Namera is a programmable wallet layer that enables agents to securely interact with smart wallets using scoped access and defined execution rules

How do agents access wallets?

Agents are granted access through scoped session keys, which define what actions they can perform and under what conditions

Are funds safe if agents control wallets?

Yes. All actions are restricted by defined permissions and enforced onchain, preventing unauthorized transactions or access beyond allowed rules

What are session keys?

Session keys provide temporary, scoped access to wallets, allowing agents to perform specific actions without exposing the main private key

Do I need to run infrastructure?

No. Namera provides a managed platform with hosted services, so you can get started without running your own backend. However, you can also use the CLI to manage your own keystores and smart accounts

How do I integrate Namera?

You can integrate using the SDK for applications, the CLI for local workflows, or the MCP server for agent-based systems

What is MCP in Namera?

MCP is a programmable interface that allows agents to securely interact with wallets and execute actions within defined rules

Revoke Session Key

Revoking a session key removes its permissions from the account. This action must be executed by the owner account client (the primary signer), not by the session key itself. You also need the serializedAccount returned when the session key was created so the account can identify which key to revoke.

Import

import { createAccountClient } from "@namera-ai/sdk/account";
import { revokeSessionKey } from "@namera-ai/sdk/session-key";

Usage

index.ts

import { createAccountClient } from "@namera-ai/sdk/account";
import { revokeSessionKey } from "@namera-ai/sdk/session-key";
import { http } from "viem";
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
import { mainnet } from "viem/chains";
import { publicClient } from "./clients";

const ownerSigner = privateKeyToAccount(generatePrivateKey());

const ownerClient = await createAccountClient({
  type: "ecdsa",
  signer: ownerSigner,
  bundlerTransport: http("https://public.pimlico.io/v2/1/rpc"), // Public Pimlico RPC
  chain: mainnet,
  client: publicClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
});

const sessionPrivateKey = "0xYOUR_SESSION_PRIVATE_KEY";
const sessionKeySigner = privateKeyToAccount(sessionPrivateKey);

const txHash = await revokeSessionKey({
  type: "ecdsa",
  client: ownerClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
  serializedAccount: "SERIALIZED_SESSION_KEY_ACCOUNT",
  signer: sessionKeySigner,
});

Examples

Revoke a session key using a paymaster.

index.ts

import { createAccountClient } from "@namera-ai/sdk/account";
import { revokeSessionKey } from "@namera-ai/sdk/session-key";
import { createPublicClient, http } from "viem";
import { createPaymasterClient } from "viem/account-abstraction";
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
import { mainnet } from "viem/chains";

export const publicClient = createPublicClient({
  chain: mainnet,
  transport: http(),
});

const paymaster = createPaymasterClient({
  transport: http("ZERO_DEV_PAYMASTER_URL"),
});

const ownerSigner = privateKeyToAccount(generatePrivateKey());

const ownerClient = await createAccountClient({
  bundlerTransport: http("https://public.pimlico.io/v2/1/rpc"), // Public Pimlico RPC
  chain: mainnet,
  client: publicClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
  paymaster,
  signer: ownerSigner,
  type: "ecdsa",
});

const sessionPrivateKey = "0xYOUR_SESSION_PRIVATE_KEY";
const sessionKeySigner = privateKeyToAccount(sessionPrivateKey);

const txHash = await revokeSessionKey({
  type: "ecdsa",
  client: ownerClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
  serializedAccount: "SERIALIZED_SESSION_KEY_ACCOUNT",
  signer: sessionKeySigner,
});

The Bundler URL above is a public endpoint. Please do not use it in production as you will likely be rate-limited. Consider using Pimlico's Bundler, Biconomy's Bundler, or another Bundler service.

Parameters

type

Value: "ecdsa" | "passkey"

index.ts

const txHash = await revokeSessionKey({
  type: "ecdsa", // or "passkey"
  client: ownerClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
  serializedAccount: "SERIALIZED_SESSION_KEY_ACCOUNT",
  signer: sessionKeySigner,
});

client

The owner account client that controls the smart account.
Must be created with the primary signer (not the session key).

serializedAccount

The serialized session key account returned by createSessionKey.

signer

Only required when type="ecdsa".
The session key signer corresponding to the session key being revoked.

index.ts

const txHash = await revokeSessionKey({
  type: "ecdsa",
  client: ownerClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
  serializedAccount: "SERIALIZED_SESSION_KEY_ACCOUNT",
  signer: sessionKeySigner, 
});

webAuthnKey

Only required when type="passkey".
The WebAuthn key used by the passkey session key.

index.ts

const txHash = await revokeSessionKey({
  type: "passkey",
  client: ownerClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",
  serializedAccount: "SERIALIZED_SESSION_KEY_ACCOUNT",
  webAuthnKey, 
});

entrypointVersion

Type: EntrypointVersion => "0.6" | "0.7" | "0.8" | "0.9"

index.ts

import { EntryPointVersion } from "viem/account-abstraction";                
type EntryPointVersion = "0.6" | "0.7" | "0.8" | "0.9"
@linkhttps://github.com/eth-infinitism/account-abstraction/releases

kernelVersion

Type: KernelVersion => "0.0.2" | "0.2.2" | "0.2.3" | "0.2.4" | "0.3.1" | "0.3.2" | "0.3.3"

Note: Kernel 0.2.x supports only Entrypoint 0.6. For Kernel 0.3.x, you can use Entrypoint 0.7 or 0.8.

index.ts

const txHash = await revokeSessionKey({
  type: "ecdsa",
  client: ownerClient,
  entrypointVersion: "0.7",
  kernelVersion: "0.3.2",  
  serializedAccount: "SERIALIZED_SESSION_KEY_ACCOUNT",
  signer: sessionKeySigner,
});

For session key creation context, see Create Session Key or Create Passkey Session Key.

Revoke Session Key

On this page