The three contracts
| Contract | Type | Role |
|---|---|---|
| KeyStore | Standalone contract | Onchain registry of public keys per account. Stores key material, tracks sign counts, manages activation and revocation. |
| WebAuthnValidator | ERC-7579 Validator | Installed on the smart account. Verifies passkey/hardware signatures (P-256) against the KeyStore. Returns the keyId of the signer. |
| FunctorPolicyHook | ERC-7579 Hook | Installed on the smart account. Runs before and after every transaction. Enforces policies, collects fees, updates state, emits audit events. |
How they connect
The validator answers who is signing. The hook answers what are they allowed to do.Two repos
| Repo | Contains |
|---|---|
| functor-keystore | Solidity contracts: KeyStore, validators, FunctorPolicyHook. Foundry project. Deployed onchain. |
| functor-engine | Dashboard (Next.js), SDK (TypeScript). Reads and writes to the onchain contracts. No server-side policy logic. |
ERC-7579 compatibility
All modules implement the ERC-7579 standard. This means they work on any compliant smart account:- ZeroDev Kernel - native ERC-7579
- Biconomy Nexus - native ERC-7579
- Safe - via the Safe7579 adapter
Security properties
- No contract holds user funds. Fees are direct transfers. Policy state is logic, not money.
- Non-custodial. Private keys never touch Functor infrastructure. Keys are in hardware (Secure Enclave, FIDO2) or held by the agent locally.
- Fail-safe default. If the hook can’t evaluate a policy (missing data, unknown rule type), the transaction is denied. Policy failures never bypass enforcement.
- Zero vendor lock-in. Functor’s tech stack is credibly neutral. Built on ERC-7579, an open standard supported by ZeroDev, Biconomy, Safe, and Rhinestone. The developer can uninstall Functor modules at any time and switch to any other ERC-7579 module. Their smart account, keys, and funds are theirs regardless.