Seals & sessions

What is a seal

A seal is a session key derived from your wallet at the moment you summon an agent. It can call only the contracts your intent permits, only on the chains you allow, only on the tokens you list, only up to the value cap you set — and only until the TTL expires.

On Base, seals are implemented as EIP-7702 session authorisations against an EOA, or as smart-account session keys when the connected wallet is itself a smart account.

Scope

The seal carries a structured scope:

typescriptinterface Seal {
  signer: Address;        // the session key
  parent: Address;        // your wallet — the root signer
  scope: {
    chains: ChainId[];
    venues: VenueId[];
    tokens: Address[];
    maxValueUsd: bigint;
    maxImpactBps: number;
  };
  ttl: number;            // seconds from issuance
  nonce: bigint;
}

The scope is signed with the seal itself, then registered onchain in the SealRegistry contract. Every cast presents the seal and is verified against the scope before execution.

Lifetime

Seals have an explicit TTL — usually 7 days for apprentice intents, up to 30 days for power users. When a TTL expires:

• The agent emits a seal-expired event and pauses.
• You receive a notification in the activity feed.
• Renewing requires a single signature — same scope, fresh TTL.

Revocation

Revocation is immediate and on-chain. From the seals page, clicking Revoke submits a transaction that nullifies the seal. The agent loses authority on the next block.

There is also a nuclear option in the Sanctum: revoke every seal at once. This costs one transaction per seal but executes in parallel.

Rotation

Long-running agents rotate seals automatically — when 80% of the TTL has elapsed, the agent emits a rotation-requested event and prompts you to sign a new seal. Both seals are valid during the overlap; the new one takes over once acknowledged.