Send Wallet

Send is a passkey-based Canton wallet that exposes the splice-wallet-kernel OpenRPC contract via window.canton. The dApp connection layer is open-sourced as Sigilry; this PartyLayer adapter wraps that contract with the same surface every other Canton wallet uses.

How Send Differs

Installation

Send is delivered as a browser extension. Direct your users to the Send wallet homepage at sigilry.org for current installation instructions before they can connect.

npm install @partylayer/sdk @partylayer/react @partylayer/adapter-send

With PartyLayerKit auto-discovery there is no further wiring — Send appears in the wallet picker automatically. If you build a custom adapter set, register SendAdapter alongside the others:

import { createPartyLayer, getBuiltinAdapters, SendAdapter } from '@partylayer/sdk';

const client = createPartyLayer({
  network: 'mainnet',
  appName: 'My dApp',
  adapters: [...getBuiltinAdapters(), new SendAdapter()],
});

Connection Flow

import { useConnect } from '@partylayer/react';

function ConnectWithSend() {
  const { connect, isConnecting } = useConnect();
  return (
    <button
      onClick={() => connect('send')}
      disabled={isConnecting}
    >
      {isConnecting ? 'Connecting…' : 'Connect with Send'}
    </button>
  );
}

End-to-end user experience:

• User clicks Connect with Send.
• Send extension shows its Connect to Site? permission prompt.
• On approval, the OS surfaces a passkey prompt (Touch ID / Face ID).
• Once unlocked, the SDK receives a session containing partyId, kernelId, and the wallet's public key.

Reading the Ledger

Send proxies the Canton v2 JSON Ledger API through Sigilry's ledgerApi RPC method. Use useLedgerApi for any read-side query:

import { useLedgerApi } from '@partylayer/react';

function LedgerEndDisplay() {
  const { ledgerApi } = useLedgerApi();
  const [offset, setOffset] = useState<string | null>(null);

  useEffect(() => {
    ledgerApi({
      requestMethod: 'GET',
      resource: '/v2/state/ledger-end',
    }).then(({ response }) => {
      const parsed = JSON.parse(response) as { offset: string };
      setOffset(parsed.offset);
    });
  }, [ledgerApi]);

  return <div>Ledger end: {offset ?? 'loading…'}</div>;
}

For active-contracts queries with eventFormat, see the Wallet Balances guide — Send accepts the same request shape as the other ledger-API-capable adapters.

Token Standard Transfers (CIP-56)

Send signs and submits transactions in a single step via prepareExecuteAndWait. The wallet handles Scan-side coordination, choice context lookup, and passkey signing internally. Adapter consumers call submitTransaction with a JsPrepareSubmissionRequest:

import { useSubmitTransaction } from '@partylayer/react';

const { submit } = useSubmitTransaction();

await submit({
  signedTx: {
    commandId: crypto.randomUUID(),
    commands: [
      {
        ExerciseCommand: {
          templateId:
            '#splice-api-token-transfer-instruction-v1:Splice.Api.Token.TransferInstructionV1:TransferFactory',
          contractId: factoryCid,
          choice: 'TransferFactory_Transfer',
          choiceArgument: { /* …Scan-derived shape… */ },
        },
      },
    ],
    actAs: [session.partyId],
  },
});

See Token Transfers for the full CIP-56 flow including the Scan /registry/transfer-instruction/v1/transfer-factory endpoint and the choice-context tagged-union shape.

Capability Matrix

• connect — supported (Sigilry connect RPC + getPrimaryAccount)
• disconnect — supported
• restore — supported (silent status probe; no popup on reload)
• signMessage — supported (passkey-signed)
• signTransaction — not supported; fused into prepareExecute. Calling it throws CapabilityNotSupportedError pointing at submitTransaction.
• submitTransaction — supported via prepareExecuteAndWait; receipt populated from tx.payload.updateId.
• ledgerApi — supported (full Sigilry passthrough; matches Console / Nightly).
• events — supported; txChanged bridged to PartyLayer tx:status.
• injected — supported via window.canton with kernel.id guard.

Network Support

This adapter integrates with Send on canton:mainnet.

Troubleshooting

• "Send not detected" — the extension is missing, or window.canton.kernel.id doesn't match Send. The adapter intentionally refuses to claim foreign providers (e.g. another splice-wallet-kernel-compatible extension); install Send and reload.
• "Connection cancelled" — the user dismissed the passkey prompt or the extension popup. Triggering connect again is safe.
• "Authentication Failed: Cannot reach authentication server" — Send's backend at auth.cantonwallet.com is unreachable. Check network and retry.
• "OAuth state mismatch" — stale Send session. Clear cookies for cantonwallet.com and reconnect.
• Transaction errors with hint "Execute Unknown on Unknown" — legacy Amulet_Transfer exercise on Splice.Amulet:Amulet. Migrate to CIP-56 TransferFactory_Transfer; see Token Transfers.

Security Notes

• Private keys never leave the extension. Passkey signing happens on the user's device through WebAuthn-PRF; PartyLayer never touches the underlying key material.
• Session JWT is held by the extension. The adapter receives an access token in status.session.accessToken for the lifetime of the connection; PartyLayer's session-persistence layer encrypts state at rest in the dApp's configured storage.
• Registry-driven detection guard. Every Send adapter call verifies the live window.canton provider against the registry's providerDetection rules before forwarding. If a different splice-wallet-kernel-compatible extension grabs the global, Send adapter cleanly returns not installed and yields to the matching adapter rather than acting on a foreign provider.

References

• Send (cantonwallet.com)
• Sigilry — open-source dApp SDK powering Send
• CIP-56 Token Standard guide
• Capability matrix across all six wallets