Docs / Openfort
Governing Openfort agent wallets
Openfort's backend-wallet model gives each agent a dedicated signer held in a TEE. Countersign's freeze on this rail is the bluntest instrument in the fleet: it destroys the signer. There is nothing left to sign with — no proxy to route around, no cached session to replay.
Enforcement model: on-chain / signer control
| Policy field | Binds | Detail |
|---|---|---|
freeze | native | Destroy the backend signer, confirmed by the API — the definitive stop |
dailyCap | native | Per-period spend limit |
allowlist | native | Positive counterparty allowlist |
venues | native | A single venue binds via key deployment; multi-venue policies are flagged to the layer |
perTxCap | countersign-layer | The on-chain guard enforces per-period spend and tx-count, not a per-transaction value cap |
denylist | countersign-layer | On-chain enforcement is a positive allowlist; a denylist has no native counterpart |
approvalThreshold | countersign-layer | An on-chain session key can't hold a signature pending human approval |
native = the rail itself enforces it, even if Countersign is bypassed or offline. countersign-layer = enforced fail-closed by the pre-flight guard and honestly labeled as such. Live, per-tenant version: GET /enforcement.
Proven live on Polygon Amoy
The live spike proves sign-allowed → freeze (signer destroyed) → sign-denied (account does not exist), confirming in ~357 ms. Trade-off to know: v1's destroy-the-signer freeze is definitive but not reversible on this rail — a reversible on-chain pause (session-key guard) is the roadmap hardening. The pre-flight guard provides the reversible layer in the meantime.
Try it in 60 seconds — no account, no human
Self-serve key, an isolated sandbox tenant with a three-backend demo fleet, testnet only.
Get a free key → Watch the freeze GitHub