Stolen keys can’t drain guarded accounts.
Secure your program with one CPI call.
Any instruction that calls
guard::cpi::enforce()cannot execute unless the wallet’s registered passkey signed a hash that exactly describes this transaction.
The program requires your passkey. Not just your signature.
Wallet signing is all-or-nothing. Trana adds a second check at execution, inside the instruction itself.
Proofs are tied to the exact accounts and params. They expire in 120 seconds. No backend required.
How it works
ix[0]: secp256r1 precompile ← Solana verifies the P-256 signature natively
ix[1]: guard::record_proof ← carries WebAuthn authenticatorData + clientDataJSON
ix[2]: your_program::action → calls guard::cpi::enforce() internally| Onchain verification | SIMD-0075 secp256r1 precompile (mainnet since Feb 2025) |
| Backend required | None (credentials stored in a PDA on-chain) |
| Supported devices | Touch ID, Face ID, YubiKey, Google Titan, Windows Hello |
| Integration cost | 3 extra accounts + 1 helper method + 1 React hook |
| Proof expiry | 120 seconds |
- Quickstart: add Trana to your program in 4 steps
- Integration: full Rust/Anchor + SDK reference
- Architecture: how the three layers fit together
- Glossary: definitions for every technical term
Last updated on