> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/concepts/recovery.md). # Recovery (optional) Recovery lets a dWallet be restored when its owner loses access, without anyone custodying a key and without forcing the user onto a new chain. It is **opt-in per deployment**; check [`/capabilities`](https://api.andromedainfra.pro/capabilities). There are two recovery paths, both governed by the on-chain [`rules-policy`](/hub/andromeda/guides/deploy-policy/rules-policy.md) program: a fast **primary** path, and an **M-of-N quorum** path. ## The model A dWallet under recovery has: * a **primary owner**: one credential that can recover the wallet in a single step (the "bypass"), and * a **quorum roster**: a set of N recovery owners, any M of which together can recover the wallet, plus * guard rails: a **daily limit** and a **cooldown** between recovery actions. Recovery owners can be a hardware wallet, a passkey, the user's accounts on other devices, or trusted friends and family. Each is identified by a canonical 34-byte member slot: `[scheme byte, identifier bytes, zero padding]`. The identifier length depends on the scheme (an Ed25519 key is 32 bytes, an Ethereum-style address is 20 bytes, a compressed P-256 key is 33 bytes). ## Two flows ### Primary recovery (single transaction) 1. `POST /v1/recovery/primary/challenge` returns a 32-byte challenge, the expected nonce, and the primary's scheme. 2. The user signs the challenge with the primary credential. 3. `POST /v1/recovery/primary/submit` sends the signature. Andromeda assembles the Solana transaction, pays the gas, and broadcasts. You get back the transaction signature and the message-approval address. ### Quorum recovery (staged, no size limit) Because a single Solana transaction cannot carry an unbounded number of signatures, the quorum path stages contributions in a program-derived account (PDA): 1. **Open** a session. Andromeda snapshots the current roster into a PDA, so a concurrent roster change cannot race the session. 2. Each member **contributes** their signature in their own transaction. 3. When M contributions are in, **finalize** runs the cross-program call into Ika. 4. **Close** the session to reclaim the PDA rent. See [Run a recovery](/hub/andromeda/guides/run-recovery.md) for the exact calls and [Quorum via PDA staging](/hub/andromeda/on-chain-programs/quorum-staging.md) for the on-chain mechanics. ## Discovery: proving you own an external wallet Before a wallet can be used as a recovery owner (or linked), the user proves they control it. Discovery covers seven off-chain signing conventions: `ed25519-raw` (Solana), `ed25519-near` (NEP-413), `ed25519-aptos` (AIP-62), `secp256k1-eip191` (EVM), `secp256k1-adr036` (Cosmos), `secp256k1-bitcoin` (BIP-137), `sr25519-substrate`. Endpoints: `POST /v1/recovery/challenge` then `POST /v1/recovery/resolve`. An `appId` is required. See [Discovery](/hub/andromeda/guides/discovery.md). ## On-chain validation: zero attestor Every recovery signature, primary or quorum member, is verified by a Solana runtime precompile (Ed25519, Secp256k1, Secp256r1, or full WebAuthn for quorum members). Andromeda assembles and submits the transaction but does not vouch for the signature. A compromised Andromeda backend cannot forge a recovery. See [Zero attestor](/hub/andromeda/concepts/zero-attestor.md). Some high-security schemes are deliberately not available on-chain (sr25519, Ristretto, pure Bitcoin Taproot) because they cannot be validated by the runtime without an external attestor. Substrate users enroll with Ed25519 or Secp256k1 instead. See [Known limitations](/hub/andromeda/reference/limitations.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/concepts/recovery.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.