System Rules

These invariants define the security and correctness model of Swype. All flows and APIs in this document assume they hold.

Privy authentication is separate from Swype authentication

Platforms authenticate users to their app (e.g., via Privy). Swype authenticates users to Swype for spending authority. Platform authentication is never trusted for transfer authorization.

Destination constraints come from the platform backend

For each transfer, the platform backend specifies the destination address, chain, and accepted assets. These constraints are immutable for the lifetime of the transfer session.

Allowances gate spend authority

Currently, allowances are scoped per app. A transfer can only execute if a valid allowance exists for that app and stablecoin source.

Stablecoin app confirmation is required when creating or changing an allowance

When an allowance is created or modified, the user must explicitly approve it inside the stablecoin app via native confirmation (e.g., biometrics).

Platforms never grant spend power

Platforms can request transfers, but cannot create, expand, or bypass allowances.
If a platform is compromised, its blast radius is limited to the allowances explicitly granted to it.