PENGUARDS: Abstract Session keys Security Manager

Review Abstract session keys, monitor risk signals, and revoke access directly from the browser.

# PENGUARDS — Abstract Session Key Security Guard PENGUARDS is the supervisory companion for Abstract Global Wallet (AGW). It surfaces every active session key in a consolidated dashboard, translates complex permission sets into plain language, and delivers controlled revocation workflows so teams can keep their wallets safe without leaving the browser. Built on top of Abstract’s published APIs and policy registry, the extension mirrors mainnet safeguards and adds real-time risk scoring to highlight the keys that need attention first. ## Why install it - **Immediate visibility:** As soon as you connect, PENGUARDS enumerates every session key tied to your wallet—including issuer, signer, creation transaction, and validator status. - **Actionable risk insights:** A 0–100 score and colour-coded badges show where exposure is highest. “Risk signals” explain the leading issues (broad scopes, long expiries, unsafe approvals) so you know exactly what to tighten. - **Controlled remediation:** Revoke individual sessions with confirmation guards, or clear everything with “Revoke all.” A dedicated task window manages wallet approvals and keeps you informed until each revocation finishes. - **Human-friendly permissions:** Call and transfer policies are rendered in readable sentences with constraints, value limits, and reset timers. Tooltips reference the Abstract Session Key Policy Registry verdicts—including decoded spender addresses for approvals. - **Operational extras:** Copy helpers for hashes and signers, explorer shortcuts, automatic refresh after every action, and accessibility-minded design make routine reviews fast and reliable. ## Key capabilities at a glance - **Session ledger:** Sorted from Critical to Info severity so the riskiest sessions appear first. Cards display raw score, percentile rank (within your wallet), expiry timestamp, fee budget, and policy counts. - **Brand glow indicator:** The header emblem glows red, amber, or green depending on the worst active severity—offering an instant readout before you even scroll. - **Detailed breakdowns:** Expand “Allowed contract calls,” “Allowed transfers,” “Fee limits,” and “Expiration” to inspect per-use caps, lifetime/periodic value limits, constraint coverage, and registry status. - **Approval enforcement:** The risk engine verifies pinned spenders, looks up `(token, spender)` registry verdicts, and flags multi-spender allowlists with partial credit plus warnings, mirroring Abstract mainnet policy rules. - **Telemetry hooks (optional):** Feed signer reuse levels or open-session counts into the scoring model to tailor hygiene signals to your organisation. - **Privacy-first footprint:** Only four endpoints are contacted (`backend.portal.abs.xyz`, `api.mainnet.abs.xyz`, `www.4byte.directory`, and abscan when you open a link). Metadata is cached locally with TTLs; no private keys, seed phrases, or analytics are collected. ## Onboarding flow 1. Pin the extension from Chrome’s Extensions menu for quick access. 2. Open the popup and select **Connect wallet**; approve the “read session keys” request in AGW. 3. Review the severity banner, risk signals, and detailed policy breakdowns. 4. Revoke any sessions you no longer trust—individually or with **Revoke all**. 5. Watch the status banner and toast notifications for confirmation; the dashboard refreshes automatically when each session closes. ## Designed for security teams and power users - **Incident response:** Quickly audit which dApps still hold session access after a security advisory, then revoke at scale. - **Routine hygiene:** Schedule weekly or monthly reviews to keep exposure minimal—even for non-technical stakeholders. - **Compliance evidence:** Copy the risk breakdown JSON for ticketing systems, change logs, or internal audits. ## Built to match Abstract’s guardrails - Validates policy registry status (Allowed / Unset / Blocked) for every call, transfer, and approval. - Computes `getSessionHash(sessionConfig)` locally and compares it with the validator’s stored hash to guard against tampering. - Scores short expiries, constrained spend, and narrow scopes higher—rewarding the same best practices Abstract recommends for production launches. ## What’s included - **Extension icon & branding** that align with Abstract’s visual language. - **High-resolution screenshots** demonstrating the dashboard, risk breakdowns, and revoke flows. - **Privacy policy** packaged with the extension (https://penguards.zer0luck.kr/privacy) to make data usage transparent. Keep your Abstract wallet lean, informed, and in control—install PENGUARDS to see everything that can act on your behalf and shut down unnecessary access in seconds.