Smart Contract Account Abstraction Protection
Every offline transaction requested by an agent is validated by a Near Smart Contract before execution. This contract acts enforces your customized spending limits, daily caps, and allow lists.
Once the smart contract verifies the transaction against your security rules, it commands the Near MPC (Multi-Party Computation) network to generate the final cross-chain signature. This architecture enables trustless automated trading across multiple blockchains.
Browser
Private Keys
Server Processor
Encrypted Sub Keys
Smart Contract
Spending Rules
Near MPC
Multi Chain Signer
External Signer with HSM
For high-security deployments, Holder includes an external signer daemon that runs on your own infrastructure. The signing key never leaves the daemon process — it can be backed by a Hardware Security Module (HSM) so that key material is never exposed to software.
The daemon connects to the Holder server via gRPC with end-to-end encryption (ECDH-P256 key agreement + AES-256-GCM). It polls for pending transactions, signs them locally, and broadcasts directly to the network. The server never sees the private key — it only delivers encrypted signing jobs.
Agent Request
Submit Transaction
Server
Policy Check + Queue
External Signer
gRPC + E2EE
HSM
Key Never Extracted
x402 Payments Client and MCP Server
Holder implements the x402 open payment standard as both a client and an MCP server, letting any AI agent - from Claude to GPT and 100s more — pay for API calls, on-chain actions, and data services without ever touching your master key.
Agents discover the holder_pay
MCP tool automatically.
Each payment is scoped to a sub-key with hard-coded spend limits, enforced by the
smart contract before the transaction ever reaches the network.
const result = await mcp.callTool("holder_pay", {
to: "0xApiProvider...f3",
amount: "0.10",
token: "USDC",
chain: "base",
memo: "inference:gpt-4o-call-8821",
});