Skip to content

Console security

developer

The deny-by-default kernel: canonical contract and asset allowlist, plan-hash integrity, no server keys, no arbitrary calldata, no session keys, no Safe module, the kill switch, tool-manifest drift detection, and the provenance barrier for action-critical fields.

The Console security model is deny-by-default. Every prepared action passes an additional capability kernel (in kernel.ts) before it can be shown for review or handed to a wallet. The kernel does not replace the contract- or core-level fuses; it consolidates them for the Console and adds Console-specific checks.

The kernel checks

  • Kill switch and prepare gate. If HISS_CONSOLE_KILL_SWITCH is active, or prepare is disabled, every action is blocked.
  • Plan-hash integrity. The frozen plan hash is re-verified; any mutation of a critical field produces plan_hash_mismatch and blocks the action.
  • Expiry. A lapsed plan is blocked (plan_expired).
  • Canonical allowlist. A value-bearing action must target a contract in the canonical registry and, when it carries a token, a canonical asset — otherwise contract_not_canonical or asset_not_canonical. The chain must be exactly Robinhood Chain 4663.
  • Amount sanity. The amount must be a positive base-unit integer, and if a balance is readable it must not exceed it.
  • Signing gate. A value-bearing action may only reach a wallet when signing is enabled and the owner gate is on — otherwise signing_disabled. See wallet handoff.

Structural guarantees

  • No server keys. serverSigningEnabled is always false; the server signs nothing.
  • No arbitrary calldata. Calldata is produced only by existing deterministic HISS encoders for the exact reviewed plan; the Console never accepts free-form calldata.
  • No session keys, no Safe module, no automation. These do not exist in the product — the capability model stops at L2.
  • Kill switch. A single flag forces prepare and signing off immediately.

Tool-manifest drift detection

The Console pins a hash of each tool’s schema, description, and version. If any drifts from the pinned manifest — a defense against tool-poisoning — the tool is disabled for signing. Read-only use may remain, at the caller’s discretion.

The Console stores no credentials and asks for none. HISS never stores brokerage credentials, never places brokerage orders, and never takes custody.

$HISS is independent research software in pre-execution readiness checks — not investment advice, and not affiliated with Robinhood, Bankr, or Chainlink.

Console security · HISS