchorage
    offline
Policy evaluator · 6 checks
  • Threshold met2-of-3 required · 2 signed · waiting for 3rd
  • Counterparty allowlisteddid:oas:org:northwood · whitelist age 14d
  • Amount below daily cap$120,400.00 < $500,000 daily cap
  • Sage screening freshscreening 4 min ago · no hits
  • Off-hours guardrailoperator timezone within policy window
  • Step-up signatureCFO YubiKey · touch confirmed @ 16:41:24
When the threshold is met
aggregateSchnorr · 64 bytespostsBase block 9,028,144beanJ-2026-04-29-04518 (sealed)
no single device ever holds the full key · Garden is one signer of n, never the thresholdFROST · Schnorr · ed25519 · Shamir-on-paper recovery
Greenhouse vs. custodians

Self-custody that survives a guardian going dark.

Picking a custodian means trusting one company forever. Greenhouse is a key topology you own.

CapabilityCoinbase CustodyFireblocksBitGo Greenhouse
You hold the keysMPC, you co-signMPC✓ FROST, your devices
Hardware-backed signing✓ HSM✓ HSM✓ YubiKey, Ledger, Trezor
Threshold customisable✓ 2-of-N up to 7-of-N
No vendor lock-in✓ open key, exportable
Policy-as-code spendinglimited
Posts transfers to Bean✓ atomic
Agent-initiated transfers✓ with threshold + policy
Guardian ceremony recovery✓ Shamir-on-paper option
Agent-native

Agents can initiate — never sign — alone.

An agent drafts a transfer. The threshold is required to sign. Garden's signer is one share, never the threshold. Any human can revoke their share mid-flight and the transfer dies.

MCP descriptor
tool   greenhouse.transfers.draft   Draft a transfer (returns sign-envelope)
tool   greenhouse.transfers.sign   Submit partial FROST signature
tool   greenhouse.policy.evaluate  Dry-run policy against a draft
resource  signers://acme/ops      Active signer ring
Typed REST API
POST /greenhouse/v1/transfers     Draft transfer (returns sign envelope)
POST /greenhouse/v1/transfers/:id/signSubmit FROST partial signature
POST /greenhouse/v1/policy/evaluateDry-run a policy
GET  /greenhouse/v1/signers       Active signers in the ring
POST /greenhouse/v1/recovery/ceremonyInitiate guardian ceremony
Lineage headers
Authorization: Bearer arsenal:act_gh…
X-Garden-Capability: greenhouse.transfers.draft · max=120400 USDC
X-Garden-Threshold: 2-of-3 (CFO, CEO, ops/03)
X-Garden-Signers-Held: 1 (ops/03 only) · 2 more required
Capability matrix

What Greenhouse signs.

  • 01FROST threshold Schnorr signing (no single party ever holds the key)
  • 02YubiKey, Ledger, Trezor, Garden Apex, cold paper signer types
  • 03Policy-as-code spending rules (per-counterparty caps, allowlists)
  • 04Recovery via guardian ceremony (Shamir-on-paper supported)
  • 05Native USDC on Base, Solana, Polygon, Arbitrum, Optimism
  • 06Native BTC + ETH custody with HD wallet derivation
  • 07Multi-sig sweep rules from hot to warm to cold tiers
  • 08Posts every transfer to Bean as a balanced journal entry
KaleAll twelve specimensTurnip
Twelve services. Greenhouse is one.

Greenhouse planted alongside eleven others is the operating system.

Open GardenSee all twelve