Delegated Access for Automated Systems
What is Härdig
Härdig is vault-like position management on Solana, built on Nirvana Finance. You lock a position, then issue scoped NFT keys to other wallets. Your main wallet stays offline — delegated keys handle day-to-day operations.
How Delegated Keys Work
Keys are MPL-Core NFTs with a permission bitmask. The position owner mints keys and transfers them to agent wallets. Keys are revocable at any time. Standard wallet tooling works — no custom integration needed to hold a key.
Permission Reference
Purchase navSOL into the position.
Sell navSOL from the position.
Borrow SOL against the floor price.
Repay outstanding debt.
Reinvest market/floor spread.
Authorize or revoke other delegated keys.
Sell with rate-limited token bucket.
Borrow with rate-limited token bucket.
Rate Limits
Rate-limited permissions (limited_sell, limited_borrow) use a token-bucket model with configurable capacity and refill period. This prevents draining a position in a single burst. The position owner sets these parameters per key.
Safety Model
The position owner retains full control. Keys cannot transfer ownership, escalate permissions, or bypass rate limits. A dead man's switch (recovery key) protects against lost admin keys. All operations are on-chain and verifiable.
Integration
An agent receives an NFT key to its wallet. It reads the key's permissions from on-chain attributes and operates within those bounds. The Härdig program enforces all limits — the agent cannot overstep even if it wanted to.
Program: 4U2Pgjdq51NXUEDVX4yyFNMdg6PuLHs9ikn9JThkn21p
Härdig CLI
The repo includes a Rust CLI that agents can build and run locally. It reads a delegated key from a local keypair file and executes position operations directly against the on-chain program — no browser or web UI required.
$ git clone https://github.com/digital-forest-space/hardig
$ cd hardig && cargo build --release -p hardig-cli
$ ./target/release/hardig-cli --help
The CLI supports all Härdig functions — position creation, key management, financial operations, recovery, and more. See the GitHub repo for full documentation.
Getting Started
Create a position and mint an admin key to the agent's wallet. The agent uses manage_keys to create a delegated key scoped to the permissions it needs — for example buy, reinvest, and borrow. The agent then sends the admin key back to the human, who moves it to cold storage out of the agent's reach.
The agent now operates with only the permissions it was given. Even if a prompt injection attack compromises the agent's private key, the attacker can only act within those scoped permissions — they cannot escalate, sell the full position, or extract the admin key. Funds at risk are limited to what the agent can borrow, and the underlying position stays safe.