Security Overview
How OpenPond protects wallets, tools, and approvals.
Security Overview
OpenPond is designed around least-privilege access, human approvals, and auditable tool execution.
Wallet separation
OpenPond creates two wallets per user:
- Personal vault: human-only control for long-term funds.
- Operating wallet: shared working wallet for apps, protected by Turnkey policies.
Turnkey policies
Policies define what can be signed and who can approve. By default:
- Personal vault requires the human signer.
- Operating wallet allows bot or human signing, but restricts destinations.
You can add custom policies in the Wallet Manager when you need extra permissions (for example, Hyperliquid signing).
OTP and approvals
Sensitive actions require OTP verification and show up under Wallet Manager -> Approvals for human review.
Execution isolation
Each app is deployed as its own server, with isolated credentials and runtime environment. Public apps are open HTTP endpoints; private apps are protected by Turnkey JWT authorization.
For how wallet grants and policies flow from metadata into enforcement, see Policy Lifecycle under Security.