ARCHITECTURE

EIP-712 Native

Typed-data intents. Wallet-readable approvals. No “blind sign” garbage.

WHAT IT MEANS
Users sign a structured message (domain + types + values), not raw calldata.
WHY IT MATTERS
Human-readable intent reduces phishing risk and makes approvals auditable.
WHAT YOU GET
Deterministic signatures, replay protection via domain/nonce/deadline.
EIP-712 — in practice
Back Spec
SIGNATURE SHAPE
Domain:
  name:    "EPK"
  version: "1"
  chainId: <chain>
  verifyingContract: <kernel>

Message (Intent):
  policyId
  target
  value
  dataHash
  deadline
  nonce
SECURITY NOTES
  • • Domain separator binds chain + contract (kills cross-chain replay).
  • • Deadline bounds time window (kills stale signatures).
  • • Nonce makes each intent single-use (kills replay).
  • • dataHash signs intent, not raw “approve unlimited”.
Read Spec View GitHub CI Logs