Merge pull request 'refactor(hashing): introduce Hashable derive macro and migrate server types' (#82) from hashing-proc-macro into main

Reviewed-on: #82
Reviewed-by: Stas <business@jexter.tech>

.woodpecker/server-test.yaml

@@ -24,4 +24,4 @@ steps:
       - mise install rust 
       - mise install protoc
       - mise install cargo:cargo-nextest
-      - mise exec cargo:cargo-nextest -- cargo nextest run --no-fail-fast
+      - mise exec cargo:cargo-nextest -- cargo nextest run --no-fail-fast --all-features

ARCHITECTURE.md

@@ -11,6 +11,7 @@ Arbiter distinguishes two kinds of peers:
 
 - **User Agent** — A client application used by the owner to manage the vault (create wallets, approve SDK clients, configure policies).
 - **SDK Client** — A consumer of signing capabilities, typically an automation tool. In the future, this could include a browser-based wallet.
+- **Recovery Operator** — A dormant recovery participant with narrowly scoped authority used only for custody recovery and operator replacement.
 
 ---
 
@@ -42,7 +43,149 @@ There is no bootstrap mechanism for SDK clients. They must be explicitly approve
 
 ---
 
-## 3. Server Identity
+## 3. Multi-Operator Governance
+
+When more than one User Agent is registered, the vault is treated as having multiple operators. In that mode, sensitive actions are governed by voting rather than by a single operator decision.
+
+### 3.1 Voting Rules
+
+Voting is based on the total number of registered operators:
+
+- **1 operator:** no vote is needed; the single operator decides directly.
+- **2 operators:** full consensus is required; both operators must approve.
+- **3 or more operators:** quorum is `floor(N / 2) + 1`.
+
+For a decision to count, the operator's approval or rejection must be signed by that operator's associated key. Unsigned votes, or votes that fail signature verification, are ignored.
+
+Examples:
+
+- **3 operators:** 2 approvals required
+- **4 operators:** 3 approvals required
+
+### 3.2 Actions Requiring a Vote
+
+In multi-operator mode, a successful vote is required for:
+
+- approving new SDK clients
+- granting an SDK client visibility to a wallet
+- approving a one-off transaction
+- approving creation of a persistent grant
+- approving operator replacement
+- approving server updates
+- updating Shamir secret-sharing parameters
+
+### 3.3 Special Rule for Key Rotation
+
+Key rotation always requires full quorum, regardless of the normal voting threshold.
+
+This is stricter than ordinary governance actions because rotating the root key requires every operator to participate in coordinated share refresh/update steps. The root key itself is not redistributed directly, but each operator's share material must be changed consistently.
+
+### 3.4 Root Key Custody
+
+When the vault has multiple operators, the vault root key is protected using Shamir secret sharing.
+
+The vault root key is encrypted in a way that requires reconstruction from user-held shares rather than from a single shared password.
+
+For ordinary operators, the Shamir threshold matches the ordinary governance quorum. For example:
+
+- **2 operators:** `2-of-2`
+- **3 operators:** `2-of-3`
+- **4 operators:** `3-of-4`
+
+In practice, the Shamir share set also includes Recovery Operator shares. This means the effective Shamir parameters are computed over the combined share pool while keeping the same threshold. For example:
+
+- **3 ordinary operators + 2 recovery shares:** `2-of-5`
+
+This ensures that the normal custody threshold follows the ordinary operator quorum, while still allowing dormant recovery shares to exist for break-glass recovery flows.
+
+### 3.5 Recovery Operators
+
+Recovery Operators are a separate peer type from ordinary vault operators.
+
+Their role is intentionally narrow. They can only:
+
+- participate in unsealing the vault
+- vote for operator replacement
+
+Recovery Operators do not participate in routine governance such as approving SDK clients, granting wallet visibility, approving transactions, creating grants, approving server updates, or changing Shamir parameters.
+
+### 3.6 Sleeping and Waking Recovery Operators
+
+By default, Recovery Operators are **sleeping** and do not participate in any active flow.
+
+Any ordinary operator may request that Recovery Operators **wake up**.
+
+Any ordinary operator may also cancel a pending wake-up request.
+
+This creates a dispute window before recovery powers become active. The default wake-up delay is **14 days**.
+
+Recovery Operators are therefore part of the break-glass recovery path rather than the normal operating quorum.
+
+The high-level recovery flow is:
+
+```mermaid
+sequenceDiagram
+    autonumber
+    actor Op as Ordinary Operator
+    participant Server
+    actor Other as Other Operator
+    actor Rec as Recovery Operator
+
+    Op->>Server: Request recovery wake-up
+    Server-->>Op: Wake-up pending
+    Note over Server: Default dispute window: 14 days
+
+    alt Wake-up cancelled during dispute window
+        Other->>Server: Cancel wake-up
+        Server-->>Op: Recovery cancelled
+        Server-->>Rec: Stay sleeping
+    else No cancellation for 14 days
+        Server-->>Rec: Wake up
+        Rec->>Server: Join recovery flow
+        critical Recovery authority
+            Rec->>Server: Participate in unseal
+            Rec->>Server: Vote on operator replacement
+        end
+        Server-->>Op: Recovery mode active
+    end
+```
+
+### 3.7 Committee Formation
+
+There are two ways to form a multi-operator committee:
+
+- convert an existing single-operator vault by adding new operators
+- bootstrap an unbootstrapped vault directly into multi-operator mode
+
+In both cases, committee formation is a coordinated process. Arbiter does not allow multi-operator custody to emerge implicitly from unrelated registrations.
+
+### 3.8 Bootstrapping an Unbootstrapped Vault into Multi-Operator Mode
+
+When an unbootstrapped vault is initialized as a multi-operator vault, the setup proceeds as follows:
+
+1. An operator connects to the unbootstrapped vault using a User Agent and the bootstrap token.
+2. During bootstrap setup, that operator declares:
+   - the total number of ordinary operators
+   - the total number of Recovery Operators
+3. The vault enters **multi-bootstrap mode**.
+4. While in multi-bootstrap mode:
+   - every ordinary operator must connect with a User Agent using the bootstrap token
+   - every Recovery Operator must also connect using the bootstrap token
+   - each participant is registered individually
+   - each participant's share is created and protected with that participant's credentials
+5. The vault is considered fully bootstrapped only after all declared operator and recovery-share registrations have completed successfully.
+
+This means the operator and recovery set is fixed at bootstrap completion time, based on the counts declared when multi-bootstrap mode was entered.
+
+### 3.9 Special Bootstrap Constraint for Two-Operator Vaults
+
+If a vault is declared with exactly **2 ordinary operators**, Arbiter requires at least **1 Recovery Operator** to be configured during bootstrap.
+
+This prevents the worst-case custody failure in which a `2-of-2` operator set becomes permanently unrecoverable after loss of a single operator.
+
+---
+
+## 4. Server Identity
 
 The server proves its identity using TLS with a self-signed certificate. The TLS private key is generated on first run and is long-term; no rotation mechanism exists yet due to the complexity of multi-peer coordination.
 
@@ -55,9 +198,9 @@ Peers verify the server by its **public key fingerprint**:
 
 ---
 
-## 4. Key Management
+## 5. Key Management
 
-### 4.1 Key Hierarchy
+### 5.1 Key Hierarchy
 
 There are three layers of keys:
 
@@ -72,19 +215,19 @@ This layered design enables:
 - **Password rotation** without re-encrypting every wallet key (only the root key is re-encrypted).
 - **Root key rotation** without requiring the user to change their password.
 
-### 4.2 Encryption at Rest
+### 5.2 Encryption at Rest
 
 The database stores everything in encrypted form using symmetric AEAD. The encryption scheme is versioned to support transparent migration — when the vault unseals, Arbiter automatically re-encrypts any entries that are behind the current scheme version. See [IMPLEMENTATION.md](IMPLEMENTATION.md) for the specific scheme and versioning mechanism.
 
 ---
 
-## 5. Vault Lifecycle
+## 6. Vault Lifecycle
 
-### 5.1 Sealed State
+### 6.1 Sealed State
 
 On boot, the root key is encrypted and the server cannot perform any signing operations. This state is called **Sealed**.
 
-### 5.2 Unseal Flow
+### 6.2 Unseal Flow
 
 To transition to the **Unsealed** state, a User Agent must provide the password:
 
@@ -95,7 +238,7 @@ To transition to the **Unsealed** state, a User Agent must provide the password:
    - **Success:** The root key is decrypted and placed into a hardened memory cell. The server transitions to `Unsealed`. Any entries pending encryption scheme migration are re-encrypted.
    - **Failure:** The server returns an error indicating the password is incorrect.
 
-### 5.3 Memory Protection
+### 6.3 Memory Protection
 
 Once unsealed, the root key must be protected in memory against:
 
@@ -107,9 +250,9 @@ See [IMPLEMENTATION.md](IMPLEMENTATION.md) for the current and planned memory pr
 
 ---
 
-## 6. Permission Engine
+## 7. Permission Engine
 
-### 6.1 Fundamental Rules
+### 7.1 Fundamental Rules
 
 - SDK clients have **no access by default**.
 - Access is granted **explicitly** by a User Agent.
@@ -119,11 +262,45 @@ Each blockchain requires its own policy system due to differences in static tran
 
 Arbiter is also responsible for ensuring that **transaction nonces are never reused**.
 
-### 6.2 EVM Policies
+### 7.2 EVM Policies
 
 Every EVM grant is scoped to a specific **wallet** and **chain ID**.
 
-#### 6.2.1 Transaction Sub-Grants
+#### 7.2.0 Transaction Signing Sequence
+
+The high-level interaction order is:
+
+```mermaid
+sequenceDiagram
+    autonumber
+    actor SDK as SDK Client
+    participant Server
+    participant UA as User Agent
+
+    SDK->>Server: SignTransactionRequest
+    Server->>Server: Resolve wallet and wallet visibility
+    alt Visibility approval required
+        Server->>UA: Ask for wallet visibility approval
+        UA-->>Server: Vote result
+    end
+    Server->>Server: Evaluate transaction
+    Server->>Server: Load grant and limits context
+    alt Grant approval required
+        Server->>UA: Ask for execution / grant approval
+        UA-->>Server: Vote result
+        opt Create persistent grant
+            Server->>Server: Create and store grant
+        end
+        Server->>Server: Retry evaluation
+    end
+    critical Final authorization path
+        Server->>Server: Check limits and record execution
+        Server-->>Server: Signature or evaluation error
+    end
+    Server-->>SDK: Signature or error
+```
+
+#### 7.2.1 Transaction Sub-Grants
 
 Arbiter maintains an ever-expanding database of known contracts and their ABIs. Based on contract knowledge, transaction requests fall into three categories:
 
@@ -147,7 +324,7 @@ Available restrictions:
 
 These transactions have no `calldata` and therefore cannot interact with contracts. They can be subject to the same volume and rate restrictions as above.
 
-#### 6.2.2 Global Limits
+#### 7.2.2 Global Limits
 
 In addition to sub-grant-specific restrictions, the following limits can be applied across all grant types:
 

IMPLEMENTATION.md

@@ -67,7 +67,14 @@ The `program_client.nonce` column stores the **next usable nonce** — i.e. it i
 ## Cryptography
 
 ### Authentication
-- **Signature scheme:** ed25519
+- **Client protocol:** ML-DSA
+
+### User-Agent Authentication
+
+User-agent authentication supports multiple signature schemes because platform-provided "hardware-bound" keys do not expose a uniform algorithm across operating systems and hardware.
+
+- **Supported schemes:** ML-DSA
+- **Why:** Secure Enclave (MacOS) support them natively, on other platforms we could emulate while they roll-out
 
 ### Encryption at Rest
 - **Scheme:** Symmetric AEAD — currently **XChaCha20-Poly1305**
@@ -117,6 +124,52 @@ The central abstraction is the `Policy` trait. Each implementation handles one s
 4. **Evaluate** — `Policy::evaluate` checks the decoded meaning against the grant's policy-specific constraints and returns any violations.
 5. **Record** — If `RunKind::Execution` and there are no violations, the engine writes to `evm_transaction_log` and calls `Policy::record_transaction` for any policy-specific logging (e.g., token transfer volume).
 
+The detailed branch structure is shown below:
+
+```mermaid
+flowchart TD
+    A[SDK Client sends sign transaction request] --> B[Server resolves wallet]
+    B --> C{Wallet exists?}
+
+    C -- No --> Z1[Return wallet not found error]
+    C -- Yes --> D[Check SDK client wallet visibility]
+
+    D --> E{Wallet visible to SDK client?}
+    E -- No --> F[Start wallet visibility voting flow]
+    F --> G{Vote approved?}
+    G -- No --> Z2[Return wallet access denied error]
+    G -- Yes --> H[Persist wallet visibility]
+    E -- Yes --> I[Classify transaction meaning]
+    H --> I
+
+    I --> J{Meaning supported?}
+    J -- No --> Z3[Return unsupported transaction error]
+    J -- Yes --> K[Find matching grant]
+
+    K --> L{Grant exists?}
+    L -- Yes --> M[Check grant limits]
+    L -- No --> N[Start execution or grant voting flow]
+
+    N --> O{User-agent decision}
+    O -- Reject --> Z4[Return no matching grant error]
+    O -- Allow once --> M
+    O -- Create grant --> P[Create grant with user-selected limits]
+    P --> Q[Persist grant]
+    Q --> M
+
+    M --> R{Limits exceeded?}
+    R -- Yes --> Z5[Return evaluation error]
+    R -- No --> S[Record transaction in logs]
+    S --> T[Produce signature]
+    T --> U[Return signature to SDK client]
+
+    note1[Limit checks include volume, count, and gas constraints.]
+    note2[Grant lookup depends on classified meaning, such as ether transfer or token transfer.]
+
+    K -. uses .-> note2
+    M -. checks .-> note1
+```
+
 ### Policy Trait
 
 | Method | Purpose |
@@ -148,7 +201,7 @@ The central abstraction is the `Policy` trait. Each implementation handles one s
 Every grant has two layers:
 
 - **Shared (`evm_basic_grant`)** — wallet, chain, validity period, gas fee caps, transaction count rate limit. One row per grant regardless of type.
-- **Specific** — policy-owned tables (`evm_ether_transfer_grant`, `evm_token_transfer_grant`, etc.) holding type-specific configuration.
+- **Specific** — policy-owned tables (`evm_ether_transfer_grant`, `evm_token_transfer_grant`) holding type-specific configuration.
 
 `find_all_grants` uses a `#[diesel::auto_type]` base join between the specific and shared tables, then batch-loads related rows (targets, volume limits) in two additional queries to avoid N+1.
 
@@ -171,7 +224,6 @@ These are checked centrally in `check_shared_constraints` before policy evaluati
 - **Only EIP-1559 transactions are supported.** Legacy and EIP-2930 types are rejected outright.
 - **No opaque-calldata (unknown contract) grant type.** The architecture describes a category for unrecognised contracts, but no policy implements it yet. Any transaction that is not a plain ETH transfer or a known ERC-20 transfer is unconditionally rejected.
 - **Token registry is static.** Tokens are recognised only if they appear in the hard-coded `arbiter_tokens_registry` crate. There is no mechanism to register additional contracts at runtime.
-- **Nonce management is not implemented.** The architecture lists nonce deduplication as a core responsibility, but no nonce tracking or enforcement exists yet.
 
 ---
 
@@ -179,5 +231,5 @@ These are checked centrally in `check_shared_constraints` before policy evaluati
 
 The unsealed root key must be held in a hardened memory cell resistant to dumps, page swaps, and hibernation.
 
-- **Current:** Using the `memsafe` crate as an interim solution
+- **Current:** A dedicated memory-protection abstraction is in place, with `memsafe` used behind that abstraction today
-- **Planned:** Custom implementation based on `mlock` (Unix) and `VirtualProtect` (Windows)
+- **Planned:** Additional backends can be introduced behind the same abstraction, including a custom implementation based on `mlock` (Unix) and `VirtualProtect` (Windows)

mise.lock

@@ -8,10 +8,18 @@ backend = "aqua:ast-grep/ast-grep"
 checksum = "sha256:5c830eae8456569e2f7212434ed9c238f58dca412d76045418ed6d394a755836"
 url = "https://github.com/ast-grep/ast-grep/releases/download/0.42.0/app-aarch64-unknown-linux-gnu.zip"
 
+[tools.ast-grep."platforms.linux-arm64-musl"]
+checksum = "sha256:5c830eae8456569e2f7212434ed9c238f58dca412d76045418ed6d394a755836"
+url = "https://github.com/ast-grep/ast-grep/releases/download/0.42.0/app-aarch64-unknown-linux-gnu.zip"
+
 [tools.ast-grep."platforms.linux-x64"]
 checksum = "sha256:e825a05603f0bcc4cd9076c4cc8c9abd6d008b7cd07d9aa3cc323ba4b8606651"
 url = "https://github.com/ast-grep/ast-grep/releases/download/0.42.0/app-x86_64-unknown-linux-gnu.zip"
 
+[tools.ast-grep."platforms.linux-x64-musl"]
+checksum = "sha256:e825a05603f0bcc4cd9076c4cc8c9abd6d008b7cd07d9aa3cc323ba4b8606651"
+url = "https://github.com/ast-grep/ast-grep/releases/download/0.42.0/app-x86_64-unknown-linux-gnu.zip"
+
 [tools.ast-grep."platforms.macos-arm64"]
 checksum = "sha256:fc300d5293b1c770a5aece03a8a193b92e71e87cec726c28096990691a582620"
 url = "https://github.com/ast-grep/ast-grep/releases/download/0.42.0/app-aarch64-apple-darwin.zip"
@@ -32,10 +40,6 @@ backend = "cargo:cargo-audit"
 version = "0.13.9"
 backend = "cargo:cargo-edit"
 
-[[tools."cargo:cargo-features"]]
-version = "1.0.0"
-backend = "cargo:cargo-features"
-
 [[tools."cargo:cargo-features-manager"]]
 version = "0.11.1"
 backend = "cargo:cargo-features-manager"
@@ -44,26 +48,22 @@ backend = "cargo:cargo-features-manager"
 version = "1.46.3"
 backend = "cargo:cargo-insta"
 
+[[tools."cargo:cargo-mutants"]]
+version = "27.0.0"
+backend = "cargo:cargo-mutants"
+
 [[tools."cargo:cargo-nextest"]]
 version = "0.9.126"
 backend = "cargo:cargo-nextest"
 
 [[tools."cargo:cargo-shear"]]
-version = "1.9.1"
+version = "1.11.2"
 backend = "cargo:cargo-shear"
 
 [[tools."cargo:cargo-vet"]]
 version = "0.10.2"
 backend = "cargo:cargo-vet"
 
-[[tools."cargo:diesel-cli"]]
-version = "2.3.6"
-backend = "cargo:diesel-cli"
-
-[tools."cargo:diesel-cli".options]
-default-features = "false"
-features = "sqlite,sqlite-bundled"
-
 [[tools."cargo:diesel_cli"]]
 version = "2.3.6"
 backend = "cargo:diesel_cli"
@@ -72,10 +72,6 @@ backend = "cargo:diesel_cli"
 default-features = "false"
 features = "sqlite,sqlite-bundled"
 
-[[tools."cargo:rinf_cli"]]
-version = "8.9.1"
-backend = "cargo:rinf_cli"
-
 [[tools.flutter]]
 version = "3.38.9-stable"
 backend = "asdf:flutter"
@@ -88,10 +84,18 @@ backend = "aqua:protocolbuffers/protobuf/protoc"
 checksum = "sha256:2594ff4fcae8cb57310d394d0961b236190ad9c5efbfdf1f597ea471d424fe79"
 url = "https://github.com/protocolbuffers/protobuf/releases/download/v29.6/protoc-29.6-linux-aarch_64.zip"
 
+[tools.protoc."platforms.linux-arm64-musl"]
+checksum = "sha256:2594ff4fcae8cb57310d394d0961b236190ad9c5efbfdf1f597ea471d424fe79"
+url = "https://github.com/protocolbuffers/protobuf/releases/download/v29.6/protoc-29.6-linux-aarch_64.zip"
+
 [tools.protoc."platforms.linux-x64"]
 checksum = "sha256:48785a926e73ffa3f68e2f22b14e7b849620c7a1d36809ac9249a5495e280323"
 url = "https://github.com/protocolbuffers/protobuf/releases/download/v29.6/protoc-29.6-linux-x86_64.zip"
 
+[tools.protoc."platforms.linux-x64-musl"]
+checksum = "sha256:48785a926e73ffa3f68e2f22b14e7b849620c7a1d36809ac9249a5495e280323"
+url = "https://github.com/protocolbuffers/protobuf/releases/download/v29.6/protoc-29.6-linux-x86_64.zip"
+
 [tools.protoc."platforms.macos-arm64"]
 checksum = "sha256:b9576b5fa1a1ef3fe13a8c91d9d8204b46545759bea5ae155cd6ba2ea4cdaeed"
 url = "https://github.com/protocolbuffers/protobuf/releases/download/v29.6/protoc-29.6-osx-aarch_64.zip"
@@ -109,24 +113,39 @@ version = "3.14.3"
 backend = "core:python"
 
 [tools.python."platforms.linux-arm64"]
-checksum = "sha256:be0f4dc2932f762292b27d46ea7d3e8e66ddf3969a5eb0254a229015ed402625"
+checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260303/cpython-3.14.3+20260303-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
+provenance = "github-attestations"
+
+[tools.python."platforms.linux-arm64-musl"]
+checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
+provenance = "github-attestations"
 
 [tools.python."platforms.linux-x64"]
-checksum = "sha256:0a73413f89efd417871876c9accaab28a9d1e3cd6358fbfff171a38ec99302f0"
+checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260303/cpython-3.14.3+20260303-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
+provenance = "github-attestations"
+
+[tools.python."platforms.linux-x64-musl"]
+checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
+provenance = "github-attestations"
 
 [tools.python."platforms.macos-arm64"]
-checksum = "sha256:4703cdf18b26798fde7b49b6b66149674c25f97127be6a10dbcf29309bdcdcdb"
+checksum = "sha256:c43aecde4a663aebff99b9b83da0efec506479f1c3f98331442f33d2c43501f9"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260303/cpython-3.14.3+20260303-aarch64-apple-darwin-install_only_stripped.tar.gz"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-apple-darwin-install_only_stripped.tar.gz"
+provenance = "github-attestations"
 
 [tools.python."platforms.macos-x64"]
-checksum = "sha256:76f1cc26e3d262eae8ca546a93e8bded10cf0323613f7e246fea2e10a8115eb7"
+checksum = "sha256:9ab41dbc2f100a2a45d1833b9c11165f51051c558b5213eda9a9731d5948a0c0"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260303/cpython-3.14.3+20260303-x86_64-apple-darwin-install_only_stripped.tar.gz"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-apple-darwin-install_only_stripped.tar.gz"
+provenance = "github-attestations"
 
 [tools.python."platforms.windows-x64"]
-checksum = "sha256:950c5f21a015c1bdd1337f233456df2470fab71e4d794407d27a84cb8b9909a0"
+checksum = "sha256:bbe19034b35b0267176a7442575ae7dc6343480fd4d35598cb7700173d431e09"
-url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260303/cpython-3.14.3+20260303-x86_64-pc-windows-msvc-install_only_stripped.tar.gz"
+url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-pc-windows-msvc-install_only_stripped.tar.gz"
+provenance = "github-attestations"
 
 [[tools.rust]]
 version = "1.93.0"

mise.toml

@@ -12,11 +12,12 @@ protoc = "29.6"
 python = "3.14.3"
 ast-grep = "0.42.0"
 "cargo:cargo-edit" = "0.13.9"
+"cargo:cargo-mutants" = "27.0.0"
 
 [tasks.codegen]
-sources = ['protobufs/*.proto']
+sources = ['protobufs/*.proto', 'protobufs/**/*.proto']
-outputs = ['useragent/lib/proto/*']
+outputs = ['useragent/lib/proto/**']
 run = '''
 dart pub global activate protoc_plugin && \
-protoc --dart_out=grpc:useragent/lib/proto --proto_path=protobufs/ protobufs/*.proto
+protoc --dart_out=grpc:useragent/lib/proto --proto_path=protobufs/ $(find protobufs -name '*.proto' | sort)
 '''

protobufs/client.proto

@@ -2,63 +2,24 @@ syntax = "proto3";
 
 package arbiter.client;
 
-import "evm.proto";
+import "client/auth.proto";
-import "google/protobuf/empty.proto";
+import "client/evm.proto";
-
+import "client/vault.proto";
-message ClientInfo {
-  string name = 1;
-  optional string description = 2;
-  optional string version = 3;
-}
-
-message AuthChallengeRequest {
-  bytes pubkey = 1;
-  ClientInfo client_info = 2;
-}
-
-message AuthChallenge {
-  bytes pubkey = 1;
-  int32 nonce = 2;
-}
-
-message AuthChallengeSolution {
-  bytes signature = 1;
-}
-
-enum AuthResult {
-  AUTH_RESULT_UNSPECIFIED = 0;
-  AUTH_RESULT_SUCCESS = 1;
-  AUTH_RESULT_INVALID_KEY = 2;
-  AUTH_RESULT_INVALID_SIGNATURE = 3;
-  AUTH_RESULT_APPROVAL_DENIED = 4;
-  AUTH_RESULT_NO_USER_AGENTS_ONLINE = 5;
-  AUTH_RESULT_INTERNAL = 6;
-}
-
-enum VaultState {
-  VAULT_STATE_UNSPECIFIED = 0;
-  VAULT_STATE_UNBOOTSTRAPPED = 1;
-  VAULT_STATE_SEALED = 2;
-  VAULT_STATE_UNSEALED = 3;
-  VAULT_STATE_ERROR = 4;
-}
 
 message ClientRequest {
   int32 request_id = 4;
   oneof payload {
-    AuthChallengeRequest auth_challenge_request = 1;
+    auth.Request auth = 1;
-    AuthChallengeSolution auth_challenge_solution = 2;
+    vault.Request vault = 2;
-    google.protobuf.Empty query_vault_state = 3;
+    evm.Request evm = 3;
   }
 }
 
 message ClientResponse {
   optional int32 request_id = 7;
   oneof payload {
-    AuthChallenge auth_challenge = 1;
+    auth.Response auth = 1;
-    AuthResult auth_result = 2;
+    vault.Response vault = 2;
-    arbiter.evm.EvmSignTransactionResponse evm_sign_transaction = 3;
+    evm.Response evm = 3;
-    arbiter.evm.EvmAnalyzeTransactionResponse evm_analyze_transaction = 4;
-    VaultState vault_state = 6;
   }
 }

protobufs/client/auth.proto

@@ -0,0 +1,43 @@
+syntax = "proto3";
+
+package arbiter.client.auth;
+
+import "shared/client.proto";
+
+message AuthChallengeRequest {
+  bytes pubkey = 1;
+  arbiter.shared.ClientInfo client_info = 2;
+}
+
+message AuthChallenge {
+  bytes pubkey = 1;
+  int32 nonce = 2;
+}
+
+message AuthChallengeSolution {
+  bytes signature = 1;
+}
+
+enum AuthResult {
+  AUTH_RESULT_UNSPECIFIED = 0;
+  AUTH_RESULT_SUCCESS = 1;
+  AUTH_RESULT_INVALID_KEY = 2;
+  AUTH_RESULT_INVALID_SIGNATURE = 3;
+  AUTH_RESULT_APPROVAL_DENIED = 4;
+  AUTH_RESULT_NO_USER_AGENTS_ONLINE = 5;
+  AUTH_RESULT_INTERNAL = 6;
+}
+
+message Request {
+  oneof payload {
+    AuthChallengeRequest challenge_request = 1;
+    AuthChallengeSolution challenge_solution = 2;
+  }
+}
+
+message Response {
+  oneof payload {
+    AuthChallenge challenge = 1;
+    AuthResult result = 2;
+  }
+}

protobufs/client/evm.proto

@@ -0,0 +1,19 @@
+syntax = "proto3";
+
+package arbiter.client.evm;
+
+import "evm.proto";
+
+message Request {
+  oneof payload {
+    arbiter.evm.EvmSignTransactionRequest sign_transaction = 1;
+    arbiter.evm.EvmAnalyzeTransactionRequest analyze_transaction = 2;
+  }
+}
+
+message Response {
+  oneof payload {
+    arbiter.evm.EvmSignTransactionResponse sign_transaction = 1;
+    arbiter.evm.EvmAnalyzeTransactionResponse analyze_transaction = 2;
+  }
+}

protobufs/client/vault.proto

@@ -0,0 +1,18 @@
+syntax = "proto3";
+
+package arbiter.client.vault;
+
+import "google/protobuf/empty.proto";
+import "shared/vault.proto";
+
+message Request {
+  oneof payload {
+    google.protobuf.Empty query_state = 1;
+  }
+}
+
+message Response {
+  oneof payload {
+    arbiter.shared.VaultState state = 1;
+  }
+}

protobufs/evm.proto

@@ -4,6 +4,7 @@ package arbiter.evm;
 
 import "google/protobuf/empty.proto";
 import "google/protobuf/timestamp.proto";
+import "shared/evm.proto";
 
 enum EvmError {
   EVM_ERROR_UNSPECIFIED = 0;
@@ -74,70 +75,6 @@ message SpecificGrant {
   }
 }
 
-message EtherTransferMeaning {
-  bytes to = 1; // 20-byte Ethereum address
-  bytes value = 2; // U256 as big-endian bytes
-}
-
-message TokenInfo {
-  string symbol = 1;
-  bytes address = 2; // 20-byte Ethereum address
-  uint64 chain_id = 3;
-}
-
-// Mirror of token_transfers::Meaning
-message TokenTransferMeaning {
-  TokenInfo token = 1;
-  bytes to = 2; // 20-byte Ethereum address
-  bytes value = 3; // U256 as big-endian bytes
-}
-
-// Mirror of policies::SpecificMeaning
-message SpecificMeaning {
-  oneof meaning {
-    EtherTransferMeaning ether_transfer = 1;
-    TokenTransferMeaning token_transfer = 2;
-  }
-}
-
-// --- Eval error types ---
-message GasLimitExceededViolation {
-  optional bytes max_gas_fee_per_gas = 1; // U256 as big-endian bytes
-  optional bytes max_priority_fee_per_gas = 2; // U256 as big-endian bytes
-}
-
-message EvalViolation {
-  oneof kind {
-    bytes invalid_target = 1; // 20-byte Ethereum address
-    GasLimitExceededViolation gas_limit_exceeded = 2;
-    google.protobuf.Empty rate_limit_exceeded = 3;
-    google.protobuf.Empty volumetric_limit_exceeded = 4;
-    google.protobuf.Empty invalid_time = 5;
-    google.protobuf.Empty invalid_transaction_type = 6;
-  }
-}
-
-// Transaction was classified but no grant covers it
-message NoMatchingGrantError {
-  SpecificMeaning meaning = 1;
-}
-
-// Transaction was classified and a grant was found, but constraints were violated
-message PolicyViolationsError {
-  SpecificMeaning meaning = 1;
-  repeated EvalViolation violations = 2;
-}
-
-// top-level error returned when transaction evaluation fails
-message TransactionEvalError {
-  oneof kind {
-    google.protobuf.Empty contract_creation_not_supported = 1;
-    google.protobuf.Empty unsupported_transaction_type = 2;
-    NoMatchingGrantError no_matching_grant = 3;
-    PolicyViolationsError policy_violations = 4;
-  }
-}
-
 // --- UserAgent grant management ---
 message EvmGrantCreateRequest {
   SharedSettings shared = 1;
@@ -197,7 +134,7 @@ message EvmSignTransactionRequest {
 message EvmSignTransactionResponse {
   oneof result {
     bytes signature = 1; // 65-byte signature: r[32] || s[32] || v[1]
-    TransactionEvalError eval_error = 2;
+    arbiter.shared.evm.TransactionEvalError eval_error = 2;
     EvmError error = 3;
   }
 }
@@ -209,8 +146,8 @@ message EvmAnalyzeTransactionRequest {
 
 message EvmAnalyzeTransactionResponse {
   oneof result {
-    SpecificMeaning meaning = 1;
+    arbiter.shared.evm.SpecificMeaning meaning = 1;
-    TransactionEvalError eval_error = 2;
+    arbiter.shared.evm.TransactionEvalError eval_error = 2;
     EvmError error = 3;
   }
 }

protobufs/shared/client.proto

@@ -0,0 +1,9 @@
+syntax = "proto3";
+
+package arbiter.shared;
+
+message ClientInfo {
+  string name = 1;
+  optional string description = 2;
+  optional string version = 3;
+}

protobufs/shared/evm.proto

@@ -0,0 +1,74 @@
+syntax = "proto3";
+
+package arbiter.shared.evm;
+
+import "google/protobuf/empty.proto";
+
+message EtherTransferMeaning {
+  bytes to = 1; // 20-byte Ethereum address
+  bytes value = 2; // U256 as big-endian bytes
+}
+
+message TokenInfo {
+  string symbol = 1;
+  bytes address = 2; // 20-byte Ethereum address
+  uint64 chain_id = 3;
+}
+
+// Mirror of token_transfers::Meaning
+message TokenTransferMeaning {
+  TokenInfo token = 1;
+  bytes to = 2; // 20-byte Ethereum address
+  bytes value = 3; // U256 as big-endian bytes
+}
+
+// Mirror of policies::SpecificMeaning
+message SpecificMeaning {
+  oneof meaning {
+    EtherTransferMeaning ether_transfer = 1;
+    TokenTransferMeaning token_transfer = 2;
+  }
+}
+
+message GasLimitExceededViolation {
+  optional bytes max_gas_fee_per_gas = 1; // U256 as big-endian bytes
+  optional bytes max_priority_fee_per_gas = 2; // U256 as big-endian bytes
+}
+
+message EvalViolation {
+  message ChainIdMismatch {
+    uint64 expected = 1;
+    uint64 actual = 2;
+  }
+  oneof kind {
+    bytes invalid_target = 1; // 20-byte Ethereum address
+    GasLimitExceededViolation gas_limit_exceeded = 2;
+    google.protobuf.Empty rate_limit_exceeded = 3;
+    google.protobuf.Empty volumetric_limit_exceeded = 4;
+    google.protobuf.Empty invalid_time = 5;
+    google.protobuf.Empty invalid_transaction_type = 6;
+
+    ChainIdMismatch chain_id_mismatch = 7;
+  }
+}
+
+// Transaction was classified but no grant covers it
+message NoMatchingGrantError {
+  SpecificMeaning meaning = 1;
+}
+
+// Transaction was classified and a grant was found, but constraints were violated
+message PolicyViolationsError {
+  SpecificMeaning meaning = 1;
+  repeated EvalViolation violations = 2;
+}
+
+// top-level error returned when transaction evaluation fails
+message TransactionEvalError {
+  oneof kind {
+    google.protobuf.Empty contract_creation_not_supported = 1;
+    google.protobuf.Empty unsupported_transaction_type = 2;
+    NoMatchingGrantError no_matching_grant = 3;
+    PolicyViolationsError policy_violations = 4;
+  }
+}

protobufs/shared/vault.proto

@@ -0,0 +1,11 @@
+syntax = "proto3";
+
+package arbiter.shared;
+
+enum VaultState {
+  VAULT_STATE_UNSPECIFIED = 0;
+  VAULT_STATE_UNBOOTSTRAPPED = 1;
+  VAULT_STATE_SEALED = 2;
+  VAULT_STATE_UNSEALED = 3;
+  VAULT_STATE_ERROR = 4;
+}

protobufs/user_agent.proto

@@ -2,198 +2,27 @@ syntax = "proto3";
 
 package arbiter.user_agent;
 
-import "client.proto";
+import "user_agent/auth.proto";
-import "evm.proto";
+import "user_agent/evm.proto";
-import "google/protobuf/empty.proto";
+import "user_agent/sdk_client.proto";
-
+import "user_agent/vault/vault.proto";
-enum KeyType {
-  KEY_TYPE_UNSPECIFIED = 0;
-  KEY_TYPE_ED25519 = 1;
-  KEY_TYPE_ECDSA_SECP256K1 = 2;
-  KEY_TYPE_RSA = 3;
-}
-
-// --- SDK client management ---
-
-enum SdkClientError {
-  SDK_CLIENT_ERROR_UNSPECIFIED = 0;
-  SDK_CLIENT_ERROR_ALREADY_EXISTS = 1;
-  SDK_CLIENT_ERROR_NOT_FOUND = 2;
-  SDK_CLIENT_ERROR_HAS_RELATED_DATA = 3; // hard-delete blocked by FK (client has grants or transaction logs)
-  SDK_CLIENT_ERROR_INTERNAL = 4;
-}
-
-message SdkClientRevokeRequest {
-  int32 client_id = 1;
-}
-
-message SdkClientEntry {
-  int32 id = 1;
-  bytes pubkey = 2;
-  arbiter.client.ClientInfo info = 3;
-  int32 created_at = 4;
-}
-
-message SdkClientList {
-  repeated SdkClientEntry clients = 1;
-}
-
-message SdkClientRevokeResponse {
-  oneof result {
-    google.protobuf.Empty ok = 1;
-    SdkClientError error = 2;
-  }
-}
-
-message SdkClientListResponse {
-  oneof result {
-    SdkClientList clients = 1;
-    SdkClientError error = 2;
-  }
-}
-
-message AuthChallengeRequest {
-  bytes pubkey = 1;
-  optional string bootstrap_token = 2;
-  KeyType key_type = 3;
-}
-
-message AuthChallenge {
-  int32 nonce = 2;
-  reserved 1;
-}
-
-message AuthChallengeSolution {
-  bytes signature = 1;
-}
-
-enum AuthResult {
-  AUTH_RESULT_UNSPECIFIED = 0;
-  AUTH_RESULT_SUCCESS = 1;
-  AUTH_RESULT_INVALID_KEY = 2;
-  AUTH_RESULT_INVALID_SIGNATURE = 3;
-  AUTH_RESULT_BOOTSTRAP_REQUIRED = 4;
-  AUTH_RESULT_TOKEN_INVALID = 5;
-  AUTH_RESULT_INTERNAL = 6;
-}
-
-message UnsealStart {
-  bytes client_pubkey = 1;
-}
-
-message UnsealStartResponse {
-  bytes server_pubkey = 1;
-}
-message UnsealEncryptedKey {
-  bytes nonce = 1;
-  bytes ciphertext = 2;
-  bytes associated_data = 3;
-}
-
-message BootstrapEncryptedKey {
-  bytes nonce = 1;
-  bytes ciphertext = 2;
-  bytes associated_data = 3;
-}
-
-enum UnsealResult {
-  UNSEAL_RESULT_UNSPECIFIED = 0;
-  UNSEAL_RESULT_SUCCESS = 1;
-  UNSEAL_RESULT_INVALID_KEY = 2;
-  UNSEAL_RESULT_UNBOOTSTRAPPED = 3;
-}
-
-enum BootstrapResult {
-  BOOTSTRAP_RESULT_UNSPECIFIED = 0;
-  BOOTSTRAP_RESULT_SUCCESS = 1;
-  BOOTSTRAP_RESULT_ALREADY_BOOTSTRAPPED = 2;
-  BOOTSTRAP_RESULT_INVALID_KEY = 3;
-}
-
-enum VaultState {
-  VAULT_STATE_UNSPECIFIED = 0;
-  VAULT_STATE_UNBOOTSTRAPPED = 1;
-  VAULT_STATE_SEALED = 2;
-  VAULT_STATE_UNSEALED = 3;
-  VAULT_STATE_ERROR = 4;
-}
-
-message SdkClientConnectionRequest {
-  bytes pubkey = 1;
-  arbiter.client.ClientInfo info = 2;
-}
-
-message SdkClientConnectionResponse {
-  bool approved = 1;
-  bytes pubkey = 2;
-}
-
-message SdkClientConnectionCancel {
-  bytes pubkey = 1;
-}
-
-message WalletAccess {
-  int32 wallet_id = 1;
-  int32 sdk_client_id = 2;
-}
-
-message SdkClientWalletAccess {
-  int32 id = 1;
-  WalletAccess access = 2;
-}
-
-message SdkClientGrantWalletAccess {
-  repeated WalletAccess accesses = 1;
-}
-
-message SdkClientRevokeWalletAccess {
-  repeated int32 accesses = 1;
-}
-
-message ListWalletAccessResponse {
-  repeated SdkClientWalletAccess accesses = 1;
-}
 
 message UserAgentRequest {
   int32 id = 16;
   oneof payload {
-    AuthChallengeRequest auth_challenge_request = 1;
+    auth.Request auth = 1;
-    AuthChallengeSolution auth_challenge_solution = 2;
+    vault.Request vault = 2;
-    UnsealStart unseal_start = 3;
+    evm.Request evm = 3;
-    UnsealEncryptedKey unseal_encrypted_key = 4;
+    sdk_client.Request sdk_client = 4;
-    google.protobuf.Empty query_vault_state = 5;
-    google.protobuf.Empty evm_wallet_create = 6;
-    google.protobuf.Empty evm_wallet_list = 7;
-    arbiter.evm.EvmGrantCreateRequest evm_grant_create = 8;
-    arbiter.evm.EvmGrantDeleteRequest evm_grant_delete = 9;
-    arbiter.evm.EvmGrantListRequest evm_grant_list = 10;
-    SdkClientConnectionResponse sdk_client_connection_response = 11;
-    SdkClientRevokeRequest sdk_client_revoke = 12;
-    google.protobuf.Empty sdk_client_list = 13;
-    BootstrapEncryptedKey bootstrap_encrypted_key = 14;
-    SdkClientGrantWalletAccess grant_wallet_access = 15;
-    SdkClientRevokeWalletAccess revoke_wallet_access = 17;
-    google.protobuf.Empty list_wallet_access = 18;
   }
 }
+
 message UserAgentResponse {
   optional int32 id = 16;
   oneof payload {
-    AuthChallenge auth_challenge = 1;
+    auth.Response auth = 1;
-    AuthResult auth_result = 2;
+    vault.Response vault = 2;
-    UnsealStartResponse unseal_start_response = 3;
+    evm.Response evm = 3;
-    UnsealResult unseal_result = 4;
+    sdk_client.Response sdk_client = 4;
-    VaultState vault_state = 5;
-    arbiter.evm.WalletCreateResponse evm_wallet_create = 6;
-    arbiter.evm.WalletListResponse evm_wallet_list = 7;
-    arbiter.evm.EvmGrantCreateResponse evm_grant_create = 8;
-    arbiter.evm.EvmGrantDeleteResponse evm_grant_delete = 9;
-    arbiter.evm.EvmGrantListResponse evm_grant_list = 10;
-    SdkClientConnectionRequest sdk_client_connection_request = 11;
-    SdkClientConnectionCancel sdk_client_connection_cancel = 12;
-    SdkClientRevokeResponse sdk_client_revoke_response = 13;
-    SdkClientListResponse sdk_client_list_response = 14;
-    BootstrapResult bootstrap_result = 15;
-    ListWalletAccessResponse list_wallet_access_response = 17;
   }
 }

protobufs/user_agent/auth.proto

@@ -0,0 +1,48 @@
+syntax = "proto3";
+
+package arbiter.user_agent.auth;
+
+enum KeyType {
+  KEY_TYPE_UNSPECIFIED = 0;
+  KEY_TYPE_ED25519 = 1;
+  KEY_TYPE_ECDSA_SECP256K1 = 2;
+  KEY_TYPE_RSA = 3;
+}
+
+message AuthChallengeRequest {
+  bytes pubkey = 1;
+  optional string bootstrap_token = 2;
+  KeyType key_type = 3;
+}
+
+message AuthChallenge {
+  int32 nonce = 1;
+}
+
+message AuthChallengeSolution {
+  bytes signature = 1;
+}
+
+enum AuthResult {
+  AUTH_RESULT_UNSPECIFIED = 0;
+  AUTH_RESULT_SUCCESS = 1;
+  AUTH_RESULT_INVALID_KEY = 2;
+  AUTH_RESULT_INVALID_SIGNATURE = 3;
+  AUTH_RESULT_BOOTSTRAP_REQUIRED = 4;
+  AUTH_RESULT_TOKEN_INVALID = 5;
+  AUTH_RESULT_INTERNAL = 6;
+}
+
+message Request {
+  oneof payload {
+    AuthChallengeRequest challenge_request = 1;
+    AuthChallengeSolution challenge_solution = 2;
+  }
+}
+
+message Response {
+  oneof payload {
+    AuthChallenge challenge = 1;
+    AuthResult result = 2;
+  }
+}

protobufs/user_agent/evm.proto

@@ -0,0 +1,33 @@
+syntax = "proto3";
+
+package arbiter.user_agent.evm;
+
+import "evm.proto";
+import "google/protobuf/empty.proto";
+
+message SignTransactionRequest {
+  int32 client_id = 1;
+  arbiter.evm.EvmSignTransactionRequest request = 2;
+}
+
+message Request {
+  oneof payload {
+    google.protobuf.Empty wallet_create = 1;
+    google.protobuf.Empty wallet_list = 2;
+    arbiter.evm.EvmGrantCreateRequest grant_create = 3;
+    arbiter.evm.EvmGrantDeleteRequest grant_delete = 4;
+    arbiter.evm.EvmGrantListRequest grant_list = 5;
+    SignTransactionRequest sign_transaction = 6;
+  }
+}
+
+message Response {
+  oneof payload {
+    arbiter.evm.WalletCreateResponse wallet_create = 1;
+    arbiter.evm.WalletListResponse wallet_list = 2;
+    arbiter.evm.EvmGrantCreateResponse grant_create = 3;
+    arbiter.evm.EvmGrantDeleteResponse grant_delete = 4;
+    arbiter.evm.EvmGrantListResponse grant_list = 5;
+    arbiter.evm.EvmSignTransactionResponse sign_transaction = 6;
+  }
+}

protobufs/user_agent/sdk_client.proto

@@ -0,0 +1,100 @@
+syntax = "proto3";
+
+package arbiter.user_agent.sdk_client;
+
+import "shared/client.proto";
+import "google/protobuf/empty.proto";
+
+enum Error {
+  ERROR_UNSPECIFIED = 0;
+  ERROR_ALREADY_EXISTS = 1;
+  ERROR_NOT_FOUND = 2;
+  ERROR_HAS_RELATED_DATA = 3; // hard-delete blocked by FK (client has grants or transaction logs)
+  ERROR_INTERNAL = 4;
+}
+
+message RevokeRequest {
+  int32 client_id = 1;
+}
+
+message Entry {
+  int32 id = 1;
+  bytes pubkey = 2;
+  arbiter.shared.ClientInfo info = 3;
+  int32 created_at = 4;
+}
+
+message List {
+  repeated Entry clients = 1;
+}
+
+message RevokeResponse {
+  oneof result {
+    google.protobuf.Empty ok = 1;
+    Error error = 2;
+  }
+}
+
+message ListResponse {
+  oneof result {
+    List clients = 1;
+    Error error = 2;
+  }
+}
+
+message ConnectionRequest {
+  bytes pubkey = 1;
+  arbiter.shared.ClientInfo info = 2;
+}
+
+message ConnectionResponse {
+  bool approved = 1;
+  bytes pubkey = 2;
+}
+
+message ConnectionCancel {
+  bytes pubkey = 1;
+}
+
+message WalletAccess {
+  int32 wallet_id = 1;
+  int32 sdk_client_id = 2;
+}
+
+message WalletAccessEntry {
+  int32 id = 1;
+  WalletAccess access = 2;
+}
+
+message GrantWalletAccess {
+  repeated WalletAccess accesses = 1;
+}
+
+message RevokeWalletAccess {
+  repeated int32 accesses = 1;
+}
+
+message ListWalletAccessResponse {
+  repeated WalletAccessEntry accesses = 1;
+}
+
+message Request {
+  oneof payload {
+    ConnectionResponse connection_response = 1;
+    RevokeRequest revoke = 2;
+    google.protobuf.Empty list = 3;
+    GrantWalletAccess grant_wallet_access = 4;
+    RevokeWalletAccess revoke_wallet_access = 5;
+    google.protobuf.Empty list_wallet_access = 6;
+  }
+}
+
+message Response {
+  oneof payload {
+    ConnectionRequest connection_request = 1;
+    ConnectionCancel connection_cancel = 2;
+    RevokeResponse revoke = 3;
+    ListResponse list = 4;
+    ListWalletAccessResponse list_wallet_access = 5;
+  }
+}

protobufs/user_agent/vault/bootstrap.proto

@@ -0,0 +1,24 @@
+syntax = "proto3";
+
+package arbiter.user_agent.vault.bootstrap;
+
+message BootstrapEncryptedKey {
+  bytes nonce = 1;
+  bytes ciphertext = 2;
+  bytes associated_data = 3;
+}
+
+enum BootstrapResult {
+  BOOTSTRAP_RESULT_UNSPECIFIED = 0;
+  BOOTSTRAP_RESULT_SUCCESS = 1;
+  BOOTSTRAP_RESULT_ALREADY_BOOTSTRAPPED = 2;
+  BOOTSTRAP_RESULT_INVALID_KEY = 3;
+}
+
+message Request {
+  BootstrapEncryptedKey encrypted_key = 2;
+}
+
+message Response {
+  BootstrapResult result = 1;
+}

protobufs/user_agent/vault/unseal.proto

@@ -0,0 +1,37 @@
+syntax = "proto3";
+
+package arbiter.user_agent.vault.unseal;
+
+message UnsealStart {
+  bytes client_pubkey = 1;
+}
+
+message UnsealStartResponse {
+  bytes server_pubkey = 1;
+}
+message UnsealEncryptedKey {
+  bytes nonce = 1;
+  bytes ciphertext = 2;
+  bytes associated_data = 3;
+}
+
+enum UnsealResult {
+  UNSEAL_RESULT_UNSPECIFIED = 0;
+  UNSEAL_RESULT_SUCCESS = 1;
+  UNSEAL_RESULT_INVALID_KEY = 2;
+  UNSEAL_RESULT_UNBOOTSTRAPPED = 3;
+}
+
+message Request {
+  oneof payload {
+    UnsealStart start = 1;
+    UnsealEncryptedKey encrypted_key = 2;
+  }
+}
+
+message Response {
+  oneof payload {
+    UnsealStartResponse start = 1;
+    UnsealResult result = 2;
+  }
+}

protobufs/user_agent/vault/vault.proto

@@ -0,0 +1,24 @@
+syntax = "proto3";
+
+package arbiter.user_agent.vault;
+
+import "google/protobuf/empty.proto";
+import "shared/vault.proto";
+import "user_agent/vault/bootstrap.proto";
+import "user_agent/vault/unseal.proto";
+
+message Request {
+  oneof payload {
+    google.protobuf.Empty query_state = 1;
+    unseal.Request unseal = 2;
+    bootstrap.Request bootstrap = 3;
+  }
+}
+
+message Response {
+  oneof payload {
+    arbiter.shared.VaultState state = 1;
+    unseal.Response unseal = 2;
+    bootstrap.Response bootstrap = 3;
+  }
+}

server/.cargo/mutants.toml

@@ -0,0 +1 @@
+test_tool = "nextest"

server/.gitignore

@@ -0,0 +1,2 @@
+mutants.out/
+mutants.out.old/

server/Cargo.lock

@@ -347,7 +347,7 @@ dependencies = [
  "ruint",
  "rustc-hash",
  "serde",
- "sha3",
+ "sha3 0.10.8",
 ]
 
 [[package]]
@@ -548,7 +548,7 @@ dependencies = [
  "proc-macro-error2",
  "proc-macro2",
  "quote",
- "sha3",
+ "sha3 0.10.8",
  "syn 2.0.117",
  "syn-solidity",
 ]
@@ -680,9 +680,9 @@ name = "arbiter-client"
 version = "0.1.0"
 dependencies = [
  "alloy",
+ "arbiter-crypto",
  "arbiter-proto",
  "async-trait",
- "ed25519-dalek",
  "http",
  "rand 0.10.0",
  "rustls-webpki",
@@ -692,6 +692,29 @@ dependencies = [
  "tonic",
 ]
 
+[[package]]
+name = "arbiter-crypto"
+version = "0.1.0"
+dependencies = [
+ "alloy",
+ "base64",
+ "chrono",
+ "hmac",
+ "memsafe",
+ "ml-dsa",
+ "rand 0.10.0",
+]
+
+[[package]]
+name = "arbiter-macros"
+version = "0.1.0"
+dependencies = [
+ "arbiter-crypto",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
 [[package]]
 name = "arbiter-proto"
 version = "0.1.0"
@@ -724,6 +747,9 @@ name = "arbiter-server"
 version = "0.1.0"
 dependencies = [
  "alloy",
+ "anyhow",
+ "arbiter-crypto",
+ "arbiter-macros",
  "arbiter-proto",
  "arbiter-tokens-registry",
  "argon2",
@@ -737,23 +763,28 @@ dependencies = [
  "ed25519-dalek",
  "fatality",
  "futures",
+ "hmac",
  "insta",
  "k256",
  "kameo",
- "memsafe",
+ "ml-dsa",
- "miette",
+ "mutants",
  "pem",
+ "proptest",
+ "prost",
  "prost-types",
  "rand 0.10.0",
  "rcgen",
  "restructed",
- "rsa",
+ "rstest",
  "rustls",
  "secrecy",
+ "serde_with",
  "sha2 0.10.9",
  "smlang",
- "spki",
+ "spki 0.7.3",
  "strum 0.28.0",
+ "subtle",
  "test-log",
  "thiserror 2.0.18",
  "tokio",
@@ -1442,6 +1473,12 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "cmov"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
+
 [[package]]
 name = "console"
 version = "0.15.11"
@@ -1472,6 +1509,12 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
+[[package]]
+name = "const-oid"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
+
 [[package]]
 name = "const_format"
 version = "0.2.35"
@@ -1593,6 +1636,15 @@ dependencies = [
  "hybrid-array",
 ]
 
+[[package]]
+name = "ctutils"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e"
+dependencies = [
+ "cmov",
+]
+
 [[package]]
 name = "curve25519-dalek"
 version = "4.1.3"
@@ -1731,8 +1783,17 @@ version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
 dependencies = [
- "const-oid",
+ "const-oid 0.9.6",
- "pem-rfc7468",
+ "zeroize",
+]
+
+[[package]]
+name = "der"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71fd89660b2dc699704064e59e9dba0147b903e85319429e131620d022be411b"
+dependencies = [
+ "const-oid 0.10.2",
  "zeroize",
 ]
 
@@ -1875,7 +1936,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
  "block-buffer 0.10.4",
- "const-oid",
+ "const-oid 0.9.6",
  "crypto-common 0.1.7",
  "subtle",
 ]
@@ -1939,13 +2000,13 @@ version = "0.16.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
 dependencies = [
- "der",
+ "der 0.7.10",
  "digest 0.10.7",
  "elliptic-curve",
  "rfc6979",
  "serdect",
  "signature 2.2.0",
- "spki",
+ "spki 0.7.3",
 ]
 
 [[package]]
@@ -2004,7 +2065,7 @@ dependencies = [
  "ff",
  "generic-array",
  "group",
- "pkcs8",
+ "pkcs8 0.10.2",
  "rand_core 0.6.4",
  "sec1",
  "serdect",
@@ -2051,7 +2112,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -2551,6 +2612,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8655f91cd07f2b9d0c24137bd650fe69617773435ee5ec83022377777ce65ef1"
 dependencies = [
  "typenum",
+ "zeroize",
 ]
 
 [[package]]
@@ -2948,6 +3010,16 @@ dependencies = [
  "cpufeatures 0.2.17",
 ]
 
+[[package]]
+name = "keccak"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e24a010dd405bd7ed803e5253182815b41bf2e6a80cc3bfc066658e03a198aa"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.3.0",
+]
+
 [[package]]
 name = "keccak-asm"
 version = "0.1.5"
@@ -2963,9 +3035,6 @@ name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
-dependencies = [
- "spin",
-]
 
 [[package]]
 name = "leb128fmt"
@@ -3164,12 +3233,46 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "ml-dsa"
+version = "0.1.0-rc.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f5b2bb0ad6fa2b40396775bd56f51345171490fef993f46f91a876ecdbdaea55"
+dependencies = [
+ "const-oid 0.10.2",
+ "ctutils",
+ "hybrid-array",
+ "module-lattice",
+ "pkcs8 0.11.0-rc.11",
+ "rand_core 0.10.0",
+ "sha3 0.11.0",
+ "signature 3.0.0-rc.10",
+ "zeroize",
+]
+
+[[package]]
+name = "module-lattice"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "164eb3faeaecbd14b0b2a917c1b4d0c035097a9c559b0bed85c2cdd032bc8faa"
+dependencies = [
+ "hybrid-array",
+ "num-traits",
+ "zeroize",
+]
+
 [[package]]
 name = "multimap"
 version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084"
 
+[[package]]
+name = "mutants"
+version = "0.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "add0ac067452ff1aca8c5002111bd6b1c895baee6e45fcbc44e0193aea17be56"
+
 [[package]]
 name = "nom"
 version = "7.1.3"
@@ -3186,7 +3289,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -3199,22 +3302,6 @@ dependencies = [
  "num-traits",
 ]
 
-[[package]]
-name = "num-bigint-dig"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7"
-dependencies = [
- "lazy_static",
- "libm",
- "num-integer",
- "num-iter",
- "num-traits",
- "rand 0.8.5",
- "smallvec",
- "zeroize",
-]
-
 [[package]]
 name = "num-conv"
 version = "0.2.0"
@@ -3230,17 +3317,6 @@ dependencies = [
  "num-traits",
 ]
 
-[[package]]
-name = "num-iter"
-version = "0.1.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
-
 [[package]]
 name = "num-traits"
 version = "0.2.19"
@@ -3410,15 +3486,6 @@ dependencies = [
  "serde_core",
 ]
 
-[[package]]
-name = "pem-rfc7468"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
-dependencies = [
- "base64ct",
-]
-
 [[package]]
 name = "percent-encoding"
 version = "2.3.2"
@@ -3478,25 +3545,24 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
-[[package]]
-name = "pkcs1"
-version = "0.7.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
-dependencies = [
- "der",
- "pkcs8",
- "spki",
-]
-
 [[package]]
 name = "pkcs8"
 version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
 dependencies = [
- "der",
+ "der 0.7.10",
- "spki",
+ "spki 0.7.3",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.11.0-rc.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12922b6296c06eb741b02d7b5161e3aaa22864af38dfa025a1a3ba3f68c84577"
+dependencies = [
+ "der 0.8.0",
+ "spki 0.8.0",
 ]
 
 [[package]]
@@ -3633,9 +3699,9 @@ dependencies = [
 
 [[package]]
 name = "proptest"
-version = "1.10.0"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
+checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744"
 dependencies = [
  "bit-set",
  "bit-vec",
@@ -4136,27 +4202,6 @@ dependencies = [
  "rustc-hex",
 ]
 
-[[package]]
-name = "rsa"
-version = "0.9.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d"
-dependencies = [
- "const-oid",
- "digest 0.10.7",
- "num-bigint-dig",
- "num-integer",
- "num-traits",
- "pkcs1",
- "pkcs8",
- "rand_core 0.6.4",
- "sha2 0.10.9",
- "signature 2.2.0",
- "spki",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "rsqlite-vfs"
 version = "0.1.0"
@@ -4285,7 +4330,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -4396,9 +4441,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
 dependencies = [
  "base16ct",
- "der",
+ "der 0.7.10",
  "generic-array",
- "pkcs8",
+ "pkcs8 0.10.2",
  "serdect",
  "subtle",
  "zeroize",
@@ -4592,7 +4637,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
 dependencies = [
  "digest 0.10.7",
- "keccak",
+ "keccak 0.1.6",
+]
+
+[[package]]
+name = "sha3"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be176f1a57ce4e3d31c1a166222d9768de5954f811601fb7ca06fc8203905ce1"
+dependencies = [
+ "digest 0.11.2",
+ "keccak 0.2.0",
 ]
 
 [[package]]
@@ -4645,6 +4700,10 @@ name = "signature"
 version = "3.0.0-rc.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f1880df446116126965eeec169136b2e0251dba37c6223bcc819569550edea3"
+dependencies = [
+ "digest 0.11.2",
+ "rand_core 0.10.0",
+]
 
 [[package]]
 name = "simd-adler32"
@@ -4701,15 +4760,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
 dependencies = [
  "libc",
- "windows-sys 0.60.2",
+ "windows-sys 0.61.2",
 ]
 
-[[package]]
-name = "spin"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
-
 [[package]]
 name = "spki"
 version = "0.7.3"
@@ -4717,7 +4770,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
 dependencies = [
  "base64ct",
- "der",
+ "der 0.7.10",
+]
+
+[[package]]
+name = "spki"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d9efca8738c78ee9484207732f728b1ef517bbb1833d6fc0879ca898a522f6f"
+dependencies = [
+ "base64ct",
+ "der 0.8.0",
 ]
 
 [[package]]
@@ -4895,7 +4958,7 @@ dependencies = [
  "getrandom 0.4.2",
  "once_cell",
  "rustix",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]

server/Cargo.toml

@@ -20,9 +20,8 @@ tokio = { version = "1.50.0", features = ["full"] }
 ed25519-dalek = { version = "3.0.0-pre.6", features = ["rand_core"] }
 chrono = { version = "0.4.44", features = ["serde"] }
 rand = "0.10.0"
-rustls = { version = "0.23.37", features = ["aws-lc-rs"] }
+rustls = { version = "0.23.37", features = ["aws-lc-rs", "logging", "prefer-post-quantum", "std"], default-features = false }
 smlang = "0.8.0"
-miette = { version = "7.6.0", features = ["fancy", "serde"] }
 thiserror = "2.0.18"
 async-trait = "0.1.89"
 futures = "0.3.32"
@@ -43,3 +42,9 @@ k256 = { version = "0.13.4", features = ["ecdsa", "pkcs8"] }
 rsa = { version = "0.9", features = ["sha2"] }
 sha2 = "0.10"
 spki = "0.7"
+prost = "0.14.3"
+miette = { version = "7.6.0", features = ["fancy", "serde"] }
+mutants = "0.0.4"
+ml-dsa = { version = "0.1.0-rc.8", features = ["zeroize"] }
+base64 = "0.22.1"
+hmac = "0.12.1"

server/crates/arbiter-client/Cargo.toml

@@ -13,12 +13,12 @@ evm = ["dep:alloy"]
 
 [dependencies]
 arbiter-proto.path = "../arbiter-proto"
+arbiter-crypto.path = "../arbiter-crypto"
 alloy = { workspace = true, optional = true }
 tonic.workspace = true
 tonic.features = ["tls-aws-lc"]
 tokio.workspace = true
 tokio-stream.workspace = true
-ed25519-dalek.workspace = true
 thiserror.workspace = true
 http = "1.4.0"
 rustls-webpki = { version = "0.103.10", features = ["aws-lc-rs"] }

server/crates/arbiter-client/src/auth.rs

@@ -1,12 +1,20 @@
+use arbiter_crypto::authn::{CLIENT_CONTEXT, SigningKey, format_challenge};
 use arbiter_proto::{
-    ClientMetadata, format_challenge,
+    ClientMetadata,
-    proto::client::{
+    proto::{
-        AuthChallengeRequest, AuthChallengeSolution, AuthResult, ClientInfo as ProtoClientInfo,
+        client::{
-        ClientRequest, client_request::Payload as ClientRequestPayload,
+            ClientRequest,
+            auth::{
+                self as proto_auth, AuthChallenge, AuthChallengeRequest, AuthChallengeSolution,
+                AuthResult, request::Payload as AuthRequestPayload,
+                response::Payload as AuthResponsePayload,
+            },
+            client_request::Payload as ClientRequestPayload,
             client_response::Payload as ClientResponsePayload,
         },
+        shared::ClientInfo as ProtoClientInfo,
+    },
 };
-use ed25519_dalek::Signer as _;
 
 use crate::{
     storage::StorageError,
@@ -46,21 +54,21 @@ fn map_auth_result(code: i32) -> AuthError {
 async fn send_auth_challenge_request(
     transport: &mut ClientTransport,
     metadata: ClientMetadata,
-    key: &ed25519_dalek::SigningKey,
+    key: &SigningKey,
 ) -> std::result::Result<(), AuthError> {
     transport
         .send(ClientRequest {
             request_id: next_request_id(),
-            payload: Some(ClientRequestPayload::AuthChallengeRequest(
+            payload: Some(ClientRequestPayload::Auth(proto_auth::Request {
-                AuthChallengeRequest {
+                payload: Some(AuthRequestPayload::ChallengeRequest(AuthChallengeRequest {
-                    pubkey: key.verifying_key().to_bytes().to_vec(),
+                    pubkey: key.public_key().to_bytes(),
                     client_info: Some(ProtoClientInfo {
                         name: metadata.name,
                         description: metadata.description,
                         version: metadata.version,
                     }),
-                },
+                })),
-            )),
+            })),
         })
         .await
         .map_err(|_| AuthError::UnexpectedAuthResponse)
@@ -68,7 +76,7 @@ async fn send_auth_challenge_request(
 
 async fn receive_auth_challenge(
     transport: &mut ClientTransport,
-) -> std::result::Result<arbiter_proto::proto::client::AuthChallenge, AuthError> {
+) -> std::result::Result<AuthChallenge, AuthError> {
     let response = transport
         .recv()
         .await
@@ -76,26 +84,34 @@ async fn receive_auth_challenge(
 
     let payload = response.payload.ok_or(AuthError::MissingAuthChallenge)?;
     match payload {
-        ClientResponsePayload::AuthChallenge(challenge) => Ok(challenge),
+        ClientResponsePayload::Auth(response) => match response.payload {
-        ClientResponsePayload::AuthResult(result) => Err(map_auth_result(result)),
+            Some(AuthResponsePayload::Challenge(challenge)) => Ok(challenge),
+            Some(AuthResponsePayload::Result(result)) => Err(map_auth_result(result)),
+            None => Err(AuthError::MissingAuthChallenge),
+        },
         _ => Err(AuthError::UnexpectedAuthResponse),
     }
 }
 
 async fn send_auth_challenge_solution(
     transport: &mut ClientTransport,
-    key: &ed25519_dalek::SigningKey,
+    key: &SigningKey,
-    challenge: arbiter_proto::proto::client::AuthChallenge,
+    challenge: AuthChallenge,
 ) -> std::result::Result<(), AuthError> {
     let challenge_payload = format_challenge(challenge.nonce, &challenge.pubkey);
-    let signature = key.sign(&challenge_payload).to_bytes().to_vec();
+    let signature = key
+        .sign_message(&challenge_payload, CLIENT_CONTEXT)
+        .map_err(|_| AuthError::UnexpectedAuthResponse)?
+        .to_bytes();
 
     transport
         .send(ClientRequest {
             request_id: next_request_id(),
-            payload: Some(ClientRequestPayload::AuthChallengeSolution(
+            payload: Some(ClientRequestPayload::Auth(proto_auth::Request {
+                payload: Some(AuthRequestPayload::ChallengeSolution(
                     AuthChallengeSolution { signature },
                 )),
+            })),
         })
         .await
         .map_err(|_| AuthError::UnexpectedAuthResponse)
@@ -109,16 +125,17 @@ async fn receive_auth_confirmation(
         .await
         .map_err(|_| AuthError::UnexpectedAuthResponse)?;
 
-    let payload = response
+    let payload = response.payload.ok_or(AuthError::UnexpectedAuthResponse)?;
-        .payload
-        .ok_or(AuthError::UnexpectedAuthResponse)?;
     match payload {
-        ClientResponsePayload::AuthResult(result)
+        ClientResponsePayload::Auth(response) => match response.payload {
+            Some(AuthResponsePayload::Result(result))
                 if AuthResult::try_from(result).ok() == Some(AuthResult::Success) =>
             {
                 Ok(())
             }
-        ClientResponsePayload::AuthResult(result) => Err(map_auth_result(result)),
+            Some(AuthResponsePayload::Result(result)) => Err(map_auth_result(result)),
+            _ => Err(AuthError::UnexpectedAuthResponse),
+        },
         _ => Err(AuthError::UnexpectedAuthResponse),
     }
 }
@@ -126,7 +143,7 @@ async fn receive_auth_confirmation(
 pub(crate) async fn authenticate(
     transport: &mut ClientTransport,
     metadata: ClientMetadata,
-    key: &ed25519_dalek::SigningKey,
+    key: &SigningKey,
 ) -> std::result::Result<(), AuthError> {
     send_auth_challenge_request(transport, metadata, key).await?;
     let challenge = receive_auth_challenge(transport).await?;

server/crates/arbiter-client/src/bin/test_connect.rs

@@ -1,9 +1,7 @@
-
 use std::io::{self, Write};
 
 use arbiter_client::ArbiterClient;
 use arbiter_proto::{ClientMetadata, url::ArbiterUrl};
-use tonic::ConnectError;
 
 #[tokio::main]
 async fn main() {
@@ -23,8 +21,6 @@ async fn main() {
         return;
     }
 
-   
-
     let url = match ArbiterUrl::try_from(input) {
         Ok(url) => url,
         Err(err) => {

server/crates/arbiter-client/src/client.rs

@@ -1,11 +1,17 @@
-use arbiter_proto::{ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl};
+use arbiter_crypto::authn::SigningKey;
+use arbiter_proto::{
+    ClientMetadata, proto::arbiter_service_client::ArbiterServiceClient, url::ArbiterUrl,
+};
 use std::sync::Arc;
 use tokio::sync::{Mutex, mpsc};
 use tokio_stream::wrappers::ReceiverStream;
 use tonic::transport::ClientTlsConfig;
 
 use crate::{
-    StorageError, auth::{AuthError, authenticate}, storage::{FileSigningKeyStorage, SigningKeyStorage}, transport::{BUFFER_LENGTH, ClientTransport}
+    StorageError,
+    auth::{AuthError, authenticate},
+    storage::{FileSigningKeyStorage, SigningKeyStorage},
+    transport::{BUFFER_LENGTH, ClientTransport},
 };
 
 #[cfg(feature = "evm")]
@@ -30,7 +36,6 @@ pub enum Error {
 
     #[error("Storage error")]
     Storage(#[from] StorageError),
-    
 }
 
 pub struct ArbiterClient {
@@ -56,12 +61,13 @@ impl ArbiterClient {
     pub async fn connect_with_key(
         url: ArbiterUrl,
         metadata: ClientMetadata,
-        key: ed25519_dalek::SigningKey,
+        key: SigningKey,
     ) -> Result<Self, Error> {
         let anchor = webpki::anchor_from_trusted_cert(&url.ca_cert)?.to_owned();
         let tls = ClientTlsConfig::new().trust_anchor(anchor);
 
-        let channel = tonic::transport::Channel::from_shared(format!("https://{}:{}", url.host, url.port))?
+        let channel =
+            tonic::transport::Channel::from_shared(format!("https://{}:{}", url.host, url.port))?
                 .tls_config(tls)?
                 .connect()
                 .await?;

server/crates/arbiter-client/src/lib.rs

@@ -9,4 +9,4 @@ pub use client::{ArbiterClient, Error};
 pub use storage::{FileSigningKeyStorage, SigningKeyStorage, StorageError};
 
 #[cfg(feature = "evm")]
-pub use wallets::evm::ArbiterEvmWallet;
+pub use wallets::evm::{ArbiterEvmSignTransactionError, ArbiterEvmWallet};

server/crates/arbiter-client/src/storage.rs

@@ -1,3 +1,4 @@
+use arbiter_crypto::authn::SigningKey;
 use arbiter_proto::home_path;
 use std::path::{Path, PathBuf};
 
@@ -11,7 +12,7 @@ pub enum StorageError {
 }
 
 pub trait SigningKeyStorage {
-    fn load_or_create(&self) -> std::result::Result<ed25519_dalek::SigningKey, StorageError>;
+    fn load_or_create(&self) -> std::result::Result<SigningKey, StorageError>;
 }
 
 #[derive(Debug, Clone)]
@@ -20,7 +21,7 @@ pub struct FileSigningKeyStorage {
 }
 
 impl FileSigningKeyStorage {
-    pub const DEFAULT_FILE_NAME: &str = "sdk_client_ed25519.key";
+    pub const DEFAULT_FILE_NAME: &str = "sdk_client_ml_dsa.key";
 
     pub fn new(path: impl Into<PathBuf>) -> Self {
         Self { path: path.into() }
@@ -30,7 +31,7 @@ impl FileSigningKeyStorage {
         Ok(Self::new(home_path()?.join(Self::DEFAULT_FILE_NAME)))
     }
 
-    fn read_key(path: &Path) -> std::result::Result<ed25519_dalek::SigningKey, StorageError> {
+    fn read_key(path: &Path) -> std::result::Result<SigningKey, StorageError> {
         let bytes = std::fs::read(path)?;
         let raw: [u8; 32] =
             bytes
@@ -39,12 +40,12 @@ impl FileSigningKeyStorage {
                     expected: 32,
                     actual: v.len(),
                 })?;
-        Ok(ed25519_dalek::SigningKey::from_bytes(&raw))
+        Ok(SigningKey::from_seed(raw))
     }
 }
 
 impl SigningKeyStorage for FileSigningKeyStorage {
-    fn load_or_create(&self) -> std::result::Result<ed25519_dalek::SigningKey, StorageError> {
+    fn load_or_create(&self) -> std::result::Result<SigningKey, StorageError> {
         if let Some(parent) = self.path.parent() {
             std::fs::create_dir_all(parent)?;
         }
@@ -53,8 +54,8 @@ impl SigningKeyStorage for FileSigningKeyStorage {
             return Self::read_key(&self.path);
         }
 
-        let key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
+        let key = SigningKey::generate();
-        let raw_key = key.to_bytes();
+        let raw_key = key.to_seed();
 
         // Use create_new to prevent accidental overwrite if another process creates the key first.
         match std::fs::OpenOptions::new()
@@ -103,7 +104,7 @@ mod tests {
             .load_or_create()
             .expect("second load_or_create should read same key");
 
-        assert_eq!(key_a.to_bytes(), key_b.to_bytes());
+        assert_eq!(key_a.to_seed(), key_b.to_seed());
         assert!(path.exists());
 
         std::fs::remove_file(path).expect("temp key file should be removable");

server/crates/arbiter-client/src/transport.rs

@@ -1,6 +1,4 @@
-use arbiter_proto::proto::{
+use arbiter_proto::proto::client::{ClientRequest, ClientResponse};
-    client::{ClientRequest, ClientResponse},
-};
 use std::sync::atomic::{AtomicI32, Ordering};
 use tokio::sync::mpsc;
 
@@ -36,9 +34,7 @@ impl ClientTransport {
             .map_err(|_| ClientSignError::ChannelClosed)
     }
 
-    pub(crate) async fn recv(
+    pub(crate) async fn recv(&mut self) -> std::result::Result<ClientResponse, ClientSignError> {
-        &mut self,
-    ) -> std::result::Result<ClientResponse, ClientSignError> {
         match self.receiver.message().await {
             Ok(Some(resp)) => Ok(resp),
             Ok(None) => Err(ClientSignError::ConnectionClosed),

server/crates/arbiter-client/src/wallets/evm.rs

@@ -8,7 +8,49 @@ use async_trait::async_trait;
 use std::sync::Arc;
 use tokio::sync::Mutex;
 
-use crate::transport::ClientTransport;
+use arbiter_proto::proto::{
+    client::{
+        ClientRequest,
+        client_request::Payload as ClientRequestPayload,
+        client_response::Payload as ClientResponsePayload,
+        evm::{
+            self as proto_evm, request::Payload as EvmRequestPayload,
+            response::Payload as EvmResponsePayload,
+        },
+    },
+    evm::{
+        EvmSignTransactionRequest,
+        evm_sign_transaction_response::Result as EvmSignTransactionResult,
+    },
+    shared::evm::TransactionEvalError,
+};
+
+use crate::transport::{ClientTransport, next_request_id};
+
+/// A typed error payload returned by [`ArbiterEvmWallet`] transaction signing.
+///
+/// This is wrapped into `alloy::signers::Error::Other`, so consumers can downcast by [`TryFrom`] and
+/// interpret the concrete policy evaluation failure instead of parsing strings.
+#[derive(Debug, thiserror::Error)]
+#[non_exhaustive]
+pub enum ArbiterEvmSignTransactionError {
+    #[error("transaction rejected by policy: {0:?}")]
+    PolicyEval(TransactionEvalError),
+}
+
+impl<'a> TryFrom<&'a Error> for &'a ArbiterEvmSignTransactionError {
+    type Error = ();
+
+    fn try_from(value: &'a Error) -> Result<Self, Self::Error> {
+        if let Error::Other(inner) = value
+            && let Some(eval_error) = inner.downcast_ref()
+        {
+            Ok(eval_error)
+        } else {
+            Err(())
+        }
+    }
+}
 
 pub struct ArbiterEvmWallet {
     transport: Arc<Mutex<ClientTransport>>,
@@ -79,11 +121,72 @@ impl TxSigner<Signature> for ArbiterEvmWallet {
         &self,
         tx: &mut dyn SignableTransaction<Signature>,
     ) -> Result<Signature> {
-        let _transport = self.transport.lock().await;
         self.validate_chain_id(tx)?;
 
-        Err(Error::other(
+        let mut transport = self.transport.lock().await;
-            "transaction signing is not supported by current arbiter.client protocol",
+        let request_id = next_request_id();
-        ))
+        let rlp_transaction = tx.encoded_for_signing();
+
+        transport
+            .send(ClientRequest {
+                request_id,
+                payload: Some(ClientRequestPayload::Evm(proto_evm::Request {
+                    payload: Some(EvmRequestPayload::SignTransaction(
+                        EvmSignTransactionRequest {
+                            wallet_address: self.address.to_vec(),
+                            rlp_transaction,
+                        },
+                    )),
+                })),
+            })
+            .await
+            .map_err(|_| Error::other("failed to send evm sign transaction request"))?;
+
+        let response = transport
+            .recv()
+            .await
+            .map_err(|_| Error::other("failed to receive evm sign transaction response"))?;
+
+        if response.request_id != Some(request_id) {
+            return Err(Error::other(
+                "received mismatched response id for evm sign transaction",
+            ));
+        }
+
+        let payload = response
+            .payload
+            .ok_or_else(|| Error::other("missing evm sign transaction response payload"))?;
+
+        let ClientResponsePayload::Evm(proto_evm::Response {
+            payload: Some(payload),
+        }) = payload
+        else {
+            return Err(Error::other(
+                "unexpected response payload for evm sign transaction request",
+            ));
+        };
+
+        let EvmResponsePayload::SignTransaction(response) = payload else {
+            return Err(Error::other(
+                "unexpected evm response payload for sign transaction request",
+            ));
+        };
+
+        let result = response
+            .result
+            .ok_or_else(|| Error::other("missing evm sign transaction result"))?;
+
+        match result {
+            EvmSignTransactionResult::Signature(signature) => {
+                Signature::try_from(signature.as_slice())
+                    .map_err(|_| Error::other("invalid signature returned by server"))
+            }
+            EvmSignTransactionResult::EvalError(eval_error) => Err(Error::other(
+                ArbiterEvmSignTransactionError::PolicyEval(eval_error),
+            )),
+            EvmSignTransactionResult::Error(code) => Err(Error::other(format!(
+                "server failed to sign transaction with error code {code}"
+            ))),
+        }
     }
 }

server/crates/arbiter-crypto/.gitignore

@@ -0,0 +1 @@
+/target

server/crates/arbiter-crypto/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "arbiter-crypto"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+ml-dsa = {workspace = true, optional = true }
+rand = {workspace = true, optional = true}
+base64 = {workspace = true, optional = true }
+memsafe = {version = "0.4.0", optional = true}
+hmac.workspace = true
+alloy.workspace = true
+chrono.workspace = true
+
+[lints]
+workspace = true
+
+[features]
+default = ["authn", "safecell"]
+authn = ["dep:ml-dsa", "dep:rand", "dep:base64"]
+safecell = ["dep:memsafe"]

server/crates/arbiter-crypto/src/authn/mod.rs

@@ -0,0 +1,2 @@
+pub mod v1;
+pub use v1::*;

server/crates/arbiter-crypto/src/authn/v1.rs

@@ -0,0 +1,193 @@
+use base64::{Engine as _, prelude::BASE64_STANDARD};
+use hmac::digest::Digest;
+use ml_dsa::{
+    EncodedVerifyingKey, Error, KeyGen, MlDsa87, Seed, Signature as MlDsaSignature,
+    SigningKey as MlDsaSigningKey, VerifyingKey as MlDsaVerifyingKey, signature::Keypair as _,
+};
+
+pub static CLIENT_CONTEXT: &[u8] = b"arbiter_client";
+pub static USERAGENT_CONTEXT: &[u8] = b"arbiter_user_agent";
+
+pub fn format_challenge(nonce: i32, pubkey: &[u8]) -> Vec<u8> {
+    let concat_form = format!("{}:{}", nonce, BASE64_STANDARD.encode(pubkey));
+    concat_form.into_bytes()
+}
+
+pub type KeyParams = MlDsa87;
+
+#[derive(Clone, Debug, PartialEq)]
+pub struct PublicKey(Box<MlDsaVerifyingKey<KeyParams>>);
+
+impl crate::hashing::Hashable for PublicKey {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self.to_bytes());
+    }
+}
+
+#[derive(Clone, Debug, PartialEq)]
+pub struct Signature(Box<MlDsaSignature<KeyParams>>);
+
+#[derive(Debug)]
+pub struct SigningKey(Box<MlDsaSigningKey<KeyParams>>);
+
+impl PublicKey {
+    pub fn to_bytes(&self) -> Vec<u8> {
+        self.0.encode().0.to_vec()
+    }
+
+    pub fn verify(&self, nonce: i32, context: &[u8], signature: &Signature) -> bool {
+        self.0.verify_with_context(
+            &format_challenge(nonce, &self.to_bytes()),
+            context,
+            &signature.0,
+        )
+    }
+}
+
+impl Signature {
+    pub fn to_bytes(&self) -> Vec<u8> {
+        self.0.encode().0.to_vec()
+    }
+}
+
+impl SigningKey {
+    pub fn generate() -> Self {
+        Self(Box::new(KeyParams::key_gen(&mut rand::rng())))
+    }
+
+    pub fn from_seed(seed: [u8; 32]) -> Self {
+        Self(Box::new(KeyParams::from_seed(&Seed::from(seed))))
+    }
+
+    pub fn to_seed(&self) -> [u8; 32] {
+        self.0.to_seed().into()
+    }
+
+    pub fn public_key(&self) -> PublicKey {
+        self.0.verifying_key().into()
+    }
+
+    pub fn sign_message(&self, message: &[u8], context: &[u8]) -> Result<Signature, Error> {
+        self.0
+            .signing_key()
+            .sign_deterministic(message, context)
+            .map(Into::into)
+    }
+
+    pub fn sign_challenge(&self, nonce: i32, context: &[u8]) -> Result<Signature, Error> {
+        self.sign_message(
+            &format_challenge(nonce, &self.public_key().to_bytes()),
+            context,
+        )
+    }
+}
+
+impl From<MlDsaVerifyingKey<KeyParams>> for PublicKey {
+    fn from(value: MlDsaVerifyingKey<KeyParams>) -> Self {
+        Self(Box::new(value))
+    }
+}
+
+impl From<MlDsaSignature<KeyParams>> for Signature {
+    fn from(value: MlDsaSignature<KeyParams>) -> Self {
+        Self(Box::new(value))
+    }
+}
+
+impl From<MlDsaSigningKey<KeyParams>> for SigningKey {
+    fn from(value: MlDsaSigningKey<KeyParams>) -> Self {
+        Self(Box::new(value))
+    }
+}
+
+impl TryFrom<Vec<u8>> for PublicKey {
+    type Error = ();
+
+    fn try_from(value: Vec<u8>) -> Result<Self, Self::Error> {
+        Self::try_from(value.as_slice())
+    }
+}
+
+impl TryFrom<&'_ [u8]> for PublicKey {
+    type Error = ();
+
+    fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
+        let encoded = EncodedVerifyingKey::<KeyParams>::try_from(value).map_err(|_| ())?;
+        Ok(Self(Box::new(MlDsaVerifyingKey::decode(&encoded))))
+    }
+}
+
+impl TryFrom<Vec<u8>> for Signature {
+    type Error = ();
+
+    fn try_from(value: Vec<u8>) -> Result<Self, Self::Error> {
+        Self::try_from(value.as_slice())
+    }
+}
+
+impl TryFrom<&'_ [u8]> for Signature {
+    type Error = ();
+
+    fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
+        MlDsaSignature::try_from(value)
+            .map(|sig| Self(Box::new(sig)))
+            .map_err(|_| ())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use ml_dsa::{KeyGen, MlDsa87, signature::Keypair as _};
+
+    use super::{CLIENT_CONTEXT, PublicKey, Signature, SigningKey, USERAGENT_CONTEXT};
+
+    #[test]
+    fn public_key_round_trip_decodes() {
+        let key = MlDsa87::key_gen(&mut rand::rng());
+        let encoded = PublicKey::from(key.verifying_key()).to_bytes();
+
+        let decoded = PublicKey::try_from(encoded.as_slice()).expect("public key should decode");
+
+        assert_eq!(decoded, PublicKey::from(key.verifying_key()));
+    }
+
+    #[test]
+    fn signature_round_trip_decodes() {
+        let key = SigningKey::generate();
+        let signature = key
+            .sign_message(b"challenge", CLIENT_CONTEXT)
+            .expect("signature should be created");
+
+        let decoded =
+            Signature::try_from(signature.to_bytes().as_slice()).expect("signature should decode");
+
+        assert_eq!(decoded, signature);
+    }
+
+    #[test]
+    fn challenge_verification_uses_context_and_canonical_key_bytes() {
+        let key = SigningKey::generate();
+        let public_key = key.public_key();
+        let nonce = 17;
+        let signature = key
+            .sign_challenge(nonce, CLIENT_CONTEXT)
+            .expect("signature should be created");
+
+        assert!(public_key.verify(nonce, CLIENT_CONTEXT, &signature));
+        assert!(!public_key.verify(nonce, USERAGENT_CONTEXT, &signature));
+    }
+
+    #[test]
+    fn signing_key_round_trip_seed_preserves_public_key_and_signing() {
+        let original = SigningKey::generate();
+        let restored = SigningKey::from_seed(original.to_seed());
+
+        assert_eq!(restored.public_key(), original.public_key());
+
+        let signature = restored
+            .sign_challenge(9, CLIENT_CONTEXT)
+            .expect("signature should be created");
+
+        assert!(restored.public_key().verify(9, CLIENT_CONTEXT, &signature));
+    }
+}

server/crates/arbiter-crypto/src/hashing.rs

@@ -0,0 +1,111 @@
+pub use hmac::digest::Digest;
+use std::collections::HashSet;
+
+/// Deterministically hash a value by feeding its fields into the hasher in a consistent order.
+#[diagnostic::on_unimplemented(
+    note = "for local types consider adding `#[derive(arbiter_macros::Hashable)]` to your `{Self}` type",
+    note = "for types from other crates check whether the crate offers a `Hashable` implementation"
+)]
+pub trait Hashable {
+    fn hash<H: Digest>(&self, hasher: &mut H);
+}
+
+macro_rules! impl_numeric {
+    ($($t:ty),*) => {
+        $(
+            impl Hashable for $t {
+                fn hash<H: Digest>(&self, hasher: &mut H) {
+                    hasher.update(&self.to_be_bytes());
+                }
+            }
+        )*
+    };
+}
+
+impl_numeric!(u8, u16, u32, u64, i8, i16, i32, i64);
+
+impl Hashable for &[u8] {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self);
+    }
+}
+
+impl Hashable for String {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self.as_bytes());
+    }
+}
+
+impl<T: Hashable + PartialOrd> Hashable for Vec<T> {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        let ref_sorted = {
+            let mut sorted = self.iter().collect::<Vec<_>>();
+            sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
+            sorted
+        };
+        for item in ref_sorted {
+            item.hash(hasher);
+        }
+    }
+}
+
+impl<T: Hashable + PartialOrd> Hashable for HashSet<T> {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        let ref_sorted = {
+            let mut sorted = self.iter().collect::<Vec<_>>();
+            sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
+            sorted
+        };
+        for item in ref_sorted {
+            item.hash(hasher);
+        }
+    }
+}
+
+impl<T: Hashable> Hashable for Option<T> {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        match self {
+            Some(value) => {
+                hasher.update([1]);
+                value.hash(hasher);
+            }
+            None => hasher.update([0]),
+        }
+    }
+}
+
+impl<T: Hashable> Hashable for Box<T> {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        self.as_ref().hash(hasher);
+    }
+}
+
+impl<T: Hashable> Hashable for &T {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        (*self).hash(hasher);
+    }
+}
+
+impl Hashable for alloy::primitives::Address {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self.as_slice());
+    }
+}
+
+impl Hashable for alloy::primitives::U256 {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self.to_be_bytes::<32>());
+    }
+}
+
+impl Hashable for chrono::Duration {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self.num_seconds().to_be_bytes());
+    }
+}
+
+impl Hashable for chrono::DateTime<chrono::Utc> {
+    fn hash<H: Digest>(&self, hasher: &mut H) {
+        hasher.update(self.timestamp_millis().to_be_bytes());
+    }
+}

server/crates/arbiter-crypto/src/lib.rs

@@ -0,0 +1,5 @@
+#[cfg(feature = "authn")]
+pub mod authn;
+pub mod hashing;
+#[cfg(feature = "safecell")]
+pub mod safecell;

server/crates/arbiter-crypto/src/safecell.rs

@@ -105,6 +105,11 @@ impl<T> SafeCellHandle<T> for MemSafeCell<T> {
 
 fn abort_memory_breach(action: &str, err: &memsafe::error::MemoryError) -> ! {
     eprintln!("fatal {action}: {err}");
+    // SAFETY: Intentionally cause a segmentation fault to prevent further execution in a compromised state.
+    unsafe {
+        let unsafe_pointer = std::ptr::null_mut::<u8>();
+        std::ptr::write_volatile(unsafe_pointer, 0);
+    }
     std::process::abort();
 }
 

server/crates/arbiter-macros/Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "arbiter-macros"
+version = "0.1.0"
+edition = "2024"
+
+[lib]
+proc-macro = true
+
+[dependencies]
+proc-macro2 = "1.0"
+quote = "1.0"
+syn = { version = "2.0", features = ["derive", "fold", "full", "visit-mut"] }
+
+[dev-dependencies]
+arbiter-crypto = { path = "../arbiter-crypto" }
+
+[lints]
+workspace = true

server/crates/arbiter-macros/src/hashable.rs

@@ -0,0 +1,133 @@
+use proc_macro2::{Span, TokenStream, TokenTree};
+use quote::quote;
+use syn::parse_quote;
+use syn::spanned::Spanned;
+use syn::{DataStruct, DeriveInput, Fields, Generics, Index};
+
+use crate::utils::{HASHABLE_TRAIT_PATH, HMAC_DIGEST_PATH};
+
+pub(crate) fn derive(input: &DeriveInput) -> TokenStream {
+    match &input.data {
+        syn::Data::Struct(struct_data) => hashable_struct(input, struct_data),
+        syn::Data::Enum(_) => {
+            syn::Error::new_spanned(input, "Hashable can currently be derived only for structs")
+                .to_compile_error()
+        }
+        syn::Data::Union(_) => {
+            syn::Error::new_spanned(input, "Hashable cannot be derived for unions")
+                .to_compile_error()
+        }
+    }
+}
+
+fn hashable_struct(input: &DeriveInput, struct_data: &syn::DataStruct) -> TokenStream {
+    let ident = &input.ident;
+    let hashable_trait = HASHABLE_TRAIT_PATH.to_path();
+    let hmac_digest = HMAC_DIGEST_PATH.to_path();
+    let generics = add_hashable_bounds(input.generics.clone(), &hashable_trait);
+    let field_accesses = collect_field_accesses(struct_data);
+    let hash_calls = build_hash_calls(&field_accesses, &hashable_trait);
+
+    let (impl_generics, ty_generics, where_clause) = generics.split_for_impl();
+
+    quote! {
+        #[automatically_derived]
+        impl #impl_generics #hashable_trait for #ident #ty_generics #where_clause {
+            fn hash<H: #hmac_digest>(&self, hasher: &mut H) {
+                #(#hash_calls)*
+            }
+        }
+    }
+}
+
+fn add_hashable_bounds(mut generics: Generics, hashable_trait: &syn::Path) -> Generics {
+    for type_param in generics.type_params_mut() {
+        type_param.bounds.push(parse_quote!(#hashable_trait));
+    }
+
+    generics
+}
+
+struct FieldAccess {
+    access: TokenStream,
+    span: Span,
+}
+
+fn collect_field_accesses(struct_data: &DataStruct) -> Vec<FieldAccess> {
+    match &struct_data.fields {
+        Fields::Named(fields) => {
+            // Keep deterministic alphabetical order for named fields.
+            // Do not remove this sort, because it keeps hash output stable regardless of source order.
+            let mut named_fields = fields
+                .named
+                .iter()
+                .map(|field| {
+                    let name = field
+                        .ident
+                        .as_ref()
+                        .expect("Fields::Named(fields) must have names")
+                        .clone();
+                    (name.to_string(), name)
+                })
+                .collect::<Vec<_>>();
+
+            named_fields.sort_by(|a, b| a.0.cmp(&b.0));
+
+            named_fields
+                .into_iter()
+                .map(|(_, name)| FieldAccess {
+                    access: quote! { #name },
+                    span: name.span(),
+                })
+                .collect()
+        }
+        Fields::Unnamed(fields) => fields
+            .unnamed
+            .iter()
+            .enumerate()
+            .map(|(i, field)| FieldAccess {
+                access: {
+                    let index = Index::from(i);
+                    quote! { #index }
+                },
+                span: field.ty.span(),
+            })
+            .collect(),
+        Fields::Unit => Vec::new(),
+    }
+}
+
+fn build_hash_calls(
+    field_accesses: &[FieldAccess],
+    hashable_trait: &syn::Path,
+) -> Vec<TokenStream> {
+    field_accesses
+        .iter()
+        .map(|field| {
+            let access = &field.access;
+            let call = quote! {
+                #hashable_trait::hash(&self.#access, hasher);
+            };
+
+            respan(call, field.span)
+        })
+        .collect()
+}
+
+/// Recursively set span on all tokens, including interpolated ones.
+fn respan(tokens: TokenStream, span: Span) -> TokenStream {
+    tokens
+        .into_iter()
+        .map(|tt| match tt {
+            TokenTree::Group(g) => {
+                let mut new = proc_macro2::Group::new(g.delimiter(), respan(g.stream(), span));
+                new.set_span(span);
+                TokenTree::Group(new)
+            }
+            mut other => {
+                other.set_span(span);
+                other
+            }
+        })
+        .collect()
+}

server/crates/arbiter-macros/src/lib.rs

@@ -0,0 +1,10 @@
+use syn::{DeriveInput, parse_macro_input};
+
+mod hashable;
+mod utils;
+
+#[proc_macro_derive(Hashable)]
+pub fn derive_hashable(input: proc_macro::TokenStream) -> proc_macro::TokenStream {
+    let input = parse_macro_input!(input as DeriveInput);
+    hashable::derive(&input).into()
+}

server/crates/arbiter-macros/src/utils.rs

@@ -0,0 +1,19 @@
+pub struct ToPath(pub &'static str);
+
+impl ToPath {
+    pub fn to_path(&self) -> syn::Path {
+        syn::parse_str(self.0).expect("Invalid path")
+    }
+}
+
+macro_rules! ensure_path {
+    ($path:path) => {{
+        #[cfg(test)]
+        #[expect(unused_imports)]
+        use $path as _;
+        ToPath(stringify!($path))
+    }};
+}
+
+pub const HASHABLE_TRAIT_PATH: ToPath = ensure_path!(::arbiter_crypto::hashing::Hashable);
+pub const HMAC_DIGEST_PATH: ToPath = ensure_path!(::arbiter_crypto::hashing::Digest);

server/crates/arbiter-proto/Cargo.toml

@@ -11,13 +11,13 @@ tokio.workspace = true
 futures.workspace = true
 hex = "0.4.3"
 tonic-prost = "0.14.5"
-prost = "0.14.3"
+prost.workspace = true
 kameo.workspace = true
 url = "2.5.8"
 miette.workspace = true
 thiserror.workspace = true
 rustls-pki-types.workspace = true
-base64 = "0.22.1"
+base64.workspace = true
 prost-types.workspace = true
 tracing.workspace = true
 async-trait.workspace = true

server/crates/arbiter-proto/src/lib.rs

@@ -1,17 +1,59 @@
 pub mod transport;
 pub mod url;
 
-use base64::{Engine, prelude::BASE64_STANDARD};
-
 pub mod proto {
     tonic::include_proto!("arbiter");
 
+    pub mod shared {
+        tonic::include_proto!("arbiter.shared");
+
+        pub mod evm {
+            tonic::include_proto!("arbiter.shared.evm");
+        }
+    }
+
     pub mod user_agent {
         tonic::include_proto!("arbiter.user_agent");
+
+        pub mod auth {
+            tonic::include_proto!("arbiter.user_agent.auth");
+        }
+
+        pub mod evm {
+            tonic::include_proto!("arbiter.user_agent.evm");
+        }
+
+        pub mod sdk_client {
+            tonic::include_proto!("arbiter.user_agent.sdk_client");
+        }
+
+        pub mod vault {
+            tonic::include_proto!("arbiter.user_agent.vault");
+
+            pub mod bootstrap {
+                tonic::include_proto!("arbiter.user_agent.vault.bootstrap");
+            }
+
+            pub mod unseal {
+                tonic::include_proto!("arbiter.user_agent.vault.unseal");
+            }
+        }
     }
 
     pub mod client {
         tonic::include_proto!("arbiter.client");
+
+        pub mod auth {
+            tonic::include_proto!("arbiter.client.auth");
+        }
+
+        pub mod evm {
+            tonic::include_proto!("arbiter.client.evm");
+        }
+
+        pub mod vault {
+            tonic::include_proto!("arbiter.client.vault");
+        }
     }
 
     pub mod evm {
@@ -40,8 +82,3 @@ pub fn home_path() -> Result<std::path::PathBuf, std::io::Error> {
 
     Ok(arbiter_home)
 }
-
-pub fn format_challenge(nonce: i32, pubkey: &[u8]) -> Vec<u8> {
-    let concat_form = format!("{}:{}", nonce, BASE64_STANDARD.encode(pubkey));
-    concat_form.into_bytes()
-}

server/crates/arbiter-proto/src/url.rs

@@ -7,7 +7,6 @@ const ARBITER_URL_SCHEME: &str = "arbiter";
 const CERT_QUERY_KEY: &str = "cert";
 const BOOTSTRAP_TOKEN_QUERY_KEY: &str = "bootstrap_token";
 
-
 #[derive(Debug, Clone)]
 pub struct ArbiterUrl {
     pub host: String,

server/crates/arbiter-server/Cargo.toml

@@ -16,8 +16,9 @@ diesel-async = { version = "0.8.0", features = [
     "sqlite",
     "tokio",
 ] }
-ed25519-dalek.workspace = true
 arbiter-proto.path = "../arbiter-proto"
+arbiter-crypto.path = "../arbiter-crypto"
+arbiter-macros.path = "../arbiter-macros"
 tracing.workspace = true
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 tonic.workspace = true
@@ -25,7 +26,6 @@ tonic.features = ["tls-aws-lc"]
 tokio.workspace = true
 rustls.workspace = true
 smlang.workspace = true
-miette.workspace = true
 thiserror.workspace = true
 fatality = "0.1.1"
 diesel_migrations = { version = "2.3.1", features = ["sqlite"] }
@@ -37,23 +37,31 @@ dashmap = "6.1.0"
 rand.workspace = true
 rcgen.workspace = true
 chrono.workspace = true
-memsafe = "0.4.0"
 zeroize = { version = "1.8.2", features = ["std", "simd"] }
 kameo.workspace = true
-x25519-dalek.workspace = true
 chacha20poly1305 = { version = "0.10.1", features = ["std"] }
 argon2 = { version = "0.5.3", features = ["zeroize"] }
 restructed = "0.2.2"
 strum = { version = "0.28.0", features = ["derive"] }
 pem = "3.0.6"
-k256.workspace = true
-rsa.workspace = true
 sha2.workspace = true
+hmac.workspace = true
 spki.workspace = true
 alloy.workspace = true
 prost-types.workspace = true
+prost.workspace = true
 arbiter-tokens-registry.path = "../arbiter-tokens-registry"
+anyhow = "1.0.102"
+serde_with = "3.18.0"
+mutants.workspace = true
+subtle = "2.6.1"
+ml-dsa.workspace = true
+ed25519-dalek.workspace = true
+x25519-dalek.workspace = true
+k256.workspace = true
 
 [dev-dependencies]
 insta = "1.46.3"
+proptest = "1.11.0"
+rstest.workspace = true
 test-log = { version = "0.2", default-features = false, features = ["trace"] }

server/crates/arbiter-server/migrations/2026-02-14-171124-0000_init/up.sql

@@ -47,7 +47,7 @@ create table if not exists useragent_client (
     id integer not null primary key,
     nonce integer not null default(1), -- used for auth challenge
     public_key blob not null,
-    key_type integer not null default(1), -- 1=Ed25519, 2=ECDSA(secp256k1)
+    key_type integer not null default(1),
     created_at integer not null default(unixepoch ('now')),
     updated_at integer not null default(unixepoch ('now'))
 ) STRICT;
@@ -191,3 +191,19 @@ create table if not exists evm_ether_transfer_grant_target (
 ) STRICT;
 
 create unique index if not exists uniq_ether_transfer_target on evm_ether_transfer_grant_target (grant_id, address);
+
+-- ===============================
+-- Integrity Envelopes
+-- ===============================
+create table if not exists integrity_envelope (
+    id integer not null primary key,
+    entity_kind text not null,
+    entity_id blob not null,
+    payload_version integer not null,
+    key_version integer not null,
+    mac blob not null, -- 20-byte recipient address
+    signed_at integer not null default(unixepoch ('now')),
+    created_at integer not null default(unixepoch ('now'))
+) STRICT;
+
+create unique index if not exists uniq_integrity_envelope_entity on integrity_envelope (entity_kind, entity_id);

server/crates/arbiter-server/src/actors/bootstrap.rs

@@ -2,8 +2,9 @@ use arbiter_proto::{BOOTSTRAP_PATH, home_path};
 use diesel::QueryDsl;
 use diesel_async::RunQueryDsl;
 use kameo::{Actor, messages};
-use miette::Diagnostic;
+
 use rand::{RngExt, distr::Alphanumeric, make_rng, rngs::StdRng};
+use subtle::ConstantTimeEq as _;
 use thiserror::Error;
 
 use crate::db::{self, DatabasePool, schema};
@@ -25,18 +26,15 @@ pub async fn generate_token() -> Result<String, std::io::Error> {
     Ok(token)
 }
 
-#[derive(Error, Debug, Diagnostic)]
+#[derive(Error, Debug)]
 pub enum Error {
     #[error("Database error: {0}")]
-    #[diagnostic(code(arbiter_server::bootstrap::database))]
     Database(#[from] db::PoolError),
 
     #[error("Database query error: {0}")]
-    #[diagnostic(code(arbiter_server::bootstrap::database_query))]
     Query(#[from] diesel::result::Error),
 
     #[error("I/O error: {0}")]
-    #[diagnostic(code(arbiter_server::bootstrap::io))]
     Io(#[from] std::io::Error),
 }
 
@@ -47,14 +45,14 @@ pub struct Bootstrapper {
 
 impl Bootstrapper {
     pub async fn new(db: &DatabasePool) -> Result<Self, Error> {
+        let row_count: i64 = {
             let mut conn = db.get().await?;
 
-        let row_count: i64 = schema::useragent_client::table
+            schema::useragent_client::table
                 .count()
                 .get_result(&mut conn)
-            .await?;
+                .await?
-
+        };
-        drop(conn);
 
         let token = if row_count == 0 {
             let token = generate_token().await?;
@@ -72,7 +70,13 @@ impl Bootstrapper {
     #[message]
     pub fn is_correct_token(&self, token: String) -> bool {
         match &self.token {
-            Some(expected) => *expected == token,
+            Some(expected) => {
+                let expected_bytes = expected.as_bytes();
+                let token_bytes = token.as_bytes();
+
+                let choice = expected_bytes.ct_eq(token_bytes);
+                bool::from(choice)
+            }
             None => false,
         }
     }

server/crates/arbiter-server/src/actors/client/auth.rs

@@ -1,5 +1,7 @@
+use arbiter_crypto::authn::{self, CLIENT_CONTEXT};
 use arbiter_proto::{
-    ClientMetadata, format_challenge, transport::{Bi, expect_message}
+    ClientMetadata,
+    transport::{Bi, expect_message},
 };
 use chrono::Utc;
 use diesel::{
@@ -7,15 +9,16 @@ use diesel::{
     dsl::insert_into, update,
 };
 use diesel_async::RunQueryDsl as _;
-use ed25519_dalek::{Signature, VerifyingKey};
+use kameo::{actor::ActorRef, error::SendError};
-use kameo::error::SendError;
 use tracing::error;
 
 use crate::{
     actors::{
-        client::{ClientConnection, ClientProfile},
+        client::{ClientConnection, ClientCredentials, ClientProfile},
         flow_coordinator::{self, RequestClientApproval},
+        keyholder::KeyHolder,
     },
+    crypto::integrity::{self, AttestationStatus},
     db::{
         self,
         models::{ProgramClientMetadata, SqliteTimestamp},
@@ -29,6 +32,8 @@ pub enum Error {
     DatabasePoolUnavailable,
     #[error("Database operation failed")]
     DatabaseOperationFailed,
+    #[error("Integrity check failed")]
+    IntegrityCheckFailed,
     #[error("Invalid challenge solution")]
     InvalidChallengeSolution,
     #[error("Client approval request failed")]
@@ -37,6 +42,13 @@ pub enum Error {
     Transport,
 }
 
+impl From<diesel::result::Error> for Error {
+    fn from(e: diesel::result::Error) -> Self {
+        error!(?e, "Database error");
+        Self::DatabaseOperationFailed
+    }
+}
+
 #[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
 pub enum ApproveError {
     #[error("Internal error")]
@@ -50,32 +62,93 @@ pub enum ApproveError {
 #[derive(Debug, Clone)]
 pub enum Inbound {
     AuthChallengeRequest {
-        pubkey: VerifyingKey,
+        pubkey: authn::PublicKey,
         metadata: ClientMetadata,
     },
     AuthChallengeSolution {
-        signature: Signature,
+        signature: authn::Signature,
     },
 }
 
 #[derive(Debug, Clone)]
 pub enum Outbound {
-    AuthChallenge { pubkey: VerifyingKey, nonce: i32 },
+    AuthChallenge {
+        pubkey: authn::PublicKey,
+        nonce: i32,
+    },
     AuthSuccess,
 }
 
-pub struct ClientInfo {
+/// Returns the current nonce and client ID for a registered client.
-    pub id: i32,
+/// Returns `None` if the pubkey is not registered.
-    pub current_nonce: i32,
+async fn get_current_nonce_and_id(
+    db: &db::DatabasePool,
+    pubkey: &authn::PublicKey,
+) -> Result<Option<(i32, i32)>, Error> {
+    let pubkey_bytes = pubkey.to_bytes();
+    let mut conn = db.get().await.map_err(|e| {
+        error!(error = ?e, "Database pool error");
+        Error::DatabasePoolUnavailable
+    })?;
+    program_client::table
+        .filter(program_client::public_key.eq(&pubkey_bytes))
+        .select((program_client::id, program_client::nonce))
+        .first::<(i32, i32)>(&mut conn)
+        .await
+        .optional()
+        .map_err(|e| {
+            error!(error = ?e, "Database error");
+            Error::DatabaseOperationFailed
+        })
 }
 
-/// Atomically reads and increments the nonce for a known client.
+async fn verify_integrity(
-/// Returns `None` if the pubkey is not registered.
-async fn get_client_and_nonce(
     db: &db::DatabasePool,
-    pubkey: &VerifyingKey,
+    keyholder: &ActorRef<KeyHolder>,
-) -> Result<Option<ClientInfo>, Error> {
+    pubkey: &authn::PublicKey,
-    let pubkey_bytes = pubkey.as_bytes().to_vec();
+) -> Result<(), Error> {
+    let mut db_conn = db.get().await.map_err(|e| {
+        error!(error = ?e, "Database pool error");
+        Error::DatabasePoolUnavailable
+    })?;
+
+    let (id, nonce) = get_current_nonce_and_id(db, pubkey).await?.ok_or_else(|| {
+        error!("Client not found during integrity verification");
+        Error::DatabaseOperationFailed
+    })?;
+
+    let attestation = integrity::verify_entity(
+        &mut db_conn,
+        keyholder,
+        &ClientCredentials {
+            pubkey: pubkey.clone(),
+            nonce,
+        },
+        id,
+    )
+    .await
+    .map_err(|e| {
+        error!(?e, "Integrity verification failed");
+        Error::IntegrityCheckFailed
+    })?;
+
+    if attestation != AttestationStatus::Attested {
+        error!("Integrity attestation unavailable for client {id}");
+        return Err(Error::IntegrityCheckFailed);
+    }
+
+    Ok(())
+}
+
+/// Atomically increments the nonce and re-signs the integrity envelope.
+/// Returns the new nonce, which is used as the challenge nonce.
+async fn create_nonce(
+    db: &db::DatabasePool,
+    keyholder: &ActorRef<KeyHolder>,
+    pubkey: &authn::PublicKey,
+) -> Result<i32, Error> {
+    let pubkey_bytes = pubkey.to_bytes();
+    let pubkey = pubkey.clone();
 
     let mut conn = db.get().await.map_err(|e| {
         error!(error = ?e, "Database pool error");
@@ -83,35 +156,35 @@ async fn get_client_and_nonce(
     })?;
 
     conn.exclusive_transaction(|conn| {
-        let pubkey_bytes = pubkey_bytes.clone();
+        let keyholder = keyholder.clone();
+        let pubkey = pubkey.clone();
         Box::pin(async move {
-            let Some((client_id, current_nonce)) = program_client::table
+            let (id, new_nonce): (i32, i32) = update(program_client::table)
                 .filter(program_client::public_key.eq(&pubkey_bytes))
-                .select((program_client::id, program_client::nonce))
+                .set(program_client::nonce.eq(program_client::nonce + 1))
-                .first::<(i32, i32)>(conn)
+                .returning((program_client::id, program_client::nonce))
-                .await
+                .get_result(conn)
-                .optional()?
-            else {
-                return Result::<_, diesel::result::Error>::Ok(None);
-            };
-
-            update(program_client::table)
-                .filter(program_client::public_key.eq(&pubkey_bytes))
-                .set(program_client::nonce.eq(current_nonce + 1))
-                .execute(conn)
                 .await?;
 
-            Ok(Some(ClientInfo {
+            integrity::sign_entity(
-                id: client_id,
+                conn,
-                current_nonce,
+                &keyholder,
-            }))
+                &ClientCredentials {
+                    pubkey: pubkey.clone(),
+                    nonce: new_nonce,
+                },
+                id,
+            )
+            .await
+            .map_err(|e| {
+                error!(?e, "Integrity sign failed after nonce update");
+                Error::DatabaseOperationFailed
+            })?;
+
+            Ok(new_nonce)
         })
     })
     .await
-    .map_err(|e| {
-        error!(error = ?e, "Database error");
-        Error::DatabaseOperationFailed
-    })
 }
 
 async fn approve_new_client(
@@ -139,15 +212,25 @@ async fn approve_new_client(
 
 async fn insert_client(
     db: &db::DatabasePool,
-    pubkey: &VerifyingKey,
+    keyholder: &ActorRef<KeyHolder>,
+    pubkey: &authn::PublicKey,
     metadata: &ClientMetadata,
 ) -> Result<i32, Error> {
     use crate::db::schema::{client_metadata, program_client};
+    let pubkey = pubkey.clone();
+    let metadata = metadata.clone();
+
     let mut conn = db.get().await.map_err(|e| {
         error!(error = ?e, "Database pool error");
         Error::DatabasePoolUnavailable
     })?;
 
+    conn.exclusive_transaction(|conn| {
+        let keyholder = keyholder.clone();
+        let pubkey = pubkey.clone();
+        Box::pin(async move {
+            const NONCE_START: i32 = 1;
+
             let metadata_id = insert_into(client_metadata::table)
                 .values((
                     client_metadata::name.eq(&metadata.name),
@@ -155,29 +238,39 @@ async fn insert_client(
                     client_metadata::version.eq(&metadata.version),
                 ))
                 .returning(client_metadata::id)
-        .get_result::<i32>(&mut conn)
+                .get_result::<i32>(conn)
-        .await
+                .await?;
-        .map_err(|e| {
-            error!(error = ?e, "Failed to insert client metadata");
-            Error::DatabaseOperationFailed
-        })?;
 
             let client_id = insert_into(program_client::table)
                 .values((
-            program_client::public_key.eq(pubkey.as_bytes().to_vec()),
+                    program_client::public_key.eq(pubkey.to_bytes()),
                     program_client::metadata_id.eq(metadata_id),
-            program_client::nonce.eq(1), // pre-incremented; challenge uses 0
+                    program_client::nonce.eq(NONCE_START),
                 ))
                 .on_conflict_do_nothing()
                 .returning(program_client::id)
-        .get_result::<i32>(&mut conn)
+                .get_result::<i32>(conn)
+                .await?;
+
+            integrity::sign_entity(
+                conn,
+                &keyholder,
+                &ClientCredentials {
+                    pubkey: pubkey.clone(),
+                    nonce: NONCE_START,
+                },
+                client_id,
+            )
             .await
             .map_err(|e| {
-            error!(error = ?e, "Failed to insert client metadata");
+                error!(error = ?e, "Failed to sign integrity tag for new client key");
                 Error::DatabaseOperationFailed
             })?;
 
             Ok(client_id)
+        })
+    })
+    .await
 }
 
 async fn sync_client_metadata(
@@ -253,14 +346,17 @@ async fn sync_client_metadata(
 
 async fn challenge_client<T>(
     transport: &mut T,
-    pubkey: VerifyingKey,
+    pubkey: authn::PublicKey,
     nonce: i32,
 ) -> Result<(), Error>
 where
     T: Bi<Inbound, Result<Outbound, Error>> + ?Sized,
 {
     transport
-        .send(Ok(Outbound::AuthChallenge { pubkey, nonce }))
+        .send(Ok(Outbound::AuthChallenge {
+            pubkey: pubkey.clone(),
+            nonce,
+        }))
         .await
         .map_err(|e| {
             error!(error = ?e, "Failed to send auth challenge");
@@ -277,20 +373,15 @@ where
         Error::Transport
     })?;
 
-    let formatted = format_challenge(nonce, pubkey.as_bytes());
+    if !pubkey.verify(nonce, CLIENT_CONTEXT, &signature) {
-
-    pubkey.verify_strict(&formatted, &signature).map_err(|_| {
         error!("Challenge solution verification failed");
-        Error::InvalidChallengeSolution
+        return Err(Error::InvalidChallengeSolution);
-    })?;
+    }
 
     Ok(())
 }
 
-pub async fn authenticate<T>(
+pub async fn authenticate<T>(props: &mut ClientConnection, transport: &mut T) -> Result<i32, Error>
-    props: &mut ClientConnection,
-    transport: &mut T,
-) -> Result<VerifyingKey, Error>
 where
     T: Bi<Inbound, Result<Outbound, Error>> + Send + ?Sized,
 {
@@ -298,28 +389,27 @@ where
         return Err(Error::Transport);
     };
 
-    let info = match get_client_and_nonce(&props.db, &pubkey).await? {
+    let client_id = match get_current_nonce_and_id(&props.db, &pubkey).await? {
-        Some(nonce) => nonce,
+        Some((id, _)) => {
+            verify_integrity(&props.db, &props.actors.key_holder, &pubkey).await?;
+            id
+        }
         None => {
             approve_new_client(
                 &props.actors,
                 ClientProfile {
-                    pubkey,
+                    pubkey: pubkey.clone(),
                     metadata: metadata.clone(),
                 },
             )
             .await?;
-            let client_id = insert_client(&props.db, &pubkey, &metadata).await?;
+            insert_client(&props.db, &props.actors.key_holder, &pubkey, &metadata).await?
-            ClientInfo {
-                id: client_id,
-                current_nonce: 0,
-            }
         }
     };
 
-    sync_client_metadata(&props.db, info.id, &metadata).await?;
+    sync_client_metadata(&props.db, client_id, &metadata).await?;
-
+    let challenge_nonce = create_nonce(&props.db, &props.actors.key_holder, &pubkey).await?;
-    challenge_client(transport, pubkey, info.current_nonce).await?;
+    challenge_client(transport, pubkey, challenge_nonce).await?;
 
     transport
         .send(Ok(Outbound::AuthSuccess))
@@ -329,5 +419,5 @@ where
             Error::Transport
         })?;
 
-    Ok(pubkey)
+    Ok(client_id)
 }

server/crates/arbiter-server/src/actors/client/mod.rs

@@ -1,18 +1,30 @@
+use arbiter_crypto::authn;
 use arbiter_proto::{ClientMetadata, transport::Bi};
 use kameo::actor::Spawn;
 use tracing::{error, info};
 
 use crate::{
-    actors::{GlobalActors, client::{ session::ClientSession}},
+    actors::{GlobalActors, client::session::ClientSession},
+    crypto::integrity::Integrable,
     db,
 };
 
 #[derive(Debug, Clone)]
 pub struct ClientProfile {
-    pub pubkey: ed25519_dalek::VerifyingKey,
+    pub pubkey: authn::PublicKey,
     pub metadata: ClientMetadata,
 }
 
+#[derive(arbiter_macros::Hashable)]
+pub struct ClientCredentials {
+    pub pubkey: authn::PublicKey,
+    pub nonce: i32,
+}
+
+impl Integrable for ClientCredentials {
+    const KIND: &'static str = "client_credentials";
+}
+
 pub struct ClientConnection {
     pub(crate) db: db::DatabasePool,
     pub(crate) actors: GlobalActors,
@@ -31,9 +43,11 @@ pub async fn connect_client<T>(mut props: ClientConnection, transport: &mut T)
 where
     T: Bi<auth::Inbound, Result<auth::Outbound, auth::Error>> + Send + ?Sized,
 {
-    match auth::authenticate(&mut props, transport).await {
+    let fut = auth::authenticate(&mut props, transport);
-        Ok(_pubkey) => {
+    println!("authenticate future size: {}", std::mem::size_of_val(&fut));
-            ClientSession::spawn(ClientSession::new(props));
+    match fut.await {
+        Ok(client_id) => {
+            ClientSession::spawn(ClientSession::new(props, client_id));
             info!("Client authenticated, session started");
         }
         Err(err) => {

server/crates/arbiter-server/src/actors/client/session.rs

@@ -1,21 +1,28 @@
 use kameo::{Actor, messages};
 use tracing::error;
 
+use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
+
 use crate::{
     actors::{
-        GlobalActors, client::ClientConnection, flow_coordinator::RegisterClient,
+        GlobalActors,
+        client::ClientConnection,
+        evm::{ClientSignTransaction, SignTransactionError},
+        flow_coordinator::RegisterClient,
         keyholder::KeyHolderState,
     },
     db,
+    evm::VetError,
 };
 
 pub struct ClientSession {
     props: ClientConnection,
+    client_id: i32,
 }
 
 impl ClientSession {
-    pub(crate) fn new(props: ClientConnection) -> Self {
+    pub(crate) fn new(props: ClientConnection, client_id: i32) -> Self {
-        Self { props }
+        Self { props, client_id }
     }
 }
 
@@ -35,6 +42,34 @@ impl ClientSession {
 
         Ok(vault_state)
     }
+
+    #[message]
+    pub(crate) async fn handle_sign_transaction(
+        &mut self,
+        wallet_address: Address,
+        transaction: TxEip1559,
+    ) -> Result<Signature, SignTransactionRpcError> {
+        match self
+            .props
+            .actors
+            .evm
+            .ask(ClientSignTransaction {
+                client_id: self.client_id,
+                wallet_address,
+                transaction,
+            })
+            .await
+        {
+            Ok(signature) => Ok(signature),
+            Err(kameo::error::SendError::HandlerError(SignTransactionError::Vet(vet_error))) => {
+                Err(SignTransactionRpcError::Vet(vet_error))
+            }
+            Err(err) => {
+                error!(?err, "Failed to sign EVM transaction in client session");
+                Err(SignTransactionRpcError::Internal)
+            }
+        }
+    }
 }
 
 impl Actor for ClientSession {
@@ -59,7 +94,10 @@ impl Actor for ClientSession {
 impl ClientSession {
     pub fn new_test(db: db::DatabasePool, actors: GlobalActors) -> Self {
         let props = ClientConnection::new(db, actors);
-        Self { props }
+        Self {
+            props,
+            client_id: 0,
+        }
     }
 }
 
@@ -70,3 +108,12 @@ pub enum Error {
     #[error("Internal error")]
     Internal,
 }
+
+#[derive(Debug, thiserror::Error)]
+pub enum SignTransactionRpcError {
+    #[error("Policy evaluation failed")]
+    Vet(#[from] VetError),
+
+    #[error("Internal error")]
+    Internal,
+}

server/crates/arbiter-server/src/actors/evm/mod.rs

@@ -8,63 +8,58 @@ use rand::{SeedableRng, rng, rngs::StdRng};
 
 use crate::{
     actors::keyholder::{CreateNew, Decrypt, KeyHolder},
+    crypto::integrity,
     db::{
-        self, DatabaseError, DatabasePool,
+        DatabaseError, DatabasePool,
-        models::{self, SqliteTimestamp},
+        models::{self},
         schema,
     },
     evm::{
-        self, RunKind,
+        self, ListError, RunKind,
         policies::{
-            FullGrant, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning,
+            CombinedSettings, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning,
             ether_transfer::EtherTransfer, token_transfers::TokenTransfer,
         },
     },
-    safe_cell::{SafeCell, SafeCellHandle as _},
 };
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
 
 pub use crate::evm::safe_signer;
 
-#[derive(Debug, thiserror::Error, miette::Diagnostic)]
+#[derive(Debug, thiserror::Error)]
 pub enum SignTransactionError {
     #[error("Wallet not found")]
-    #[diagnostic(code(arbiter::evm::sign::wallet_not_found))]
     WalletNotFound,
 
     #[error("Database error: {0}")]
-    #[diagnostic(code(arbiter::evm::sign::database))]
     Database(#[from] DatabaseError),
 
     #[error("Keyholder error: {0}")]
-    #[diagnostic(code(arbiter::evm::sign::keyholder))]
     Keyholder(#[from] crate::actors::keyholder::Error),
 
     #[error("Keyholder mailbox error")]
-    #[diagnostic(code(arbiter::evm::sign::keyholder_send))]
     KeyholderSend,
 
     #[error("Signing error: {0}")]
-    #[diagnostic(code(arbiter::evm::sign::signing))]
     Signing(#[from] alloy::signers::Error),
 
     #[error("Policy error: {0}")]
-    #[diagnostic(code(arbiter::evm::sign::vet))]
     Vet(#[from] evm::VetError),
 }
 
-#[derive(Debug, thiserror::Error, miette::Diagnostic)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
     #[error("Keyholder error: {0}")]
-    #[diagnostic(code(arbiter::evm::keyholder))]
     Keyholder(#[from] crate::actors::keyholder::Error),
 
     #[error("Keyholder mailbox error")]
-    #[diagnostic(code(arbiter::evm::keyholder_send))]
     KeyholderSend,
 
     #[error("Database error: {0}")]
-    #[diagnostic(code(arbiter::evm::database))]
     Database(#[from] DatabaseError),
+
+    #[error("Integrity violation: {0}")]
+    Integrity(#[from] integrity::Error),
 }
 
 #[derive(Actor)]
@@ -80,7 +75,7 @@ impl EvmActor {
         // is it safe to seed rng from system once?
         // todo: audit
         let rng = StdRng::from_rng(&mut rng());
-        let engine = evm::Engine::new(db.clone());
+        let engine = evm::Engine::new(db.clone(), keyholder.clone());
         Self {
             keyholder,
             db,
@@ -141,46 +136,59 @@ impl EvmActor {
         &mut self,
         basic: SharedGrantSettings,
         grant: SpecificGrant,
-    ) -> Result<i32, DatabaseError> {
+    ) -> Result<i32, Error> {
         match grant {
-            SpecificGrant::EtherTransfer(settings) => {
+            SpecificGrant::EtherTransfer(settings) => self
-                self.engine
+                .engine
-                    .create_grant::<EtherTransfer>(FullGrant {
+                .create_grant::<EtherTransfer>(CombinedSettings {
-                        basic,
+                    shared: basic,
                     specific: settings,
                 })
                 .await
-            }
+                .map_err(Error::from),
-            SpecificGrant::TokenTransfer(settings) => {
+            SpecificGrant::TokenTransfer(settings) => self
-                self.engine
+                .engine
-                    .create_grant::<TokenTransfer>(FullGrant {
+                .create_grant::<TokenTransfer>(CombinedSettings {
-                        basic,
+                    shared: basic,
                     specific: settings,
                 })
                 .await
-            }
+                .map_err(Error::from),
         }
     }
 
     #[message]
-    pub async fn useragent_delete_grant(&mut self, grant_id: i32) -> Result<(), Error> {
+    pub async fn useragent_delete_grant(&mut self, _grant_id: i32) -> Result<(), Error> {
-        let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
+        // let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
-        diesel::update(schema::evm_basic_grant::table)
+        // let keyholder = self.keyholder.clone();
-            .filter(schema::evm_basic_grant::id.eq(grant_id))
+
-            .set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now()))
+        // diesel_async::AsyncConnection::transaction(&mut conn, |conn| {
-            .execute(&mut conn)
+        //     Box::pin(async move {
-            .await
+        //         diesel::update(schema::evm_basic_grant::table)
-            .map_err(DatabaseError::from)?;
+        //             .filter(schema::evm_basic_grant::id.eq(grant_id))
-        Ok(())
+        //             .set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now()))
+        //             .execute(conn)
+        //             .await?;
+
+        //         let signed = integrity::evm::load_signed_grant_by_basic_id(conn, grant_id).await?;
+
+        //         diesel::result::QueryResult::Ok(())
+        //     })
+        // })
+        // .await
+        // .map_err(DatabaseError::from)?;
+
+        // Ok(())
+        todo!()
     }
 
     #[message]
     pub async fn useragent_list_grants(&mut self) -> Result<Vec<Grant<SpecificGrant>>, Error> {
-        Ok(self
+        match self.engine.list_all_grants().await {
-            .engine
+            Ok(grants) => Ok(grants),
-            .list_all_grants()
+            Err(ListError::Database(db_err)) => Err(Error::Database(db_err)),
-            .await
+            Err(ListError::Integrity(integrity_err)) => Err(Error::Integrity(integrity_err)),
-            .map_err(DatabaseError::from)?)
+        }
     }
 
     #[message]

server/crates/arbiter-server/src/actors/flow_coordinator/client_connect_approval.rs

@@ -15,7 +15,7 @@ use crate::actors::{
 pub struct Args {
     pub client: ClientProfile,
     pub user_agents: Vec<ActorRef<UserAgentSession>>,
-    pub reply: ReplySender<Result<bool, ApprovalError>>
+    pub reply: ReplySender<Result<bool, ApprovalError>>,
 }
 
 pub struct ClientApprovalController {
@@ -39,7 +39,11 @@ impl Actor for ClientApprovalController {
     type Error = ();
 
     async fn on_start(
-        Args { client, mut user_agents, reply }: Self::Args,
+        Args {
+            client,
+            mut user_agents,
+            reply,
+        }: Self::Args,
         actor_ref: ActorRef<Self>,
     ) -> Result<Self, Self::Error> {
         let this = Self {

server/crates/arbiter-server/src/actors/keyholder/encryption.rs

@@ -1 +0,0 @@
-pub mod v1;

server/crates/arbiter-server/src/actors/keyholder/mod.rs

@@ -4,22 +4,22 @@ use diesel::{
     dsl::{insert_into, update},
 };
 use diesel_async::{AsyncConnection, RunQueryDsl};
+use hmac::Mac as _;
 use kameo::{Actor, Reply, messages};
 use strum::{EnumDiscriminants, IntoDiscriminant};
 use tracing::{error, info};
 
-use crate::safe_cell::SafeCell;
+use crate::crypto::{
-use crate::{
+    KeyCell, derive_key,
-    db::{
+    encryption::v1::{self, Nonce},
+    integrity::v1::HmacSha256,
+};
+use crate::db::{
     self,
     models::{self, RootKeyHistory},
     schema::{self},
-    },
-    safe_cell::SafeCellHandle as _,
 };
-use encryption::v1::{self, KeyCell, Nonce};
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
-
-pub mod encryption;
 
 #[derive(Default, EnumDiscriminants)]
 #[strum_discriminants(derive(Reply), vis(pub), name(KeyHolderState))]
@@ -35,36 +35,28 @@ enum State {
     },
 }
 
-#[derive(Debug, thiserror::Error, miette::Diagnostic)]
+#[derive(Debug, thiserror::Error)]
 pub enum Error {
     #[error("Keyholder is already bootstrapped")]
-    #[diagnostic(code(arbiter::keyholder::already_bootstrapped))]
     AlreadyBootstrapped,
     #[error("Keyholder is not bootstrapped")]
-    #[diagnostic(code(arbiter::keyholder::not_bootstrapped))]
     NotBootstrapped,
     #[error("Invalid key provided")]
-    #[diagnostic(code(arbiter::keyholder::invalid_key))]
     InvalidKey,
 
     #[error("Requested aead entry not found")]
-    #[diagnostic(code(arbiter::keyholder::aead_not_found))]
     NotFound,
 
     #[error("Encryption error: {0}")]
-    #[diagnostic(code(arbiter::keyholder::encryption_error))]
     Encryption(#[from] chacha20poly1305::aead::Error),
 
     #[error("Database error: {0}")]
-    #[diagnostic(code(arbiter::keyholder::database_error))]
     DatabaseConnection(#[from] db::PoolError),
 
     #[error("Database transaction error: {0}")]
-    #[diagnostic(code(arbiter::keyholder::database_transaction_error))]
     DatabaseTransaction(#[from] diesel::result::Error),
 
     #[error("Broken database")]
-    #[diagnostic(code(arbiter::keyholder::broken_database))]
     BrokenDatabase,
 }
 
@@ -114,8 +106,7 @@ impl KeyHolder {
                         .first(conn)
                         .await?;
 
-                    let mut nonce =
+                    let mut nonce = Nonce::try_from(current_nonce.as_slice()).map_err(|_| {
-                        v1::Nonce::try_from(current_nonce.as_slice()).map_err(|_| {
                         error!(
                             "Broken database: invalid nonce for root key history id={}",
                             root_key_id
@@ -144,12 +135,12 @@ impl KeyHolder {
             return Err(Error::AlreadyBootstrapped);
         }
         let salt = v1::generate_salt();
-        let mut seal_key = v1::derive_seal_key(seal_key_raw, &salt);
+        let mut seal_key = derive_key(seal_key_raw, &salt);
         let mut root_key = KeyCell::new_secure_random();
 
         // Zero nonces are fine because they are one-time
-        let root_key_nonce = v1::Nonce::default();
+        let root_key_nonce = Nonce::default();
-        let data_encryption_nonce = v1::Nonce::default();
+        let data_encryption_nonce = Nonce::default();
 
         let root_key_ciphertext: Vec<u8> = root_key.0.read_inline(|reader| {
             let root_key_reader = reader.as_slice();
@@ -214,7 +205,6 @@ impl KeyHolder {
             let mut conn = self.db.get().await?;
             schema::root_key_history::table
                 .filter(schema::root_key_history::id.eq(*root_key_history_id))
-                .select(schema::root_key_history::data_encryption_nonce)
                 .select(RootKeyHistory::as_select())
                 .first(&mut conn)
                 .await?
@@ -225,7 +215,7 @@ impl KeyHolder {
             error!("Broken database: invalid salt for root key");
             Error::BrokenDatabase
         })?;
-        let mut seal_key = v1::derive_seal_key(seal_key_raw, &salt);
+        let mut seal_key = derive_key(seal_key_raw, &salt);
 
         let mut root_key = SafeCell::new(current_key.ciphertext.clone());
 
@@ -245,7 +235,7 @@ impl KeyHolder {
 
         self.state = State::Unsealed {
             root_key_history_id: current_key.id,
-            root_key: v1::KeyCell::try_from(root_key).map_err(|err| {
+            root_key: KeyCell::try_from(root_key).map_err(|err| {
                 error!(?err, "Broken database: invalid encryption key size");
                 Error::BrokenDatabase
             })?,
@@ -256,7 +246,6 @@ impl KeyHolder {
         Ok(())
     }
 
-    // Decrypts the `aead_encrypted` entry with the given ID and returns the plaintext
     #[message]
     pub async fn decrypt(&mut self, aead_id: i32) -> Result<SafeCell<Vec<u8>>, Error> {
         let State::Unsealed { root_key, .. } = &mut self.state else {
@@ -292,6 +281,7 @@ impl KeyHolder {
         let State::Unsealed {
             root_key,
             root_key_history_id,
+            ..
         } = &mut self.state
         else {
             return Err(Error::NotBootstrapped);
@@ -329,6 +319,60 @@ impl KeyHolder {
         self.state.discriminant()
     }
 
+    #[message]
+    pub fn sign_integrity(&mut self, mac_input: Vec<u8>) -> Result<(i32, Vec<u8>), Error> {
+        let State::Unsealed {
+            root_key,
+            root_key_history_id,
+        } = &mut self.state
+        else {
+            return Err(Error::NotBootstrapped);
+        };
+
+        let mut hmac = root_key
+            .0
+            .read_inline(|k| match HmacSha256::new_from_slice(k) {
+                Ok(v) => v,
+                Err(_) => unreachable!("HMAC accepts keys of any size"),
+            });
+        hmac.update(&root_key_history_id.to_be_bytes());
+        hmac.update(&mac_input);
+
+        let mac = hmac.finalize().into_bytes().to_vec();
+        Ok((*root_key_history_id, mac))
+    }
+
+    #[message]
+    pub fn verify_integrity(
+        &mut self,
+        mac_input: Vec<u8>,
+        expected_mac: Vec<u8>,
+        key_version: i32,
+    ) -> Result<bool, Error> {
+        let State::Unsealed {
+            root_key,
+            root_key_history_id,
+        } = &mut self.state
+        else {
+            return Err(Error::NotBootstrapped);
+        };
+
+        if *root_key_history_id != key_version {
+            return Ok(false);
+        }
+
+        let mut hmac = root_key
+            .0
+            .read_inline(|k| match HmacSha256::new_from_slice(k) {
+                Ok(v) => v,
+                Err(_) => unreachable!("HMAC accepts keys of any size"),
+            });
+        hmac.update(&key_version.to_be_bytes());
+        hmac.update(&mac_input);
+
+        Ok(hmac.verify_slice(&expected_mac).is_ok())
+    }
+
     #[message]
     pub fn seal(&mut self) -> Result<(), Error> {
         let State::Unsealed {
@@ -351,10 +395,8 @@ mod tests {
 
     use diesel_async::RunQueryDsl;
 
-    use crate::{
+    use crate::db::{self};
-        db::{self},
+    use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
-        safe_cell::SafeCell,
-    };
 
     use super::*;
 

server/crates/arbiter-server/src/actors/mod.rs

@@ -1,5 +1,4 @@
 use kameo::actor::{ActorRef, Spawn};
-use miette::Diagnostic;
 use thiserror::Error;
 
 use crate::{
@@ -17,14 +16,12 @@ pub mod flow_coordinator;
 pub mod keyholder;
 pub mod user_agent;
 
-#[derive(Error, Debug, Diagnostic)]
+#[derive(Error, Debug)]
 pub enum SpawnError {
     #[error("Failed to spawn Bootstrapper actor")]
-    #[diagnostic(code(SpawnError::Bootstrapper))]
     Bootstrapper(#[from] bootstrap::Error),
 
     #[error("Failed to spawn KeyHolder actor")]
-    #[diagnostic(code(SpawnError::KeyHolder))]
     KeyHolder(#[from] keyholder::Error),
 }
 

server/crates/arbiter-server/src/actors/user_agent/auth.rs

@@ -1,18 +1,18 @@
+use arbiter_crypto::authn;
 use arbiter_proto::transport::Bi;
 use tracing::error;
 
 use crate::actors::user_agent::{
-    AuthPublicKey, UserAgentConnection,
+    UserAgentConnection,
     auth::state::{AuthContext, AuthStateMachine},
 };
-
 mod state;
 use state::*;
 
 #[derive(Debug, Clone)]
 pub enum Inbound {
     AuthChallengeRequest {
-        pubkey: AuthPublicKey,
+        pubkey: authn::PublicKey,
         bootstrap_token: Option<String>,
     },
     AuthChallengeSolution {
@@ -37,6 +37,13 @@ impl Error {
     }
 }
 
+impl From<diesel::result::Error> for Error {
+    fn from(e: diesel::result::Error) -> Self {
+        error!(?e, "Database error");
+        Self::internal("Database error")
+    }
+}
+
 #[derive(Debug, Clone)]
 pub enum Outbound {
     AuthChallenge { nonce: i32 },
@@ -64,7 +71,7 @@ fn parse_auth_event(payload: Inbound) -> AuthEvents {
 pub async fn authenticate<T>(
     props: &mut UserAgentConnection,
     transport: T,
-) -> Result<AuthPublicKey, Error>
+) -> Result<authn::PublicKey, Error>
 where
     T: Bi<Inbound, Result<Outbound, Error>> + Send,
 {

server/crates/arbiter-server/src/actors/user_agent/auth/state.rs

@@ -1,29 +1,33 @@
+use arbiter_crypto::authn::{self, USERAGENT_CONTEXT};
 use arbiter_proto::transport::Bi;
 use diesel::{ExpressionMethods as _, OptionalExtension as _, QueryDsl, update};
-use diesel_async::RunQueryDsl;
+use diesel_async::{AsyncConnection, RunQueryDsl};
+use kameo::actor::ActorRef;
 use tracing::error;
 
 use super::Error;
 use crate::{
     actors::{
         bootstrap::ConsumeToken,
-        user_agent::{AuthPublicKey, UserAgentConnection, auth::Outbound},
+        keyholder::KeyHolder,
+        user_agent::{UserAgentConnection, UserAgentCredentials, auth::Outbound},
     },
-    db::schema,
+    crypto::integrity,
+    db::{DatabasePool, schema::useragent_client},
 };
 
 pub struct ChallengeRequest {
-    pub pubkey: AuthPublicKey,
+    pub pubkey: authn::PublicKey,
 }
 
 pub struct BootstrapAuthRequest {
-    pub pubkey: AuthPublicKey,
+    pub pubkey: authn::PublicKey,
     pub token: String,
 }
 
 pub struct ChallengeContext {
     pub challenge_nonce: i32,
-    pub key: AuthPublicKey,
+    pub key: authn::PublicKey,
 }
 
 pub struct ChallengeSolution {
@@ -35,12 +39,16 @@ smlang::statemachine!(
     custom_error: true,
     transitions: {
         *Init + AuthRequest(ChallengeRequest) / async prepare_challenge = SentChallenge(ChallengeContext),
-        Init + BootstrapAuthRequest(BootstrapAuthRequest) / async verify_bootstrap_token = AuthOk(AuthPublicKey),
+        Init + BootstrapAuthRequest(BootstrapAuthRequest) / async verify_bootstrap_token = AuthOk(authn::PublicKey),
-        SentChallenge(ChallengeContext) + ReceivedSolution(ChallengeSolution) / async verify_solution = AuthOk(AuthPublicKey),
+        SentChallenge(ChallengeContext) + ReceivedSolution(ChallengeSolution) / async verify_solution = AuthOk(authn::PublicKey),
     }
 );
 
-async fn create_nonce(db: &crate::db::DatabasePool, pubkey_bytes: &[u8]) -> Result<i32, Error> {
+/// Returns the current nonce, ready to use for the challenge nonce.
+async fn get_current_nonce_and_id(
+    db: &DatabasePool,
+    key: &authn::PublicKey,
+) -> Result<(i32, i32), Error> {
     let mut db_conn = db.get().await.map_err(|e| {
         error!(error = ?e, "Database pool error");
         Error::internal("Database unavailable")
@@ -48,19 +56,11 @@ async fn create_nonce(db: &crate::db::DatabasePool, pubkey_bytes: &[u8]) -> Resu
     db_conn
         .exclusive_transaction(|conn| {
             Box::pin(async move {
-                let current_nonce = schema::useragent_client::table
+                useragent_client::table
-                    .filter(schema::useragent_client::public_key.eq(pubkey_bytes.to_vec()))
+                    .filter(useragent_client::public_key.eq(key.to_bytes()))
-                    .select(schema::useragent_client::nonce)
+                    .select((useragent_client::id, useragent_client::nonce))
-                    .first::<i32>(conn)
+                    .first::<(i32, i32)>(conn)
-                    .await?;
+                    .await
-
-                update(schema::useragent_client::table)
-                    .filter(schema::useragent_client::public_key.eq(pubkey_bytes.to_vec()))
-                    .set(schema::useragent_client::nonce.eq(current_nonce + 1))
-                    .execute(conn)
-                    .await?;
-
-                Result::<_, diesel::result::Error>::Ok(current_nonce)
             })
         })
         .await
@@ -70,32 +70,131 @@ async fn create_nonce(db: &crate::db::DatabasePool, pubkey_bytes: &[u8]) -> Resu
             Error::internal("Database operation failed")
         })?
         .ok_or_else(|| {
-            error!(?pubkey_bytes, "Public key not found in database");
+            error!(?key, "Public key not found in database");
             Error::UnregisteredPublicKey
         })
 }
 
-async fn register_key(db: &crate::db::DatabasePool, pubkey: &AuthPublicKey) -> Result<(), Error> {
+async fn verify_integrity(
-    let pubkey_bytes = pubkey.to_stored_bytes();
+    db: &DatabasePool,
-    let key_type = pubkey.key_type();
+    keyholder: &ActorRef<KeyHolder>,
-    let mut conn = db.get().await.map_err(|e| {
+    pubkey: &authn::PublicKey,
+) -> Result<(), Error> {
+    let mut db_conn = db.get().await.map_err(|e| {
         error!(error = ?e, "Database pool error");
         Error::internal("Database unavailable")
     })?;
 
-    diesel::insert_into(schema::useragent_client::table)
+    let (id, nonce) = get_current_nonce_and_id(db, pubkey).await?;
-        .values((
+
-            schema::useragent_client::public_key.eq(pubkey_bytes),
+    let _result = integrity::verify_entity(
-            schema::useragent_client::nonce.eq(1),
+        &mut db_conn,
-            schema::useragent_client::key_type.eq(key_type),
+        keyholder,
-        ))
+        &UserAgentCredentials {
-        .execute(&mut conn)
+            pubkey: pubkey.clone(),
+            nonce,
+        },
+        id,
+    )
+    .await
+    .map_err(|e| {
+        error!(?e, "Integrity verification failed");
+        Error::internal("Integrity verification failed")
+    })?;
+
+    Ok(())
+}
+
+async fn create_nonce(
+    db: &DatabasePool,
+    keyholder: &ActorRef<KeyHolder>,
+    pubkey: &authn::PublicKey,
+) -> Result<i32, Error> {
+    let mut db_conn = db.get().await.map_err(|e| {
+        error!(error = ?e, "Database pool error");
+        Error::internal("Database unavailable")
+    })?;
+    let new_nonce = db_conn
+        .exclusive_transaction(|conn| {
+            Box::pin(async move {
+                let (id, new_nonce): (i32, i32) = update(useragent_client::table)
+                    .filter(useragent_client::public_key.eq(pubkey.to_bytes()))
+                    .set(useragent_client::nonce.eq(useragent_client::nonce + 1))
+                    .returning((useragent_client::id, useragent_client::nonce))
+                    .get_result(conn)
                     .await
                     .map_err(|e| {
                         error!(error = ?e, "Database error");
                         Error::internal("Database operation failed")
                     })?;
 
+                integrity::sign_entity(
+                    conn,
+                    keyholder,
+                    &UserAgentCredentials {
+                        pubkey: pubkey.clone(),
+                        nonce: new_nonce,
+                    },
+                    id,
+                )
+                .await
+                .map_err(|e| {
+                    error!(?e, "Integrity signature update failed");
+                    Error::internal("Database error")
+                })?;
+
+                Result::<_, Error>::Ok(new_nonce)
+            })
+        })
+        .await?;
+    Ok(new_nonce)
+}
+
+async fn register_key(
+    db: &DatabasePool,
+    keyholder: &ActorRef<KeyHolder>,
+    pubkey: &authn::PublicKey,
+) -> Result<(), Error> {
+    let pubkey_bytes = pubkey.to_bytes();
+    let mut conn = db.get().await.map_err(|e| {
+        error!(error = ?e, "Database pool error");
+        Error::internal("Database unavailable")
+    })?;
+
+    conn.transaction(|conn| {
+        Box::pin(async move {
+            const NONCE_START: i32 = 1;
+
+            let id: i32 = diesel::insert_into(useragent_client::table)
+                .values((
+                    useragent_client::public_key.eq(pubkey_bytes),
+                    useragent_client::nonce.eq(NONCE_START),
+                ))
+                .returning(useragent_client::id)
+                .get_result(conn)
+                .await
+                .map_err(|e| {
+                    error!(error = ?e, "Database error");
+                    Error::internal("Database operation failed")
+                })?;
+
+            let entity = UserAgentCredentials {
+                pubkey: pubkey.clone(),
+                nonce: NONCE_START,
+            };
+
+            integrity::sign_entity(conn, keyholder, &entity, id)
+                .await
+                .map_err(|e| {
+                    error!(error = ?e, "Failed to sign integrity tag for new user-agent key");
+                    Error::internal("Failed to register public key")
+                })?;
+
+            Result::<_, Error>::Ok(())
+        })
+    })
+    .await?;
+
     Ok(())
 }
 
@@ -120,8 +219,9 @@ where
         &mut self,
         ChallengeRequest { pubkey }: ChallengeRequest,
     ) -> Result<ChallengeContext, Self::Error> {
-        let stored_bytes = pubkey.to_stored_bytes();
+        verify_integrity(&self.conn.db, &self.conn.actors.key_holder, &pubkey).await?;
-        let nonce = create_nonce(&self.conn.db, &stored_bytes).await?;
+
+        let nonce = create_nonce(&self.conn.db, &self.conn.actors.key_holder, &pubkey).await?;
 
         self.transport
             .send(Ok(Outbound::AuthChallenge { nonce }))
@@ -142,7 +242,7 @@ where
     async fn verify_bootstrap_token(
         &mut self,
         BootstrapAuthRequest { pubkey, token }: BootstrapAuthRequest,
-    ) -> Result<AuthPublicKey, Self::Error> {
+    ) -> Result<authn::PublicKey, Self::Error> {
         let token_ok: bool = self
             .conn
             .actors
@@ -161,15 +261,25 @@ where
             return Err(Error::InvalidBootstrapToken);
         }
 
-        register_key(&self.conn.db, &pubkey).await?;
+        match token_ok {
-
+            true => {
+                register_key(&self.conn.db, &self.conn.actors.key_holder, &pubkey).await?;
                 self.transport
                     .send(Ok(Outbound::AuthSuccess))
                     .await
                     .map_err(|_| Error::Transport)?;
-
                 Ok(pubkey)
             }
+            false => {
+                error!("Invalid bootstrap token provided");
+                self.transport
+                    .send(Err(Error::InvalidBootstrapToken))
+                    .await
+                    .map_err(|_| Error::Transport)?;
+                Err(Error::InvalidBootstrapToken)
+            }
+        }
+    }
 
     #[allow(missing_docs)]
     #[allow(clippy::unused_unit)]
@@ -180,43 +290,29 @@ where
             key,
         }: &ChallengeContext,
         ChallengeSolution { solution }: ChallengeSolution,
-    ) -> Result<AuthPublicKey, Self::Error> {
+    ) -> Result<authn::PublicKey, Self::Error> {
-        let formatted = arbiter_proto::format_challenge(*challenge_nonce, &key.to_stored_bytes());
+        let signature = authn::Signature::try_from(solution.as_slice()).map_err(|_| {
+            error!("Failed to decode signature in challenge solution");
+            Error::InvalidChallengeSolution
+        })?;
 
-        let valid = match key {
+        let valid = key.verify(*challenge_nonce, USERAGENT_CONTEXT, &signature);
-            AuthPublicKey::Ed25519(vk) => {
-                let sig = solution.as_slice().try_into().map_err(|_| {
-                    error!(?solution, "Invalid Ed25519 signature length");
-                    Error::InvalidChallengeSolution
-                })?;
-                vk.verify_strict(&formatted, &sig).is_ok()
-            }
-            AuthPublicKey::EcdsaSecp256k1(vk) => {
-                use k256::ecdsa::signature::Verifier as _;
-                let sig = k256::ecdsa::Signature::try_from(solution.as_slice()).map_err(|_| {
-                    error!(?solution, "Invalid ECDSA signature bytes");
-                    Error::InvalidChallengeSolution
-                })?;
-                vk.verify(&formatted, &sig).is_ok()
-            }
-            AuthPublicKey::Rsa(pk) => {
-                use rsa::signature::Verifier as _;
-                let verifying_key = rsa::pss::VerifyingKey::<sha2::Sha256>::new(pk.clone());
-                let sig = rsa::pss::Signature::try_from(solution.as_slice()).map_err(|_| {
-                    error!(?solution, "Invalid RSA signature bytes");
-                    Error::InvalidChallengeSolution
-                })?;
-                verifying_key.verify(&formatted, &sig).is_ok()
-            }
-        };
 
-        if valid {
+        match valid {
+            true => {
                 self.transport
                     .send(Ok(Outbound::AuthSuccess))
                     .await
                     .map_err(|_| Error::Transport)?;
-        }
-
                 Ok(key.clone())
             }
+            false => {
+                self.transport
+                    .send(Err(Error::InvalidChallengeSolution))
+                    .await
+                    .map_err(|_| Error::Transport)?;
+                Err(Error::InvalidChallengeSolution)
+            }
+        }
+    }
 }

server/crates/arbiter-server/src/actors/user_agent/mod.rs

@@ -1,79 +1,25 @@
 use crate::{
     actors::{GlobalActors, client::ClientProfile},
-    db::{self, models::KeyType},
+    crypto::integrity::Integrable,
+    db,
 };
+use arbiter_crypto::authn;
 
-/// Abstraction over Ed25519 / ECDSA-secp256k1 / RSA public keys used during the auth handshake.
+#[derive(Debug, arbiter_macros::Hashable)]
-#[derive(Clone, Debug)]
+pub struct UserAgentCredentials {
-pub enum AuthPublicKey {
+    pub pubkey: authn::PublicKey,
-    Ed25519(ed25519_dalek::VerifyingKey),
+    pub nonce: i32,
-    /// Compressed SEC1 public key; signature bytes are raw 64-byte (r||s).
-    EcdsaSecp256k1(k256::ecdsa::VerifyingKey),
-    /// RSA-2048+ public key (Windows Hello / KeyCredentialManager); signature bytes are PSS+SHA-256.
-    Rsa(rsa::RsaPublicKey),
 }
 
-impl AuthPublicKey {
+impl Integrable for UserAgentCredentials {
-    /// Canonical bytes stored in DB and echoed back in the challenge.
+    const KIND: &'static str = "useragent_credentials";
-    /// Ed25519: raw 32 bytes. ECDSA: SEC1 compressed 33 bytes. RSA: DER-encoded SPKI.
-    pub fn to_stored_bytes(&self) -> Vec<u8> {
-        match self {
-            AuthPublicKey::Ed25519(k) => k.to_bytes().to_vec(),
-            // SEC1 compressed (33 bytes) is the natural compact format for secp256k1
-            AuthPublicKey::EcdsaSecp256k1(k) => k.to_encoded_point(true).as_bytes().to_vec(),
-            AuthPublicKey::Rsa(k) => {
-                use rsa::pkcs8::EncodePublicKey as _;
-                #[allow(clippy::expect_used)]
-                k.to_public_key_der()
-                    .expect("rsa SPKI encoding is infallible")
-                    .to_vec()
-            }
-        }
-    }
-
-    pub fn key_type(&self) -> KeyType {
-        match self {
-            AuthPublicKey::Ed25519(_) => KeyType::Ed25519,
-            AuthPublicKey::EcdsaSecp256k1(_) => KeyType::EcdsaSecp256k1,
-            AuthPublicKey::Rsa(_) => KeyType::Rsa,
-        }
-    }
-}
-
-impl TryFrom<(KeyType, Vec<u8>)> for AuthPublicKey {
-    type Error = &'static str;
-
-    fn try_from(value: (KeyType, Vec<u8>)) -> Result<Self, Self::Error> {
-        let (key_type, bytes) = value;
-        match key_type {
-            KeyType::Ed25519 => {
-                let bytes: [u8; 32] = bytes.try_into().map_err(|_| "invalid Ed25519 key length")?;
-                let key = ed25519_dalek::VerifyingKey::from_bytes(&bytes)
-                    .map_err(|_e| "invalid Ed25519 key")?;
-                Ok(AuthPublicKey::Ed25519(key))
-            }
-            KeyType::EcdsaSecp256k1 => {
-                let point =
-                    k256::EncodedPoint::from_bytes(&bytes).map_err(|_e| "invalid ECDSA key")?;
-                let key = k256::ecdsa::VerifyingKey::from_encoded_point(&point)
-                    .map_err(|_e| "invalid ECDSA key")?;
-                Ok(AuthPublicKey::EcdsaSecp256k1(key))
-            }
-            KeyType::Rsa => {
-                use rsa::pkcs8::DecodePublicKey as _;
-                let key = rsa::RsaPublicKey::from_public_key_der(&bytes)
-                    .map_err(|_e| "invalid RSA key")?;
-                Ok(AuthPublicKey::Rsa(key))
-            }
-        }
-    }
 }
 
 // Messages, sent by user agent to connection client without having a request
 #[derive(Debug)]
 pub enum OutOfBand {
     ClientConnectionRequest { profile: ClientProfile },
-    ClientConnectionCancel { pubkey: ed25519_dalek::VerifyingKey },
+    ClientConnectionCancel { pubkey: authn::PublicKey },
 }
 
 pub struct UserAgentConnection {

server/crates/arbiter-server/src/actors/user_agent/session.rs

@@ -1,8 +1,9 @@
+use arbiter_crypto::authn;
+
 use std::{borrow::Cow, collections::HashMap};
 
 use arbiter_proto::transport::Sender;
 use async_trait::async_trait;
-use ed25519_dalek::VerifyingKey;
 use kameo::{Actor, actor::ActorRef, messages};
 use thiserror::Error;
 use tracing::error;
@@ -12,7 +13,6 @@ use crate::actors::{
     flow_coordinator::{RegisterUserAgent, client_connect_approval::ClientApprovalController},
     user_agent::{OutOfBand, UserAgentConnection},
 };
-
 mod state;
 use state::{DummyContext, UserAgentEvents, UserAgentStateMachine};
 
@@ -47,6 +47,7 @@ impl Error {
 }
 
 pub struct PendingClientApproval {
+    pubkey: authn::PublicKey,
     controller: ActorRef<ClientApprovalController>,
 }
 
@@ -55,7 +56,7 @@ pub struct UserAgentSession {
     state: UserAgentStateMachine<DummyContext>,
     sender: Box<dyn Sender<OutOfBand>>,
 
-    pending_client_approvals: HashMap<VerifyingKey, PendingClientApproval>,
+    pending_client_approvals: HashMap<Vec<u8>, PendingClientApproval>,
 }
 
 pub mod connection;
@@ -118,8 +119,13 @@ impl UserAgentSession {
             return;
         }
 
-        self.pending_client_approvals
+        self.pending_client_approvals.insert(
-            .insert(client.pubkey, PendingClientApproval { controller });
+            client.pubkey.to_bytes(),
+            PendingClientApproval {
+                pubkey: client.pubkey,
+                controller,
+            },
+        );
     }
 }
 
@@ -158,14 +164,18 @@ impl Actor for UserAgentSession {
         let cancelled_pubkey = self
             .pending_client_approvals
             .iter()
-            .find_map(|(k, v)| (v.controller.id() == id).then_some(*k));
+            .find_map(|(k, v)| (v.controller.id() == id).then_some(k.clone()));
 
-        if let Some(pubkey) = cancelled_pubkey {
+        if let Some(pubkey_bytes) = cancelled_pubkey {
-            self.pending_client_approvals.remove(&pubkey);
+            let Some(approval) = self.pending_client_approvals.remove(&pubkey_bytes) else {
+                return Ok(std::ops::ControlFlow::Continue(()));
+            };
 
             if let Err(e) = self
                 .sender
-                .send(OutOfBand::ClientConnectionCancel { pubkey })
+                .send(OutOfBand::ClientConnectionCancel {
+                    pubkey: approval.pubkey,
+                })
                 .await
             {
                 error!(

server/crates/arbiter-server/src/actors/user_agent/session/connection.rs

@@ -1,38 +1,37 @@
 use std::sync::Mutex;
 
-use alloy::primitives::Address;
+use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
+use arbiter_crypto::{
+    authn,
+    safecell::{SafeCell, SafeCellHandle as _},
+};
 use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
-use diesel::sql_types::ops::Add;
+use diesel::{ExpressionMethods as _, QueryDsl as _, SelectableHelper};
-use diesel::{BoolExpressionMethods as _, ExpressionMethods as _, QueryDsl as _, SelectableHelper};
 use diesel_async::{AsyncConnection, RunQueryDsl};
 use kameo::error::SendError;
+use kameo::messages;
 use kameo::prelude::Context;
-use kameo::{message, messages};
 use tracing::{error, info};
 use x25519_dalek::{EphemeralSecret, PublicKey};
 
 use crate::actors::flow_coordinator::client_connect_approval::ClientApprovalAnswer;
 use crate::actors::keyholder::KeyHolderState;
 use crate::actors::user_agent::session::Error;
-use crate::db::models::{
+use crate::actors::{
-    CoreEvmWalletAccess, EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
-};
-use crate::db::schema::evm_wallet_access;
-use crate::evm::policies::{Grant, SpecificGrant};
-use crate::safe_cell::SafeCell;
-use crate::{
-    actors::{
     evm::{
-            Generate, ListWallets, UseragentCreateGrant, UseragentDeleteGrant, UseragentListGrants,
+        ClientSignTransaction, Generate, ListWallets, SignTransactionError as EvmSignError,
+        UseragentCreateGrant, UseragentListGrants,
     },
     keyholder::{self, Bootstrap, TryUnseal},
     user_agent::session::{
         UserAgentSession,
         state::{UnsealContext, UserAgentEvents, UserAgentStates},
     },
-    },
-    safe_cell::SafeCellHandle as _,
 };
+use crate::db::models::{
+    EvmWalletAccess, NewEvmWalletAccess, ProgramClient, ProgramClientMetadata,
+};
+use crate::evm::policies::{Grant, SpecificGrant};
 
 impl UserAgentSession {
     fn take_unseal_secret(&mut self) -> Result<(EphemeralSecret, PublicKey), Error> {
@@ -112,6 +111,24 @@ pub enum BootstrapError {
     General(#[from] super::Error),
 }
 
+#[derive(Debug, Error)]
+pub enum SignTransactionError {
+    #[error("Policy evaluation failed")]
+    Vet(#[from] crate::evm::VetError),
+
+    #[error("Internal signing error")]
+    Internal,
+}
+
+#[derive(Debug, Error)]
+pub enum GrantMutationError {
+    #[error("Vault is sealed")]
+    VaultSealed,
+
+    #[error("Internal grant mutation error")]
+    Internal,
+}
+
 #[messages]
 impl UserAgentSession {
     #[message]
@@ -323,7 +340,7 @@ impl UserAgentSession {
         &mut self,
         basic: crate::evm::policies::SharedGrantSettings,
         grant: crate::evm::policies::SpecificGrant,
-    ) -> Result<i32, Error> {
+    ) -> Result<i32, GrantMutationError> {
         match self
             .props
             .actors
@@ -334,24 +351,58 @@ impl UserAgentSession {
             Ok(grant_id) => Ok(grant_id),
             Err(err) => {
                 error!(?err, "EVM grant create failed");
-                Err(Error::internal("Failed to create EVM grant"))
+                Err(GrantMutationError::Internal)
             }
         }
     }
 
     #[message]
-    pub(crate) async fn handle_grant_delete(&mut self, grant_id: i32) -> Result<(), Error> {
+    pub(crate) async fn handle_grant_delete(
+        &mut self,
+        grant_id: i32,
+    ) -> Result<(), GrantMutationError> {
+        // match self
+        //     .props
+        //     .actors
+        //     .evm
+        //     .ask(UseragentDeleteGrant { grant_id })
+        //     .await
+        // {
+        //     Ok(()) => Ok(()),
+        //     Err(err) => {
+        //         error!(?err, "EVM grant delete failed");
+        //         Err(GrantMutationError::Internal)
+        //     }
+        // }
+       let _ = grant_id;
+        todo!()
+    }
+
+    #[message]
+    pub(crate) async fn handle_sign_transaction(
+        &mut self,
+        client_id: i32,
+        wallet_address: Address,
+        transaction: TxEip1559,
+    ) -> Result<Signature, SignTransactionError> {
         match self
             .props
             .actors
             .evm
-            .ask(UseragentDeleteGrant { grant_id })
+            .ask(ClientSignTransaction {
+                client_id,
+                wallet_address,
+                transaction,
+            })
             .await
         {
-            Ok(()) => Ok(()),
+            Ok(signature) => Ok(signature),
+            Err(SendError::HandlerError(EvmSignError::Vet(vet_error))) => {
+                Err(SignTransactionError::Vet(vet_error))
+            }
             Err(err) => {
-                error!(?err, "EVM grant delete failed");
+                error!(?err, "EVM sign transaction failed in user-agent session");
-                Err(Error::internal("Failed to delete EVM grant"))
+                Err(SignTransactionError::Internal)
             }
         }
     }
@@ -424,10 +475,10 @@ impl UserAgentSession {
     pub(crate) async fn handle_new_client_approve(
         &mut self,
         approved: bool,
-        pubkey: ed25519_dalek::VerifyingKey,
+        pubkey: authn::PublicKey,
         ctx: &mut Context<Self, Result<(), Error>>,
     ) -> Result<(), Error> {
-        let pending_approval = match self.pending_client_approvals.remove(&pubkey) {
+        let pending_approval = match self.pending_client_approvals.remove(&pubkey.to_bytes()) {
             Some(approval) => approval,
             None => {
                 error!("Received client connection response for unknown client");

server/crates/arbiter-server/src/context/mod.rs

@@ -1,6 +1,5 @@
 use std::sync::Arc;
 
-use miette::Diagnostic;
 use thiserror::Error;
 
 use crate::{
@@ -11,30 +10,24 @@ use crate::{
 
 pub mod tls;
 
-#[derive(Error, Debug, Diagnostic)]
+#[derive(Error, Debug)]
 pub enum InitError {
     #[error("Database setup failed: {0}")]
-    #[diagnostic(code(arbiter_server::init::database_setup))]
     DatabaseSetup(#[from] db::DatabaseSetupError),
 
     #[error("Connection acquire failed: {0}")]
-    #[diagnostic(code(arbiter_server::init::database_pool))]
     DatabasePool(#[from] db::PoolError),
 
     #[error("Database query error: {0}")]
-    #[diagnostic(code(arbiter_server::init::database_query))]
     DatabaseQuery(#[from] diesel::result::Error),
 
     #[error("TLS initialization failed: {0}")]
-    #[diagnostic(code(arbiter_server::init::tls_init))]
     Tls(#[from] tls::InitError),
 
     #[error("Actor spawn failed: {0}")]
-    #[diagnostic(code(arbiter_server::init::actor_spawn))]
     ActorSpawn(#[from] crate::actors::SpawnError),
 
     #[error("I/O Error: {0}")]
-    #[diagnostic(code(arbiter_server::init::io))]
     Io(#[from] std::io::Error),
 }
 

server/crates/arbiter-server/src/context/tls.rs

@@ -1,8 +1,8 @@
-use std::{net::IpAddr, string::FromUtf8Error};
+use std::{net::Ipv4Addr, string::FromUtf8Error};
 
 use diesel::{ExpressionMethods as _, QueryDsl, SelectableHelper as _};
 use diesel_async::{AsyncConnection, RunQueryDsl};
-use miette::Diagnostic;
+
 use pem::Pem;
 use rcgen::{
     BasicConstraints, Certificate, CertificateParams, CertifiedIssuer, DistinguishedName, DnType,
@@ -29,30 +29,24 @@ const ENCODE_CONFIG: pem::EncodeConfig = {
     pem::EncodeConfig::new().set_line_ending(line_ending)
 };
 
-#[derive(Error, Debug, Diagnostic)]
+#[derive(Error, Debug)]
 pub enum InitError {
     #[error("Key generation error during TLS initialization: {0}")]
-    #[diagnostic(code(arbiter_server::tls_init::key_generation))]
     KeyGeneration(#[from] rcgen::Error),
 
     #[error("Key invalid format: {0}")]
-    #[diagnostic(code(arbiter_server::tls_init::key_invalid_format))]
     KeyInvalidFormat(#[from] FromUtf8Error),
 
     #[error("Key deserialization error: {0}")]
-    #[diagnostic(code(arbiter_server::tls_init::key_deserialization))]
     KeyDeserializationError(rcgen::Error),
 
     #[error("Database error during TLS initialization: {0}")]
-    #[diagnostic(code(arbiter_server::tls_init::database_error))]
     DatabaseError(#[from] diesel::result::Error),
 
     #[error("Pem deserialization error during TLS initialization: {0}")]
-    #[diagnostic(code(arbiter_server::tls_init::pem_deserialization))]
     PemDeserializationError(#[from] rustls::pki_types::pem::Error),
 
     #[error("Database pool acquire error during TLS initialization: {0}")]
-    #[diagnostic(code(arbiter_server::tls_init::database_pool_acquire))]
     DatabasePoolAcquire(#[from] db::PoolError),
 }
 
@@ -116,9 +110,7 @@ impl TlsCa {
         ];
         params
             .subject_alt_names
-            .push(SanType::IpAddress(IpAddr::from([
+            .push(SanType::IpAddress(Ipv4Addr::LOCALHOST.into()));
-                127, 0, 0, 1,
-            ])));
 
         let mut dn = DistinguishedName::new();
         dn.push(DnType::CommonName, "Arbiter Instance Leaf");

server/crates/arbiter-server/src/crypto/encryption/mod.rs

@@ -0,0 +1,3 @@
+pub mod v1;
+
+pub use v1::*;

server/crates/arbiter-server/src/crypto/encryption/v1.rs

@@ -0,0 +1,107 @@
+use argon2::password_hash::Salt as ArgonSalt;
+
+use rand::{
+    Rng as _, SeedableRng,
+    rngs::{StdRng, SysRng},
+};
+
+pub const ROOT_KEY_TAG: &[u8] = "arbiter/seal/v1".as_bytes();
+pub const TAG: &[u8] = "arbiter/private-key/v1".as_bytes();
+
+pub const NONCE_LENGTH: usize = 24;
+
+#[derive(Default)]
+pub struct Nonce(pub [u8; NONCE_LENGTH]);
+impl Nonce {
+    pub fn increment(&mut self) {
+        for i in (0..self.0.len()).rev() {
+            if self.0[i] == 0xFF {
+                self.0[i] = 0;
+            } else {
+                self.0[i] += 1;
+                break;
+            }
+        }
+    }
+
+    pub fn to_vec(&self) -> Vec<u8> {
+        self.0.to_vec()
+    }
+}
+impl<'a> TryFrom<&'a [u8]> for Nonce {
+    type Error = ();
+
+    fn try_from(value: &'a [u8]) -> Result<Self, Self::Error> {
+        if value.len() != NONCE_LENGTH {
+            return Err(());
+        }
+        let mut nonce = [0u8; NONCE_LENGTH];
+        nonce.copy_from_slice(value);
+        Ok(Self(nonce))
+    }
+}
+
+pub type Salt = [u8; ArgonSalt::RECOMMENDED_LENGTH];
+
+pub fn generate_salt() -> Salt {
+    let mut salt = Salt::default();
+    #[allow(
+        clippy::unwrap_used,
+        reason = "Rng failure is unrecoverable and should panic"
+    )]
+    let mut rng = StdRng::try_from_rng(&mut SysRng).unwrap();
+    rng.fill_bytes(&mut salt);
+    salt
+}
+
+#[cfg(test)]
+mod tests {
+    use std::ops::Deref as _;
+
+    use super::*;
+    use crate::crypto::derive_key;
+    use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
+
+    #[test]
+    pub fn derive_seal_key_deterministic() {
+        static PASSWORD: &[u8] = b"password";
+        let password = SafeCell::new(PASSWORD.to_vec());
+        let password2 = SafeCell::new(PASSWORD.to_vec());
+        let salt = generate_salt();
+
+        let mut key1 = derive_key(password, &salt);
+        let mut key2 = derive_key(password2, &salt);
+
+        let key1_reader = key1.0.read();
+        let key2_reader = key2.0.read();
+
+        assert_eq!(key1_reader.deref(), key2_reader.deref());
+    }
+
+    #[test]
+    pub fn successful_derive() {
+        static PASSWORD: &[u8] = b"password";
+        let password = SafeCell::new(PASSWORD.to_vec());
+        let salt = generate_salt();
+
+        let mut key = derive_key(password, &salt);
+        let key_reader = key.0.read();
+        let key_ref = key_reader.deref();
+
+        assert_ne!(key_ref.as_slice(), &[0u8; 32][..]);
+    }
+
+    #[test]
+    // We should fuzz this
+    pub fn test_nonce_increment() {
+        let mut nonce = Nonce([0u8; NONCE_LENGTH]);
+        nonce.increment();
+
+        assert_eq!(
+            nonce.0,
+            [
+                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
+            ]
+        );
+    }
+}

server/crates/arbiter-server/src/crypto/integrity/mod.rs

@@ -0,0 +1,3 @@
+pub mod v1;
+
+pub use v1::*;

server/crates/arbiter-server/src/crypto/integrity/v1.rs

@@ -0,0 +1,321 @@
+use crate::actors::keyholder;
+use arbiter_crypto::hashing::Hashable;
+use hmac::Hmac;
+use sha2::Sha256;
+
+use diesel::{ExpressionMethods as _, QueryDsl, dsl::insert_into, sqlite::Sqlite};
+use diesel_async::{AsyncConnection, RunQueryDsl};
+use kameo::{actor::ActorRef, error::SendError};
+use sha2::Digest as _;
+
+use crate::{
+    actors::keyholder::{KeyHolder, SignIntegrity, VerifyIntegrity},
+    db::{
+        self,
+        models::{IntegrityEnvelope, NewIntegrityEnvelope},
+        schema::integrity_envelope,
+    },
+};
+
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error("Database error: {0}")]
+    Database(#[from] db::DatabaseError),
+
+    #[error("KeyHolder error: {0}")]
+    Keyholder(#[from] keyholder::Error),
+
+    #[error("KeyHolder mailbox error")]
+    KeyholderSend,
+
+    #[error("Integrity envelope is missing for entity {entity_kind}")]
+    MissingEnvelope { entity_kind: &'static str },
+
+    #[error(
+        "Integrity payload version mismatch for entity {entity_kind}: expected {expected}, found {found}"
+    )]
+    PayloadVersionMismatch {
+        entity_kind: &'static str,
+        expected: i32,
+        found: i32,
+    },
+
+    #[error("Integrity MAC mismatch for entity {entity_kind}")]
+    MacMismatch { entity_kind: &'static str },
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum AttestationStatus {
+    Attested,
+    Unavailable,
+}
+
+pub const CURRENT_PAYLOAD_VERSION: i32 = 1;
+pub const INTEGRITY_SUBKEY_TAG: &[u8] = b"arbiter/db-integrity-key/v1";
+
+pub type HmacSha256 = Hmac<Sha256>;
+
+pub trait Integrable: Hashable {
+    const KIND: &'static str;
+    const VERSION: i32 = 1;
+}
+
+fn payload_hash(payload: &impl Hashable) -> [u8; 32] {
+    let mut hasher = Sha256::new();
+    payload.hash(&mut hasher);
+    hasher.finalize().into()
+}
+
+fn push_len_prefixed(out: &mut Vec<u8>, bytes: &[u8]) {
+    out.extend_from_slice(&(bytes.len() as u32).to_be_bytes());
+    out.extend_from_slice(bytes);
+}
+
+fn build_mac_input(
+    entity_kind: &str,
+    entity_id: &[u8],
+    payload_version: i32,
+    payload_hash: &[u8; 32],
+) -> Vec<u8> {
+    let mut out = Vec::with_capacity(8 + entity_kind.len() + entity_id.len() + 32);
+    push_len_prefixed(&mut out, entity_kind.as_bytes());
+    push_len_prefixed(&mut out, entity_id);
+    out.extend_from_slice(&payload_version.to_be_bytes());
+    out.extend_from_slice(payload_hash);
+    out
+}
+
+pub trait IntoId {
+    fn into_id(self) -> Vec<u8>;
+}
+
+impl IntoId for i32 {
+    fn into_id(self) -> Vec<u8> {
+        self.to_be_bytes().to_vec()
+    }
+}
+
+impl IntoId for &'_ [u8] {
+    fn into_id(self) -> Vec<u8> {
+        self.to_vec()
+    }
+}
+
+pub async fn sign_entity<E: Integrable>(
+    conn: &mut impl AsyncConnection<Backend = Sqlite>,
+    keyholder: &ActorRef<KeyHolder>,
+    entity: &E,
+    entity_id: impl IntoId,
+) -> Result<(), Error> {
+    let payload_hash = payload_hash(&entity);
+
+    let entity_id = entity_id.into_id();
+
+    let mac_input = build_mac_input(E::KIND, &entity_id, E::VERSION, &payload_hash);
+
+    let (key_version, mac) = keyholder
+        .ask(SignIntegrity { mac_input })
+        .await
+        .map_err(|err| match err {
+            kameo::error::SendError::HandlerError(inner) => Error::Keyholder(inner),
+            _ => Error::KeyholderSend,
+        })?;
+
+    insert_into(integrity_envelope::table)
+        .values(NewIntegrityEnvelope {
+            entity_kind: E::KIND.to_owned(),
+            entity_id,
+            payload_version: E::VERSION,
+            key_version,
+            mac: mac.to_vec(),
+        })
+        .on_conflict((
+            integrity_envelope::entity_id,
+            integrity_envelope::entity_kind,
+        ))
+        .do_update()
+        .set((
+            integrity_envelope::payload_version.eq(E::VERSION),
+            integrity_envelope::key_version.eq(key_version),
+            integrity_envelope::mac.eq(mac),
+        ))
+        .execute(conn)
+        .await
+        .map_err(db::DatabaseError::from)?;
+
+    Ok(())
+}
+
+pub async fn verify_entity<E: Integrable>(
+    conn: &mut impl AsyncConnection<Backend = Sqlite>,
+    keyholder: &ActorRef<KeyHolder>,
+    entity: &E,
+    entity_id: impl IntoId,
+) -> Result<AttestationStatus, Error> {
+    let entity_id = entity_id.into_id();
+    let envelope: IntegrityEnvelope = integrity_envelope::table
+        .filter(integrity_envelope::entity_kind.eq(E::KIND))
+        .filter(integrity_envelope::entity_id.eq(&entity_id))
+        .first(conn)
+        .await
+        .map_err(|err| match err {
+            diesel::result::Error::NotFound => Error::MissingEnvelope {
+                entity_kind: E::KIND,
+            },
+            other => Error::Database(db::DatabaseError::from(other)),
+        })?;
+
+    if envelope.payload_version != E::VERSION {
+        return Err(Error::PayloadVersionMismatch {
+            entity_kind: E::KIND,
+            expected: E::VERSION,
+            found: envelope.payload_version,
+        });
+    }
+
+    let payload_hash = payload_hash(&entity);
+    let mac_input = build_mac_input(E::KIND, &entity_id, envelope.payload_version, &payload_hash);
+
+    let result = keyholder
+        .ask(VerifyIntegrity {
+            mac_input,
+            expected_mac: envelope.mac,
+            key_version: envelope.key_version,
+        })
+        .await;
+
+    match result {
+        Ok(true) => Ok(AttestationStatus::Attested),
+        Ok(false) => Err(Error::MacMismatch {
+            entity_kind: E::KIND,
+        }),
+        Err(SendError::HandlerError(keyholder::Error::NotBootstrapped)) => {
+            Ok(AttestationStatus::Unavailable)
+        }
+        Err(_) => Err(Error::KeyholderSend),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use diesel::{ExpressionMethods as _, QueryDsl};
+    use diesel_async::RunQueryDsl;
+    use kameo::{actor::ActorRef, prelude::Spawn};
+
+    use crate::{
+        actors::keyholder::{Bootstrap, KeyHolder},
+        db::{self, schema},
+    };
+    use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
+
+    use super::{Error, Integrable, sign_entity, verify_entity};
+    #[derive(Clone, arbiter_macros::Hashable)]
+    struct DummyEntity {
+        payload_version: i32,
+        payload: Vec<u8>,
+    }
+    impl Integrable for DummyEntity {
+        const KIND: &'static str = "dummy_entity";
+    }
+
+    async fn bootstrapped_keyholder(db: &db::DatabasePool) -> ActorRef<KeyHolder> {
+        let actor = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
+        actor
+            .ask(Bootstrap {
+                seal_key_raw: SafeCell::new(b"integrity-test-seal-key".to_vec()),
+            })
+            .await
+            .unwrap();
+        actor
+    }
+
+    #[tokio::test]
+    async fn sign_writes_envelope_and_verify_passes() {
+        let db = db::create_test_pool().await;
+        let keyholder = bootstrapped_keyholder(&db).await;
+        let mut conn = db.get().await.unwrap();
+
+        const ENTITY_ID: &[u8] = b"entity-id-7";
+
+        let entity = DummyEntity {
+            payload_version: 1,
+            payload: b"payload-v1".to_vec(),
+        };
+
+        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+            .await
+            .unwrap();
+
+        let count: i64 = schema::integrity_envelope::table
+            .filter(schema::integrity_envelope::entity_kind.eq("dummy_entity"))
+            .filter(schema::integrity_envelope::entity_id.eq(ENTITY_ID))
+            .count()
+            .get_result(&mut conn)
+            .await
+            .unwrap();
+
+        assert_eq!(count, 1, "envelope row must be created exactly once");
+        verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+            .await
+            .unwrap();
+    }
+
+    #[tokio::test]
+    async fn tampered_mac_fails_verification() {
+        let db = db::create_test_pool().await;
+        let keyholder = bootstrapped_keyholder(&db).await;
+        let mut conn = db.get().await.unwrap();
+
+        const ENTITY_ID: &[u8] = b"entity-id-11";
+
+        let entity = DummyEntity {
+            payload_version: 1,
+            payload: b"payload-v1".to_vec(),
+        };
+
+        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+            .await
+            .unwrap();
+
+        diesel::update(schema::integrity_envelope::table)
+            .filter(schema::integrity_envelope::entity_kind.eq("dummy_entity"))
+            .filter(schema::integrity_envelope::entity_id.eq(ENTITY_ID))
+            .set(schema::integrity_envelope::mac.eq(vec![0u8; 32]))
+            .execute(&mut conn)
+            .await
+            .unwrap();
+
+        let err = verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+            .await
+            .unwrap_err();
+        assert!(matches!(err, Error::MacMismatch { .. }));
+    }
+
+    #[tokio::test]
+    async fn changed_payload_fails_verification() {
+        let db = db::create_test_pool().await;
+        let keyholder = bootstrapped_keyholder(&db).await;
+        let mut conn = db.get().await.unwrap();
+
+        const ENTITY_ID: &[u8] = b"entity-id-21";
+
+        let entity = DummyEntity {
+            payload_version: 1,
+            payload: b"payload-v1".to_vec(),
+        };
+
+        sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
+            .await
+            .unwrap();
+
+        let tampered = DummyEntity {
+            payload: b"payload-v1-but-tampered".to_vec(),
+            ..entity
+        };
+
+        let err = verify_entity(&mut conn, &keyholder, &tampered, ENTITY_ID)
+            .await
+            .unwrap_err();
+        assert!(matches!(err, Error::MacMismatch { .. }));
+    }
+}

server/crates/arbiter-server/src/crypto/mod.rs

@@ -1,52 +1,21 @@
 use std::ops::Deref as _;
 
-use argon2::{Algorithm, Argon2, password_hash::Salt as ArgonSalt};
+use argon2::{Algorithm, Argon2};
 use chacha20poly1305::{
     AeadInPlace, Key, KeyInit as _, XChaCha20Poly1305, XNonce,
     aead::{AeadMut, Error, Payload},
 };
 use rand::{
-    Rng as _, SeedableRng,
+    Rng as _, SeedableRng as _,
     rngs::{StdRng, SysRng},
 };
 
-use crate::safe_cell::{SafeCell, SafeCellHandle as _};
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
 
-pub const ROOT_KEY_TAG: &[u8] = "arbiter/seal/v1".as_bytes();
+pub mod encryption;
-pub const TAG: &[u8] = "arbiter/private-key/v1".as_bytes();
+pub mod integrity;
 
-pub const NONCE_LENGTH: usize = 24;
+use encryption::v1::{Nonce, Salt};
-
-#[derive(Default)]
-pub struct Nonce([u8; NONCE_LENGTH]);
-impl Nonce {
-    pub fn increment(&mut self) {
-        for i in (0..self.0.len()).rev() {
-            if self.0[i] == 0xFF {
-                self.0[i] = 0;
-            } else {
-                self.0[i] += 1;
-                break;
-            }
-        }
-    }
-
-    pub fn to_vec(&self) -> Vec<u8> {
-        self.0.to_vec()
-    }
-}
-impl<'a> TryFrom<&'a [u8]> for Nonce {
-    type Error = ();
-
-    fn try_from(value: &'a [u8]) -> Result<Self, Self::Error> {
-        if value.len() != NONCE_LENGTH {
-            return Err(());
-        }
-        let mut nonce = [0u8; NONCE_LENGTH];
-        nonce.copy_from_slice(value);
-        Ok(Self(nonce))
-    }
-}
 
 pub struct KeyCell(pub SafeCell<Key>);
 impl From<SafeCell<Key>> for KeyCell {
@@ -133,24 +102,21 @@ impl KeyCell {
     }
 }
 
-pub type Salt = [u8; ArgonSalt::RECOMMENDED_LENGTH];
+/// Derive a fixed-length key from the password using Argon2id, which is designed for password hashing and key derivation.
-
+pub fn derive_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
-pub fn generate_salt() -> Salt {
+    let params = {
-    let mut salt = Salt::default();
+        #[cfg(debug_assertions)]
-    #[allow(
+        {
-        clippy::unwrap_used,
+            argon2::Params::new(8, 1, 1, None).unwrap()
-        reason = "Rng failure is unrecoverable and should panic"
-    )]
-    let mut rng = StdRng::try_from_rng(&mut SysRng).unwrap();
-    rng.fill_bytes(&mut salt);
-    salt
         }
 
-/// User password might be of different length, have not enough entropy, etc...
+        #[cfg(not(debug_assertions))]
-/// Derive a fixed-length key from the password using Argon2id, which is designed for password hashing and key derivation.
+        {
-pub fn derive_seal_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
+            argon2::Params::new(262_144, 3, 4, None).unwrap()
+        }
+    };
+
     #[allow(clippy::unwrap_used)]
-    let params = argon2::Params::new(262_144, 3, 4, None).unwrap();
     let hasher = Argon2::new(Algorithm::Argon2id, argon2::Version::V0x13, params);
     let mut key = SafeCell::new(Key::default());
     password.read_inline(|password_source| {
@@ -171,37 +137,11 @@ pub fn derive_seal_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell
 
 #[cfg(test)]
 mod tests {
-    use super::*;
+    use super::{
-    use crate::safe_cell::SafeCell;
+        derive_key,
-
+        encryption::v1::{Nonce, generate_salt},
-    #[test]
+    };
-    pub fn derive_seal_key_deterministic() {
+    use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
-        static PASSWORD: &[u8] = b"password";
-        let password = SafeCell::new(PASSWORD.to_vec());
-        let password2 = SafeCell::new(PASSWORD.to_vec());
-        let salt = generate_salt();
-
-        let mut key1 = derive_seal_key(password, &salt);
-        let mut key2 = derive_seal_key(password2, &salt);
-
-        let key1_reader = key1.0.read();
-        let key2_reader = key2.0.read();
-
-        assert_eq!(key1_reader.deref(), key2_reader.deref());
-    }
-
-    #[test]
-    pub fn successful_derive() {
-        static PASSWORD: &[u8] = b"password";
-        let password = SafeCell::new(PASSWORD.to_vec());
-        let salt = generate_salt();
-
-        let mut key = derive_seal_key(password, &salt);
-        let key_reader = key.0.read();
-        let key_ref = key_reader.deref();
-
-        assert_ne!(key_ref.as_slice(), &[0u8; 32][..]);
-    }
 
     #[test]
     pub fn encrypt_decrypt() {
@@ -209,7 +149,7 @@ mod tests {
         let password = SafeCell::new(PASSWORD.to_vec());
         let salt = generate_salt();
 
-        let mut key = derive_seal_key(password, &salt);
+        let mut key = derive_key(password, &salt);
         let nonce = Nonce(*b"unique nonce 123 1231233"); // 24 bytes for XChaCha20Poly1305
         let associated_data = b"associated data";
         let mut buffer = b"secret data".to_vec();
@@ -226,18 +166,4 @@ mod tests {
         let buffer = buffer.read();
         assert_eq!(*buffer, b"secret data");
     }
-
-    #[test]
-    // We should fuzz this
-    pub fn test_nonce_increment() {
-        let mut nonce = Nonce([0u8; NONCE_LENGTH]);
-        nonce.increment();
-
-        assert_eq!(
-            nonce.0,
-            [
-                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1
-            ]
-        );
-    }
 }

server/crates/arbiter-server/src/db/mod.rs

@@ -5,7 +5,7 @@ use diesel_async::{
     sync_connection_wrapper::SyncConnectionWrapper,
 };
 use diesel_migrations::{EmbeddedMigrations, MigrationHarness, embed_migrations};
-use miette::Diagnostic;
+
 use thiserror::Error;
 use tracing::info;
 
@@ -21,26 +21,21 @@ static DB_FILE: &str = "arbiter.sqlite";
 
 const MIGRATIONS: EmbeddedMigrations = embed_migrations!("migrations");
 
-#[derive(Error, Diagnostic, Debug)]
+#[derive(Error, Debug)]
 pub enum DatabaseSetupError {
     #[error("Failed to determine home directory")]
-    #[diagnostic(code(arbiter::db::home_dir))]
     HomeDir(std::io::Error),
 
     #[error(transparent)]
-    #[diagnostic(code(arbiter::db::connection))]
     Connection(diesel::ConnectionError),
 
     #[error(transparent)]
-    #[diagnostic(code(arbiter::db::concurrency))]
     ConcurrencySetup(diesel::result::Error),
 
     #[error(transparent)]
-    #[diagnostic(code(arbiter::db::migration))]
     Migration(Box<dyn std::error::Error + Send + Sync>),
 
     #[error(transparent)]
-    #[diagnostic(code(arbiter::db::pool))]
     Pool(#[from] PoolInitError),
 }
 
@@ -138,6 +133,7 @@ pub async fn create_pool(url: Option<&str>) -> Result<DatabasePool, DatabaseSetu
     Ok(pool)
 }
 
+#[mutants::skip]
 pub async fn create_test_pool() -> DatabasePool {
     use rand::distr::{Alphanumeric, SampleString as _};
 

server/crates/arbiter-server/src/db/models.rs

@@ -5,7 +5,7 @@ use crate::db::schema::{
     self, aead_encrypted, arbiter_settings, evm_basic_grant, evm_ether_transfer_grant,
     evm_ether_transfer_grant_target, evm_ether_transfer_limit, evm_token_transfer_grant,
     evm_token_transfer_log, evm_token_transfer_volume_limit, evm_transaction_log, evm_wallet,
-    root_key_history, tls_history,
+    integrity_envelope, root_key_history, tls_history,
 };
 use chrono::{DateTime, Utc};
 use diesel::{prelude::*, sqlite::Sqlite};
@@ -72,40 +72,6 @@ pub mod types {
             Ok(SqliteTimestamp(datetime))
         }
     }
-
-    /// Key algorithm stored in the `useragent_client.key_type` column.
-    /// Values must stay stable — they are persisted in the database.
-    #[derive(Debug, Clone, Copy, PartialEq, Eq, FromSqlRow, AsExpression, strum::FromRepr)]
-    #[diesel(sql_type = Integer)]
-    #[repr(i32)]
-    pub enum KeyType {
-        Ed25519 = 1,
-        EcdsaSecp256k1 = 2,
-        Rsa = 3,
-    }
-
-    impl ToSql<Integer, Sqlite> for KeyType {
-        fn to_sql<'b>(
-            &'b self,
-            out: &mut diesel::serialize::Output<'b, '_, Sqlite>,
-        ) -> diesel::serialize::Result {
-            out.set_value(*self as i32);
-            Ok(IsNull::No)
-        }
-    }
-
-    impl FromSql<Integer, Sqlite> for KeyType {
-        fn from_sql(
-            mut bytes: <Sqlite as diesel::backend::Backend>::RawValue<'_>,
-        ) -> diesel::deserialize::Result<Self> {
-            let Some(SqliteType::Long) = bytes.value_type() else {
-                return Err("Expected Integer for KeyType".into());
-            };
-            let discriminant = bytes.read_long();
-            KeyType::from_repr(discriminant as i32)
-                .ok_or_else(|| format!("Unknown KeyType discriminant: {discriminant}").into())
-        }
-    }
 }
 pub use types::*;
 
@@ -244,7 +210,6 @@ pub struct UseragentClient {
     pub public_key: Vec<u8>,
     pub created_at: SqliteTimestamp,
     pub updated_at: SqliteTimestamp,
-    pub key_type: KeyType,
 }
 
 #[derive(Models, Queryable, Debug, Insertable, Selectable)]
@@ -376,3 +341,22 @@ pub struct EvmTokenTransferLog {
     pub value: Vec<u8>,
     pub created_at: SqliteTimestamp,
 }
+
+#[derive(Models, Queryable, Debug, Insertable, Selectable)]
+#[diesel(table_name = integrity_envelope, check_for_backend(Sqlite))]
+#[view(
+    NewIntegrityEnvelope,
+    derive(Insertable),
+    omit(id, signed_at, created_at),
+    attributes_with = "deriveless"
+)]
+pub struct IntegrityEnvelope {
+    pub id: i32,
+    pub entity_kind: String,
+    pub entity_id: Vec<u8>,
+    pub payload_version: i32,
+    pub key_version: i32,
+    pub mac: Vec<u8>,
+    pub signed_at: SqliteTimestamp,
+    pub created_at: SqliteTimestamp,
+}

server/crates/arbiter-server/src/db/schema.rs

@@ -139,6 +139,19 @@ diesel::table! {
     }
 }
 
+diesel::table! {
+    integrity_envelope (id) {
+        id -> Integer,
+        entity_kind -> Text,
+        entity_id -> Binary,
+        payload_version -> Integer,
+        key_version -> Integer,
+        mac -> Binary,
+        signed_at -> Integer,
+        created_at -> Integer,
+    }
+}
+
 diesel::table! {
     program_client (id) {
         id -> Integer,
@@ -219,6 +232,7 @@ diesel::allow_tables_to_appear_in_same_query!(
     evm_transaction_log,
     evm_wallet,
     evm_wallet_access,
+    integrity_envelope,
     program_client,
     root_key_history,
     tls_history,

server/crates/arbiter-server/src/evm/mod.rs

@@ -8,9 +8,11 @@ use alloy::{
 use chrono::Utc;
 use diesel::{ExpressionMethods as _, QueryDsl as _, QueryResult, insert_into, sqlite::Sqlite};
 use diesel_async::{AsyncConnection, RunQueryDsl};
-use tracing_subscriber::registry::Data;
+use kameo::actor::ActorRef;
 
 use crate::{
+    actors::keyholder::KeyHolder,
+    crypto::integrity,
     db::{
         self, DatabaseError,
         models::{
@@ -19,8 +21,8 @@ use crate::{
         schema::{self, evm_transaction_log},
     },
     evm::policies::{
-        DatabaseID, EvalContext, EvalViolation, FullGrant, Grant, Policy, SharedGrantSettings,
+        CombinedSettings, DatabaseID, EvalContext, EvalViolation, Grant, Policy,
-        SpecificGrant, SpecificMeaning, ether_transfer::EtherTransfer,
+        SharedGrantSettings, SpecificGrant, SpecificMeaning, ether_transfer::EtherTransfer,
         token_transfers::TokenTransfer,
     },
 };
@@ -29,42 +31,47 @@ pub mod policies;
 mod utils;
 
 /// Errors that can only occur once the transaction meaning is known (during policy evaluation)
-#[derive(Debug, thiserror::Error, miette::Diagnostic)]
+#[derive(Debug, thiserror::Error)]
 pub enum PolicyError {
     #[error("Database error")]
-    Error(#[from] crate::db::DatabaseError),
+    Database(#[from] crate::db::DatabaseError),
     #[error("Transaction violates policy: {0:?}")]
-    #[diagnostic(code(arbiter_server::evm::policy_error::violation))]
     Violations(Vec<EvalViolation>),
     #[error("No matching grant found")]
-    #[diagnostic(code(arbiter_server::evm::policy_error::no_matching_grant))]
     NoMatchingGrant,
+
+    #[error("Integrity error: {0}")]
+    Integrity(#[from] integrity::Error),
 }
 
-#[derive(Debug, thiserror::Error, miette::Diagnostic)]
+#[derive(Debug, thiserror::Error)]
 pub enum VetError {
     #[error("Contract creation transactions are not supported")]
-    #[diagnostic(code(arbiter_server::evm::vet_error::contract_creation_unsupported))]
     ContractCreationNotSupported,
     #[error("Engine can't classify this transaction")]
-    #[diagnostic(code(arbiter_server::evm::vet_error::unsupported))]
     UnsupportedTransactionType,
     #[error("Policy evaluation failed: {1}")]
-    #[diagnostic(code(arbiter_server::evm::vet_error::evaluated))]
     Evaluated(SpecificMeaning, #[source] PolicyError),
 }
 
-#[derive(Debug, thiserror::Error, miette::Diagnostic)]
+#[derive(Debug, thiserror::Error)]
 pub enum AnalyzeError {
     #[error("Engine doesn't support granting permissions for contract creation")]
-    #[diagnostic(code(arbiter_server::evm::analyze_error::contract_creation_not_supported))]
     ContractCreationNotSupported,
 
     #[error("Unsupported transaction type")]
-    #[diagnostic(code(arbiter_server::evm::analyze_error::unsupported_transaction_type))]
     UnsupportedTransactionType,
 }
 
+#[derive(Debug, thiserror::Error)]
+pub enum ListError {
+    #[error("Database error")]
+    Database(#[from] crate::db::DatabaseError),
+
+    #[error("Integrity verification failed for grant")]
+    Integrity(#[from] integrity::Error),
+}
+
 /// Controls whether a transaction should be executed or only validated
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum RunKind {
@@ -83,6 +90,14 @@ async fn check_shared_constraints(
     let mut violations = Vec::new();
     let now = Utc::now();
 
+    if shared.chain != context.chain {
+        violations.push(EvalViolation::MismatchingChainId {
+            expected: shared.chain,
+            actual: context.chain,
+        });
+        return Ok(violations);
+    }
+
     // Validity window
     if shared.valid_from.is_some_and(|t| now < t) || shared.valid_until.is_some_and(|t| now > t) {
         violations.push(EvalViolation::InvalidTime);
@@ -123,6 +138,7 @@ async fn check_shared_constraints(
 // Supporting only EIP-1559 transactions for now, but we can easily extend this to support legacy transactions if needed
 pub struct Engine {
     db: db::DatabasePool,
+    keyholder: ActorRef<KeyHolder>,
 }
 
 impl Engine {
@@ -131,7 +147,10 @@ impl Engine {
         context: EvalContext,
         meaning: &P::Meaning,
         run_kind: RunKind,
-    ) -> Result<(), PolicyError> {
+    ) -> Result<(), PolicyError>
+    where
+        P::Settings: Clone,
+    {
         let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
 
         let grant = P::try_find_grant(&context, &mut conn)
@@ -139,8 +158,14 @@ impl Engine {
             .map_err(DatabaseError::from)?
             .ok_or(PolicyError::NoMatchingGrant)?;
 
-        let mut violations =
+        integrity::verify_entity(&mut conn, &self.keyholder, &grant.settings, grant.id).await?;
-            check_shared_constraints(&context, &grant.shared, grant.shared_grant_id, &mut conn)
+
+        let mut violations = check_shared_constraints(
+            &context,
+            &grant.settings.shared,
+            grant.common_settings_id,
+            &mut conn,
+        )
         .await
         .map_err(DatabaseError::from)?;
         violations.extend(
@@ -151,12 +176,14 @@ impl Engine {
 
         if !violations.is_empty() {
             return Err(PolicyError::Violations(violations));
-        } else if run_kind == RunKind::Execution {
+        }
+
+        if run_kind == RunKind::Execution {
             conn.transaction(|conn| {
                 Box::pin(async move {
                     let log_id: i32 = insert_into(evm_transaction_log::table)
                         .values(&NewEvmTransactionLog {
-                            grant_id: grant.shared_grant_id,
+                            grant_id: grant.common_settings_id,
                             wallet_access_id: context.target.id,
                             chain_id: context.chain as i32,
                             eth_value: utils::u256_to_bytes(context.value).to_vec(),
@@ -180,15 +207,19 @@ impl Engine {
 }
 
 impl Engine {
-    pub fn new(db: db::DatabasePool) -> Self {
+    pub fn new(db: db::DatabasePool, keyholder: ActorRef<KeyHolder>) -> Self {
-        Self { db }
+        Self { db, keyholder }
     }
 
     pub async fn create_grant<P: Policy>(
         &self,
-        full_grant: FullGrant<P::Settings>,
+        full_grant: CombinedSettings<P::Settings>,
-    ) -> Result<i32, DatabaseError> {
+    ) -> Result<i32, DatabaseError>
+    where
+        P::Settings: Clone,
+    {
         let mut conn = self.db.get().await?;
+        let keyholder = self.keyholder.clone();
 
         let id = conn
             .transaction(|conn| {
@@ -197,25 +228,25 @@ impl Engine {
 
                     let basic_grant: EvmBasicGrant = insert_into(evm_basic_grant::table)
                         .values(&NewEvmBasicGrant {
-                            chain_id: full_grant.basic.chain as i32,
+                            chain_id: full_grant.shared.chain as i32,
-                            wallet_access_id: full_grant.basic.wallet_access_id,
+                            wallet_access_id: full_grant.shared.wallet_access_id,
-                            valid_from: full_grant.basic.valid_from.map(SqliteTimestamp),
+                            valid_from: full_grant.shared.valid_from.map(SqliteTimestamp),
-                            valid_until: full_grant.basic.valid_until.map(SqliteTimestamp),
+                            valid_until: full_grant.shared.valid_until.map(SqliteTimestamp),
                             max_gas_fee_per_gas: full_grant
-                                .basic
+                                .shared
                                 .max_gas_fee_per_gas
                                 .map(|fee| utils::u256_to_bytes(fee).to_vec()),
                             max_priority_fee_per_gas: full_grant
-                                .basic
+                                .shared
                                 .max_priority_fee_per_gas
                                 .map(|fee| utils::u256_to_bytes(fee).to_vec()),
                             rate_limit_count: full_grant
-                                .basic
+                                .shared
                                 .rate_limit
                                 .as_ref()
                                 .map(|rl| rl.count as i32),
                             rate_limit_window_secs: full_grant
-                                .basic
+                                .shared
                                 .rate_limit
                                 .as_ref()
                                 .map(|rl| rl.window.num_seconds() as i32),
@@ -225,7 +256,13 @@ impl Engine {
                         .get_result(conn)
                         .await?;
 
-                    P::create_grant(&basic_grant, &full_grant.specific, conn).await
+                    P::create_grant(&basic_grant, &full_grant.specific, conn).await?;
+
+                    integrity::sign_entity(conn, &keyholder, &full_grant, basic_grant.id)
+                        .await
+                        .map_err(|_| diesel::result::Error::RollbackTransaction)?;
+
+                    QueryResult::Ok(basic_grant.id)
                 })
             })
             .await?;
@@ -233,33 +270,36 @@ impl Engine {
         Ok(id)
     }
 
-    pub async fn list_all_grants(&self) -> Result<Vec<Grant<SpecificGrant>>, DatabaseError> {
+    async fn list_one_kind<Kind: Policy, Y>(
-        let mut conn = self.db.get().await?;
+        &self,
+        conn: &mut impl AsyncConnection<Backend = Sqlite>,
+    ) -> Result<impl Iterator<Item = Grant<Y>>, ListError>
+    where
+        Y: From<Kind::Settings>,
+    {
+        let all_grants = Kind::find_all_grants(conn)
+            .await
+            .map_err(DatabaseError::from)?;
+
+        // Verify integrity of all grants before returning any results
+        for grant in &all_grants {
+            integrity::verify_entity(conn, &self.keyholder, &grant.settings, grant.id).await?;
+        }
+
+        Ok(all_grants.into_iter().map(|g| Grant {
+            id: g.id,
+            common_settings_id: g.common_settings_id,
+            settings: g.settings.generalize(),
+        }))
+    }
+
+    pub async fn list_all_grants(&self) -> Result<Vec<Grant<SpecificGrant>>, ListError> {
+        let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
 
         let mut grants: Vec<Grant<SpecificGrant>> = Vec::new();
 
-        grants.extend(
+        grants.extend(self.list_one_kind::<EtherTransfer, _>(&mut conn).await?);
-            EtherTransfer::find_all_grants(&mut conn)
+        grants.extend(self.list_one_kind::<TokenTransfer, _>(&mut conn).await?);
-                .await?
-                .into_iter()
-                .map(|g| Grant {
-                    id: g.id,
-                    shared_grant_id: g.shared_grant_id,
-                    shared: g.shared,
-                    settings: SpecificGrant::EtherTransfer(g.settings),
-                }),
-        );
-        grants.extend(
-            TokenTransfer::find_all_grants(&mut conn)
-                .await?
-                .into_iter()
-                .map(|g| Grant {
-                    id: g.id,
-                    shared_grant_id: g.shared_grant_id,
-                    shared: g.shared,
-                    settings: SpecificGrant::TokenTransfer(g.settings),
-                }),
-        );
 
         Ok(grants)
     }
@@ -305,3 +345,255 @@ impl Engine {
         Err(VetError::UnsupportedTransactionType)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use alloy::primitives::{Address, Bytes, U256, address};
+    use chrono::{Duration, Utc};
+    use diesel::{SelectableHelper, insert_into};
+    use diesel_async::RunQueryDsl;
+    use rstest::rstest;
+
+    use crate::db::{
+        self, DatabaseConnection,
+        models::{
+            EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp,
+        },
+        schema::{evm_basic_grant, evm_transaction_log},
+    };
+    use crate::evm::policies::{
+        EvalContext, EvalViolation, SharedGrantSettings, TransactionRateLimit,
+    };
+
+    use super::check_shared_constraints;
+
+    const WALLET_ACCESS_ID: i32 = 1;
+    const CHAIN_ID: u64 = 1;
+    const RECIPIENT: Address = address!("1111111111111111111111111111111111111111");
+
+    fn context() -> EvalContext {
+        EvalContext {
+            target: EvmWalletAccess {
+                id: WALLET_ACCESS_ID,
+                wallet_id: 10,
+                client_id: 20,
+                created_at: SqliteTimestamp(Utc::now()),
+            },
+            chain: CHAIN_ID,
+            to: RECIPIENT,
+            value: U256::ZERO,
+            calldata: Bytes::new(),
+            max_fee_per_gas: 100,
+            max_priority_fee_per_gas: 10,
+        }
+    }
+
+    fn shared_settings() -> SharedGrantSettings {
+        SharedGrantSettings {
+            wallet_access_id: WALLET_ACCESS_ID,
+            chain: CHAIN_ID,
+            valid_from: None,
+            valid_until: None,
+            max_gas_fee_per_gas: None,
+            max_priority_fee_per_gas: None,
+            rate_limit: None,
+        }
+    }
+
+    async fn insert_basic_grant(
+        conn: &mut DatabaseConnection,
+        shared: &SharedGrantSettings,
+    ) -> EvmBasicGrant {
+        insert_into(evm_basic_grant::table)
+            .values(NewEvmBasicGrant {
+                wallet_access_id: shared.wallet_access_id,
+                chain_id: shared.chain as i32,
+                valid_from: shared.valid_from.map(SqliteTimestamp),
+                valid_until: shared.valid_until.map(SqliteTimestamp),
+                max_gas_fee_per_gas: shared
+                    .max_gas_fee_per_gas
+                    .map(|fee| super::utils::u256_to_bytes(fee).to_vec()),
+                max_priority_fee_per_gas: shared
+                    .max_priority_fee_per_gas
+                    .map(|fee| super::utils::u256_to_bytes(fee).to_vec()),
+                rate_limit_count: shared.rate_limit.as_ref().map(|limit| limit.count as i32),
+                rate_limit_window_secs: shared
+                    .rate_limit
+                    .as_ref()
+                    .map(|limit| limit.window.num_seconds() as i32),
+                revoked_at: None,
+            })
+            .returning(EvmBasicGrant::as_select())
+            .get_result(conn)
+            .await
+            .unwrap()
+    }
+
+    #[rstest]
+    #[case::matching_chain(CHAIN_ID, false)]
+    #[case::mismatching_chain(CHAIN_ID + 1, true)]
+    #[tokio::test]
+    async fn check_shared_constraints_enforces_chain_id(
+        #[case] context_chain: u64,
+        #[case] expect_mismatch: bool,
+    ) {
+        let db = db::create_test_pool().await;
+        let mut conn = db.get().await.unwrap();
+
+        let context = EvalContext {
+            chain: context_chain,
+            ..context()
+        };
+
+        let violations = check_shared_constraints(&context, &shared_settings(), 999, &mut *conn)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            violations
+                .iter()
+                .any(|violation| matches!(violation, EvalViolation::MismatchingChainId { .. })),
+            expect_mismatch
+        );
+
+        if expect_mismatch {
+            assert_eq!(violations.len(), 1);
+        } else {
+            assert!(violations.is_empty());
+        }
+    }
+
+    #[rstest]
+    #[case::valid_from_in_bounds(Some(Utc::now() - Duration::hours(1)), None, false)]
+    #[case::valid_from_out_of_bounds(Some(Utc::now() + Duration::hours(1)), None, true)]
+    #[case::valid_until_in_bounds(None, Some(Utc::now() + Duration::hours(1)), false)]
+    #[case::valid_until_out_of_bounds(None, Some(Utc::now() - Duration::hours(1)), true)]
+    #[tokio::test]
+    async fn check_shared_constraints_enforces_validity_window(
+        #[case] valid_from: Option<chrono::DateTime<Utc>>,
+        #[case] valid_until: Option<chrono::DateTime<Utc>>,
+        #[case] expect_invalid_time: bool,
+    ) {
+        let db = db::create_test_pool().await;
+        let mut conn = db.get().await.unwrap();
+
+        let shared = SharedGrantSettings {
+            valid_from,
+            valid_until,
+            ..shared_settings()
+        };
+
+        let violations = check_shared_constraints(&context(), &shared, 999, &mut *conn)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            violations
+                .iter()
+                .any(|violation| matches!(violation, EvalViolation::InvalidTime)),
+            expect_invalid_time
+        );
+
+        if expect_invalid_time {
+            assert_eq!(violations.len(), 1);
+        } else {
+            assert!(violations.is_empty());
+        }
+    }
+
+    #[rstest]
+    #[case::max_fee_within_limit(Some(U256::from(100u64)), None, 100, 10, false)]
+    #[case::max_fee_exceeded(Some(U256::from(99u64)), None, 100, 10, true)]
+    #[case::priority_fee_within_limit(None, Some(U256::from(10u64)), 100, 10, false)]
+    #[case::priority_fee_exceeded(None, Some(U256::from(9u64)), 100, 10, true)]
+    #[tokio::test]
+    async fn check_shared_constraints_enforces_gas_fee_caps(
+        #[case] max_gas_fee_per_gas: Option<U256>,
+        #[case] max_priority_fee_per_gas: Option<U256>,
+        #[case] actual_max_fee_per_gas: u128,
+        #[case] actual_max_priority_fee_per_gas: u128,
+        #[case] expect_gas_limit_violation: bool,
+    ) {
+        let db = db::create_test_pool().await;
+        let mut conn = db.get().await.unwrap();
+
+        let context = EvalContext {
+            max_fee_per_gas: actual_max_fee_per_gas,
+            max_priority_fee_per_gas: actual_max_priority_fee_per_gas,
+            ..context()
+        };
+
+        let shared = SharedGrantSettings {
+            max_gas_fee_per_gas,
+            max_priority_fee_per_gas,
+            ..shared_settings()
+        };
+        let violations = check_shared_constraints(&context, &shared, 999, &mut *conn)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            violations
+                .iter()
+                .any(|violation| matches!(violation, EvalViolation::GasLimitExceeded { .. })),
+            expect_gas_limit_violation
+        );
+
+        if expect_gas_limit_violation {
+            assert_eq!(violations.len(), 1);
+        } else {
+            assert!(violations.is_empty());
+        }
+    }
+
+    #[rstest]
+    #[case::under_rate_limit(2, false)]
+    #[case::at_rate_limit(1, true)]
+    #[tokio::test]
+    async fn check_shared_constraints_enforces_rate_limit(
+        #[case] rate_limit_count: u32,
+        #[case] expect_rate_limit_violation: bool,
+    ) {
+        let db = db::create_test_pool().await;
+        let mut conn = db.get().await.unwrap();
+
+        let shared = SharedGrantSettings {
+            rate_limit: Some(TransactionRateLimit {
+                count: rate_limit_count,
+                window: Duration::hours(1),
+            }),
+            ..shared_settings()
+        };
+
+        let basic_grant = insert_basic_grant(&mut conn, &shared).await;
+
+        insert_into(evm_transaction_log::table)
+            .values(NewEvmTransactionLog {
+                grant_id: basic_grant.id,
+                wallet_access_id: WALLET_ACCESS_ID,
+                chain_id: CHAIN_ID as i32,
+                eth_value: super::utils::u256_to_bytes(U256::ZERO).to_vec(),
+                signed_at: SqliteTimestamp(Utc::now()),
+            })
+            .execute(&mut *conn)
+            .await
+            .unwrap();
+
+        let violations = check_shared_constraints(&context(), &shared, basic_grant.id, &mut *conn)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            violations
+                .iter()
+                .any(|violation| matches!(violation, EvalViolation::RateLimitExceeded)),
+            expect_rate_limit_violation
+        );
+
+        if expect_rate_limit_violation {
+            assert_eq!(violations.len(), 1);
+        } else {
+            assert!(violations.is_empty());
+        }
+    }
+}

server/crates/arbiter-server/src/evm/policies.rs

@@ -6,10 +6,11 @@ use diesel::{
     ExpressionMethods as _, QueryDsl, SelectableHelper, result::QueryResult, sqlite::Sqlite,
 };
 use diesel_async::{AsyncConnection, RunQueryDsl};
-use miette::Diagnostic;
+
 use thiserror::Error;
 
 use crate::{
+    crypto::integrity::v1::Integrable,
     db::models::{self, EvmBasicGrant, EvmWalletAccess},
     evm::utils,
 };
@@ -33,34 +34,31 @@ pub struct EvalContext {
     pub max_priority_fee_per_gas: u128,
 }
 
-#[derive(Debug, Error, Diagnostic)]
+#[derive(Debug, Error)]
 pub enum EvalViolation {
     #[error("This grant doesn't allow transactions to the target address {target}")]
-    #[diagnostic(code(arbiter_server::evm::eval_violation::invalid_target))]
     InvalidTarget { target: Address },
 
     #[error("Gas limit exceeded for this grant")]
-    #[diagnostic(code(arbiter_server::evm::eval_violation::gas_limit_exceeded))]
     GasLimitExceeded {
         max_gas_fee_per_gas: Option<U256>,
         max_priority_fee_per_gas: Option<U256>,
     },
 
     #[error("Rate limit exceeded for this grant")]
-    #[diagnostic(code(arbiter_server::evm::eval_violation::rate_limit_exceeded))]
     RateLimitExceeded,
 
     #[error("Transaction exceeds volumetric limits of the grant")]
-    #[diagnostic(code(arbiter_server::evm::eval_violation::volumetric_limit_exceeded))]
     VolumetricLimitExceeded,
 
     #[error("Transaction is outside of the grant's validity period")]
-    #[diagnostic(code(arbiter_server::evm::eval_violation::invalid_time))]
     InvalidTime,
 
     #[error("Transaction type is not allowed by this grant")]
-    #[diagnostic(code(arbiter_server::evm::eval_violation::invalid_transaction_type))]
     InvalidTransactionType,
+
+    #[error("Mismatching chain ID")]
+    MismatchingChainId { expected: ChainId, actual: ChainId },
 }
 
 pub type DatabaseID = i32;
@@ -68,13 +66,12 @@ pub type DatabaseID = i32;
 #[derive(Debug)]
 pub struct Grant<PolicySettings> {
     pub id: DatabaseID,
-    pub shared_grant_id: DatabaseID, // ID of the basic grant for shared-logic checks like rate limits and validity periods
+    pub common_settings_id: DatabaseID, // ID of the basic grant for shared-logic checks like rate limits and validity periods
-    pub shared: SharedGrantSettings,
+    pub settings: CombinedSettings<PolicySettings>,
-    pub settings: PolicySettings,
 }
 
 pub trait Policy: Sized {
-    type Settings: Send + Sync + 'static + Into<SpecificGrant>;
+    type Settings: Send + Sync + 'static + Into<SpecificGrant> + Integrable;
     type Meaning: Display + std::fmt::Debug + Send + Sync + 'static + Into<SpecificMeaning>;
 
     fn analyze(context: &EvalContext) -> Option<Self::Meaning>;
@@ -130,19 +127,19 @@ pub enum SpecificMeaning {
     TokenTransfer(token_transfers::Meaning),
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, arbiter_macros::Hashable)]
 pub struct TransactionRateLimit {
     pub count: u32,
     pub window: Duration,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, arbiter_macros::Hashable)]
 pub struct VolumeRateLimit {
     pub max_volume: U256,
     pub window: Duration,
 }
 
-#[derive(Clone, Debug, PartialEq, Eq, Hash)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, arbiter_macros::Hashable)]
 pub struct SharedGrantSettings {
     pub wallet_access_id: i32,
     pub chain: ChainId,
@@ -157,7 +154,7 @@ pub struct SharedGrantSettings {
 }
 
 impl SharedGrantSettings {
-    fn try_from_model(model: EvmBasicGrant) -> QueryResult<Self> {
+    pub(crate) fn try_from_model(model: EvmBasicGrant) -> QueryResult<Self> {
         Ok(Self {
             wallet_access_id: model.wallet_access_id,
             chain: model.chain_id as u64, // safe because chain_id is stored as i32 but is guaranteed to be a valid ChainId by the API when creating grants
@@ -203,7 +200,22 @@ pub enum SpecificGrant {
     TokenTransfer(token_transfers::Settings),
 }
 
-pub struct FullGrant<PolicyGrant> {
+#[derive(Debug, arbiter_macros::Hashable)]
-    pub basic: SharedGrantSettings,
+pub struct CombinedSettings<PolicyGrant> {
+    pub shared: SharedGrantSettings,
     pub specific: PolicyGrant,
 }
+
+impl<P> CombinedSettings<P> {
+    pub fn generalize<Y: From<P>>(self) -> CombinedSettings<Y> {
+        CombinedSettings {
+            shared: self.shared,
+            specific: self.specific.into(),
+        }
+    }
+}
+
+impl<P: Integrable> Integrable for CombinedSettings<P> {
+    const KIND: &'static str = P::KIND;
+    const VERSION: i32 = P::VERSION;
+}

server/crates/arbiter-server/src/evm/policies/ether_transfer/mod.rs

@@ -8,13 +8,14 @@ use diesel::sqlite::Sqlite;
 use diesel::{ExpressionMethods, JoinOnDsl, prelude::*};
 use diesel_async::{AsyncConnection, RunQueryDsl};
 
+use crate::crypto::integrity::v1::Integrable;
 use crate::db::models::{
     EvmBasicGrant, EvmEtherTransferGrant, EvmEtherTransferGrantTarget, EvmEtherTransferLimit,
     NewEvmEtherTransferLimit, SqliteTimestamp,
 };
 use crate::db::schema::{evm_basic_grant, evm_ether_transfer_limit, evm_transaction_log};
 use crate::evm::policies::{
-    Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning, VolumeRateLimit,
+    CombinedSettings, Grant, SharedGrantSettings, SpecificGrant, SpecificMeaning, VolumeRateLimit,
 };
 use crate::{
     db::{
@@ -36,8 +37,8 @@ use super::{DatabaseID, EvalContext, EvalViolation};
 // Plain ether transfer
 #[derive(Clone, Debug, PartialEq, Eq, Hash)]
 pub struct Meaning {
-    to: Address,
+    pub(crate) to: Address,
-    value: U256,
+    pub(crate) value: U256,
 }
 impl Display for Meaning {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@@ -51,11 +52,14 @@ impl From<Meaning> for SpecificMeaning {
 }
 
 // A grant for ether transfers, which can be scoped to specific target addresses and volume limits
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, arbiter_macros::Hashable)]
 pub struct Settings {
     pub target: Vec<Address>,
     pub limit: VolumeRateLimit,
 }
+impl Integrable for Settings {
+    const KIND: &'static str = "EtherTransfer";
+}
 
 impl From<Settings> for SpecificGrant {
     fn from(val: Settings) -> SpecificGrant {
@@ -91,20 +95,21 @@ async fn query_relevant_past_transaction(
 
 async fn check_rate_limits(
     grant: &Grant<Settings>,
+    current_transfer_value: U256,
     db: &mut impl AsyncConnection<Backend = Sqlite>,
 ) -> QueryResult<Vec<EvalViolation>> {
     let mut violations = Vec::new();
-    let window = grant.settings.limit.window;
+    let window = grant.settings.specific.limit.window;
 
     let past_transaction = query_relevant_past_transaction(grant.id, window, db).await?;
 
-    let window_start = chrono::Utc::now() - grant.settings.limit.window;
+    let window_start = chrono::Utc::now() - grant.settings.specific.limit.window;
-    let cumulative_volume: U256 = past_transaction
+    let prospective_cumulative_volume: U256 = past_transaction
         .iter()
         .filter(|(_, timestamp)| timestamp >= &window_start)
-        .fold(U256::default(), |acc, (value, _)| acc + *value);
+        .fold(current_transfer_value, |acc, (value, _)| acc + *value);
 
-    if cumulative_volume > grant.settings.limit.max_volume {
+    if prospective_cumulative_volume > grant.settings.specific.limit.max_volume {
         violations.push(EvalViolation::VolumetricLimitExceeded);
     }
 
@@ -137,11 +142,11 @@ impl Policy for EtherTransfer {
         let mut violations = Vec::new();
 
         // Check if the target address is within the grant's allowed targets
-        if !grant.settings.target.contains(&meaning.to) {
+        if !grant.settings.specific.target.contains(&meaning.to) {
             violations.push(EvalViolation::InvalidTarget { target: meaning.to });
         }
 
-        let rate_violations = check_rate_limits(grant, db).await?;
+        let rate_violations = check_rate_limits(grant, meaning.value, db).await?;
         violations.extend(rate_violations);
 
         Ok(violations)
@@ -246,9 +251,11 @@ impl Policy for EtherTransfer {
 
         Ok(Some(Grant {
             id: grant.id,
-            shared_grant_id: grant.basic_grant_id,
+            common_settings_id: grant.basic_grant_id,
+            settings: CombinedSettings {
                 shared: SharedGrantSettings::try_from_model(basic_grant)?,
-            settings,
+                specific: settings,
+            },
         }))
     }
 
@@ -326,9 +333,10 @@ impl Policy for EtherTransfer {
 
                 Ok(Grant {
                     id: specific.id,
-                    shared_grant_id: specific.basic_grant_id,
+                    common_settings_id: specific.basic_grant_id,
+                    settings: CombinedSettings {
                         shared: SharedGrantSettings::try_from_model(basic)?,
-                    settings: Settings {
+                        specific: Settings {
                             target: targets,
                             limit: VolumeRateLimit {
                                 max_volume: utils::try_bytes_to_u256(&limit.max_volume).map_err(
@@ -337,6 +345,7 @@ impl Policy for EtherTransfer {
                                 window: Duration::seconds(limit.window_secs as i64),
                             },
                         },
+                    },
                 })
             })
             .collect()

server/crates/arbiter-server/src/evm/policies/ether_transfer/tests.rs

@@ -11,7 +11,10 @@ use crate::db::{
     schema::{evm_basic_grant, evm_transaction_log},
 };
 use crate::evm::{
-    policies::{EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings, VolumeRateLimit},
+    policies::{
+        CombinedSettings, EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings,
+        VolumeRateLimit,
+    },
     utils,
 };
 
@@ -81,8 +84,6 @@ fn shared() -> SharedGrantSettings {
     }
 }
 
-// ── analyze ─────────────────────────────────────────────────────────────
-
 #[test]
 fn analyze_matches_empty_calldata() {
     let m = EtherTransfer::analyze(&ctx(ALLOWED, U256::from(1_000u64))).unwrap();
@@ -99,8 +100,6 @@ fn analyze_rejects_nonempty_calldata() {
     assert!(EtherTransfer::analyze(&context).is_none());
 }
 
-// ── evaluate ────────────────────────────────────────────────────────────
-
 #[tokio::test]
 async fn evaluate_passes_for_allowed_target() {
     let db = db::create_test_pool().await;
@@ -108,9 +107,11 @@ async fn evaluate_passes_for_allowed_target() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(vec![ALLOWED], 1_000_000),
+            specific: make_settings(vec![ALLOWED], 1_000_000),
+        },
     };
     let context = ctx(ALLOWED, U256::from(100u64));
     let m = EtherTransfer::analyze(&context).unwrap();
@@ -127,9 +128,11 @@ async fn evaluate_rejects_disallowed_target() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(vec![ALLOWED], 1_000_000),
+            specific: make_settings(vec![ALLOWED], 1_000_000),
+        },
     };
     let context = ctx(OTHER, U256::from(100u64));
     let m = EtherTransfer::analyze(&context).unwrap();
@@ -167,9 +170,11 @@ async fn evaluate_passes_when_volume_within_limit() {
 
     let grant = Grant {
         id: grant_id,
-        shared_grant_id: basic.id,
+        common_settings_id: basic.id,
+        settings: CombinedSettings {
             shared: shared(),
-        settings,
+            specific: settings,
+        },
     };
     let context = ctx(ALLOWED, U256::from(100u64));
     let m = EtherTransfer::analyze(&context).unwrap();
@@ -198,7 +203,7 @@ async fn evaluate_rejects_volume_over_limit() {
             grant_id,
             wallet_access_id: WALLET_ACCESS_ID,
             chain_id: CHAIN_ID as i32,
-            eth_value: utils::u256_to_bytes(U256::from(1_001u64)).to_vec(),
+            eth_value: utils::u256_to_bytes(U256::from(1_000u64)).to_vec(),
             signed_at: SqliteTimestamp(Utc::now()),
         })
         .execute(&mut *conn)
@@ -207,11 +212,13 @@ async fn evaluate_rejects_volume_over_limit() {
 
     let grant = Grant {
         id: grant_id,
-        shared_grant_id: basic.id,
+        common_settings_id: basic.id,
+        settings: CombinedSettings {
             shared: shared(),
-        settings,
+            specific: settings,
+        },
     };
-    let context = ctx(ALLOWED, U256::from(100u64));
+    let context = ctx(ALLOWED, U256::from(1u64));
     let m = EtherTransfer::analyze(&context).unwrap();
     let v = EtherTransfer::evaluate(&context, &m, &grant, &mut *conn)
         .await
@@ -233,13 +240,13 @@ async fn evaluate_passes_at_exactly_volume_limit() {
         .await
         .unwrap();
 
-    // Exactly at the limit — the check is `>`, so this should not violate
+    // Exactly at the limit including current transfer — check is `>`, so this should not violate
     insert_into(evm_transaction_log::table)
         .values(NewEvmTransactionLog {
             grant_id,
             wallet_access_id: WALLET_ACCESS_ID,
             chain_id: CHAIN_ID as i32,
-            eth_value: utils::u256_to_bytes(U256::from(1_000u64)).to_vec(),
+            eth_value: utils::u256_to_bytes(U256::from(900u64)).to_vec(),
             signed_at: SqliteTimestamp(Utc::now()),
         })
         .execute(&mut *conn)
@@ -248,9 +255,11 @@ async fn evaluate_passes_at_exactly_volume_limit() {
 
     let grant = Grant {
         id: grant_id,
-        shared_grant_id: basic.id,
+        common_settings_id: basic.id,
+        settings: CombinedSettings {
             shared: shared(),
-        settings,
+            specific: settings,
+        },
     };
     let context = ctx(ALLOWED, U256::from(100u64));
     let m = EtherTransfer::analyze(&context).unwrap();
@@ -263,8 +272,6 @@ async fn evaluate_passes_at_exactly_volume_limit() {
     );
 }
 
-// ── try_find_grant ───────────────────────────────────────────────────────
-
 #[tokio::test]
 async fn try_find_grant_roundtrip() {
     let db = db::create_test_pool().await;
@@ -282,8 +289,11 @@ async fn try_find_grant_roundtrip() {
 
     assert!(found.is_some());
     let g = found.unwrap();
-    assert_eq!(g.settings.target, vec![ALLOWED]);
+    assert_eq!(g.settings.specific.target, vec![ALLOWED]);
-    assert_eq!(g.settings.limit.max_volume, U256::from(1_000_000u64));
+    assert_eq!(
+        g.settings.specific.limit.max_volume,
+        U256::from(1_000_000u64)
+    );
 }
 
 #[tokio::test]
@@ -320,7 +330,36 @@ async fn try_find_grant_wrong_target_returns_none() {
     assert!(found.is_none());
 }
 
-// ── find_all_grants ──────────────────────────────────────────────────────
+proptest::proptest! {
+    #[test]
+    fn target_order_does_not_affect_hash(
+        raw_addrs in proptest::collection::vec(proptest::prelude::any::<[u8; 20]>(), 0..8),
+        seed in proptest::prelude::any::<u64>(),
+        max_volume in proptest::prelude::any::<u64>(),
+        window_secs in 1i64..=86400,
+    ) {
+        use rand::{SeedableRng, seq::SliceRandom};
+        use sha2::Digest;
+        use arbiter_crypto::hashing::Hashable;
+
+        let addrs: Vec<Address> = raw_addrs.iter().map(|b| Address::from(*b)).collect();
+        let mut shuffled = addrs.clone();
+        shuffled.shuffle(&mut rand::rngs::StdRng::seed_from_u64(seed));
+
+        let limit = VolumeRateLimit {
+            max_volume: U256::from(max_volume),
+            window: Duration::seconds(window_secs),
+        };
+
+        let mut h1 = sha2::Sha256::new();
+        Settings { target: addrs, limit: limit.clone() }.hash(&mut h1);
+
+        let mut h2 = sha2::Sha256::new();
+        Settings { target: shuffled, limit }.hash(&mut h2);
+
+        proptest::prop_assert_eq!(h1.finalize(), h2.finalize());
+    }
+}
 
 #[tokio::test]
 async fn find_all_grants_empty_db() {
@@ -347,7 +386,7 @@ async fn find_all_grants_excludes_revoked() {
 
     let all = EtherTransfer::find_all_grants(&mut *conn).await.unwrap();
     assert_eq!(all.len(), 1);
-    assert_eq!(all[0].settings.target, vec![ALLOWED]);
+    assert_eq!(all[0].settings.specific.target, vec![ALLOWED]);
 }
 
 #[tokio::test]
@@ -363,8 +402,11 @@ async fn find_all_grants_multiple_targets() {
 
     let all = EtherTransfer::find_all_grants(&mut *conn).await.unwrap();
     assert_eq!(all.len(), 1);
-    assert_eq!(all[0].settings.target.len(), 2);
+    assert_eq!(all[0].settings.specific.target.len(), 2);
-    assert_eq!(all[0].settings.limit.max_volume, U256::from(1_000_000u64));
+    assert_eq!(
+        all[0].settings.specific.limit.max_volume,
+        U256::from(1_000_000u64)
+    );
 }
 
 #[tokio::test]

server/crates/arbiter-server/src/evm/policies/token_transfers/mod.rs

@@ -1,20 +1,5 @@
 use std::collections::HashMap;
 
-use alloy::{
-    primitives::{Address, U256},
-    sol_types::SolCall,
-};
-use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo};
-use chrono::{DateTime, Duration, Utc};
-use diesel::dsl::{auto_type, insert_into};
-use diesel::sqlite::Sqlite;
-use diesel::{ExpressionMethods, prelude::*};
-use diesel_async::{AsyncConnection, RunQueryDsl};
-
-use crate::db::models::{
-    EvmBasicGrant, EvmTokenTransferGrant, EvmTokenTransferVolumeLimit, NewEvmTokenTransferGrant,
-    NewEvmTokenTransferLog, NewEvmTokenTransferVolumeLimit, SqliteTimestamp,
-};
 use crate::db::schema::{
     evm_basic_grant, evm_token_transfer_grant, evm_token_transfer_log,
     evm_token_transfer_volume_limit,
@@ -26,6 +11,25 @@ use crate::evm::{
     },
     utils,
 };
+use crate::{
+    crypto::integrity::Integrable,
+    db::models::{
+        EvmBasicGrant, EvmTokenTransferGrant, EvmTokenTransferVolumeLimit,
+        NewEvmTokenTransferGrant, NewEvmTokenTransferLog, NewEvmTokenTransferVolumeLimit,
+        SqliteTimestamp,
+    },
+    evm::policies::CombinedSettings,
+};
+use alloy::{
+    primitives::{Address, U256},
+    sol_types::SolCall,
+};
+use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo};
+use chrono::{DateTime, Duration, Utc};
+use diesel::dsl::{auto_type, insert_into};
+use diesel::sqlite::Sqlite;
+use diesel::{ExpressionMethods, prelude::*};
+use diesel_async::{AsyncConnection, RunQueryDsl};
 
 use super::{DatabaseID, EvalContext, EvalViolation};
 
@@ -38,9 +42,9 @@ fn grant_join() -> _ {
 
 #[derive(Clone, Debug, PartialEq, Eq, Hash)]
 pub struct Meaning {
-    token: &'static TokenInfo,
+    pub token: &'static TokenInfo,
-    to: Address,
+    pub to: Address,
-    value: U256,
+    pub value: U256,
 }
 impl std::fmt::Display for Meaning {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@@ -58,12 +62,16 @@ impl From<Meaning> for SpecificMeaning {
 }
 
 // A grant for token transfers, which can be scoped to specific target addresses and volume limits
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, arbiter_macros::Hashable)]
 pub struct Settings {
     pub token_contract: Address,
     pub target: Option<Address>,
     pub volume_limits: Vec<VolumeRateLimit>,
 }
+impl Integrable for Settings {
+    const KIND: &'static str = "TokenTransfer";
+}
+
 impl From<Settings> for SpecificGrant {
     fn from(val: Settings) -> SpecificGrant {
         SpecificGrant::TokenTransfer(val)
@@ -101,24 +109,32 @@ async fn query_relevant_past_transfers(
 
 async fn check_volume_rate_limits(
     grant: &Grant<Settings>,
+    current_transfer_value: U256,
     db: &mut impl AsyncConnection<Backend = Sqlite>,
 ) -> QueryResult<Vec<EvalViolation>> {
     let mut violations = Vec::new();
 
-    let Some(longest_window) = grant.settings.volume_limits.iter().map(|l| l.window).max() else {
+    let Some(longest_window) = grant
+        .settings
+        .specific
+        .volume_limits
+        .iter()
+        .map(|l| l.window)
+        .max()
+    else {
         return Ok(violations);
     };
 
     let past_transfers = query_relevant_past_transfers(grant.id, longest_window, db).await?;
 
-    for limit in &grant.settings.volume_limits {
+    for limit in &grant.settings.specific.volume_limits {
         let window_start = chrono::Utc::now() - limit.window;
-        let cumulative_volume: U256 = past_transfers
+        let prospective_cumulative_volume: U256 = past_transfers
             .iter()
             .filter(|(_, timestamp)| timestamp >= &window_start)
-            .fold(U256::default(), |acc, (value, _)| acc + *value);
+            .fold(current_transfer_value, |acc, (value, _)| acc + *value);
 
-        if cumulative_volume > limit.max_volume {
+        if prospective_cumulative_volume > limit.max_volume {
             violations.push(EvalViolation::VolumetricLimitExceeded);
             break;
         }
@@ -157,13 +173,13 @@ impl Policy for TokenTransfer {
             return Ok(violations);
         }
 
-        if let Some(allowed) = grant.settings.target
+        if let Some(allowed) = grant.settings.specific.target
             && allowed != meaning.to
         {
             violations.push(EvalViolation::InvalidTarget { target: meaning.to });
         }
 
-        let rate_violations = check_volume_rate_limits(grant, db).await?;
+        let rate_violations = check_volume_rate_limits(grant, meaning.value, db).await?;
         violations.extend(rate_violations);
 
         Ok(violations)
@@ -268,9 +284,11 @@ impl Policy for TokenTransfer {
 
         Ok(Some(Grant {
             id: token_grant.id,
-            shared_grant_id: token_grant.basic_grant_id,
+            common_settings_id: token_grant.basic_grant_id,
+            settings: CombinedSettings {
                 shared: SharedGrantSettings::try_from_model(basic_grant)?,
-            settings,
+                specific: settings,
+            },
         }))
     }
 
@@ -368,13 +386,15 @@ impl Policy for TokenTransfer {
 
                 Ok(Grant {
                     id: specific.id,
-                    shared_grant_id: specific.basic_grant_id,
+                    common_settings_id: specific.basic_grant_id,
+                    settings: CombinedSettings {
                         shared: SharedGrantSettings::try_from_model(basic)?,
-                    settings: Settings {
+                        specific: Settings {
                             token_contract: Address::from(token_contract),
                             target,
                             volume_limits,
                         },
+                    },
                 })
             })
             .collect()

server/crates/arbiter-server/src/evm/policies/token_transfers/tests.rs

@@ -11,7 +11,10 @@ use crate::db::{
 };
 use crate::evm::{
     abi::IERC20::transferCall,
-    policies::{EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings, VolumeRateLimit},
+    policies::{
+        CombinedSettings, EvalContext, EvalViolation, Grant, Policy, SharedGrantSettings,
+        VolumeRateLimit,
+    },
     utils,
 };
 
@@ -98,8 +101,6 @@ fn shared() -> SharedGrantSettings {
     }
 }
 
-// ── analyze ─────────────────────────────────────────────────────────────
-
 #[test]
 fn analyze_known_token_valid_calldata() {
     let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
@@ -125,8 +126,6 @@ fn analyze_empty_calldata_returns_none() {
     assert!(TokenTransfer::analyze(&ctx(DAI, Bytes::new())).is_none());
 }
 
-// ── evaluate ────────────────────────────────────────────────────────────
-
 #[tokio::test]
 async fn evaluate_rejects_nonzero_eth_value() {
     let db = db::create_test_pool().await;
@@ -134,9 +133,11 @@ async fn evaluate_rejects_nonzero_eth_value() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(None, None),
+            specific: make_settings(None, None),
+        },
     };
     let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
     let mut context = ctx(DAI, calldata);
@@ -163,9 +164,11 @@ async fn evaluate_passes_any_recipient_when_no_restriction() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(None, None),
+            specific: make_settings(None, None),
+        },
     };
     let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
     let context = ctx(DAI, calldata);
@@ -183,9 +186,11 @@ async fn evaluate_passes_matching_restricted_recipient() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(Some(RECIPIENT), None),
+            specific: make_settings(Some(RECIPIENT), None),
+        },
     };
     let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
     let context = ctx(DAI, calldata);
@@ -203,9 +208,11 @@ async fn evaluate_rejects_wrong_restricted_recipient() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(Some(RECIPIENT), None),
+            specific: make_settings(Some(RECIPIENT), None),
+        },
     };
     let calldata = transfer_calldata(OTHER, U256::from(100u64));
     let context = ctx(DAI, calldata);
@@ -220,7 +227,7 @@ async fn evaluate_rejects_wrong_restricted_recipient() {
 }
 
 #[tokio::test]
-async fn evaluate_passes_volume_within_limit() {
+async fn evaluate_passes_volume_at_exact_limit() {
     let db = db::create_test_pool().await;
     let mut conn = db.get().await.unwrap();
 
@@ -230,7 +237,7 @@ async fn evaluate_passes_volume_within_limit() {
         .await
         .unwrap();
 
-    // Record a past transfer of 500 (within 1000 limit)
+    // Record a past transfer of 900, with current transfer 100 => exactly 1000 limit
     use crate::db::{models::NewEvmTokenTransferLog, schema::evm_token_transfer_log};
     insert_into(evm_token_transfer_log::table)
         .values(NewEvmTokenTransferLog {
@@ -239,7 +246,7 @@ async fn evaluate_passes_volume_within_limit() {
             chain_id: CHAIN_ID as i32,
             token_contract: DAI.to_vec(),
             recipient_address: RECIPIENT.to_vec(),
-            value: utils::u256_to_bytes(U256::from(500u64)).to_vec(),
+            value: utils::u256_to_bytes(U256::from(900u64)).to_vec(),
         })
         .execute(&mut *conn)
         .await
@@ -247,9 +254,11 @@ async fn evaluate_passes_volume_within_limit() {
 
     let grant = Grant {
         id: grant_id,
-        shared_grant_id: basic.id,
+        common_settings_id: basic.id,
+        settings: CombinedSettings {
             shared: shared(),
-        settings,
+            specific: settings,
+        },
     };
     let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
     let context = ctx(DAI, calldata);
@@ -282,7 +291,7 @@ async fn evaluate_rejects_volume_over_limit() {
             chain_id: CHAIN_ID as i32,
             token_contract: DAI.to_vec(),
             recipient_address: RECIPIENT.to_vec(),
-            value: utils::u256_to_bytes(U256::from(1_001u64)).to_vec(),
+            value: utils::u256_to_bytes(U256::from(1_000u64)).to_vec(),
         })
         .execute(&mut *conn)
         .await
@@ -290,11 +299,13 @@ async fn evaluate_rejects_volume_over_limit() {
 
     let grant = Grant {
         id: grant_id,
-        shared_grant_id: basic.id,
+        common_settings_id: basic.id,
+        settings: CombinedSettings {
             shared: shared(),
-        settings,
+            specific: settings,
+        },
     };
-    let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
+    let calldata = transfer_calldata(RECIPIENT, U256::from(1u64));
     let context = ctx(DAI, calldata);
     let m = TokenTransfer::analyze(&context).unwrap();
     let v = TokenTransfer::evaluate(&context, &m, &grant, &mut *conn)
@@ -313,9 +324,11 @@ async fn evaluate_no_volume_limits_always_passes() {
 
     let grant = Grant {
         id: 999,
-        shared_grant_id: 999,
+        common_settings_id: 999,
+        settings: CombinedSettings {
             shared: shared(),
-        settings: make_settings(None, None), // no volume limits
+            specific: make_settings(None, None), // no volume limits
+        },
     };
     let calldata = transfer_calldata(RECIPIENT, U256::from(u64::MAX));
     let context = ctx(DAI, calldata);
@@ -349,10 +362,13 @@ async fn try_find_grant_roundtrip() {
 
     assert!(found.is_some());
     let g = found.unwrap();
-    assert_eq!(g.settings.token_contract, DAI);
+    assert_eq!(g.settings.specific.token_contract, DAI);
-    assert_eq!(g.settings.target, Some(RECIPIENT));
+    assert_eq!(g.settings.specific.target, Some(RECIPIENT));
-    assert_eq!(g.settings.volume_limits.len(), 1);
+    assert_eq!(g.settings.specific.volume_limits.len(), 1);
-    assert_eq!(g.settings.volume_limits[0].max_volume, U256::from(5_000u64));
+    assert_eq!(
+        g.settings.specific.volume_limits[0].max_volume,
+        U256::from(5_000u64)
+    );
 }
 
 #[tokio::test]
@@ -392,7 +408,39 @@ async fn try_find_grant_unknown_token_returns_none() {
     assert!(found.is_none());
 }
 
-// ── find_all_grants ──────────────────────────────────────────────────────
+proptest::proptest! {
+    #[test]
+    fn volume_limits_order_does_not_affect_hash(
+        raw_limits in proptest::collection::vec(
+            (proptest::prelude::any::<u64>(), 1i64..=86400),
+            0..8,
+        ),
+        seed in proptest::prelude::any::<u64>(),
+    ) {
+        use rand::{SeedableRng, seq::SliceRandom};
+        use sha2::Digest;
+        use arbiter_crypto::hashing::Hashable;
+
+        let limits: Vec<VolumeRateLimit> = raw_limits
+            .iter()
+            .map(|(max_vol, window_secs)| VolumeRateLimit {
+                max_volume: U256::from(*max_vol),
+                window: Duration::seconds(*window_secs),
+            })
+            .collect();
+
+        let mut shuffled = limits.clone();
+        shuffled.shuffle(&mut rand::rngs::StdRng::seed_from_u64(seed));
+
+        let mut h1 = sha2::Sha256::new();
+        Settings { token_contract: DAI, target: None, volume_limits: limits }.hash(&mut h1);
+
+        let mut h2 = sha2::Sha256::new();
+        Settings { token_contract: DAI, target: None, volume_limits: shuffled }.hash(&mut h2);
+
+        proptest::prop_assert_eq!(h1.finalize(), h2.finalize());
+    }
+}
 
 #[tokio::test]
 async fn find_all_grants_empty_db() {
@@ -434,9 +482,9 @@ async fn find_all_grants_loads_volume_limits() {
 
     let all = TokenTransfer::find_all_grants(&mut *conn).await.unwrap();
     assert_eq!(all.len(), 1);
-    assert_eq!(all[0].settings.volume_limits.len(), 1);
+    assert_eq!(all[0].settings.specific.volume_limits.len(), 1);
     assert_eq!(
-        all[0].settings.volume_limits[0].max_volume,
+        all[0].settings.specific.volume_limits[0].max_volume,
         U256::from(9_999u64)
     );
 }

server/crates/arbiter-server/src/evm/safe_signer.rs

@@ -1,12 +1,12 @@
 use std::sync::Mutex;
 
-use crate::safe_cell::{SafeCell, SafeCellHandle as _};
 use alloy::{
     consensus::SignableTransaction,
     network::{TxSigner, TxSignerSync},
     primitives::{Address, B256, ChainId, Signature},
     signers::{Error, Result, Signer, SignerSync, utils::secret_key_to_address},
 };
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
 use async_trait::async_trait;
 use k256::ecdsa::{self, RecoveryId, SigningKey, signature::hazmat::PrehashSigner};
 

server/crates/arbiter-server/src/grpc/client.rs

@@ -1,32 +1,24 @@
 use arbiter_proto::{
     proto::client::{
-        ClientRequest, ClientResponse, VaultState as ProtoVaultState,
+        ClientRequest, ClientResponse, client_request::Payload as ClientRequestPayload,
-        client_request::Payload as ClientRequestPayload,
         client_response::Payload as ClientResponsePayload,
     },
     transport::{Receiver, Sender, grpc::GrpcBi},
 };
-use kameo::{
+use kameo::actor::{ActorRef, Spawn as _};
-    actor::{ActorRef, Spawn as _},
-    error::SendError,
-};
 use tonic::Status;
 use tracing::{info, warn};
 
 use crate::{
-    actors::{
+    actors::client::{ClientConnection, session::ClientSession},
-        client::{
-            self, ClientConnection,
-            session::{ClientSession, Error, HandleQueryVaultState},
-        },
-        keyholder::KeyHolderState,
-    },
     grpc::request_tracker::RequestTracker,
 };
 
 mod auth;
+mod evm;
 mod inbound;
 mod outbound;
+mod vault;
 
 async fn dispatch_loop(
     mut bi: GrpcBi<ClientRequest, ClientResponse>,
@@ -34,7 +26,9 @@ async fn dispatch_loop(
     mut request_tracker: RequestTracker,
 ) {
     loop {
-        let Some(message) = bi.recv().await else { return };
+        let Some(message) = bi.recv().await else {
+            return;
+        };
 
         let conn = match message {
             Ok(conn) => conn,
@@ -53,16 +47,24 @@ async fn dispatch_loop(
         };
 
         let Some(payload) = conn.payload else {
-            let _ = bi.send(Err(Status::invalid_argument("Missing client request payload"))).await;
+            let _ = bi
+                .send(Err(Status::invalid_argument(
+                    "Missing client request payload",
+                )))
+                .await;
             return;
         };
 
         match dispatch_inner(&actor, payload).await {
             Ok(response) => {
-                if bi.send(Ok(ClientResponse {
+                if bi
+                    .send(Ok(ClientResponse {
                         request_id: Some(request_id),
                         payload: Some(response),
-                })).await.is_err() {
+                    }))
+                    .await
+                    .is_err()
+                {
                     return;
                 }
             }
@@ -79,21 +81,10 @@ async fn dispatch_inner(
     payload: ClientRequestPayload,
 ) -> Result<ClientResponsePayload, Status> {
     match payload {
-        ClientRequestPayload::QueryVaultState(_) => {
+        ClientRequestPayload::Vault(req) => vault::dispatch(actor, req).await,
-            let state = match actor.ask(HandleQueryVaultState {}).await {
+        ClientRequestPayload::Evm(req) => evm::dispatch(actor, req).await,
-                Ok(KeyHolderState::Unbootstrapped) => ProtoVaultState::Unbootstrapped,
+        ClientRequestPayload::Auth(..) => {
-                Ok(KeyHolderState::Sealed) => ProtoVaultState::Sealed,
+            warn!("Unsupported post-auth client auth request");
-                Ok(KeyHolderState::Unsealed) => ProtoVaultState::Unsealed,
-                Err(SendError::HandlerError(Error::Internal)) => ProtoVaultState::Error,
-                Err(err) => {
-                    warn!(error = ?err, "Failed to query vault state");
-                    ProtoVaultState::Error
-                }
-            };
-            Ok(ClientResponsePayload::VaultState(state.into()))
-        }
-        payload => {
-            warn!(?payload, "Unsupported post-auth client request");
             Err(Status::invalid_argument("Unsupported client request"))
         }
     }
@@ -102,14 +93,21 @@ async fn dispatch_inner(
 pub async fn start(mut conn: ClientConnection, mut bi: GrpcBi<ClientRequest, ClientResponse>) {
     let mut request_tracker = RequestTracker::default();
 
-    if let Err(e) = auth::start(&mut conn, &mut bi, &mut request_tracker).await {
+    let client_id = match auth::start(&mut conn, &mut bi, &mut request_tracker).await {
-        let mut transport = auth::AuthTransportAdapter::new(&mut bi, &mut request_tracker);
+        Ok(id) => id,
-        let _ = transport.send(Err(e.clone())).await;
+        Err(err) => {
-        warn!(error = ?e, "Client authentication failed");
+            let _ = bi
+                .send(Err(Status::unauthenticated(format!(
+                    "Authentication failed: {}",
+                    err
+                ))))
+                .await;
+            warn!(error = ?err, "Client authentication failed");
             return;
+        }
     };
 
-    let actor = client::session::ClientSession::spawn(client::session::ClientSession::new(conn));
+    let actor = ClientSession::spawn(ClientSession::new(conn, client_id));
     let actor_for_cleanup = actor.clone();
 
     info!("Client authenticated successfully");

server/crates/arbiter-server/src/grpc/client/auth.rs

@@ -1,11 +1,21 @@
+use arbiter_crypto::authn;
 use arbiter_proto::{
-    ClientMetadata, proto::client::{
+    ClientMetadata,
-        AuthChallenge as ProtoAuthChallenge, AuthChallengeRequest as ProtoAuthChallengeRequest,
+    proto::{
+        client::{
+            ClientRequest, ClientResponse,
+            auth::{
+                self as proto_auth, AuthChallenge as ProtoAuthChallenge,
+                AuthChallengeRequest as ProtoAuthChallengeRequest,
                 AuthChallengeSolution as ProtoAuthChallengeSolution, AuthResult as ProtoAuthResult,
-        ClientInfo as ProtoClientInfo, ClientRequest, ClientResponse,
+                request::Payload as AuthRequestPayload, response::Payload as AuthResponsePayload,
+            },
             client_request::Payload as ClientRequestPayload,
             client_response::Payload as ClientResponsePayload,
-    }, transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi}
+        },
+        shared::ClientInfo as ProtoClientInfo,
+    },
+    transport::{Bi, Error as TransportError, Receiver, Sender, grpc::GrpcBi},
 };
 use async_trait::async_trait;
 use tonic::Status;
@@ -32,22 +42,22 @@ impl<'a> AuthTransportAdapter<'a> {
         }
     }
 
-    fn response_to_proto(response: auth::Outbound) -> ClientResponsePayload {
+    fn response_to_proto(response: auth::Outbound) -> AuthResponsePayload {
         match response {
             auth::Outbound::AuthChallenge { pubkey, nonce } => {
-                ClientResponsePayload::AuthChallenge(ProtoAuthChallenge {
+                AuthResponsePayload::Challenge(ProtoAuthChallenge {
-                    pubkey: pubkey.to_bytes().to_vec(),
+                    pubkey: pubkey.to_bytes(),
                     nonce,
                 })
             }
             auth::Outbound::AuthSuccess => {
-                ClientResponsePayload::AuthResult(ProtoAuthResult::Success.into())
+                AuthResponsePayload::Result(ProtoAuthResult::Success.into())
             }
         }
     }
 
-    fn error_to_proto(error: auth::Error) -> ClientResponsePayload {
+    fn error_to_proto(error: auth::Error) -> AuthResponsePayload {
-        ClientResponsePayload::AuthResult(
+        AuthResponsePayload::Result(
             match error {
                 auth::Error::InvalidChallengeSolution => ProtoAuthResult::InvalidSignature,
                 auth::Error::ApproveError(auth::ApproveError::Denied) => {
@@ -59,6 +69,7 @@ impl<'a> AuthTransportAdapter<'a> {
                 auth::Error::ApproveError(auth::ApproveError::Internal)
                 | auth::Error::DatabasePoolUnavailable
                 | auth::Error::DatabaseOperationFailed
+                | auth::Error::IntegrityCheckFailed
                 | auth::Error::Transport => ProtoAuthResult::Internal,
             }
             .into(),
@@ -67,18 +78,20 @@ impl<'a> AuthTransportAdapter<'a> {
 
     async fn send_client_response(
         &mut self,
-        payload: ClientResponsePayload,
+        payload: AuthResponsePayload,
     ) -> Result<(), TransportError> {
         self.bi
             .send(Ok(ClientResponse {
                 request_id: Some(self.request_tracker.current_request_id()),
+                payload: Some(ClientResponsePayload::Auth(proto_auth::Response {
                     payload: Some(payload),
+                })),
             }))
             .await
     }
 
     async fn send_auth_result(&mut self, result: ProtoAuthResult) -> Result<(), TransportError> {
-        self.send_client_response(ClientResponsePayload::AuthResult(result.into()))
+        self.send_client_response(AuthResponsePayload::Result(result.into()))
             .await
     }
 }
@@ -117,9 +130,27 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
             }
         };
         let payload = request.payload?;
+        let ClientRequestPayload::Auth(auth_request) = payload else {
+            let _ = self
+                .bi
+                .send(Err(Status::invalid_argument(
+                    "Unsupported client auth request",
+                )))
+                .await;
+            return None;
+        };
+        let Some(payload) = auth_request.payload else {
+            let _ = self
+                .bi
+                .send(Err(Status::invalid_argument(
+                    "Missing client auth request payload",
+                )))
+                .await;
+            return None;
+        };
 
         match payload {
-            ClientRequestPayload::AuthChallengeRequest(ProtoAuthChallengeRequest {
+            AuthRequestPayload::ChallengeRequest(ProtoAuthChallengeRequest {
                 pubkey,
                 client_info,
             }) => {
@@ -130,11 +161,7 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
                         .await;
                     return None;
                 };
-                let Ok(pubkey) = <[u8; 32]>::try_from(pubkey) else {
+                let Ok(pubkey) = authn::PublicKey::try_from(pubkey.as_slice()) else {
-                    let _ = self.send_auth_result(ProtoAuthResult::InvalidKey).await;
-                    return None;
-                };
-                let Ok(pubkey) = ed25519_dalek::VerifyingKey::from_bytes(&pubkey) else {
                     let _ = self.send_auth_result(ProtoAuthResult::InvalidKey).await;
                     return None;
                 };
@@ -143,10 +170,8 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
                     metadata: client_metadata_from_proto(client_info),
                 })
             }
-            ClientRequestPayload::AuthChallengeSolution(ProtoAuthChallengeSolution {
+            AuthRequestPayload::ChallengeSolution(ProtoAuthChallengeSolution { signature }) => {
-                signature,
+                let Ok(signature) = authn::Signature::try_from(signature.as_slice()) else {
-            }) => {
-                let Ok(signature) = ed25519_dalek::Signature::try_from(signature.as_slice()) else {
                     let _ = self
                         .send_auth_result(ProtoAuthResult::InvalidSignature)
                         .await;
@@ -154,15 +179,6 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
                 };
                 Some(auth::Inbound::AuthChallengeSolution { signature })
             }
-            _ => {
-                let _ = self
-                    .bi
-                    .send(Err(Status::invalid_argument(
-                        "Unsupported client auth request",
-                    )))
-                    .await;
-                None
-            }
         }
     }
 }
@@ -181,8 +197,7 @@ pub async fn start(
     conn: &mut ClientConnection,
     bi: &mut GrpcBi<ClientRequest, ClientResponse>,
     request_tracker: &mut RequestTracker,
-) -> Result<(), auth::Error> {
+) -> Result<i32, auth::Error> {
     let mut transport = AuthTransportAdapter::new(bi, request_tracker);
-    client::auth::authenticate(conn, &mut transport).await?;
+    client::auth::authenticate(conn, &mut transport).await
-    Ok(())
 }

server/crates/arbiter-server/src/grpc/client/evm.rs

@@ -0,0 +1,87 @@
+use arbiter_proto::proto::{
+    client::{
+        client_response::Payload as ClientResponsePayload,
+        evm::{
+            self as proto_evm, request::Payload as EvmRequestPayload,
+            response::Payload as EvmResponsePayload,
+        },
+    },
+    evm::{
+        EvmError as ProtoEvmError, EvmSignTransactionResponse,
+        evm_sign_transaction_response::Result as EvmSignTransactionResult,
+    },
+};
+use kameo::actor::ActorRef;
+use tonic::Status;
+use tracing::warn;
+
+use crate::{
+    actors::client::session::{ClientSession, HandleSignTransaction, SignTransactionRpcError},
+    grpc::{
+        Convert, TryConvert,
+        common::inbound::{RawEvmAddress, RawEvmTransaction},
+    },
+};
+
+fn wrap_response(payload: EvmResponsePayload) -> ClientResponsePayload {
+    ClientResponsePayload::Evm(proto_evm::Response {
+        payload: Some(payload),
+    })
+}
+
+pub(super) async fn dispatch(
+    actor: &ActorRef<ClientSession>,
+    req: proto_evm::Request,
+) -> Result<ClientResponsePayload, Status> {
+    let Some(payload) = req.payload else {
+        return Err(Status::invalid_argument(
+            "Missing client EVM request payload",
+        ));
+    };
+
+    match payload {
+        EvmRequestPayload::SignTransaction(request) => {
+            let address = RawEvmAddress(request.wallet_address).try_convert()?;
+            let transaction = RawEvmTransaction(request.rlp_transaction).try_convert()?;
+
+            let response = match actor
+                .ask(HandleSignTransaction {
+                    wallet_address: address,
+                    transaction,
+                })
+                .await
+            {
+                Ok(signature) => EvmSignTransactionResponse {
+                    result: Some(EvmSignTransactionResult::Signature(
+                        signature.as_bytes().to_vec(),
+                    )),
+                },
+                Err(kameo::error::SendError::HandlerError(SignTransactionRpcError::Vet(
+                    vet_error,
+                ))) => EvmSignTransactionResponse {
+                    result: Some(vet_error.convert()),
+                },
+                Err(kameo::error::SendError::HandlerError(SignTransactionRpcError::Internal)) => {
+                    EvmSignTransactionResponse {
+                        result: Some(EvmSignTransactionResult::Error(
+                            ProtoEvmError::Internal.into(),
+                        )),
+                    }
+                }
+                Err(err) => {
+                    warn!(error = ?err, "Failed to sign EVM transaction");
+                    EvmSignTransactionResponse {
+                        result: Some(EvmSignTransactionResult::Error(
+                            ProtoEvmError::Internal.into(),
+                        )),
+                    }
+                }
+            };
+
+            Ok(wrap_response(EvmResponsePayload::SignTransaction(response)))
+        }
+        EvmRequestPayload::AnalyzeTransaction(_) => Err(Status::unimplemented(
+            "EVM transaction analysis is not yet implemented",
+        )),
+    }
+}

server/crates/arbiter-server/src/grpc/client/inbound.rs

@@ -0,0 +1 @@
+

server/crates/arbiter-server/src/grpc/client/outbound.rs

@@ -0,0 +1 @@
+

server/crates/arbiter-server/src/grpc/client/vault.rs

@@ -0,0 +1,47 @@
+use arbiter_proto::proto::{
+    client::{
+        client_response::Payload as ClientResponsePayload,
+        vault::{
+            self as proto_vault, request::Payload as VaultRequestPayload,
+            response::Payload as VaultResponsePayload,
+        },
+    },
+    shared::VaultState as ProtoVaultState,
+};
+use kameo::{actor::ActorRef, error::SendError};
+use tonic::Status;
+use tracing::warn;
+
+use crate::actors::{
+    client::session::{ClientSession, Error, HandleQueryVaultState},
+    keyholder::KeyHolderState,
+};
+
+pub(super) async fn dispatch(
+    actor: &ActorRef<ClientSession>,
+    req: proto_vault::Request,
+) -> Result<ClientResponsePayload, Status> {
+    let Some(payload) = req.payload else {
+        return Err(Status::invalid_argument(
+            "Missing client vault request payload",
+        ));
+    };
+
+    match payload {
+        VaultRequestPayload::QueryState(_) => {
+            let state = match actor.ask(HandleQueryVaultState {}).await {
+                Ok(KeyHolderState::Unbootstrapped) => ProtoVaultState::Unbootstrapped,
+                Ok(KeyHolderState::Sealed) => ProtoVaultState::Sealed,
+                Ok(KeyHolderState::Unsealed) => ProtoVaultState::Unsealed,
+                Err(SendError::HandlerError(Error::Internal)) => ProtoVaultState::Error,
+                Err(err) => {
+                    warn!(error = ?err, "Failed to query vault state");
+                    ProtoVaultState::Error
+                }
+            };
+            Ok(ClientResponsePayload::Vault(proto_vault::Response {
+                payload: Some(VaultResponsePayload::State(state.into())),
+            }))
+        }
+    }
+}

server/crates/arbiter-server/src/grpc/common.rs

@@ -0,0 +1,2 @@
+pub mod inbound;
+pub mod outbound;

server/crates/arbiter-server/src/grpc/common/inbound.rs

@@ -0,0 +1,35 @@
+use alloy::{consensus::TxEip1559, primitives::Address, rlp::Decodable as _};
+
+use crate::grpc::TryConvert;
+
+pub struct RawEvmAddress(pub Vec<u8>);
+impl TryConvert for RawEvmAddress {
+    type Output = Address;
+
+    type Error = tonic::Status;
+
+    fn try_convert(self) -> Result<Self::Output, Self::Error> {
+        let wallet_address = match <[u8; 20]>::try_from(self.0.as_slice()) {
+            Ok(address) => Address::from(address),
+            Err(_) => {
+                return Err(tonic::Status::invalid_argument(
+                    "Invalid EVM wallet address",
+                ));
+            }
+        };
+        Ok(wallet_address)
+    }
+}
+
+pub struct RawEvmTransaction(pub Vec<u8>);
+impl TryConvert for RawEvmTransaction {
+    type Output = TxEip1559;
+
+    type Error = tonic::Status;
+
+    fn try_convert(self) -> Result<Self::Output, Self::Error> {
+        let tx = TxEip1559::decode(&mut self.0.as_slice())
+            .map_err(|_| tonic::Status::invalid_argument("Invalid EVM transaction format"))?;
+        Ok(tx)
+    }
+}

server/crates/arbiter-server/src/grpc/common/outbound.rs

@@ -0,0 +1,125 @@
+use alloy::primitives::U256;
+use arbiter_proto::proto::{
+    evm::{
+        EvmError as ProtoEvmError,
+        evm_sign_transaction_response::Result as EvmSignTransactionResult,
+    },
+    shared::evm::{
+        EvalViolation as ProtoEvalViolation, GasLimitExceededViolation, NoMatchingGrantError,
+        PolicyViolationsError, SpecificMeaning as ProtoSpecificMeaning,
+        TokenInfo as ProtoTokenInfo, TransactionEvalError as ProtoTransactionEvalError,
+        eval_violation as proto_eval_violation, eval_violation::Kind as ProtoEvalViolationKind,
+        specific_meaning::Meaning as ProtoSpecificMeaningKind,
+        transaction_eval_error::Kind as ProtoTransactionEvalErrorKind,
+    },
+};
+
+use crate::{
+    evm::{
+        PolicyError, VetError,
+        policies::{EvalViolation, SpecificMeaning},
+    },
+    grpc::Convert,
+};
+
+fn u256_to_proto_bytes(value: U256) -> Vec<u8> {
+    value.to_be_bytes::<32>().to_vec()
+}
+
+impl Convert for SpecificMeaning {
+    type Output = ProtoSpecificMeaning;
+
+    fn convert(self) -> Self::Output {
+        let kind = match self {
+            SpecificMeaning::EtherTransfer(meaning) => ProtoSpecificMeaningKind::EtherTransfer(
+                arbiter_proto::proto::shared::evm::EtherTransferMeaning {
+                    to: meaning.to.to_vec(),
+                    value: u256_to_proto_bytes(meaning.value),
+                },
+            ),
+            SpecificMeaning::TokenTransfer(meaning) => ProtoSpecificMeaningKind::TokenTransfer(
+                arbiter_proto::proto::shared::evm::TokenTransferMeaning {
+                    token: Some(ProtoTokenInfo {
+                        symbol: meaning.token.symbol.to_string(),
+                        address: meaning.token.contract.to_vec(),
+                        chain_id: meaning.token.chain,
+                    }),
+                    to: meaning.to.to_vec(),
+                    value: u256_to_proto_bytes(meaning.value),
+                },
+            ),
+        };
+
+        ProtoSpecificMeaning {
+            meaning: Some(kind),
+        }
+    }
+}
+
+impl Convert for EvalViolation {
+    type Output = ProtoEvalViolation;
+
+    fn convert(self) -> Self::Output {
+        let kind = match self {
+            EvalViolation::InvalidTarget { target } => {
+                ProtoEvalViolationKind::InvalidTarget(target.to_vec())
+            }
+            EvalViolation::GasLimitExceeded {
+                max_gas_fee_per_gas,
+                max_priority_fee_per_gas,
+            } => ProtoEvalViolationKind::GasLimitExceeded(GasLimitExceededViolation {
+                max_gas_fee_per_gas: max_gas_fee_per_gas.map(u256_to_proto_bytes),
+                max_priority_fee_per_gas: max_priority_fee_per_gas.map(u256_to_proto_bytes),
+            }),
+            EvalViolation::RateLimitExceeded => ProtoEvalViolationKind::RateLimitExceeded(()),
+            EvalViolation::VolumetricLimitExceeded => {
+                ProtoEvalViolationKind::VolumetricLimitExceeded(())
+            }
+            EvalViolation::InvalidTime => ProtoEvalViolationKind::InvalidTime(()),
+            EvalViolation::InvalidTransactionType => {
+                ProtoEvalViolationKind::InvalidTransactionType(())
+            }
+            EvalViolation::MismatchingChainId { expected, actual } => {
+                ProtoEvalViolationKind::ChainIdMismatch(proto_eval_violation::ChainIdMismatch {
+                    expected,
+                    actual,
+                })
+            }
+        };
+
+        ProtoEvalViolation { kind: Some(kind) }
+    }
+}
+
+impl Convert for VetError {
+    type Output = EvmSignTransactionResult;
+
+    fn convert(self) -> Self::Output {
+        let kind = match self {
+            VetError::ContractCreationNotSupported => {
+                ProtoTransactionEvalErrorKind::ContractCreationNotSupported(())
+            }
+            VetError::UnsupportedTransactionType => {
+                ProtoTransactionEvalErrorKind::UnsupportedTransactionType(())
+            }
+            VetError::Evaluated(meaning, policy_error) => match policy_error {
+                PolicyError::NoMatchingGrant => {
+                    ProtoTransactionEvalErrorKind::NoMatchingGrant(NoMatchingGrantError {
+                        meaning: Some(meaning.convert()),
+                    })
+                }
+                PolicyError::Violations(violations) => {
+                    ProtoTransactionEvalErrorKind::PolicyViolations(PolicyViolationsError {
+                        meaning: Some(meaning.convert()),
+                        violations: violations.into_iter().map(Convert::convert).collect(),
+                    })
+                }
+                PolicyError::Database(_) | PolicyError::Integrity(_) => {
+                    return EvmSignTransactionResult::Error(ProtoEvmError::Internal.into());
+                }
+            },
+        };
+
+        EvmSignTransactionResult::EvalError(ProtoTransactionEvalError { kind: Some(kind) })
+    }
+}

server/crates/arbiter-server/src/grpc/mod.rs

@@ -14,10 +14,13 @@ use crate::{
     grpc::user_agent::start,
 };
 
-pub mod client;
 mod request_tracker;
+
+pub mod client;
 pub mod user_agent;
 
+mod common;
+
 pub trait Convert {
     type Output;
 

server/crates/arbiter-server/src/grpc/user_agent.rs

@@ -1,64 +1,29 @@
 use tokio::sync::mpsc;
 
 use arbiter_proto::{
-    proto::{
+    proto::user_agent::{
-        client::ClientInfo as ProtoClientMetadata,
+        UserAgentRequest, UserAgentResponse,
-        evm::{
-            EvmError as ProtoEvmError, EvmGrantCreateRequest, EvmGrantCreateResponse,
-            EvmGrantDeleteRequest, EvmGrantDeleteResponse, EvmGrantList, EvmGrantListResponse,
-            GrantEntry, WalletCreateResponse, WalletEntry, WalletList, WalletListResponse,
-            evm_grant_create_response::Result as EvmGrantCreateResult,
-            evm_grant_delete_response::Result as EvmGrantDeleteResult,
-            evm_grant_list_response::Result as EvmGrantListResult,
-            wallet_create_response::Result as WalletCreateResult,
-            wallet_list_response::Result as WalletListResult,
-        },
-        user_agent::{
-            BootstrapEncryptedKey as ProtoBootstrapEncryptedKey,
-            BootstrapResult as ProtoBootstrapResult, ListWalletAccessResponse,
-            SdkClientConnectionCancel as ProtoSdkClientConnectionCancel,
-            SdkClientConnectionRequest as ProtoSdkClientConnectionRequest,
-            SdkClientEntry as ProtoSdkClientEntry, SdkClientError as ProtoSdkClientError,
-            SdkClientGrantWalletAccess, SdkClientList as ProtoSdkClientList,
-            SdkClientListResponse as ProtoSdkClientListResponse, SdkClientRevokeWalletAccess,
-            SdkClientWalletAccess, UnsealEncryptedKey as ProtoUnsealEncryptedKey,
-            UnsealResult as ProtoUnsealResult, UnsealStart, UserAgentRequest, UserAgentResponse,
-            VaultState as ProtoVaultState,
-            sdk_client_list_response::Result as ProtoSdkClientListResult,
         user_agent_request::Payload as UserAgentRequestPayload,
         user_agent_response::Payload as UserAgentResponsePayload,
     },
-    },
     transport::{Error as TransportError, Receiver, Sender, grpc::GrpcBi},
 };
 use async_trait::async_trait;
-use kameo::{
+use kameo::actor::{ActorRef, Spawn as _};
-    actor::{ActorRef, Spawn as _},
-    error::SendError,
-};
 use tonic::Status;
 use tracing::{error, info, warn};
 
 use crate::{
-    actors::{
+    actors::user_agent::{OutOfBand, UserAgentConnection, UserAgentSession},
-        keyholder::KeyHolderState,
+    grpc::request_tracker::RequestTracker,
-        user_agent::{
-            OutOfBand, UserAgentConnection, UserAgentSession,
-            session::connection::{
-                BootstrapError, HandleBootstrapEncryptedKey, HandleEvmWalletCreate,
-                HandleEvmWalletList, HandleGrantCreate, HandleGrantDelete,
-                HandleGrantEvmWalletAccess, HandleGrantList, HandleListWalletAccess,
-                HandleNewClientApprove, HandleQueryVaultState, HandleRevokeEvmWalletAccess,
-                HandleSdkClientList, HandleUnsealEncryptedKey, HandleUnsealRequest, UnsealError,
-            },
-        },
-    },
-    db::models::{CoreEvmWalletAccess, NewEvmWalletAccess},
-    grpc::{Convert, TryConvert, request_tracker::RequestTracker},
 };
+
 mod auth;
+mod evm;
 mod inbound;
 mod outbound;
+mod sdk_client;
+mod vault;
 
 pub struct OutOfBandAdapter(mpsc::Sender<OutOfBand>);
 
@@ -86,23 +51,7 @@ async fn dispatch_loop(
                     return;
                 };
 
-                let payload = match oob {
+                let payload = sdk_client::out_of_band_payload(oob);
-                    OutOfBand::ClientConnectionRequest { profile } => {
-                        UserAgentResponsePayload::SdkClientConnectionRequest(ProtoSdkClientConnectionRequest {
-                            pubkey: profile.pubkey.to_bytes().to_vec(),
-                            info: Some(ProtoClientMetadata {
-                                name: profile.metadata.name,
-                                description: profile.metadata.description,
-                                version: profile.metadata.version,
-                            }),
-                        })
-                    }
-                    OutOfBand::ClientConnectionCancel { pubkey } => {
-                        UserAgentResponsePayload::SdkClientConnectionCancel(ProtoSdkClientConnectionCancel {
-                            pubkey: pubkey.to_bytes().to_vec(),
-                        })
-                    }
-                };
 
                 if bi.send(Ok(UserAgentResponse { id: None, payload: Some(payload) })).await.is_err() {
                     return;
@@ -158,287 +107,17 @@ async fn dispatch_inner(
     actor: &ActorRef<UserAgentSession>,
     payload: UserAgentRequestPayload,
 ) -> Result<Option<UserAgentResponsePayload>, Status> {
-    let response = match payload {
+    match payload {
-        UserAgentRequestPayload::UnsealStart(UnsealStart { client_pubkey }) => {
+        UserAgentRequestPayload::Vault(req) => vault::dispatch(actor, req).await,
-            let client_pubkey = <[u8; 32]>::try_from(client_pubkey)
+        UserAgentRequestPayload::Evm(req) => evm::dispatch(actor, req).await,
-                .map(x25519_dalek::PublicKey::from)
+        UserAgentRequestPayload::SdkClient(req) => sdk_client::dispatch(actor, req).await,
-                .map_err(|_| Status::invalid_argument("Invalid X25519 public key"))?;
+        UserAgentRequestPayload::Auth(..) => {
-
+            warn!("Unsupported post-auth user agent auth request");
-            let response = actor
+            Err(Status::invalid_argument("Unsupported user-agent request"))
-                .ask(HandleUnsealRequest { client_pubkey })
-                .await
-                .map_err(|err| {
-                    warn!(error = ?err, "Failed to handle unseal start request");
-                    Status::internal("Failed to start unseal flow")
-                })?;
-
-            UserAgentResponsePayload::UnsealStartResponse(
-                arbiter_proto::proto::user_agent::UnsealStartResponse {
-                    server_pubkey: response.server_pubkey.as_bytes().to_vec(),
-                },
-            )
-        }
-
-        UserAgentRequestPayload::UnsealEncryptedKey(ProtoUnsealEncryptedKey {
-            nonce,
-            ciphertext,
-            associated_data,
-        }) => {
-            let result = match actor
-                .ask(HandleUnsealEncryptedKey {
-                    nonce,
-                    ciphertext,
-                    associated_data,
-                })
-                .await
-            {
-                Ok(()) => ProtoUnsealResult::Success,
-                Err(SendError::HandlerError(UnsealError::InvalidKey)) => {
-                    ProtoUnsealResult::InvalidKey
-                }
-                Err(err) => {
-                    warn!(error = ?err, "Failed to handle unseal request");
-                    return Err(Status::internal("Failed to unseal vault"));
-                }
-            };
-            UserAgentResponsePayload::UnsealResult(result.into())
-        }
-
-        UserAgentRequestPayload::BootstrapEncryptedKey(ProtoBootstrapEncryptedKey {
-            nonce,
-            ciphertext,
-            associated_data,
-        }) => {
-            let result = match actor
-                .ask(HandleBootstrapEncryptedKey {
-                    nonce,
-                    ciphertext,
-                    associated_data,
-                })
-                .await
-            {
-                Ok(()) => ProtoBootstrapResult::Success,
-                Err(SendError::HandlerError(BootstrapError::InvalidKey)) => {
-                    ProtoBootstrapResult::InvalidKey
-                }
-                Err(SendError::HandlerError(BootstrapError::AlreadyBootstrapped)) => {
-                    ProtoBootstrapResult::AlreadyBootstrapped
-                }
-                Err(err) => {
-                    warn!(error = ?err, "Failed to handle bootstrap request");
-                    return Err(Status::internal("Failed to bootstrap vault"));
-                }
-            };
-            UserAgentResponsePayload::BootstrapResult(result.into())
-        }
-
-        UserAgentRequestPayload::QueryVaultState(_) => {
-            let state = match actor.ask(HandleQueryVaultState {}).await {
-                Ok(KeyHolderState::Unbootstrapped) => ProtoVaultState::Unbootstrapped,
-                Ok(KeyHolderState::Sealed) => ProtoVaultState::Sealed,
-                Ok(KeyHolderState::Unsealed) => ProtoVaultState::Unsealed,
-                Err(err) => {
-                    warn!(error = ?err, "Failed to query vault state");
-                    ProtoVaultState::Error
-                }
-            };
-            UserAgentResponsePayload::VaultState(state.into())
-        }
-
-        UserAgentRequestPayload::EvmWalletCreate(_) => {
-            let result = match actor.ask(HandleEvmWalletCreate {}).await {
-                Ok((wallet_id, address)) => WalletCreateResult::Wallet(WalletEntry {
-                    id: wallet_id,
-                    address: address.to_vec(),
-                }),
-                Err(err) => {
-                    warn!(error = ?err, "Failed to create EVM wallet");
-                    WalletCreateResult::Error(ProtoEvmError::Internal.into())
-                }
-            };
-            UserAgentResponsePayload::EvmWalletCreate(WalletCreateResponse {
-                result: Some(result),
-            })
-        }
-
-        UserAgentRequestPayload::EvmWalletList(_) => {
-            let result = match actor.ask(HandleEvmWalletList {}).await {
-                Ok(wallets) => WalletListResult::Wallets(WalletList {
-                    wallets: wallets
-                        .into_iter()
-                        .map(|(id, address)| WalletEntry {
-                            address: address.to_vec(),
-                            id,
-                        })
-                        .collect(),
-                }),
-                Err(err) => {
-                    warn!(error = ?err, "Failed to list EVM wallets");
-                    WalletListResult::Error(ProtoEvmError::Internal.into())
-                }
-            };
-            UserAgentResponsePayload::EvmWalletList(WalletListResponse {
-                result: Some(result),
-            })
-        }
-
-        UserAgentRequestPayload::EvmGrantList(_) => {
-            let result = match actor.ask(HandleGrantList {}).await {
-                Ok(grants) => EvmGrantListResult::Grants(EvmGrantList {
-                    grants: grants
-                        .into_iter()
-                        .map(|grant| GrantEntry {
-                            id: grant.id,
-                            wallet_access_id: grant.shared.wallet_access_id,
-                            shared: Some(grant.shared.convert()),
-                            specific: Some(grant.settings.convert()),
-                        })
-                        .collect(),
-                }),
-                Err(err) => {
-                    warn!(error = ?err, "Failed to list EVM grants");
-                    EvmGrantListResult::Error(ProtoEvmError::Internal.into())
-                }
-            };
-            UserAgentResponsePayload::EvmGrantList(EvmGrantListResponse {
-                result: Some(result),
-            })
-        }
-
-        UserAgentRequestPayload::EvmGrantCreate(EvmGrantCreateRequest { shared, specific }) => {
-            let basic = shared
-                .ok_or_else(|| Status::invalid_argument("Missing shared grant settings"))?
-                .try_convert()?;
-            let grant = specific
-                .ok_or_else(|| Status::invalid_argument("Missing specific grant settings"))?
-                .try_convert()?;
-
-            let result = match actor.ask(HandleGrantCreate { basic, grant }).await {
-                Ok(grant_id) => EvmGrantCreateResult::GrantId(grant_id),
-                Err(err) => {
-                    warn!(error = ?err, "Failed to create EVM grant");
-                    EvmGrantCreateResult::Error(ProtoEvmError::Internal.into())
-                }
-            };
-            UserAgentResponsePayload::EvmGrantCreate(EvmGrantCreateResponse {
-                result: Some(result),
-            })
-        }
-
-        UserAgentRequestPayload::EvmGrantDelete(EvmGrantDeleteRequest { grant_id }) => {
-            let result = match actor.ask(HandleGrantDelete { grant_id }).await {
-                Ok(()) => EvmGrantDeleteResult::Ok(()),
-                Err(err) => {
-                    warn!(error = ?err, "Failed to delete EVM grant");
-                    EvmGrantDeleteResult::Error(ProtoEvmError::Internal.into())
-                }
-            };
-            UserAgentResponsePayload::EvmGrantDelete(EvmGrantDeleteResponse {
-                result: Some(result),
-            })
-        }
-
-        UserAgentRequestPayload::SdkClientConnectionResponse(resp) => {
-            let pubkey_bytes = <[u8; 32]>::try_from(resp.pubkey)
-                .map_err(|_| Status::invalid_argument("Invalid Ed25519 public key length"))?;
-            let pubkey = ed25519_dalek::VerifyingKey::from_bytes(&pubkey_bytes)
-                .map_err(|_| Status::invalid_argument("Invalid Ed25519 public key"))?;
-
-            actor
-                .ask(HandleNewClientApprove {
-                    approved: resp.approved,
-                    pubkey,
-                })
-                .await
-                .map_err(|err| {
-                    warn!(?err, "Failed to process client connection response");
-                    Status::internal("Failed to process response")
-                })?;
-
-            return Ok(None);
-        }
-
-        UserAgentRequestPayload::SdkClientRevoke(_) => todo!(),
-
-        UserAgentRequestPayload::SdkClientList(_) => {
-            let result = match actor.ask(HandleSdkClientList {}).await {
-                Ok(clients) => ProtoSdkClientListResult::Clients(ProtoSdkClientList {
-                    clients: clients
-                        .into_iter()
-                        .map(|(client, metadata)| ProtoSdkClientEntry {
-                            id: client.id,
-                            pubkey: client.public_key,
-                            info: Some(ProtoClientMetadata {
-                                name: metadata.name,
-                                description: metadata.description,
-                                version: metadata.version,
-                            }),
-                            created_at: client.created_at.0.timestamp() as i32,
-                        })
-                        .collect(),
-                }),
-                Err(err) => {
-                    warn!(error = ?err, "Failed to list SDK clients");
-                    ProtoSdkClientListResult::Error(ProtoSdkClientError::Internal.into())
-                }
-            };
-            UserAgentResponsePayload::SdkClientListResponse(ProtoSdkClientListResponse {
-                result: Some(result),
-            })
-        }
-
-        UserAgentRequestPayload::GrantWalletAccess(SdkClientGrantWalletAccess { accesses }) => {
-            let entries: Vec<NewEvmWalletAccess> =
-                accesses.into_iter().map(|a| a.convert()).collect();
-
-            match actor.ask(HandleGrantEvmWalletAccess { entries }).await {
-                Ok(()) => {
-                    info!("Successfully granted wallet access");
-                    return Ok(None);
-                }
-                Err(err) => {
-                    warn!(error = ?err, "Failed to grant wallet access");
-                    return Err(Status::internal("Failed to grant wallet access"));
         }
     }
 }
 
-        UserAgentRequestPayload::RevokeWalletAccess(SdkClientRevokeWalletAccess { accesses }) => {
-            match actor.ask(HandleRevokeEvmWalletAccess { entries: accesses }).await {
-                Ok(()) => {
-                    info!("Successfully revoked wallet access");
-                    return Ok(None);
-                }
-                Err(err) => {
-                    warn!(error = ?err, "Failed to revoke wallet access");
-                    return Err(Status::internal("Failed to revoke wallet access"));
-                }
-            }
-        }
-
-        UserAgentRequestPayload::ListWalletAccess(_) => {
-            let result = match actor.ask(HandleListWalletAccess {}).await {
-                Ok(accesses) => ListWalletAccessResponse {
-                    accesses: accesses.into_iter().map(|a| a.convert()).collect(),
-                },
-                Err(err) => {
-                    warn!(error = ?err, "Failed to list wallet access");
-                    return Err(Status::internal("Failed to list wallet access"));
-                }
-            };
-            UserAgentResponsePayload::ListWalletAccessResponse(result)
-        }
-
-        UserAgentRequestPayload::AuthChallengeRequest(..)
-        | UserAgentRequestPayload::AuthChallengeSolution(..) => {
-            warn!(?payload, "Unsupported post-auth user agent request");
-            return Err(Status::invalid_argument("Unsupported user-agent request"));
-        }
-    };
-
-    Ok(Some(response))
-}
-
 pub async fn start(
     mut conn: UserAgentConnection,
     mut bi: GrpcBi<UserAgentRequest, UserAgentResponse>,

server/crates/arbiter-server/src/grpc/user_agent/auth.rs

@@ -1,8 +1,13 @@
+use arbiter_crypto::authn;
 use arbiter_proto::{
     proto::user_agent::{
-        AuthChallenge as ProtoAuthChallenge, AuthChallengeRequest as ProtoAuthChallengeRequest,
+        UserAgentRequest, UserAgentResponse,
+        auth::{
+            self as proto_auth, AuthChallenge as ProtoAuthChallenge,
+            AuthChallengeRequest as ProtoAuthChallengeRequest,
             AuthChallengeSolution as ProtoAuthChallengeSolution, AuthResult as ProtoAuthResult,
-        KeyType as ProtoKeyType, UserAgentRequest, UserAgentResponse,
+            request::Payload as AuthRequestPayload, response::Payload as AuthResponsePayload,
+        },
         user_agent_request::Payload as UserAgentRequestPayload,
         user_agent_response::Payload as UserAgentResponsePayload,
     },
@@ -13,8 +18,7 @@ use tonic::Status;
 use tracing::warn;
 
 use crate::{
-    actors::user_agent::{AuthPublicKey, UserAgentConnection, auth},
+    actors::user_agent::{UserAgentConnection, auth},
-    db::models::KeyType,
     grpc::request_tracker::RequestTracker,
 };
 
@@ -36,12 +40,14 @@ impl<'a> AuthTransportAdapter<'a> {
 
     async fn send_user_agent_response(
         &mut self,
-        payload: UserAgentResponsePayload,
+        payload: AuthResponsePayload,
     ) -> Result<(), TransportError> {
         self.bi
             .send(Ok(UserAgentResponse {
                 id: Some(self.request_tracker.current_request_id()),
+                payload: Some(UserAgentResponsePayload::Auth(proto_auth::Response {
                     payload: Some(payload),
+                })),
             }))
             .await
     }
@@ -56,19 +62,19 @@ impl Sender<Result<auth::Outbound, auth::Error>> for AuthTransportAdapter<'_> {
         use auth::{Error, Outbound};
         let payload = match item {
             Ok(Outbound::AuthChallenge { nonce }) => {
-                UserAgentResponsePayload::AuthChallenge(ProtoAuthChallenge { nonce })
+                AuthResponsePayload::Challenge(ProtoAuthChallenge { nonce })
             }
             Ok(Outbound::AuthSuccess) => {
-                UserAgentResponsePayload::AuthResult(ProtoAuthResult::Success.into())
+                AuthResponsePayload::Result(ProtoAuthResult::Success.into())
             }
             Err(Error::UnregisteredPublicKey) => {
-                UserAgentResponsePayload::AuthResult(ProtoAuthResult::InvalidKey.into())
+                AuthResponsePayload::Result(ProtoAuthResult::InvalidKey.into())
             }
             Err(Error::InvalidChallengeSolution) => {
-                UserAgentResponsePayload::AuthResult(ProtoAuthResult::InvalidSignature.into())
+                AuthResponsePayload::Result(ProtoAuthResult::InvalidSignature.into())
             }
             Err(Error::InvalidBootstrapToken) => {
-                UserAgentResponsePayload::AuthResult(ProtoAuthResult::TokenInvalid.into())
+                AuthResponsePayload::Result(ProtoAuthResult::TokenInvalid.into())
             }
             Err(Error::Internal { details }) => {
                 return self.bi.send(Err(Status::internal(details))).await;
@@ -112,32 +118,31 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
             return None;
         };
 
+        let UserAgentRequestPayload::Auth(auth_request) = payload else {
+            let _ = self
+                .bi
+                .send(Err(Status::invalid_argument(
+                    "Unsupported user-agent auth request",
+                )))
+                .await;
+            return None;
+        };
+
+        let Some(payload) = auth_request.payload else {
+            warn!(
+                event = "received auth request with empty payload",
+                "grpc.useragent.auth_adapter"
+            );
+            return None;
+        };
+
         match payload {
-            UserAgentRequestPayload::AuthChallengeRequest(ProtoAuthChallengeRequest {
+            AuthRequestPayload::ChallengeRequest(ProtoAuthChallengeRequest {
                 pubkey,
                 bootstrap_token,
-                key_type,
+                key_type: _,
             }) => {
-                let Ok(key_type) = ProtoKeyType::try_from(key_type) else {
+                let Ok(pubkey) = authn::PublicKey::try_from(pubkey.as_slice()) else {
-                    warn!(
-                        event = "received request with invalid key type",
-                        "grpc.useragent.auth_adapter"
-                    );
-                    return None;
-                };
-                let key_type = match key_type {
-                    ProtoKeyType::Ed25519 => KeyType::Ed25519,
-                    ProtoKeyType::EcdsaSecp256k1 => KeyType::EcdsaSecp256k1,
-                    ProtoKeyType::Rsa => KeyType::Rsa,
-                    ProtoKeyType::Unspecified => {
-                        warn!(
-                            event = "received request with unspecified key type",
-                            "grpc.useragent.auth_adapter"
-                        );
-                        return None;
-                    }
-                };
-                let Ok(pubkey) = AuthPublicKey::try_from((key_type, pubkey)) else {
                     warn!(
                         event = "received request with invalid public key",
                         "grpc.useragent.auth_adapter"
@@ -150,17 +155,8 @@ impl Receiver<auth::Inbound> for AuthTransportAdapter<'_> {
                     bootstrap_token,
                 })
             }
-            UserAgentRequestPayload::AuthChallengeSolution(ProtoAuthChallengeSolution {
+            AuthRequestPayload::ChallengeSolution(ProtoAuthChallengeSolution { signature }) => {
-                signature,
+                Some(auth::Inbound::AuthChallengeSolution { signature })
-            }) => Some(auth::Inbound::AuthChallengeSolution { signature }),
-            _ => {
-                let _ = self
-                    .bi
-                    .send(Err(Status::invalid_argument(
-                        "Unsupported user-agent auth request",
-                    )))
-                    .await;
-                None
             }
         }
     }
@@ -172,7 +168,7 @@ pub async fn start(
     conn: &mut UserAgentConnection,
     bi: &mut GrpcBi<UserAgentRequest, UserAgentResponse>,
     request_tracker: &mut RequestTracker,
-) -> Result<AuthPublicKey, auth::Error> {
+) -> Result<authn::PublicKey, auth::Error> {
     let transport = AuthTransportAdapter::new(bi, request_tracker);
     auth::authenticate(conn, transport).await
 }

server/crates/arbiter-server/src/grpc/user_agent/evm.rs

@@ -0,0 +1,240 @@
+use arbiter_proto::proto::{
+    evm::{
+        EvmError as ProtoEvmError, EvmGrantCreateRequest, EvmGrantCreateResponse,
+        EvmGrantDeleteRequest, EvmGrantDeleteResponse, EvmGrantList, EvmGrantListResponse,
+        EvmSignTransactionResponse, GrantEntry, WalletCreateResponse, WalletEntry, WalletList,
+        WalletListResponse, evm_grant_create_response::Result as EvmGrantCreateResult,
+        evm_grant_delete_response::Result as EvmGrantDeleteResult,
+        evm_grant_list_response::Result as EvmGrantListResult,
+        evm_sign_transaction_response::Result as EvmSignTransactionResult,
+        wallet_create_response::Result as WalletCreateResult,
+        wallet_list_response::Result as WalletListResult,
+    },
+    user_agent::{
+        evm::{
+            self as proto_evm, SignTransactionRequest as ProtoSignTransactionRequest,
+            request::Payload as EvmRequestPayload, response::Payload as EvmResponsePayload,
+        },
+        user_agent_response::Payload as UserAgentResponsePayload,
+    },
+};
+use kameo::actor::ActorRef;
+use tonic::Status;
+use tracing::warn;
+
+use crate::{
+    actors::user_agent::{
+        UserAgentSession,
+        session::connection::{
+            GrantMutationError, HandleEvmWalletCreate, HandleEvmWalletList, HandleGrantCreate,
+            HandleGrantDelete, HandleGrantList, HandleSignTransaction,
+            SignTransactionError as SessionSignTransactionError,
+        },
+    },
+    grpc::{
+        Convert, TryConvert,
+        common::inbound::{RawEvmAddress, RawEvmTransaction},
+    },
+};
+
+fn wrap_evm_response(payload: EvmResponsePayload) -> UserAgentResponsePayload {
+    UserAgentResponsePayload::Evm(proto_evm::Response {
+        payload: Some(payload),
+    })
+}
+
+pub(super) async fn dispatch(
+    actor: &ActorRef<UserAgentSession>,
+    req: proto_evm::Request,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let Some(payload) = req.payload else {
+        return Err(Status::invalid_argument("Missing EVM request payload"));
+    };
+
+    match payload {
+        EvmRequestPayload::WalletCreate(_) => handle_wallet_create(actor).await,
+        EvmRequestPayload::WalletList(_) => handle_wallet_list(actor).await,
+        EvmRequestPayload::GrantCreate(req) => handle_grant_create(actor, req).await,
+        EvmRequestPayload::GrantDelete(req) => handle_grant_delete(actor, req).await,
+        EvmRequestPayload::GrantList(_) => handle_grant_list(actor).await,
+        EvmRequestPayload::SignTransaction(req) => handle_sign_transaction(actor, req).await,
+    }
+}
+
+async fn handle_wallet_create(
+    actor: &ActorRef<UserAgentSession>,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor.ask(HandleEvmWalletCreate {}).await {
+        Ok((wallet_id, address)) => WalletCreateResult::Wallet(WalletEntry {
+            id: wallet_id,
+            address: address.to_vec(),
+        }),
+        Err(err) => {
+            warn!(error = ?err, "Failed to create EVM wallet");
+            WalletCreateResult::Error(ProtoEvmError::Internal.into())
+        }
+    };
+    Ok(Some(wrap_evm_response(EvmResponsePayload::WalletCreate(
+        WalletCreateResponse {
+            result: Some(result),
+        },
+    ))))
+}
+
+async fn handle_wallet_list(
+    actor: &ActorRef<UserAgentSession>,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor.ask(HandleEvmWalletList {}).await {
+        Ok(wallets) => WalletListResult::Wallets(WalletList {
+            wallets: wallets
+                .into_iter()
+                .map(|(id, address)| WalletEntry {
+                    address: address.to_vec(),
+                    id,
+                })
+                .collect(),
+        }),
+        Err(err) => {
+            warn!(error = ?err, "Failed to list EVM wallets");
+            WalletListResult::Error(ProtoEvmError::Internal.into())
+        }
+    };
+    Ok(Some(wrap_evm_response(EvmResponsePayload::WalletList(
+        WalletListResponse {
+            result: Some(result),
+        },
+    ))))
+}
+
+async fn handle_grant_list(
+    actor: &ActorRef<UserAgentSession>,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor.ask(HandleGrantList {}).await {
+        Ok(grants) => EvmGrantListResult::Grants(EvmGrantList {
+            grants: grants
+                .into_iter()
+                .map(|grant| GrantEntry {
+                    id: grant.common_settings_id,
+                    wallet_access_id: grant.settings.shared.wallet_access_id,
+                    shared: Some(grant.settings.shared.convert()),
+                    specific: Some(grant.settings.specific.convert()),
+                })
+                .collect(),
+        }),
+        Err(err) => {
+            warn!(error = ?err, "Failed to list EVM grants");
+            EvmGrantListResult::Error(ProtoEvmError::Internal.into())
+        }
+    };
+    Ok(Some(wrap_evm_response(EvmResponsePayload::GrantList(
+        EvmGrantListResponse {
+            result: Some(result),
+        },
+    ))))
+}
+
+async fn handle_grant_create(
+    actor: &ActorRef<UserAgentSession>,
+    req: EvmGrantCreateRequest,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let basic = req
+        .shared
+        .ok_or_else(|| Status::invalid_argument("Missing shared grant settings"))?
+        .try_convert()?;
+    let grant = req
+        .specific
+        .ok_or_else(|| Status::invalid_argument("Missing specific grant settings"))?
+        .try_convert()?;
+
+    let result = match actor.ask(HandleGrantCreate { basic, grant }).await {
+        Ok(grant_id) => EvmGrantCreateResult::GrantId(grant_id),
+        Err(kameo::error::SendError::HandlerError(GrantMutationError::VaultSealed)) => {
+            EvmGrantCreateResult::Error(ProtoEvmError::VaultSealed.into())
+        }
+        Err(err) => {
+            warn!(error = ?err, "Failed to create EVM grant");
+            EvmGrantCreateResult::Error(ProtoEvmError::Internal.into())
+        }
+    };
+    Ok(Some(wrap_evm_response(EvmResponsePayload::GrantCreate(
+        EvmGrantCreateResponse {
+            result: Some(result),
+        },
+    ))))
+}
+
+async fn handle_grant_delete(
+    actor: &ActorRef<UserAgentSession>,
+    req: EvmGrantDeleteRequest,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor
+        .ask(HandleGrantDelete {
+            grant_id: req.grant_id,
+        })
+        .await
+    {
+        Ok(()) => EvmGrantDeleteResult::Ok(()),
+        Err(kameo::error::SendError::HandlerError(GrantMutationError::VaultSealed)) => {
+            EvmGrantDeleteResult::Error(ProtoEvmError::VaultSealed.into())
+        }
+        Err(err) => {
+            warn!(error = ?err, "Failed to delete EVM grant");
+            EvmGrantDeleteResult::Error(ProtoEvmError::Internal.into())
+        }
+    };
+    Ok(Some(wrap_evm_response(EvmResponsePayload::GrantDelete(
+        EvmGrantDeleteResponse {
+            result: Some(result),
+        },
+    ))))
+}
+
+async fn handle_sign_transaction(
+    actor: &ActorRef<UserAgentSession>,
+    req: ProtoSignTransactionRequest,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let request = req
+        .request
+        .ok_or_else(|| Status::invalid_argument("Missing sign transaction request"))?;
+    let wallet_address = RawEvmAddress(request.wallet_address).try_convert()?;
+    let transaction = RawEvmTransaction(request.rlp_transaction).try_convert()?;
+
+    let response = match actor
+        .ask(HandleSignTransaction {
+            client_id: req.client_id,
+            wallet_address,
+            transaction,
+        })
+        .await
+    {
+        Ok(signature) => EvmSignTransactionResponse {
+            result: Some(EvmSignTransactionResult::Signature(
+                signature.as_bytes().to_vec(),
+            )),
+        },
+        Err(kameo::error::SendError::HandlerError(SessionSignTransactionError::Vet(vet_error))) => {
+            EvmSignTransactionResponse {
+                result: Some(vet_error.convert()),
+            }
+        }
+        Err(kameo::error::SendError::HandlerError(SessionSignTransactionError::Internal)) => {
+            EvmSignTransactionResponse {
+                result: Some(EvmSignTransactionResult::Error(
+                    ProtoEvmError::Internal.into(),
+                )),
+            }
+        }
+        Err(err) => {
+            warn!(error = ?err, "Failed to sign EVM transaction");
+            EvmSignTransactionResponse {
+                result: Some(EvmSignTransactionResult::Error(
+                    ProtoEvmError::Internal.into(),
+                )),
+            }
+        }
+    };
+
+    Ok(Some(wrap_evm_response(
+        EvmResponsePayload::SignTransaction(response),
+    )))
+}

server/crates/arbiter-server/src/grpc/user_agent/inbound.rs

@@ -5,12 +5,14 @@ use arbiter_proto::proto::evm::{
     TransactionRateLimit as ProtoTransactionRateLimit, VolumeRateLimit as ProtoVolumeRateLimit,
     specific_grant::Grant as ProtoSpecificGrantType,
 };
-use arbiter_proto::proto::user_agent::{SdkClientWalletAccess, WalletAccess};
+use arbiter_proto::proto::user_agent::sdk_client::{
+    WalletAccess, WalletAccessEntry as SdkClientWalletAccess,
+};
 use chrono::{DateTime, TimeZone, Utc};
 use prost_types::Timestamp as ProtoTimestamp;
 use tonic::Status;
 
-use crate::db::models::{CoreEvmWalletAccess, NewEvmWallet, NewEvmWalletAccess};
+use crate::db::models::{CoreEvmWalletAccess, NewEvmWalletAccess};
 use crate::grpc::Convert;
 use crate::{
     evm::policies::{

server/crates/arbiter-server/src/grpc/user_agent/outbound.rs

@@ -5,7 +5,7 @@ use arbiter_proto::proto::{
         TransactionRateLimit as ProtoTransactionRateLimit, VolumeRateLimit as ProtoVolumeRateLimit,
         specific_grant::Grant as ProtoSpecificGrantType,
     },
-    user_agent::{SdkClientWalletAccess as ProtoSdkClientWalletAccess, WalletAccess},
+    user_agent::sdk_client::{WalletAccess, WalletAccessEntry as ProtoSdkClientWalletAccess},
 };
 use chrono::{DateTime, Utc};
 use prost_types::Timestamp as ProtoTimestamp;

server/crates/arbiter-server/src/grpc/user_agent/sdk_client.rs

@@ -0,0 +1,193 @@
+use arbiter_crypto::authn;
+use arbiter_proto::proto::{
+    shared::ClientInfo as ProtoClientMetadata,
+    user_agent::{
+        sdk_client::{
+            self as proto_sdk_client, ConnectionCancel as ProtoSdkClientConnectionCancel,
+            ConnectionRequest as ProtoSdkClientConnectionRequest,
+            ConnectionResponse as ProtoSdkClientConnectionResponse, Entry as ProtoSdkClientEntry,
+            Error as ProtoSdkClientError, GrantWalletAccess as ProtoSdkClientGrantWalletAccess,
+            List as ProtoSdkClientList, ListResponse as ProtoSdkClientListResponse,
+            ListWalletAccessResponse, RevokeWalletAccess as ProtoSdkClientRevokeWalletAccess,
+            list_response::Result as ProtoSdkClientListResult,
+            request::Payload as SdkClientRequestPayload,
+            response::Payload as SdkClientResponsePayload,
+        },
+        user_agent_response::Payload as UserAgentResponsePayload,
+    },
+};
+use kameo::actor::ActorRef;
+use tonic::Status;
+use tracing::{info, warn};
+
+use crate::{
+    actors::user_agent::{
+        OutOfBand, UserAgentSession,
+        session::connection::{
+            HandleGrantEvmWalletAccess, HandleListWalletAccess, HandleNewClientApprove,
+            HandleRevokeEvmWalletAccess, HandleSdkClientList,
+        },
+    },
+    db::models::NewEvmWalletAccess,
+    grpc::Convert,
+};
+
+fn wrap_sdk_client_response(payload: SdkClientResponsePayload) -> UserAgentResponsePayload {
+    UserAgentResponsePayload::SdkClient(proto_sdk_client::Response {
+        payload: Some(payload),
+    })
+}
+
+pub(super) fn out_of_band_payload(oob: OutOfBand) -> UserAgentResponsePayload {
+    match oob {
+        OutOfBand::ClientConnectionRequest { profile } => wrap_sdk_client_response(
+            SdkClientResponsePayload::ConnectionRequest(ProtoSdkClientConnectionRequest {
+                pubkey: profile.pubkey.to_bytes(),
+                info: Some(ProtoClientMetadata {
+                    name: profile.metadata.name,
+                    description: profile.metadata.description,
+                    version: profile.metadata.version,
+                }),
+            }),
+        ),
+        OutOfBand::ClientConnectionCancel { pubkey } => wrap_sdk_client_response(
+            SdkClientResponsePayload::ConnectionCancel(ProtoSdkClientConnectionCancel {
+                pubkey: pubkey.to_bytes(),
+            }),
+        ),
+    }
+}
+
+pub(super) async fn dispatch(
+    actor: &ActorRef<UserAgentSession>,
+    req: proto_sdk_client::Request,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let Some(payload) = req.payload else {
+        return Err(Status::invalid_argument(
+            "Missing SDK client request payload",
+        ));
+    };
+
+    match payload {
+        SdkClientRequestPayload::ConnectionResponse(resp) => {
+            handle_connection_response(actor, resp).await
+        }
+        SdkClientRequestPayload::Revoke(_) => Err(Status::unimplemented(
+            "SdkClientRevoke is not yet implemented",
+        )),
+        SdkClientRequestPayload::List(_) => handle_list(actor).await,
+        SdkClientRequestPayload::GrantWalletAccess(req) => {
+            handle_grant_wallet_access(actor, req).await
+        }
+        SdkClientRequestPayload::RevokeWalletAccess(req) => {
+            handle_revoke_wallet_access(actor, req).await
+        }
+        SdkClientRequestPayload::ListWalletAccess(_) => handle_list_wallet_access(actor).await,
+    }
+}
+
+async fn handle_connection_response(
+    actor: &ActorRef<UserAgentSession>,
+    resp: ProtoSdkClientConnectionResponse,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let pubkey = authn::PublicKey::try_from(resp.pubkey.as_slice())
+        .map_err(|_| Status::invalid_argument("Invalid ML-DSA public key"))?;
+
+    actor
+        .ask(HandleNewClientApprove {
+            approved: resp.approved,
+            pubkey,
+        })
+        .await
+        .map_err(|err| {
+            warn!(?err, "Failed to process client connection response");
+            Status::internal("Failed to process response")
+        })?;
+
+    Ok(None)
+}
+
+async fn handle_list(
+    actor: &ActorRef<UserAgentSession>,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor.ask(HandleSdkClientList {}).await {
+        Ok(clients) => ProtoSdkClientListResult::Clients(ProtoSdkClientList {
+            clients: clients
+                .into_iter()
+                .map(|(client, metadata)| ProtoSdkClientEntry {
+                    id: client.id,
+                    pubkey: client.public_key.to_vec(),
+                    info: Some(ProtoClientMetadata {
+                        name: metadata.name,
+                        description: metadata.description,
+                        version: metadata.version,
+                    }),
+                    created_at: client.created_at.0.timestamp() as i32,
+                })
+                .collect(),
+        }),
+        Err(err) => {
+            warn!(error = ?err, "Failed to list SDK clients");
+            ProtoSdkClientListResult::Error(ProtoSdkClientError::Internal.into())
+        }
+    };
+    Ok(Some(wrap_sdk_client_response(
+        SdkClientResponsePayload::List(ProtoSdkClientListResponse {
+            result: Some(result),
+        }),
+    )))
+}
+
+async fn handle_grant_wallet_access(
+    actor: &ActorRef<UserAgentSession>,
+    req: ProtoSdkClientGrantWalletAccess,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let entries: Vec<NewEvmWalletAccess> = req.accesses.into_iter().map(|a| a.convert()).collect();
+    match actor.ask(HandleGrantEvmWalletAccess { entries }).await {
+        Ok(()) => {
+            info!("Successfully granted wallet access");
+            Ok(None)
+        }
+        Err(err) => {
+            warn!(error = ?err, "Failed to grant wallet access");
+            Err(Status::internal("Failed to grant wallet access"))
+        }
+    }
+}
+
+async fn handle_revoke_wallet_access(
+    actor: &ActorRef<UserAgentSession>,
+    req: ProtoSdkClientRevokeWalletAccess,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    match actor
+        .ask(HandleRevokeEvmWalletAccess {
+            entries: req.accesses,
+        })
+        .await
+    {
+        Ok(()) => {
+            info!("Successfully revoked wallet access");
+            Ok(None)
+        }
+        Err(err) => {
+            warn!(error = ?err, "Failed to revoke wallet access");
+            Err(Status::internal("Failed to revoke wallet access"))
+        }
+    }
+}
+
+async fn handle_list_wallet_access(
+    actor: &ActorRef<UserAgentSession>,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    match actor.ask(HandleListWalletAccess {}).await {
+        Ok(accesses) => Ok(Some(wrap_sdk_client_response(
+            SdkClientResponsePayload::ListWalletAccess(ListWalletAccessResponse {
+                accesses: accesses.into_iter().map(|a| a.convert()).collect(),
+            }),
+        ))),
+        Err(err) => {
+            warn!(error = ?err, "Failed to list wallet access");
+            Err(Status::internal("Failed to list wallet access"))
+        }
+    }
+}

server/crates/arbiter-server/src/grpc/user_agent/vault.rs

@@ -0,0 +1,180 @@
+use arbiter_proto::proto::shared::VaultState as ProtoVaultState;
+use arbiter_proto::proto::user_agent::{
+    user_agent_response::Payload as UserAgentResponsePayload,
+    vault::{
+        self as proto_vault,
+        bootstrap::{
+            self as proto_bootstrap, BootstrapEncryptedKey as ProtoBootstrapEncryptedKey,
+            BootstrapResult as ProtoBootstrapResult,
+        },
+        request::Payload as VaultRequestPayload,
+        response::Payload as VaultResponsePayload,
+        unseal::{
+            self as proto_unseal, UnsealEncryptedKey as ProtoUnsealEncryptedKey,
+            UnsealResult as ProtoUnsealResult, UnsealStart,
+            request::Payload as UnsealRequestPayload, response::Payload as UnsealResponsePayload,
+        },
+    },
+};
+use kameo::{actor::ActorRef, error::SendError};
+use tonic::Status;
+use tracing::warn;
+
+use crate::actors::{
+    keyholder::KeyHolderState,
+    user_agent::{
+        UserAgentSession,
+        session::connection::{
+            BootstrapError, HandleBootstrapEncryptedKey, HandleQueryVaultState,
+            HandleUnsealEncryptedKey, HandleUnsealRequest, UnsealError,
+        },
+    },
+};
+
+fn wrap_vault_response(payload: VaultResponsePayload) -> UserAgentResponsePayload {
+    UserAgentResponsePayload::Vault(proto_vault::Response {
+        payload: Some(payload),
+    })
+}
+
+fn wrap_unseal_response(payload: UnsealResponsePayload) -> UserAgentResponsePayload {
+    wrap_vault_response(VaultResponsePayload::Unseal(proto_unseal::Response {
+        payload: Some(payload),
+    }))
+}
+
+fn wrap_bootstrap_response(result: ProtoBootstrapResult) -> UserAgentResponsePayload {
+    wrap_vault_response(VaultResponsePayload::Bootstrap(proto_bootstrap::Response {
+        result: result.into(),
+    }))
+}
+
+pub(super) async fn dispatch(
+    actor: &ActorRef<UserAgentSession>,
+    req: proto_vault::Request,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let Some(payload) = req.payload else {
+        return Err(Status::invalid_argument("Missing vault request payload"));
+    };
+
+    match payload {
+        VaultRequestPayload::QueryState(_) => handle_query_vault_state(actor).await,
+        VaultRequestPayload::Unseal(req) => dispatch_unseal_request(actor, req).await,
+        VaultRequestPayload::Bootstrap(req) => handle_bootstrap_request(actor, req).await,
+    }
+}
+
+async fn dispatch_unseal_request(
+    actor: &ActorRef<UserAgentSession>,
+    req: proto_unseal::Request,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let Some(payload) = req.payload else {
+        return Err(Status::invalid_argument("Missing unseal request payload"));
+    };
+
+    match payload {
+        UnsealRequestPayload::Start(req) => handle_unseal_start(actor, req).await,
+        UnsealRequestPayload::EncryptedKey(req) => handle_unseal_encrypted_key(actor, req).await,
+    }
+}
+
+async fn handle_unseal_start(
+    actor: &ActorRef<UserAgentSession>,
+    req: UnsealStart,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let client_pubkey = <[u8; 32]>::try_from(req.client_pubkey)
+        .map(x25519_dalek::PublicKey::from)
+        .map_err(|_| Status::invalid_argument("Invalid X25519 public key"))?;
+
+    let response = actor
+        .ask(HandleUnsealRequest { client_pubkey })
+        .await
+        .map_err(|err| {
+            warn!(error = ?err, "Failed to handle unseal start request");
+            Status::internal("Failed to start unseal flow")
+        })?;
+
+    Ok(Some(wrap_unseal_response(UnsealResponsePayload::Start(
+        proto_unseal::UnsealStartResponse {
+            server_pubkey: response.server_pubkey.as_bytes().to_vec(),
+        },
+    ))))
+}
+
+async fn handle_unseal_encrypted_key(
+    actor: &ActorRef<UserAgentSession>,
+    req: ProtoUnsealEncryptedKey,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor
+        .ask(HandleUnsealEncryptedKey {
+            nonce: req.nonce,
+            ciphertext: req.ciphertext,
+            associated_data: req.associated_data,
+        })
+        .await
+    {
+        Ok(()) => ProtoUnsealResult::Success,
+        Err(SendError::HandlerError(UnsealError::InvalidKey)) => ProtoUnsealResult::InvalidKey,
+        Err(err) => {
+            warn!(error = ?err, "Failed to handle unseal request");
+            return Err(Status::internal("Failed to unseal vault"));
+        }
+    };
+    Ok(Some(wrap_unseal_response(UnsealResponsePayload::Result(
+        result.into(),
+    ))))
+}
+
+async fn handle_bootstrap_request(
+    actor: &ActorRef<UserAgentSession>,
+    req: proto_bootstrap::Request,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let encrypted_key = req
+        .encrypted_key
+        .ok_or_else(|| Status::invalid_argument("Missing bootstrap encrypted key"))?;
+    handle_bootstrap_encrypted_key(actor, encrypted_key).await
+}
+
+async fn handle_bootstrap_encrypted_key(
+    actor: &ActorRef<UserAgentSession>,
+    req: ProtoBootstrapEncryptedKey,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let result = match actor
+        .ask(HandleBootstrapEncryptedKey {
+            nonce: req.nonce,
+            ciphertext: req.ciphertext,
+            associated_data: req.associated_data,
+        })
+        .await
+    {
+        Ok(()) => ProtoBootstrapResult::Success,
+        Err(SendError::HandlerError(BootstrapError::InvalidKey)) => {
+            ProtoBootstrapResult::InvalidKey
+        }
+        Err(SendError::HandlerError(BootstrapError::AlreadyBootstrapped)) => {
+            ProtoBootstrapResult::AlreadyBootstrapped
+        }
+        Err(err) => {
+            warn!(error = ?err, "Failed to handle bootstrap request");
+            return Err(Status::internal("Failed to bootstrap vault"));
+        }
+    };
+    Ok(Some(wrap_bootstrap_response(result)))
+}
+
+async fn handle_query_vault_state(
+    actor: &ActorRef<UserAgentSession>,
+) -> Result<Option<UserAgentResponsePayload>, Status> {
+    let state = match actor.ask(HandleQueryVaultState {}).await {
+        Ok(KeyHolderState::Unbootstrapped) => ProtoVaultState::Unbootstrapped,
+        Ok(KeyHolderState::Sealed) => ProtoVaultState::Sealed,
+        Ok(KeyHolderState::Unsealed) => ProtoVaultState::Unsealed,
+        Err(err) => {
+            warn!(error = ?err, "Failed to query vault state");
+            ProtoVaultState::Error
+        }
+    };
+    Ok(Some(wrap_vault_response(VaultResponsePayload::State(
+        state.into(),
+    ))))
+}

server/crates/arbiter-server/src/lib.rs

@@ -3,10 +3,10 @@ use crate::context::ServerContext;
 
 pub mod actors;
 pub mod context;
+pub mod crypto;
 pub mod db;
 pub mod evm;
 pub mod grpc;
-pub mod safe_cell;
 pub mod utils;
 
 pub struct Server {

server/crates/arbiter-server/src/main.rs

@@ -1,8 +1,8 @@
 use std::net::SocketAddr;
 
+use anyhow::anyhow;
 use arbiter_proto::{proto::arbiter_service_server::ArbiterServiceServer, url::ArbiterUrl};
 use arbiter_server::{Server, actors::bootstrap::GetToken, context::ServerContext, db};
-use miette::miette;
 use rustls::crypto::aws_lc_rs;
 use tonic::transport::{Identity, ServerTlsConfig};
 use tracing::info;
@@ -10,7 +10,8 @@ use tracing::info;
 const PORT: u16 = 50051;
 
 #[tokio::main]
-async fn main() -> miette::Result<()> {
+#[mutants::skip]
+async fn main() -> anyhow::Result<()> {
     aws_lc_rs::default_provider().install_default().unwrap();
 
     tracing_subscriber::fmt()
@@ -46,11 +47,11 @@ async fn main() -> miette::Result<()> {
 
     tonic::transport::Server::builder()
         .tls_config(tls)
-        .map_err(|err| miette!("Faild to setup TLS: {err}"))?
+        .map_err(|err| anyhow!("Failed to setup TLS: {err}"))?
         .add_service(ArbiterServiceServer::new(Server::new(context)))
         .serve(addr)
         .await
-        .map_err(|e| miette::miette!("gRPC server error: {e}"))?;
+        .map_err(|e| anyhow!("gRPC server error: {e}"))?;
 
     unreachable!("gRPC server should run indefinitely");
 }

server/crates/arbiter-server/tests/client/auth.rs

@@ -1,13 +1,21 @@
+use arbiter_crypto::{
+    authn::{self, CLIENT_CONTEXT, format_challenge},
+    safecell::{SafeCell, SafeCellHandle as _},
+};
 use arbiter_proto::ClientMetadata;
 use arbiter_proto::transport::{Receiver, Sender};
-use arbiter_server::actors::GlobalActors;
 use arbiter_server::{
-    actors::client::{ClientConnection, auth, connect_client},
+    actors::{
-    db,
+        GlobalActors,
+        client::{ClientConnection, ClientCredentials, auth, connect_client},
+        keyholder::Bootstrap,
+    },
+    crypto::integrity,
+    db::{self, schema},
 };
 use diesel::{ExpressionMethods as _, NullableExpressionMethods as _, QueryDsl as _, insert_into};
 use diesel_async::RunQueryDsl;
-use ed25519_dalek::Signer as _;
+use ml_dsa::{KeyGen, MlDsa87, SigningKey, VerifyingKey, signature::Keypair as _};
 
 use super::common::ChannelTransport;
 
@@ -21,7 +29,8 @@ fn metadata(name: &str, description: Option<&str>, version: Option<&str>) -> Cli
 
 async fn insert_registered_client(
     db: &db::DatabasePool,
-    pubkey: Vec<u8>,
+    actors: &GlobalActors,
+    pubkey: VerifyingKey<MlDsa87>,
     metadata: &ClientMetadata,
 ) {
     use arbiter_server::db::schema::{client_metadata, program_client};
@@ -37,34 +46,90 @@ async fn insert_registered_client(
         .get_result(&mut conn)
         .await
         .unwrap();
-    insert_into(program_client::table)
+    let client_id: i32 = insert_into(program_client::table)
         .values((
-            program_client::public_key.eq(pubkey),
+            program_client::public_key.eq(pubkey.encode().to_vec()),
             program_client::metadata_id.eq(metadata_id),
         ))
+        .returning(program_client::id)
+        .get_result(&mut conn)
+        .await
+        .unwrap();
+
+    integrity::sign_entity(
+        &mut conn,
+        &actors.key_holder,
+        &ClientCredentials {
+            pubkey: pubkey.into(),
+            nonce: 1,
+        },
+        client_id,
+    )
+    .await
+    .unwrap();
+}
+
+fn sign_client_challenge(
+    key: &SigningKey<MlDsa87>,
+    nonce: i32,
+    pubkey: &authn::PublicKey,
+) -> authn::Signature {
+    let challenge = format_challenge(nonce, &pubkey.to_bytes());
+    key.signing_key()
+        .sign_deterministic(&challenge, CLIENT_CONTEXT)
+        .unwrap()
+        .into()
+}
+
+async fn insert_bootstrap_sentinel_useragent(db: &db::DatabasePool) {
+    let mut conn = db.get().await.unwrap();
+    let sentinel_key = MlDsa87::key_gen(&mut rand::rng())
+        .verifying_key()
+        .encode()
+        .to_vec();
+
+    insert_into(schema::useragent_client::table)
+        .values((
+            schema::useragent_client::public_key.eq(sentinel_key),
+            schema::useragent_client::key_type.eq(1i32),
+        ))
         .execute(&mut conn)
         .await
         .unwrap();
 }
 
+async fn spawn_test_actors(db: &db::DatabasePool) -> GlobalActors {
+    insert_bootstrap_sentinel_useragent(db).await;
+
+    let actors = GlobalActors::spawn(db.clone()).await.unwrap();
+    actors
+        .key_holder
+        .ask(Bootstrap {
+            seal_key_raw: SafeCell::new(b"test-seal-key".to_vec()),
+        })
+        .await
+        .unwrap();
+    actors
+}
+
 #[tokio::test]
 #[test_log::test]
 pub async fn test_unregistered_pubkey_rejected() {
     let db = db::create_test_pool().await;
 
     let (server_transport, mut test_transport) = ChannelTransport::new();
-    let actors = GlobalActors::spawn(db.clone()).await.unwrap();
+    let actors = spawn_test_actors(&db).await;
     let props = ClientConnection::new(db.clone(), actors);
     let task = tokio::spawn(async move {
         let mut server_transport = server_transport;
         connect_client(props, &mut server_transport).await;
     });
 
-    let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
+    let new_key = MlDsa87::key_gen(&mut rand::rng());
 
     test_transport
         .send(auth::Inbound::AuthChallengeRequest {
-            pubkey: new_key.verifying_key(),
+            pubkey: new_key.verifying_key().into(),
             metadata: metadata("client", Some("desc"), Some("1.0.0")),
         })
         .await
@@ -78,20 +143,19 @@ pub async fn test_unregistered_pubkey_rejected() {
 #[test_log::test]
 pub async fn test_challenge_auth() {
     let db = db::create_test_pool().await;
+    let actors = spawn_test_actors(&db).await;
 
-    let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
+    let new_key = MlDsa87::key_gen(&mut rand::rng());
-    let pubkey_bytes = new_key.verifying_key().to_bytes().to_vec();
 
     insert_registered_client(
         &db,
-        pubkey_bytes.clone(),
+        &actors,
+        new_key.verifying_key(),
         &metadata("client", Some("desc"), Some("1.0.0")),
     )
     .await;
 
     let (server_transport, mut test_transport) = ChannelTransport::new();
-    let actors = GlobalActors::spawn(db.clone()).await.unwrap();
-
     let props = ClientConnection::new(db.clone(), actors);
     let task = tokio::spawn(async move {
         let mut server_transport = server_transport;
@@ -101,7 +165,7 @@ pub async fn test_challenge_auth() {
     // Send challenge request
     test_transport
         .send(auth::Inbound::AuthChallengeRequest {
-            pubkey: new_key.verifying_key(),
+            pubkey: new_key.verifying_key().into(),
             metadata: metadata("client", Some("desc"), Some("1.0.0")),
         })
         .await
@@ -121,8 +185,7 @@ pub async fn test_challenge_auth() {
     };
 
     // Sign the challenge and send solution
-    let formatted_challenge = arbiter_proto::format_challenge(challenge.1, challenge.0.as_bytes());
+    let signature = sign_client_challenge(&new_key, challenge.1, &challenge.0);
-    let signature = new_key.sign(&formatted_challenge);
 
     test_transport
         .send(auth::Inbound::AuthChallengeSolution { signature })
@@ -147,34 +210,13 @@ pub async fn test_challenge_auth() {
 #[test_log::test]
 pub async fn test_metadata_unchanged_does_not_append_history() {
     let db = db::create_test_pool().await;
-    let actors = GlobalActors::spawn(db.clone()).await.unwrap();
+    let actors = spawn_test_actors(&db).await;
-    let props = ClientConnection::new(db.clone(), actors);
+    let new_key = MlDsa87::key_gen(&mut rand::rng());
-
-    let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
     let requested = metadata("client", Some("desc"), Some("1.0.0"));
 
-    {
+    insert_registered_client(&db, &actors, new_key.verifying_key(), &requested).await;
-        use arbiter_server::db::schema::{client_metadata, program_client};
+
-        let mut conn = db.get().await.unwrap();
+    let props = ClientConnection::new(db.clone(), actors);
-        let metadata_id: i32 = insert_into(client_metadata::table)
-            .values((
-                client_metadata::name.eq(&requested.name),
-                client_metadata::description.eq(&requested.description),
-                client_metadata::version.eq(&requested.version),
-            ))
-            .returning(client_metadata::id)
-            .get_result(&mut conn)
-            .await
-            .unwrap();
-        insert_into(program_client::table)
-            .values((
-                program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
-                program_client::metadata_id.eq(metadata_id),
-            ))
-            .execute(&mut conn)
-            .await
-            .unwrap();
-    }
 
     let (server_transport, mut test_transport) = ChannelTransport::new();
     let task = tokio::spawn(async move {
@@ -184,7 +226,7 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
 
     test_transport
         .send(auth::Inbound::AuthChallengeRequest {
-            pubkey: new_key.verifying_key(),
+            pubkey: new_key.verifying_key().into(),
             metadata: requested,
         })
         .await
@@ -195,7 +237,7 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
         auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
         other => panic!("Expected AuthChallenge, got {other:?}"),
     };
-    let signature = new_key.sign(&arbiter_proto::format_challenge(nonce, pubkey.as_bytes()));
+    let signature = sign_client_challenge(&new_key, nonce, &pubkey);
     test_transport
         .send(auth::Inbound::AuthChallengeSolution { signature })
         .await
@@ -225,34 +267,19 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
 #[test_log::test]
 pub async fn test_metadata_change_appends_history_and_repoints_binding() {
     let db = db::create_test_pool().await;
-    let actors = GlobalActors::spawn(db.clone()).await.unwrap();
+    let actors = spawn_test_actors(&db).await;
+    let new_key = MlDsa87::key_gen(&mut rand::rng());
+
+    insert_registered_client(
+        &db,
+        &actors,
+        new_key.verifying_key(),
+        &metadata("client", Some("old"), Some("1.0.0")),
+    )
+    .await;
+
     let props = ClientConnection::new(db.clone(), actors);
 
-    let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
-
-    {
-        use arbiter_server::db::schema::{client_metadata, program_client};
-        let mut conn = db.get().await.unwrap();
-        let metadata_id: i32 = insert_into(client_metadata::table)
-            .values((
-                client_metadata::name.eq("client"),
-                client_metadata::description.eq(Some("old")),
-                client_metadata::version.eq(Some("1.0.0")),
-            ))
-            .returning(client_metadata::id)
-            .get_result(&mut conn)
-            .await
-            .unwrap();
-        insert_into(program_client::table)
-            .values((
-                program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
-                program_client::metadata_id.eq(metadata_id),
-            ))
-            .execute(&mut conn)
-            .await
-            .unwrap();
-    }
-
     let (server_transport, mut test_transport) = ChannelTransport::new();
     let task = tokio::spawn(async move {
         let mut server_transport = server_transport;
@@ -261,7 +288,7 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
 
     test_transport
         .send(auth::Inbound::AuthChallengeRequest {
-            pubkey: new_key.verifying_key(),
+            pubkey: new_key.verifying_key().into(),
             metadata: metadata("client", Some("new"), Some("2.0.0")),
         })
         .await
@@ -272,7 +299,7 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
         auth::Outbound::AuthChallenge { pubkey, nonce } => (pubkey, nonce),
         other => panic!("Expected AuthChallenge, got {other:?}"),
     };
-    let signature = new_key.sign(&arbiter_proto::format_challenge(nonce, pubkey.as_bytes()));
+    let signature = sign_client_challenge(&new_key, nonce, &pubkey);
     test_transport
         .send(auth::Inbound::AuthChallengeSolution { signature })
         .await
@@ -322,3 +349,59 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
         );
     }
 }
+
+#[tokio::test]
+#[test_log::test]
+pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() {
+    let db = db::create_test_pool().await;
+    let actors = spawn_test_actors(&db).await;
+
+    let new_key = MlDsa87::key_gen(&mut rand::rng());
+    let requested = metadata("client", Some("desc"), Some("1.0.0"));
+
+    {
+        use arbiter_server::db::schema::{client_metadata, program_client};
+        let mut conn = db.get().await.unwrap();
+        let metadata_id: i32 = insert_into(client_metadata::table)
+            .values((
+                client_metadata::name.eq(&requested.name),
+                client_metadata::description.eq(&requested.description),
+                client_metadata::version.eq(&requested.version),
+            ))
+            .returning(client_metadata::id)
+            .get_result(&mut conn)
+            .await
+            .unwrap();
+        insert_into(program_client::table)
+            .values((
+                program_client::public_key.eq(new_key.verifying_key().encode().to_vec()),
+                program_client::metadata_id.eq(metadata_id),
+            ))
+            .execute(&mut conn)
+            .await
+            .unwrap();
+    }
+
+    let (server_transport, mut test_transport) = ChannelTransport::new();
+    let props = ClientConnection::new(db.clone(), actors);
+    let task = tokio::spawn(async move {
+        let mut server_transport = server_transport;
+        connect_client(props, &mut server_transport).await;
+    });
+
+    test_transport
+        .send(auth::Inbound::AuthChallengeRequest {
+            pubkey: new_key.verifying_key().into(),
+            metadata: requested,
+        })
+        .await
+        .unwrap();
+
+    let response = test_transport
+        .recv()
+        .await
+        .expect("should receive auth rejection");
+    assert!(matches!(response, Err(auth::Error::IntegrityCheckFailed)));
+
+    task.await.unwrap();
+}

server/crates/arbiter-server/tests/common/mod.rs

@@ -1,9 +1,10 @@
+use arbiter_crypto::safecell::{SafeCell, SafeCellHandle as _};
 use arbiter_proto::transport::{Bi, Error, Receiver, Sender};
 use arbiter_server::{
     actors::keyholder::KeyHolder,
     db::{self, schema},
-    safe_cell::{SafeCell, SafeCellHandle as _},
 };
+
 use async_trait::async_trait;
 use diesel::QueryDsl;
 use diesel_async::RunQueryDsl;