Intents API
Generic intents model Privy-style manual approval workflows for wallet actions and control-plane changes. Use them when an operation should be created first, reviewed by a human tenant owner/admin, and executed only after authorization. Base path:/intentsAuth: Tenant-level auth for read/create. Lifecycle actions require an owner/admin user session with recent MFA.
The API accepts both Steward-native camelCase fields and Privy-style aliases
where implemented:
intentType or intent_type, agentId or wallet_id,
resourceType or resource_type, resourceId or resource_id, and
authorizationDetails or authorization_details.Intent lifecycle
| Status | Meaning |
|---|---|
pending | Created and waiting for human review |
authorized | Approved by an owner/admin with recent MFA |
executing | Claimed by the executor while typed execution is in progress |
executed | Typed executor finished successfully |
failed | Execution or operator finalization failed |
rejected | Human reviewer rejected the intent |
canceled | Human reviewer canceled the pending or authorized intent |
expired | TTL or manual expiry closed the intent |
wallet_update, policy_update,
policy_rule_create, policy_rule_delete, policy_rule_update, and
quorum_update must be created by a human owner/admin session, not a tenant API
key. All lifecycle endpoints require an owner/admin user session with recent
MFA. The creator cannot authorize their own user-created intent.
When an intent is authorized, Steward snapshots the relevant policy or quorum
baseline for typed executors that mutate those resources. If the current state
changes before execution, execution fails with a stale-state conflict and the
caller should recreate and reauthorize the intent.
Create Intent
authorizationDetails is accepted for schema compatibility, but non-empty
arrays currently fail closed because multi-approver enforcement is not yet
implemented on this route.
Response:
List Intents
Get Intent
Approve or reject
/approve is a Privy-style alias for /authorize. The optional reason field
is stored for rejection audit/webhook context.
Execute
authorized. The response includes
executionResult and execution_result; signed transaction artifacts are
redacted in stored intent rows.
Finalize without execution
fail, cancel, and expire can close pending or authorized intents without
running the typed executor. fail can include an executionResult object for
operator-supplied failure metadata.
Policy rule payload examples
Create a policy rule
UseintentType: "policy_rule_create" with payload.rule.
Update a policy rule
UseintentType: "policy_rule_update" with payload.action: "update",
payload.ruleId, and either payload.patch or payload.rule.
Delete a policy rule
UseintentType: "policy_rule_delete" with payload.ruleId. Deleting the last
remaining policy rule requires allowDeleteLastPolicy: true.
Other typed payloads
| Intent type | Payload shape | ||
|---|---|---|---|
wallet_update | Updatable wallet fields such as name, displayName, platformId, or erc8004TokenId | ||
policy_update | policies: PolicyRule[]; clearing all policies also requires allowClearAllPolicies: true | ||
quorum_update | `action: “create" | "update" | "revoke”plus quorum fields such asname, threshold, memberSignerIds, permissions, metadata, status, or quorumId` |
transfer | to, value, chainId, optional data, nonce, gasLimit, and broadcast | ||
rpc | method, optional params, and chainId for allowed read-only vault RPC methods | ||
wallet_action | action: "transfer" or action: "send_calls" with the same payload used by wallet-action routes |
Safe idempotency and retry notes
- Use a stable
Idempotency-Keyfor intent creation and execution attempts when your deployment accepts or requires sensitive-mutation idempotency. - Put your business operation ID in
resourceId,resource_id, or the typedpayload.referenceIdwhen available so audit events, webhooks, and retries can be correlated. - If
POST /executereturns a network timeout, first fetch the intent by ID before retrying. It may already beexecuting,executed, orfailed. - If execution fails with stale-state conflict, recreate the intent from the current policy/quorum state and run the human approval flow again.
- Do not retry terminal lifecycle actions blindly.
executed,failed,rejected,canceled, andexpiredare terminal statuses.
Related
- Vault API - Wallet signing and action routes
- Policies API - Policy rule structure
- Approvals API - Transaction approval queue