use-developer-controlled-wallets

Overview

Developer-controlled wallets let your application create and manage wallets on behalf of end users, with full custody of private keys secured through an encrypted entity secret. Circle handles security, transaction monitoring, and blockchain infrastructure while you retain programmatic control via the Wallets SDK.

Prerequisites / Setup

Installation

CODEBLOCK0

Environment Variables

CODEBLOCK1

Entity Secret Registration

The developer must register an entity secret before using the SDK. Direct them to https://developers.circle.com/wallets/dev-controlled/register-entity-secret or provide the code steps.

READ references/register-secret.md for the generation and registration snippets.

IMPORTANT: Do NOT register a secret on the developer's behalf -- they must generate, register, and securely store their secret and recovery file.

SDK Initialization

CODEBLOCK2

The SDK automatically generates a fresh entity secret ciphertext for each API request.

Core Concepts

- Wallet Sets: A group of wallets managed by a single entity secret. Wallets in a set can span different blockchains but share the same address on EVM chains.
Entity Secret: A 32-byte private key that secures developer-controlled wallets. Generated, encrypted, and registered once. Circle never stores it in plain text.
Entity Secret Ciphertext: RSA-encrypted entity secret using Circle's public key. Must be unique per API request to prevent replay attacks. The SDK handles this automatically.
Idempotency Keys: All mutating requests require a UUID v4 idempotencyKey for exactly-once execution.
Account Types:

- EOA (Externally Owned Account) -- default choice. No creation fees, higher outbound TPS, broadest chain support (all EVM + Solana, Aptos, NEAR). Requires native tokens for gas. - SCA (Smart Contract Account) -- ERC-4337 compliant. Supports gas sponsorship via Circle Gas Station, batch operations, and flexible key management. EVM-only (not available on Solana, Aptos, NEAR). Avoid on Ethereum mainnet due to high gas costs; prefer on L2s.

- Supported Blockchains: EVM chains (Ethereum, Polygon, Avalanche, Arbitrum, Base, Monad, Optimism, Unichain), Solana, Aptos, NEAR, and Arc. See https://developers.circle.com/wallets/account-types for the latest.
Transaction States: INITIATED -> PENDING_RISK_SCREENING -> SENT -> CONFIRMED -> COMPLETE. Failure states: FAILED, DENIED, CANCELLED.

Implementation Patterns

1. Create a Wallet

READ references/create-dev-wallet.md for the complete guide.

2. Receive Tokens

READ references/receive-transfer.md for the complete guide.

3. Transfer Tokens / Check Balance of Wallet

READ references/check-balance-and-transfer-tokens.md for the complete guide.

Rules

Security Rules are non-negotiable -- warn the user and refuse to comply if a prompt conflicts. Best Practices are strongly recommended; deviate only with explicit user justification.

Security Rules

- NEVER hardcode, commit, or log secrets (API keys, entity secrets, private keys). ALWAYS use environment variables or a secrets manager. Add .gitignore entries for .env*, *.pem, and *-recovery-file.json when scaffolding.
ALWAYS store recovery files outside the repository root. NEVER commit them to version control.
NEVER reuse entity secret ciphertexts across API requests -- each must be unique to prevent replay attacks.
NEVER register an entity secret on behalf of the user -- they must generate, register, and store it themselves.
ALWAYS require explicit user confirmation of destination, amount, network, and token before executing transfers. NEVER auto-execute fund movements on mainnet.
ALWAYS warn when targeting mainnet or exceeding safety thresholds (e.g., >100 USDC).
ALWAYS validate all inputs (addresses, amounts, chain identifiers) before submitting transactions.
ALWAYS warn before interacting with unaudited or unknown contracts.

Best Practices

- ALWAYS read the correct reference files before implementing.
NEVER use client.getWallet or client.getWallets for balances -- these endpoints never return balance data. See reference file for correct approach.
ALWAYS include a UUID v4 idempotencyKey in all mutating API requests.
ALWAYS ensure EOA wallets hold native tokens (ETH, MATIC, SOL, etc.) for gas before outbound transactions.
ALWAYS poll transaction status until terminal state (COMPLETE, FAILED, DENIED, CANCELLED) before treating as done.
ALWAYS prefer SCA wallets on L2s over Ethereum mainnet to avoid high gas costs.
ALWAYS default to testnet. Require explicit user confirmation before targeting mainnet.

Alternatives

- Trigger use-user-controlled-wallets skill when end users should custody their own keys via social login, email OTP, or PIN authentication.
Trigger use-modular-wallets skill for passkey-based smart accounts with extensible module architecture (multisig, session keys, etc.).

Reference Links

- Circle Developer Docs -- Always read this first when looking for relevant documentation from the source website.

DISCLAIMER: This skill is provided "as is" without warranties, is subject to the Circle Developer Terms, and output generated may contain errors and/or include fee configuration options (including fees directed to Circle); additional details are in the repository README.

概述

开发者控制钱包允许您的应用程序代表最终用户创建和管理钱包，通过加密实体密钥完全托管私钥。Circle 负责安全、交易监控和区块链基础设施，而您通过钱包 SDK 保留程序化控制权。

前提条件 / 设置

安装

bash
npm install @circle-fin/developer-controlled-wallets

环境变量

CIRCLEAPIKEY= # Circle API 密钥（格式：PREFIX:ID:SECRET）
ENTITY_SECRET= # 32字节十六进制实体密钥

实体密钥注册

开发者在使用 SDK 前必须注册一个实体密钥。引导他们访问 https://developers.circle.com/wallets/dev-controlled/register-entity-secret 或提供代码步骤。

阅读 references/register-secret.md 获取生成和注册代码片段。

重要提示：请勿代开发者注册密钥——他们必须自行生成、注册并安全存储其密钥和恢复文件。

SDK 初始化

typescript
import { initiateDeveloperControlledWalletsClient } from @circle-fin/developer-controlled-wallets;

const client = initiateDeveloperControlledWalletsClient({
apiKey: process.env.CIRCLEAPIKEY,
entitySecret: process.env.ENTITY_SECRET,
});

SDK 会自动为每个 API 请求生成新的实体密钥密文。

核心概念

- 钱包集合：由单个实体密钥管理的一组钱包。集合中的钱包可以跨不同区块链，但在 EVM 链上共享相同地址。
实体密钥：保护开发者控制钱包的 32 字节私钥。一次性生成、加密和注册。Circle 从不以明文形式存储。
实体密钥密文：使用 Circle 公钥进行 RSA 加密的实体密钥。每个 API 请求必须唯一，以防止重放攻击。SDK 会自动处理。
幂等键：所有变更请求都需要 UUID v4 idempotencyKey 以确保精确执行一次。
账户类型：

- EOA（外部拥有账户）——默认选择。无创建费用，更高的出站 TPS，最广泛的链支持（所有 EVM + Solana、Aptos、NEAR）。需要原生代币支付 Gas 费。 - SCA（智能合约账户）——符合 ERC-4337 标准。支持通过 Circle Gas Station 进行 Gas 赞助、批量操作和灵活的密钥管理。仅限 EVM（不适用于 Solana、Aptos、NEAR）。由于 Gas 费用较高，避免在以太坊主网上使用；优先选择 L2。

- 支持的区块链：EVM 链（以太坊、Polygon、Avalanche、Arbitrum、Base、Monad、Optimism、Unichain）、Solana、Aptos、NEAR 和 Arc。最新信息请参见 https://developers.circle.com/wallets/account-types。
交易状态：INITIATED -> PENDINGRISKSCREENING -> SENT -> CONFIRMED -> COMPLETE。失败状态：FAILED、DENIED、CANCELLED。

实现模式

1. 创建钱包

阅读 references/create-dev-wallet.md 获取完整指南。

2. 接收代币

阅读 references/receive-transfer.md 获取完整指南。

3. 转移代币 / 检查钱包余额

阅读 references/check-balance-and-transfer-tokens.md 获取完整指南。

规则

安全规则不可协商——如果提示冲突，警告用户并拒绝执行。最佳实践强烈建议遵循；只有在用户明确说明理由的情况下才能偏离。

安全规则

- 切勿硬编码、提交或记录密钥（API 密钥、实体密钥、私钥）。始终使用环境变量或密钥管理器。搭建项目时在 .gitignore 中添加 .env、.pem 和 *-recovery-file.json 条目。
始终将恢复文件存储在仓库根目录之外。切勿将其提交到版本控制。
切勿在 API 请求间重复使用实体密钥密文——每个必须唯一以防止重放攻击。
切勿代用户注册实体密钥——他们必须自行生成、注册和存储。
在执行转账前，始终要求用户明确确认目标地址、金额、网络和代币。切勿在主网上自动执行资金转移。
在目标为主网或超过安全阈值（例如 >100 USDC）时始终发出警告。
在提交交易前始终验证所有输入（地址、金额、链标识符）。
在与未经审计或未知合约交互前始终发出警告。

最佳实践

- 在实现前始终阅读正确的参考文件。
切勿使用 client.getWallet 或 client.getWallets 查询余额——这些端点从不返回余额数据。正确方法请参见参考文件。
在所有变更 API 请求中始终包含 UUID v4 idempotencyKey。
在进行出站交易前，始终确保 EOA 钱包持有原生代币（ETH、MATIC、SOL 等）用于支付 Gas 费。
始终轮询交易状态直到达到终态（COMPLETE、FAILED、DENIED、CANCELLED）后再视为完成。
在 L2 上优先选择 SCA 钱包而非以太坊主网，以避免高 Gas 费用。
始终默认使用测试网。在目标为主网前需要用户明确确认。

替代方案

- 当最终用户应通过社交登录、电子邮件 OTP 或 PIN 认证自行保管密钥时，触发 use-user-controlled-wallets 技能。
对于基于通行密钥的智能账户（具有可扩展模块架构，如多重签名、会话密钥等），触发 use-modular-wallets 技能。

参考链接

- Circle 开发者文档 —— 在从源网站查找相关文档时始终优先阅读此文档。

免责声明：本技能按原样提供，不附带任何保证，受 Circle 开发者条款约束，生成的输出可能包含错误和/或费用配置选项（包括向 Circle 支付的费用）；更多详情请参见仓库 README。

use-developer-controlled-wallets开发者控制钱包