Hero selected

Hero turns each SDK into a product API for cryptographic acts.

In Hero mode, the iOS or Android SDK presents product operations: create a wallet, initiate a transfer. The local Mobile Node signer is used internally when the device is one of the MPC parties.

Hero is the surface a wallet or treasury app should use in user-facing flows. The caller supplies business-level inputs — label, wallet id, asset, recipient, amount, idempotency key — and the SDK handles policy evaluation, operation id derivation, bridge invocation, and receipt tracking.

The same Hero contract exists on iOS and Android. The platform syntax changes, but the structure stays consistent: business inputs, a DvmOp<Receipt> with a progress stream, and a durable receipt carrying public artifacts and a policy receipt id.

Runtime contract

Act to receipt to evidence.

The API surface is one operation contract. SDKs differ by ergonomics, while the lifecycle object stays stable across product, support, and audit.

HeroProduct flow. Wallet creation and transfers today; policy evaluation, receipt, and DvmOp<Receipt> on every call.

ExpertDomain namespaces: signatures, wallets, transactions, transfers, devices, backups, sync, diagnostics, policies, runtime.

Mobile NodeLocal device party. Keyshare vault, keygen, sign, protocol binding, and cryptographic assertion.

ReceiptShared record object. Operation id, phase, public artifact, policy receipt id, and evidence references.

Policy

policyProvider.evaluate(request) — approved or throws policyRejected

Operation

createEvmWallet / transfer (Hero) or signatures.signDigest / wallets.create / ... (Expert)

Execution

admission, peer coordination, local signer via bridge, publication gate

DvmOp<Receipt>

progress stream: scheduled → waitingForUserPresence → waitingForPeers → executed

Receipt

operationId, walletId / transactionId, custody, policyReceiptId, terminalCid

Surface matrix

Hero, Expert, Mobile Node, and Runtime are different entry points.

The surfaces differ by responsibility. Each returns or feeds the same receipt-backed lifecycle.

Heroproduct app

createEvmWallet / transfer -> DvmOp<Receipt>
Use when the product executes approved user actions and needs policy enforcement and a recoverable receipt.

Expertops / staging

expert.{namespace}.{call}(request) -> DvmOp<Receipt>
Use when tooling needs explicit operation class control, audit trail access, policy evaluation, or device management.

Mobile Nodedevice party

DvmMobileNode -> keygen/sign output
Use when the device holds one quorum share and must validate local protocol binding.

Runtimecontrol plane

Operation -> status
Use when backend or relay tooling owns admission, lifecycle, delivery, and publication.

Node APInode operator

/v1/operations -> roots + receipts
Use when tooling talks directly to one runtime node and needs admission, lifecycle, evidence, and gate receipts.

Golden path

One operation path spans every SDK surface.

Hero can collapse these steps. Expert can expose them. Both should keep the operation id and receipt as the recovery anchor.

1. Build intent

Provide business inputs: label, wallet id, asset, recipient, amount, idempotency key. The SDK derives the operation id, resolves policy, and selects the mobile signer when the device is a signing party.

2. Submit

The SDK submits the act through policy evaluation and the bridge in one call, routing through the local Mobile Node when the device holds a keyshare.

3. Inspect gates

Validate score hash, mobile signer binding, approval state, backend profile, and publication plan.

4. Run

Execution moves through admission, PendingRemote, local signer calls, and publication gate checks.

5. Await receipt

The caller follows one receipt state machine instead of raw peer, JNI, or native runtime events.

6. Export evidence

Support and audit receive the receipt, trace hashes, gate decisions, mobile binding, and publication receipt.

iOS SDK — Hero

swift

// Hero: wallet + transfer (current surface)
let transferOp = try await sdk.hero.transfer(
    wallet: walletId,
    asset: "ETH",
    recipient: recipientAddress,
    amount: "0.1",
    idempotencyKey: "wire-2026-0142"
)
for await progress in transferOp.progress {
    if case .waitingForUserPresence = progress {
        try await biometricChallenge.complete()
    }
}
let receipt = try await transferOp.awaitReceipt()

// Expert: signing through namespace
let signOp = try await sdk.expert.signatures.signDigest(request)
let signReceipt = try await signOp.awaitReceipt()

Receipt preview

A receipt records runtime evidence and the signature.

Product code renders phase and artifact. Support joins on operation id. Audit verifies score, trace, publication, and evidence references.

Receipt shape

json

{
  "operation_id": "op_7Qw4sY...",
  "phase": "Published",
  "key_id": "treasury-main",
  "policy": "dual-control-wire",
  "publication": {
    "status": "published",
    "artifact_cid": "cid:signature:..."
  },
  "evidence": {
    "score_hash": "blake3:9a3c...",
    "trace_hash_tip": "blake3:2d17...",
    "bundle_ref": "evidence:op_7Qw4sY"
  }
}

Hero SDK contract

A Hero call maps directly to the action the user approved. createEvmWallet(label:idempotencyKey:) provisions a wallet; transfer(wallet:asset:recipient:amount:idempotencyKey:) initiates a user-approved payment. Both return DvmOp<Receipt>. The progress stream emits .waitingForUserPresence before value-moving operations — the hook for a biometric or PIN prompt. The receipt carries operation id, wallet or transaction id, custody profile, and a policy receipt id linking back to the approval decision.