WDK Runtime Verification
Real WDK SDK verification for the CupTreasury wallet path
WDK-native guarded execution
The primary Node/CI proof turns an approved PaymentIntent into an exact signing capability. Native WDK policy simulation records real ALLOW/DENY decisions, binds the exact transaction fields, signs without broadcasting, and denies a second use after application consumption. Open Guarded Execution for the generated proof.
Supporting WDK runtime smoke test
The official CupTreasury WDK verification runs outside the browser, using real @tetherto/wdk and @tetherto/wdk-wallet-evm packages. It derives an ephemeral EVM wallet, reads the Sepolia balance, quotes a zero-value transfer fee, signs and verifies a message — all without broadcasting a transaction or persisting secrets.
npm run wdk:smokePackages
@tetherto/wdk + wdk-wallet-evm
Wallet
Ephemeral EVM (Sepolia)
Balance
Read via public RPC
Fee quote
Zero-value transfer
Sign + verify
Message signed & checked
Broadcast
No transaction broadcast
Funds
No funds moved
Secrets
Nothing persisted
Browser treasury flow
CupTreasury's browser demo shows the intended football treasury payment flow: request, approval, PaymentIntent, policy evaluation, and safe receipt preparation. The browser does not execute native WDK wallet operations. The real WDK proof lives in the guarded CLI/CI policy path; this page documents the runtime boundary and supporting smoke test.
- The browser visualizes a no-broadcast receipt path.
- No real transaction is signed or broadcast in the browser.
- The dashboard balance is local demo state.
- The adapter models the wallet/payment flow so real WDK signing can replace simulation later.
Vercel serverless compatibility check
The WDK smoke test requires native Node.js addons such as sodium-native. Vercel/Next.js serverless bundling is not the target runtime for this proof. The compatibility check below reports unsupported instead of pretending to run.
The official verification paths are the guarded policy proof, local deterministic contract proof, and GitHub Actions CI.
Advanced: serverless compatibility check
This calls the /api/wdk/smoke endpoint to confirm the expected unsupported status.