Split-key architecture
Each agentic wallet is a smart contract deployed as Soulbound Token (SBT) within a shared NFT collection. Internally, each agentic wallet retains full wallet v5 functionality. It stores the user’s address (owner), the agent’s (operator) public key, and a nonce to protect against replay attacks. The deployment process goes as follows:- The agent creates a pair of keys (public and private), keeping the private key in the local config registry.
- User deploys an agentic wallet from their regular TON wallet by providing the operator’s public key and wallet address (owner address).
- The contract checks that the sender’s address matches the stored owner’s address. If it doesn’t match, the wallet will be deployed in an uninitialized state and will not appear in explorers, preventing the creation of unwanted wallets without the user’s consent.
- If deployment is successful, the agent receives the address of the new wallet.
Funding
Transactions initiated by the agent (operator) must be signed with the operator key. Because the operator key is separate from the user’s key (owner’s key), the agent never controls the owner’s main wallet. However, an agent with an active operator key has complete control of the balance and assets held in its own agentic wallet.Sub-wallets
An agent that already has at least one user-created wallet can create additional child wallets from that wallet. In that case, sender verification uses the original operator public key of the parent user-root wallet. Child wallets created by an agent cannot create additional child wallets. Thus, agents can only create child wallets from the user-created wallets. If a deploy request comes from an agent-created wallet, the contract rejects it. On the other hand, users can indefinitely deploy new wallets and form child wallet chains. Further, users can revoke access or withdraw funds from any deployed wallet at any time using the dashboard.Dashboard
The agentic wallets dashboard is a web interface for managing agentic wallets. It supports:- Wallet creation - deploy a new agentic wallet, assign an operator key, and fund it with Toncoin.
- Real-time monitoring - observe agent transactions as they happen.
- Key rotation - rotate operator keys without redeploying the wallet contract.
- Revocation - revoke agent access by removing the operator key.
- Funding and withdrawal - deposit or withdraw Toncoin, jettons, and NFTs.
Get started
The recommended way to create and use agentic wallets is through@ton/mcp. The @ton/mcp quick start guide covers the full setup flow and gives common usage examples.
FAQ
Is this safe?
Is this safe?
The owner key is never shared with agents. The agent has its own operator key that can only be used to spend from its own agentic wallet, and any balance in that wallet is fully under the agent’s control. All operations are performed on-chain with no intermediaries.
What if the agent spends all the funds?
What if the agent spends all the funds?
The agent can only spend what was deposited into its wallet. The owner’s main wallet is completely separate.However, if the agent behaves incorrectly or performs expensive transactions, it can spend the entire wallet balance before the owner reacts.The risk is capped to the deposited amount. Only deposit funds that are acceptable to lose.
Are the smart contracts audited?
Are the smart contracts audited?
Not yet. This is a developer preview. The contracts are open source and available on GitHub, but a formal audit has not been completed.
How many agents can be connected?
How many agents can be connected?
There is no limit. Each agent has its own wallet and balance. All agents are managed from a single dashboard.
How to disconnect an agent?
How to disconnect an agent?
Select Revoke, then confirm the transaction. The operator is deactivated, and remaining funds can be withdrawn.