Skip to content

System architecture · Protocol Mode

Authorization stays onchain. Relay is fee infrastructure.

Lazee Kit separates user authorization, fee sponsorship, asset movement, session policy, receipt indexing, and app integration.

User

passkey · holds authorization

user authorizes

Reference App

web demo

Lazee SDK

TypeScript

React UI Kit

components

intent + signed authorization

Sponsor Relay

simulate · sponsor · submit

Intent Orchestrator

normalizes intents

TRUST BOUNDARY — onchain authorization below

Lazee Account

Soroban Rust

GiftVault

Soroban Rust

SessionRegistry

Soroban Rust

SponsorPolicy

optional

state + events

Stellar Network

Soroban · RPC

Indexer / Events API

convenience state — verifiable vs contract

Client / userOffchain serviceSoroban contractStellar network

Containers

Ten containers across three trust zones

Lazee Account

Soroban Rust

C-address smart account, signer registry, authorization, nonces, policy hooks

GiftVault

Soroban Rust

Escrows gift assets, validates claims, handles expiry and refunds

SessionRegistry

Soroban Rust

Scoped app/agent grants, caps, expiry, revocation, counters

SponsorPolicy

Soroban Rust · optional

Approved sponsored actions and app policy metadata

Sponsor Relay

Node / Bun service

Simulates, sponsors, submits, polls, and records transactions

Intent Orchestrator

Node / Bun service

Normalizes send, swap, bridge, gift, claim, recurring, DCA intents

Indexer / Events API

Worker + database

Rebuilds account, gift, session, sponsor, and receipt state

Lazee SDK

TypeScript

Client API for account, sponsor, gift, session, intent, receipt flows

React UI Kit

React

Drop-in onboarding, gift, claim, session, receipt, and risk components

Reference App

Web app

Reviewer demo and developer integration example

Trust model

What the relay can and cannot do

User authorization is enforced by the Lazee Account and related contracts.

Sponsor relay pays fees but cannot bypass user or session authorization.

Gift links do not custody funds by themselves; funds sit in GiftVault.

Agents receive scoped session credentials, never user private keys.

Session policies enforce assets, contracts, intent types, caps, expiry, and revocation.

Indexer state is convenience state; critical actions verify against contract state and events.

Core flows

Three flows, each enforced by contract

C-address onboarding

  1. 01User opens a Lazee-enabled app
  2. 02App starts passkey-style account creation
  3. 03SDK builds account initialization request
  4. 04Sponsor relay simulates and sponsors the transaction
  5. 05Lazee Account stores signer and emits account event
  6. 06Indexer records account metadata and receipt

Gift create & claim

  1. 01Sender selects asset, amount, expiry, message
  2. 02SDK creates gift intent; sender authorizes
  3. 03GiftVault escrows funds, emits GiftCreated
  4. 04Receiver opens claim URL
  5. 05Receiver creates or selects a Lazee C-address
  6. 06Claim proves secret; GiftVault transfers, emits GiftClaimed

Scoped session

  1. 01User reviews permission copy
  2. 02User authorizes session creation
  3. 03SessionRegistry stores policy and counters
  4. 04App or agent executes within scope
  5. 05Contract rejects attempts beyond caps/expiry/allowlist
  6. 06User can revoke session at any time

Storage & TTL strategy

  • Extend account state on login and execution
  • Extend active session state during execution and keeper runs
  • Extend gift state until expiry plus refund window
  • Rebuild UI state from events when possible
  • Alert when important entries approach expiration

Operational architecture

  • Primary and secondary Stellar RPC providers
  • Sponsor budget caps by app, user, and action type
  • Rate limits by app key and IP
  • Simulation before sponsor signature
  • Error taxonomy: cancel, RPC fail, contract reject, sponsor reject
  • Dashboards for creation, claim, session, spend, failover, lag