IntentGuard Docs
Two-factor authentication for every Solana transaction. Commit from your phone, verify on-chain.
Program ID: 4etWfDJNHhjYdv7fuGe236GDPguwUXVk9WhbEpQsPix7 — Live on Solana devnet
What is IntentGuard?
IntentGuard is a commit-reveal 2FA protocol for Solana. It separates transaction intent from execution across two devices, so a compromised browser can never change your transaction parameters.
Device Separation
Confirm intent on your phone, execute from your browser. Two different attack surfaces.
On-Chain Verification
Intent hash is verified by the Solana program itself. No trusted server, no centralized service.
Atomic Transactions
Verify instruction is prepended to your TX. If the hash doesn't match, the entire TX reverts.
Per-App Isolation
Each app gets its own intent PDA. Intents for Jupiter can't interfere with Raydium.
How It Works
- Commit — User confirms intent on their mobile app. The intent hash (SHA-256 of action + params) is committed on-chain via
commit_intent. - Verify — The dApp prepends a
verify_intentinstruction to the actual transaction. The program checks that the hash matches the committed intent. - Execute or Revert — If hashes match, the TX proceeds atomically. If they don't match (attacker changed params), the TX reverts and funds are safe.
Install
TypeScript
npm install intentguard-sdkRust (CPI)
cargo add intentguard-cpiQuick Example
import {
computeIntentHash,
createCommitIntentInstruction,
createVerifyIntentInstruction,
} from 'intentguard-sdk';
// 1. Compute hash of what the user intends
const hash = computeIntentHash('swap', { amount: 1_000_000_000, mint: '...' });
// 2. Commit on-chain (from mobile app)
const commitIx = createCommitIntentInstruction(user, appId, hash, 300);
// 3. Verify + execute atomically (from browser)
const verifyIx = createVerifyIntentInstruction(user, appId, hash);
const tx = new Transaction().add(verifyIx).add(swapIx);
Key Concepts
| Concept | Description |
|---|---|
| Intent Hash | SHA-256 of action + params with length-prefix encoding. Deterministic and collision-resistant. |
| PDA Seeds | Intent: [b"intent", user, app_id] — one active intent per user per app. |
| TTL | Time-to-live: 30s–3600s (default 300s). Expired intents cannot be verified. |
| GuardConfig | Global config PDA: [b"config"]. Stores admin, counters, pause state, fee settings. |
| Verify Fee | Optional per-verify fee (0 by default). Collected in config PDA, withdrawable by admin. |
Architecture
| Component | Technology | Package |
|---|---|---|
| On-chain program | Rust / Anchor 0.32 | programs/intent-guard/ |
| TypeScript SDK | No Anchor dep, CJS+ESM | intentguard-sdk |
| Rust CPI crate | Anchor-compatible | intentguard-cpi |
| React widget | React component | intentguard-sdk/react |
| Browser extension | Chrome Manifest V3 | extension/ |
| Mobile app | React Native / Expo | app/ |
Next: Quick Start Guide — integrate IntentGuard in 5 minutes.