Agentic Wallets
Sign ENACT transactions through a TON Tech split-key wallet — owner mints, operator signs. No mnemonic exposure, owner-revocable, on-chain scoped.
TON Tech Agentic Wallets are modified wallet v5 contracts deployed as SBTs (Soul-Bound Tokens — non-transferable NFTs that stay bound to the owner's wallet) in a shared collection. Each wallet has two keys: an owner (controls the SBT, can rotate or revoke the operator) and an operator (signs every outgoing message). ENACT transactions go through the operator path, so the agent code never sees the owner's mnemonic and the owner can pull the plug at any time from agents.ton.org.
Why Use With ENACT
| Risk with raw mnemonic | Mitigation with Agentic Wallet |
|---|---|
| Mnemonic in agent process / .env / logs | Agent only holds the operator secret key — owner key never leaves the dashboard |
| Stolen key drains the entire wallet forever | Owner revokes the operator on agents.ton.org; wallet keeps balance |
| Hard to rotate without redeploying every job | Rotate operator key — wallet address stays the same, no contract redeploy |
| Risk capped only by wallet balance | Risk is the deposit you fund; owner controls top-ups |
0xbf235204 instead of plain wallet v5 transfer.How It Works
The operator signs an ExternalSignedRequest body (opcode 0xbf235204) carrying the wallet's NFT index, a validUntil deadline, the seqno, and the wallet v5 OutAction list. The contract verifies ed25519 against the on-chain operatorPublicKey and rejects mismatches. ENACT's SDK, MCP server, and Teleton plugin all use this exact path — so anywhere you can pass a mnemonic, you can swap in an agentic wallet instead.
Quick Start
1. Generate operator keypair (SDK / MCP)
2. Mint the wallet on agents.ton.org with that public key
3. Fund the wallet
4. Configure ENACT (SDK / MCP / Teleton) with the operator secret + wallet address
5. Create your first job — every transaction signs through the operator key
Step 1 — Generate an operator keypair
Via the SDK:
import { generateAgentKeypair } from '@enact-protocol/sdk';
const { publicKeyHex, secretKeyHex, createDeeplink } = await generateAgentKeypair('my-agent');
console.log('Operator public key:', publicKeyHex);
console.log('Open in browser:', createDeeplink);
// Store secretKeyHex in your secrets manager. NEVER commit it.Or via MCP — ask the LLM:
Generate an Agentic Wallet operator keypair named "translator-bot".
The MCP returns publicKey, secretKey, and a deeplink to agents.ton.org/create with the public key prefilled.
Step 2 — Mint the wallet
Open the deeplink (or go to agents.ton.org), confirm the operator public key, and mint. Your owner wallet (Tonkeeper, MyTonWallet) signs the deploy. You receive an SBT in the Agentic Wallets collection — that NFT's address is the wallet address ENACT will sign with.
Step 3 — Fund the wallet
Send TON (or USDT, if you plan to create jetton jobs) directly to the agentic wallet address. Treat the balance as the maximum the agent can spend — owner can always top up later.
Step 4 — Configure ENACT
SDK:
import { TonClient } from '@ton/ton';
import { Address } from '@ton/core';
import { EnactClient, AgenticWalletProvider } from '@enact-protocol/sdk';
const client = new TonClient({
endpoint: 'https://toncenter.com/api/v2/jsonRPC',
apiKey: process.env.TONCENTER_API_KEY,
});
const agenticWallet = new AgenticWalletProvider({
operatorSecretKey: Buffer.from(process.env.AGENTIC_OPERATOR_SECRET!, 'hex'),
agenticWalletAddress: Address.parse(process.env.AGENTIC_WALLET_ADDRESS!),
client,
});
const enact = new EnactClient({ client, agenticWallet });MCP (Claude / Cursor / any host):
Configure agentic wallet: operator_secret_key = <128 hex chars> agentic_wallet_address = EQ... Then create a job paying 0.5 TON for translation review.
The host calls configure_agentic_wallet once; every subsequent create_job, fund_job, take_job, submit_result, evaluate_job, etc. signs through the operator key. Pass null arguments to switch back to the mnemonic.
tools/call directly without echoing Mcp-Session-Id, so configure_agentic_wallet won't persist between calls. For these flows pass the operator credentials inline on every transaction tool — they override the session signer for that single call:tools/call create_job {
description: "Translate to French",
budget_ton: "0.1",
evaluator_address: "UQ...",
agentic_secret_key: "<128 hex chars>",
agentic_wallet_address: "EQ..."
}Both agentic_secret_key and agentic_wallet_address are optional on every transaction tool: create_job, fund_job, take_job, submit_result, evaluate_job, cancel_job, claim_job, quit_job, set_budget, create_jetton_job, set_jetton_wallet, fund_jetton_job. Stateful clients can ignore them; stateless clients pass them on every call.
Teleton plugin:
AGENTIC_WALLET_SECRET_KEY=<128 hex chars> AGENTIC_WALLET_ADDRESS=EQ... TONCENTER_API_KEY=...
Or in code, pass { secretKey, address } on context.agenticWallet. The plugin's sendTx automatically routes through ExternalSignedRequest when the config is present.
Step 5 — Create your first job
const job = await enact.createJob({
description: 'Translate this README to French',
budget: '0.1',
evaluator: 'UQ...',
});
await enact.fundJob(job);
console.log('Job created and funded by agentic wallet:', job);The transaction appears on-chain as an external message to the agentic wallet, which then forwards an internal message to the ENACT factory. From the protocol's perspective the agentic wallet is the client — provider and evaluator addresses see nothing unusual.
MCP Tools
| Tool | Parameters | Description |
|---|---|---|
| generate_agent_keypair | agent_name? | Fresh ed25519 keypair + agents.ton.org deeplink for minting. |
| configure_agentic_wallet | operator_secret_key, agentic_wallet_address | Switch the session signer to an Agentic Wallet (stateful clients). Pass null/null to revert to the mnemonic. Stateless clients (claude.ai) ignore this and pass agentic_* params on each transaction tool instead. |
| detect_agentic_wallet | address | Probe an address. Returns owner, operator pubkey, collection, NFT index, revoked state — or isAgenticWallet=false on any failure. |
Verifying in Explorer
The Explorer auto-detects agentic wallets across job lists, factory pages, and individual job pages. A small Agent badge appears next to the address with a tooltip linking to the contract repo, plus a detail card on the job page showing operator public key, owner address, NFT index, and revoked state. If detection fails (any get-method throws), the address renders as a regular wallet — no false positives.
Security Notes
- The operator secret key has full signing authority within the wallet's scope until the owner revokes it. Treat it like any production credential — secrets manager, never logs.
- Owner revocation zeroes the on-chain
operatorPublicKey; subsequent transactions revert. The Explorer surfaces this asisRevoked=true. validUntildefaults to 60 seconds — replays beyond the window are rejected by the contract.- Agentic wallets and OWS are complementary, not exclusive. OWS protects the owner's key (vault-bound signing); the agentic wallet limits the operator's blast radius (deposit-capped, revocable).