DOCS / QUICKSTART / DEPLOY A GUARDEDWALLETVIEW ON GITHUB
QUICKSTART

Deploy your first GuardedWallet

Stand up a governed agent wallet on Arc Testnet in five steps. Every transaction it attempts will be evaluated against a Doctrine before it can settle on-chain.

  • A GuardedWallet is a real wallet owned by your signer, but spending is checked by policy before it is allowed through.
  • Use it when an AI agent, automation, or team wallet needs budget limits, vendor rules, and human review for risky actions.
  • Arc Testnet is the safe place to practice. You can connect a wallet, deploy, and inspect results without risking production funds.
  • Live workspaces show indexed, pending, empty, or error states while the indexer catches up; labeled demo rows are only for the configured demo wallet.
01

Install the SDK

Add the Arcanum SDK to your project. It ships with typed GuardedWallet helpers and Arc Testnet chain config.
TERMINALbash
npm install @arcanum/sdk
02

Configure the signer

Point the client at Arc Testnet and supply an admin signer that will own the Doctrine. The signer is the account that pays gas and becomes the first operator. Keep private keys outside the browser; the console uses your connected wallet instead of asking for secrets.
03

Deploy the wallet with a Doctrine

Create a GuardedWallet through WalletFactory and attach spend limits, category caps, and an escalation quorum. The Doctrine is the wallet rulebook: it decides what can pass, what needs a reviewer, and what should be denied before funds move.
deploy.tstypescript
import { WalletFactoryAbi } from "@arcanum/contracts";
import { parseUnits } from "viem";

const policy = {
  perTxCap: parseUnits("50", 6),
  daily24hCap: parseUnits("500", 6),
  monthlyRollingCap: parseUnits("5000", 6),
  allowedCategories: 0b11111n,
  escalationThreshold: parseUnits("100", 6),
  requireAllowlist: true,
};

const txHash = await walletClient.writeContract({
  address: process.env.NEXT_PUBLIC_WALLET_FACTORY as `0x${string}`,
  abi: WalletFactoryAbi,
  functionName: "createWallet",
  args: [ownerAddress, "AgentBackend", policy, [agentSigner], council, 2],
});
04

Fund the wallet

Transfer test USDC to the deployed address - it appears in the AGENT REGISTER immediately.
05

Watch the Event Stream

Every attempted transaction now flows through the GOVERNED EVENT STREAM with an APPROVE / ESCALATE / DENY verdict. A normal transaction appears as approved. A risky transaction appears as a restraint and waits for release from the escalation workflow.
RESTRAINT
On-chain policy changes affect real testnet state. Test with small limits first.
WARNING
A quorum of 1 disables multi-party approval. Use 2 or more for treasury wallets.
INFO
USDC token amounts are expressed in 6-decimal base units. The SDK exposes usdcErc20() helpers.
DOCTRINE

Author a Doctrine

A Doctrine defines the spend caps, approved vendor categories, escalation quorum, and anomaly sensitivity that govern each wallet. Start with conservative limits, then adjust after the first testnet run.

Think of a Doctrine like parental controls for an agent wallet. It does not make the agent smarter; it makes the wallet safer by checking each payment before it can leave.

  • Daily cap: the most the wallet can spend in one day before activity is restrained.
  • Per transaction cap: the largest single payment that can pass without escalation.
  • Per vendor per day cap: a vendor-specific budget so one service cannot drain the wallet.
  • Categories: labels like API, DATA, COMPUTE, SUBCONTRACT, and OTHER that help separate normal spend from unusual spend.
  • Vendor allowlist: approved recipients. If a vendor is not allowed, the transaction should be held for review.
  • Quorum: how many approvers must sign before a restrained transaction can be released.
  • Anomaly threshold: how sensitive the system should be to weird behavior. Lower is stricter, higher is more tolerant.

Safe starter settings are intentionally boring: small daily cap, smaller per-transaction cap, allow only the categories you actually use, and set quorum to 2 so one person cannot release a risky transfer alone.

doctrine.tstypescript
const doctrine = {
  dailyLimit: 500_000000n,
  perVendorLimit: 50_000000n,
  allowedCategories: ["API", "COMPUTE"],
  quorum: 2,
  anomalySigma: 5,
};
WORKFLOW

First Restraint

When a transaction exceeds policy, Arcanum records a restraint instead of claiming a fake approval. Review the escalation, collect signatures, then release or reject from the approver portal.

  • A restraint is a pause, not a failure. It means the wallet needs a human decision before money moves.
  • Release means the approvers agree the transaction is safe and let it continue.
  • Deny means the approvers decide the transaction should not execute.
  • Quorum shows how many signatures have been collected and how many are still needed.
  • The approver portal is public/shareable for the specific request, so reviewers can open the release page directly.

In the console, restrained transactions appear in Escalations. Open the row, inspect the vendor, amount, category, and reason, then use RELEASE or REJECT only when you mean to take that action.

DEMO / INDEXER STATE
Demo rows are only available to the configured demo wallet. Live workspaces must show indexed, pending, empty, or error states instead of fake operational data.
SDK

SDK

Install the SDK with npm and point it at Arc Testnet. The current console does not require a GuardedWallet implementation address because WalletFactory deploys full wallet instances directly.

  • Install with npm. This repository no longer requires pnpm for normal development.
  • Configure the Arc Testnet RPC and contract addresses before sending transactions.
  • Use the SDK for typed helpers and formatting; use the console when you want a visual operator workflow.
  • Keep private keys out of committed files, screenshots, browser logs, and support messages.
TERMINALbash
npm install @arcanum/sdk
client.tstypescript
import { ArcanumClient } from "@arcanum/sdk";
import { ARC_TESTNET_RPC_URL, arcTestnet, usdcErc20 } from "@arcanum/sdk/chains";

const arcanum = new ArcanumClient({
  walletAddress,
  agentSigner,
  chain: arcTestnet,
  rpcUrl: process.env.ARC_TESTNET_RPC ?? ARC_TESTNET_RPC_URL,
});

const simulation = await arcanum.simulate({
  to: vendorAddress,
  amount: usdcErc20(12),
});
CONTRACTS

Contracts

Deployed Arc Testnet contracts are read from the frontend environment and the deployment artifact. Configure WalletFactory, PolicyEngine, EscalationManager, AnomalyOracle, and VendorRegistry before enabling on-chain wallet creation.

  • WalletFactory creates full GuardedWallet instances. Users interact with it when creating a governed wallet.
  • PolicyEngine evaluates spend limits, categories, vendor rules, and escalation requirements.
  • EscalationManager tracks restrained transactions and release/reject decisions.
  • AnomalyOracle supplies risk signals used by policy checks.
  • VendorRegistry stores allowlisted counterparties once write actions are wired.
  • NEXT_PUBLIC_GUARDED_WALLET_IMPL is obsolete and must not be used because there is no proxy implementation address.
ARC TESTNETtext
WalletFactory      0x1Da7E51b537F9E6CF5bB308b3B2d6fdc5D9E4750
PolicyEngine       0x767C95C3E914d63bD26a5f1cDE4d6DA950462112
EscalationManager  0x6E03e0030fCeE242E2cCB77Da8D7C6c93a36A37E
AnomalyOracle      0x7A80C967A69E1d1a6bb2286089BB5945f3274cf4
VendorRegistry     0x4A4d419292F2E374421B45907861BBB5adA6eF82
USDC               0x3600000000000000000000000000000000000000
API

API Reference

Local development reads through stable tRPC adapters for agents, vendors, ledger rows, escalations, anomalies, notifications, and organization state. Mutations are user-click only and should never run from render, hover, polling, or effects.

  • Read models: dashboard, agents, vendors, ledger, escalations, anomalies, and notifications.
  • Click-only actions: release, reject, flag vendor, add vendor, and create governed wallet.
  • Local fallback: if a database, indexer, or session is unavailable, the console may show stable demo-safe rows instead of crashing.
  • Pending integration: VendorRegistry writes and some policy writes still show honest disabled states until wired.
  • Request storm rule: opening a route, hovering, focusing, or changing filters must never submit a mutation.
EXAMPLES

Examples

Use the dashboard sample org to test the end-to-end loop: deploy readiness, vendor allowlisting, governed ledger decisions, escalation review, and public badge sharing.

  • Deploy first governed wallet: open Agents, click Deploy Governed Wallet, connect to Arc Testnet, and submit createWallet once.
  • Add a vendor allowlist entry: use Vendors to create a local row today; on-chain VendorRegistry writes are still pending.
  • See a normal approved transaction: open Ledger and filter for approved/settled rows.
  • See an escalated transaction: open Escalations, inspect the reason, then use the approver portal link for review.
  • Share trust context: open an agent, then use Public Explorer or Badge links for read-only external sharing.
GLOSSARY

Glossary

GuardedWallet: an agent wallet governed by a Doctrine. Doctrine: policy rules evaluated before settlement. Restraint: a held transaction pending review. ArcaneVM: the confidential execution layer label used in the console.

  • Agent: a wallet or automation identity that can request payments or operational actions.
  • GuardedWallet: a wallet whose transactions are checked by Arcanum policy before they settle.
  • Doctrine: the plain-language rulebook turned into machine-checkable spend policy.
  • Vendor: a counterparty the wallet might pay, such as an API provider, cloud service, or contractor.
  • Allowlist: the approved set of vendors or categories that can be used without extra review.
  • Restraint: a paused transaction that requires a release or reject decision.
  • Approver: a person or wallet allowed to sign release decisions.
  • Indexer: the service that reads on-chain events and turns them into fast UI rows.
  • Arcscan: the Arc Testnet explorer for checking transactions and contract addresses.