Milestones & budget
$72,000 in XLM over ~5 months, staged across three milestones
Focused enough for reviewers to verify, large enough to ship real Soroban contracts, SDK/UI, sponsor relay, scoped sessions, docs, tests, and runbooks.
Weeks 1-7
Passkey account & intent UX foundation
Prove lazy onboarding and outcome-based actions on Stellar testnet.
Deliverables
- —Passkey smart account contract v1 (Soroban Rust) with tests and a deployed testnet address
- —TypeScript SDK v1: passkey account creation, signIntent, sponsored submit, gift create and claim
- —React UI kit v1: passkey login, account modal, gift link creator, claim page, sponsor status
- —Sponsor relay MVP: simulate, sponsor, submit, and return receipts on testnet
- —Intent package MVP: typed schemas for send, swap, bridge_in, gift_create, gift_claim, gift_refund, recurring_payment, dca
- —Reference app demo and public video: FaceID account creation, gift link, claim, sponsored transaction
- —Technical docs: architecture, SDK reference, contract interface, deployment guide
Reviewer verification
Weeks 8-14
Scoped sessions for agents
Enable safe automation without handing private keys to agents.
Deliverables
- —SessionRegistry contract v1: policy fields, cap accounting, expiry, revocation, and allowlists
- —Session SDK methods: createSession, executeWithSession, listSessions, revokeSession, estimateSessionRisk
- —Agent permission UI: human-readable session modal and an active session manager
- —DCA bot reference integration capped at 100 USDC/day for 30 days, with out-of-scope rejection
- —Activity log: session execution history, cap usage, and revoke status in the indexer
- —Internal security review with critical and high issues remediated or documented
Reviewer verification
Weeks 15-20
Developer platform & mainnet pilot
Make Lazee Kit reusable by other Stellar apps and prepare a controlled mainnet release.
Deliverables
- —Developer dashboard: register app, configure sponsor policy, view usage, sessions, gifts, and intents
- —Production indexer with durable event replay, cursor recovery, and a query API
- —Observability stack: Grafana dashboards for sponsor, intent, session, gift, RPC, and indexer metrics
- —Audit package: threat model, tests, runbooks, contract specs, and deployment instructions
- —Mainnet pilot deployment behind controlled feature flags
- —At least one external partner integration on testnet or the mainnet pilot
- —Three-minute demo video: account creation, gift link, bridge or swap intent, DCA session, revocation
Reviewer verification
Budget breakdown
Mapped to reusable ecosystem infrastructure
The grant is not paying for a single consumer app. It funds open-source primitives other Stellar teams can adopt: sponsor-relay patterns, SDK methods, UI components, docs, test cases, and operational runbooks.
Reviewer objections
Answered before they are asked
Is this just another wallet?
No. Lazee Kit is an execution and onboarding layer that apps embed — passkey accounts, scoped sessions, sponsor relay, intents, and a UI kit. It is intentionally not positioned as a standalone wallet.
Is the sponsor relay a trusted middleman?
No. The relay only pays and submits after the user or a scoped session has authorized. It never holds keys or authorizes actions, simulates before sponsoring, and apps can self-host it.
Do agents get access to user funds?
Agents only hold a scoped session bound to onchain policy: allowed assets, contracts, caps, expiry, and a receiver allowlist. Every execution is checked onchain and the user can revoke anytime.
Is passkey support on Stellar mature enough?
We start from Stellar contract-account patterns, keep v1 scope small, support an external-wallet fallback, and avoid unaudited assumptions before the mainnet pilot.
Is the scope too broad for one grant?
Milestone 1 stays focused on passkey, sponsor, gift, and basic intent schemas. Crosschain fulfillment sits behind adapters that can be mocked, disabled, or swapped without touching core contracts.
What stops gift-link phishing?
Clear domain, claim preview, receiver binding, expiry, no raw private-key flow, and public education copy. The link alone never carries custody of the funds.