Live in
ten minutes.
Five steps. The longest one is your wallet signature.
Email address
⚷ Register your passkey
Touch ID · Face ID · Windows Hello · Hardware key
Then: register a second passkey as recovery.
01
Two passkeys. No passwords.
You give us an email. You register two passkeys — one on your everyday device (Touch ID, Face ID, Windows Hello) and one as a recovery (a second device or a Yubikey). No passwords are created, transmitted, or stored at any point in this flow.
Your browser uses the passkey to derive a 32-byte secret that becomes your encryption master key. This secret never leaves your authenticator. We get a public key. Everything sensitive you ever touch on our system will be encrypted to that public key in your browser.
Contract address
0xA1b2…dEf9
Owner resolved
0x77c…D8
02
Sign with the contract owner wallet.
Paste the contract address. We resolve the owner or admin role on-chain. You connect MetaMask or Phantom and sign a one-time challenge from that wallet. We verify the signature with ecrecover or ed25519.verify.
If your token has renounced ownership, we accept signatures from AccessControl roles (MINTER, PAUSER, DEFAULT_ADMIN). This step exists to make one promise: only verifiable token owners can deploy a bot against a token on Makerless.
03
Pick pairs, exchanges, pay.
Pick your pairs, exchanges, and mode in the configurator. Paste your exchange API key and secret — encrypted in your browser before transmission. We call the exchange's describe-key endpoint and refuse to proceed if the key allows withdrawals or is missing the right IP allowlist.
Pay with Stripe (cards, SEPA, Apple Pay) or NOWPayments (crypto). A Smartbill invoice is issued immediately and submitted to eFactura for Romanian VAT compliance. Your license file is generated and signed.
$ provision --provider hetzner
→ Droplet created (fsn1)
→ DNS configured
→ Port 22 closed
→ Port 443 closed (WireGuard only)
✓ Sealed.
04
Sealed droplet, deployed.
Choose Hetzner (default, cheaper, EU jurisdiction) or DigitalOcean. Re-authenticate with the provider — we use the token exactly once. We provision the droplet, reserve its IP for your exchange's allowlist, configure DNS, and discard the provider token immediately.
The droplet boots sealed. Port 22 is closed. Port 443 is not exposed to the public internet. Inbound traffic arrives only through a WireGuard tunnel from our edge. No one — not us, not you, not your hosting provider's support — can SSH into it.
Issued by your executor. Not by Makerless.
05
Paste MCP URL. Approve.
Add the MCP URL (customer-x.makerless.com/mcp) to Claude. OAuth runs against your executor — not against our backend. You see one approval screen on your own droplet that grants Claude the ability to operate your bot. You click approve. The supervisor task installs itself.
From this point forward, your Claude is in control. Every order, every parameter change, every emergency stop happens in your chat history.
Every month, a receipt.
On the first day of each month, the supervisor task generates your signed report. It appears in your dashboard as PDF, CSV, and canonical JSON, with an optional on-chain anchor on a public chain you choose. Email notification fires when it's ready.
The bot keeps running. Your Claude keeps operating it. Nothing changes month to month unless you change it.
You see everything.
We see almost nothing.
Two columns. One is yours. The other is ours.
| You see | We see |
|---|---|
| Every order, fill, and decision | Your account email |
| Your exchange API keys (in your browser, once) | Your payment metadata |
| Your trading conversations with Claude | The fact that traffic was routed to your droplet (SNI) |
| Your PnL, balances, and strategy parameters | Encrypted backup blobs (opaque to us) |
| Your monthly signed reports | The version of the executor your droplet is running |
| Your Telegram bot token | Nothing else |
We are structurally incapable of seeing the right column items. Not "we promise not to." Cryptographically incapable.