HISS Console
userThe read-and-prepare coordination shell over your HISS surfaces: the three capability levels (read, prepare, user-signs-each-action), the current code-deployed-but-disabled stage, and a map of every Console page.
HISS Console is a read-and-prepare coordination shell over the HISS surfaces you already use — vaults, staking, rewards, receipts, and the Bankrbot rails. It lives at /app/console. The Console reads your owner-scoped state and helps you prepare a typed action, but it never signs and never submits a transaction for you. When an action carries value, you sign it in your own wallet — the HISS server holds no signing authority.
Three capability levels — and where they stop
The Console authority model has exactly three levels, and it never climbs past the third. The typed action registry (CONSOLE_ACTIONS in @hiss/core) tags every action with the level it needs.
- L0 READ — read public and wallet-owned state (portfolio, vaults, stake position, reward lifecycle, receipts). No signing, no writes. See the Today read model.
- L1 PREPARE — compile a typed intent into a hashed, expiring plan for your review. Still nothing is signed. See plans & simulations.
- L2 SIGN_EACH_ACTION — the user signs each action in their own wallet (the A.2 wallet handoff). HISS signs nothing. See wallet handoff.
There is no L3 (scoped session), no L4 (automation), and no L5 (protocol admin) in this product. The server never accepts arbitrary calldata, holds no session keys, installs no Safe module, and runs no automation — serverSigningEnabled is always false.
The pages in this section
- Today read model — the L0 owner-scoped read surface.
- Command palette — how a typed command becomes a candidate action.
- Plans & simulations — the compile, plan hash, expiry, and simulation lifecycle.
- Approval inbox — reviewing a prepared plan before any wallet handoff.
- Wallet handoff — the A.2 user-signs-each-action model.
- Activity & receipts — the owner-scoped ledger that references canonical receipts.
- Security model — deny-by-default kernel, allowlists, plan-hash integrity, and the provenance barrier.
- Privacy — owner isolation and what is stored.
- Feature stages — the flags that gate each stage, honestly.
- Troubleshooting — the errors you may see and what they mean.