WDK trackNo funds movedNo broadcast

WDK Runtime Verification

Real WDK SDK verification for the CupTreasury wallet path

Primary enforcement proof

WDK-native guarded execution

The primary Node/CI proof turns an approved PaymentIntent into an exact signing capability. Native WDK policy simulation records real ALLOW/DENY decisions, binds the exact transaction fields, signs without broadcasting, and denies a second use after application consumption. Open Guarded Execution for the generated proof.

Passing in compatible Node runtime

Supporting WDK runtime smoke test

The official CupTreasury WDK verification runs outside the browser, using real @tetherto/wdk and @tetherto/wdk-wallet-evm packages. It derives an ephemeral EVM wallet, reads the Sepolia balance, quotes a zero-value transfer fee, signs and verifies a message — all without broadcasting a transaction or persisting secrets.

npm run wdk:smoke

Packages

@tetherto/wdk + wdk-wallet-evm

Wallet

Ephemeral EVM (Sepolia)

Balance

Read via public RPC

Fee quote

Zero-value transfer

Sign + verify

Message signed & checked

Broadcast

No transaction broadcast

Funds

No funds moved

Secrets

Nothing persisted

View CI smoke verification on GitHub Actions
Browser visualization

Browser treasury flow

CupTreasury's browser demo shows the intended football treasury payment flow: request, approval, PaymentIntent, policy evaluation, and safe receipt preparation. The browser does not execute native WDK wallet operations. The real WDK proof lives in the guarded CLI/CI policy path; this page documents the runtime boundary and supporting smoke test.

  • The browser visualizes a no-broadcast receipt path.
  • No real transaction is signed or broadcast in the browser.
  • The dashboard balance is local demo state.
  • The adapter models the wallet/payment flow so real WDK signing can replace simulation later.
Unsupported by design

Vercel serverless compatibility check

The WDK smoke test requires native Node.js addons such as sodium-native. Vercel/Next.js serverless bundling is not the target runtime for this proof. The compatibility check below reports unsupported instead of pretending to run.

The official verification paths are the guarded policy proof, local deterministic contract proof, and GitHub Actions CI.

Advanced: serverless compatibility check

This calls the /api/wdk/smoke endpoint to confirm the expected unsupported status.