How it works

Everything about Canonical comes down to one rule. Get this and the rest is detail:

Everything about Canonical comes down to one rule. Get this and the rest is detail:

Here is the whole thing in one picture:

  you, at the terminal ──┐
                         │
  your scripts ──────────┼──▶  the wallet  ──▶  keeps your keys
                         │                      checks your rules
  AI agents ─────────────┘                      signs and sends
                                                 records everything

The three things on the left never touch a key. They send requests — "please transfer this," "show me the balance" — and the wallet decides what happens. Deleting the command-line tool would not affect your wallet at all, because the tool was never holding anything.

Why split it this way?#

Because it lets very different things safely share one wallet.

An AI agent, a teammate on another laptop, and a nightly script can all talk to the same wallet at once. None of them holds your keys. None of them can move money on its own. Each one only gets the specific permissions you handed it. The wallet is the single place where trust actually lives, and it is the only place that can sign.

That is also why the same wallet works from the terminal, from an AI tool, or from your own code without behaving differently. They are all just doors into the same room. Whichever door a request comes through, the wallet applies the same rules.

Two questions the wallet asks about every request#

When a request arrives, the wallet checks two separate things, and it helps to keep them apart:

  • Are you even allowed to ask for this? Your access token says what you may attempt — read the balance, draft a transaction, approve one. A read-only token simply cannot ask to move money; the request is refused before anything else happens.
  • Should this particular action go through? Even if you are allowed to ask, moving funds still has to clear your rules — enough approvals, the right people, a clean review. Being allowed to try is not the same as it succeeding.

Almost every "why won't it let me?" moment is one of these two gates, and the wallet will always tell you which one.

What the wallet keeps, and what it forgets#

The wallet remembers the things that matter, even across restarts and crashes:

It keepsIt forgets on restart
Your wallet and encrypted keysThe unlocked session
Every pending transaction and its approvals(that's the only thing)
The full history log
Who is allowed in, and your rules

The one thing it forgets is the unlocked state. Keys live decrypted in memory only while you are actively using the wallet; a restart wipes that, and you simply unlock again with your password. Everything else — a half-approved transfer, the approvals already collected, the history — is exactly where you left it.