canonical
Get started
Multisig

Require more thanone approval.

Decide how many people must approve before anything moves — two co-founders, a finance team quorum, or you plus a second machine. Canonical enforces it locally, and can co-sign your team's Safe on top.

Why it matters

A single approval is a single point of failure.

A compromised laptop, a rushed decision, or a convincing scam is all it takes to drain a single-signer wallet. A second required approval stops each of those. With agents in the loop it becomes essential: the principal that proposes a transaction should never be the one that approves it.

How it works here

Policy decides the quorum. The daemon enforces it.

Your policy sets the approval requirement per action type: how many approvals, whether a human is mandatory, even which specific people must be among them. Approvals are collected on the proposal itself, survive restarts, and are bound to the exact reviewed transaction — change one byte and every approval is void.

You + a second device

Run a co-signer principal on another machine you own. Every agent action needs both.

M-of-N for teams

Any two of five founders, or two engineers plus the CFO — defined as policy and enforced by the daemon.

Safe, co-signed locally

Canonical acts as one signer of your team's Safe — with its plain-English review and audit trail in front of every signature.

Where to see it

See it in action.

The first-transaction guide walks the full loop with real commands — including what a pending quorum looks like and how the second approver signs off from their own session.