WDK onlyNode/CI proofNo public-chain broadcast

Guarded Execution

Approved football expenses become exact, one-time WDK payment capabilities. The wallet policy must reject changed recipients, tokens, amounts, accounts, chains, expiries, and consumed lifecycle states.

Treasury

01

PaymentRequest

02

Domain approval policy

03

Immutable PaymentIntent

04

WDK policy evaluation

05

Quote and prepare

06

Direct guarded receipt

Exact PaymentIntent capability

Payment request

120 MockUSDT · atomic 120000000

Intent hash

0xcc740f28733b0afc3f9e093afd471be607d72c08248018690660096b59747a39

Ephemeral WDK account

0x9091f6e7e6041F80774E50Ea8E70Ffa9f2E97247

Real WDK proof

SDK
@tetherto/wdk
Wallet module
@tetherto/wdk-wallet-evm
Network
Sepolia
Capability schema
v1
Fee quote
Unsupported for placeholder token
Prepared
true
Broadcast
false
Secrets persisted
false
npm run wdk:policy-demo:json

Policy decisions

ScenarioResult

Insufficient approvals

WDK native transaction policy denied the transaction: PaymentIntent is not in an executable lifecycle state.

DENY

Exact authorized intent

WDK native transaction policy allowed the exact PaymentIntent transaction.

ALLOW

Changed amount

WDK native transaction policy denied the transaction: governed-but-unmatched.

DENY

Changed recipient

WDK native transaction policy denied the transaction: governed-but-unmatched.

DENY

Changed token

WDK native transaction policy denied the transaction: governed-but-unmatched.

DENY

Wrong chain

WDK native transaction policy denied the transaction: governed-but-unmatched.

DENY

Wrong treasury account

WDK native transaction policy denied the transaction: governed-but-unmatched.

DENY

Expired intent

WDK native transaction policy denied the transaction: PaymentIntent is not in an executable lifecycle state.

DENY

First valid signing attempt

WDK allowed and signed the exact provider-derived no-broadcast transaction.

SIGNED

Second use of same intent

WDK native transaction policy denied the transaction: PaymentIntent has already been consumed.

DENY

Audit journal

PaymentIntentCreated
WdkPolicyAllowed
TransactionPrepared
TransactionSigned
IntentConsumed
WdkPolicyDenied

Proof provenance

Generated
2026-07-10T07:55:16.048Z
Source commit
2ff29786fd6b0c90ac32bf2e92ab46b8902dee78
Artifact SHA-256
532dea2737cf3112220f201f55dbd607592c5ea8d367bfd27b2e65c506b202da
Content hash
1ffeafc3cdd4d173543af2f66330332e545c2b7e36a1d52d72ccf3f2f77754b2
Token bytecode
missing-contract
Gas limit
22086
WDK signedLocal chain onlyMockUSDT test tokenReplay protectedNo real funds

Deterministic TeamTreasury execution proof

This is a separate deterministic local proof: PaymentRequest → PaymentIntent → WDK policy → WDK signature → TeamTreasury → MockUSDT transfer → execution receipt. MockUSDT is a local test token and is not official USDt. No real funds or public-chain broadcast are used.

Domain governance

Trusted roster, atomic amount, approval threshold, canonical PaymentIntent.

WDK signer enforcement

Exact contract call ALLOW/DENY, no modified calldata, one-time application consumption.

TeamTreasury on-chain enforcement

Captain/Treasurer approvals, expiry, exact MockUSDT transfer, and contract replay prevention.

PaymentIntent hash

0xa8ec2c9ab6394ee26204b3b200222a92b9dbf1bf48c5136e8ffa24dec067af8d

TeamTreasury / request

0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9 · #0

WDK executor

0x32fb550Fe394dfcb50F453BBE97dACb75446f333

WDK policy / signing

ALLOW · signed true · approvals signed true

Atomic transfer

120000000 MockUSDT atomic units

Recipient balance

0 → 120000000

Broadcast boundary

Local true · public testnet false · mainnet false

Receipt verification

status 1 · execution event true · transfer event true

Tamper / replay checkResult
changed-request-idDENY
changed-calldataDENY
second-app-useDENY

Artifact SHA-256: 6cacb92e47ae92ba806eb7df4f62be0be031efc4f0c2ba9b1ab52f3f78aec478 · source commit: 6f44c82aa688020c11c92a6a5982cbce5e870981

WDK replay: PaymentIntent has already been consumed. Contract replay: RequestAlreadyExecuted.

Runtime boundary

  • The browser visualizes generated Node/CI proof data.
  • Real WDK native policy simulation and signing run in Node because WDK depends on native runtime capabilities.
  • The placeholder MockUSDT address has no Sepolia bytecode and is not described as a functional token contract.
  • No transaction was broadcast.
  • No seed phrase, private key, mnemonic, or funded wallet is persisted.