Single-root wallet configuration for Ecosystem Wallets, enabling signers, sessions, recovery, and extensions with efficient on-chain proofs.
Ecosystem Wallets store a single Merkle root on-chain that commits to the entire wallet configuration: signers, weights, thresholds, passkey authenticators, Smart Session rules, recovery mechanisms, and future extensions. Actions provide Merkle proofs to validate the parts of the configuration that are relevant at execution time.
Configuration updates (add device, change session limits, rotate keys) happen off-chain by computing a new tree and root. Key Machine service attests to the latest root; transactions can include or reference this attestation so the wallet accepts only the latest configuration.
Smart Sessions: leaves define scopes for a session key (allowed contracts/functions, spend limits, expiries). Execution validates the session key and rule proofs before allowing actions.
Passkeys: passkey authenticators are leaves; devices produce WebAuthn signatures that are validated by the passkey extension using the relevant leaf proof.
Timed recovery keys: a recovery leaf encodes a time-lock window; initiating recovery starts a countdown where existing signers can cancel. After expiry, the recovery key can rotate primary signers.
The same root governs all chains for a wallet; checkpointer attestations allow each network to accept only the canonical root, preventing replay with stale configurations.