STEP 02

Validate

The kernel proves the owner authorized this intent, checks replay protection, then applies optional policy validators.

WHAT IT DOES
Signature recovery + deadline/nonce checks + policy state (active/revoked).
EXTENSION POINT
Optional Validator module enforces business rules (limits, allowlists, TTL, risk rules).
SECURITY RESULT
If any check fails, execution never happens (atomic revert).
VALIDATE — kernel gates
Back Spec
VALIDATION CHECKLIST
  • • policy is active (panic/revoked blocks instantly)
  • • deadline not expired (anti-replay window)
  • • nonce single-use (replay protection)
  • • EIP-712 signature matches policy owner
  • • optional validator validates intent
VALIDATOR IDEAS
  • • spend limits (per-tx / rolling window)
  • • allowlist / denylist targets
  • • calldata constraints (selectors)
  • • TTL rules for agents
  • • “safe mode” for new integrations
Read Spec View GitHub CI Logs