Skillget

namera

agent
Guvenlik Denetimi
Uyari
Health Uyari
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Uyari
  • crypto private key — Private key handling in apps/cli/src/commands/keystore/decrypt.ts
  • crypto private key — Private key handling in apps/cli/src/commands/keystore/import.ts
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This tool is a programmable wallet layer and session key manager. It enables automated agents to securely interact with smart wallets using scoped access and predefined execution rules.

Security Assessment
Because this tool manages blockchain wallets and cryptographic keys, it inherently handles highly sensitive data. The automated scans flagged private key handling within two CLI commands (decrypt and import), which is standard for a wallet manager but still requires careful handling. No hardcoded secrets or dangerous system permissions were found. The tool likely makes network requests to interact with blockchain networks, but overall, the risk is rated as Medium. You must be extremely careful not to expose your local environment or configuration files when running it.

Quality Assessment
The project is relatively new and has very low community visibility, currently sitting at only 5 GitHub stars. However, it is under active development, with repository updates pushed as recently as today. The codebase is well-organized as a TypeScript monorepo, includes proper documentation, and uses standard development tools. Additionally, it uses the permissive Apache-2.0 open-source license, meaning there are no restrictive legal barriers to adopting or contributing to the software.

Verdict
Use with caution—the code is actively maintained and transparent, but due to the inherent risks of handling private wallet keys and its early-stage, low-community adoption status, you should thoroughly review the code before integrating it into a production environment.
SUMMARY

Namera is a programmable wallet layer that enables agents to securely interact with smart wallets using scoped access and defined execution rules.

README.md

Namera

Namera is a programmable session key layer for smart wallets. It enables wallets to delegate scoped permissions through session keys with programmable policies, designed for agents, automation, and multi-chain execution.

License GitHub stars

Contents

Monorepo Structure

Namera is organized as a Turborepo monorepo using Bun as the package manager.

Apps

Package Description
apps/cli CLI for managing accounts, sessions, wallets and running local MCP server
apps/docs Developer documentation built with Fumadocs + Tanstack Start

Packages

Package Description
packages/sdk Core TypeScript SDK for smart accounts, session keys, policies, and transaction execution
packages/config Centralized configurations (tsconfig, Biome, Vitest, tsdown)
packages/ui Shared UI components

Documentation

Full documentation is available at namera.ai/docs.

  • SDK Docs — smart accounts, session keys, policies, transactions, signing
  • CLI Docs — keystore, smart account, session key commands, MCP server
  • Getting Started — end-to-end guide from installation to first transaction

Quick Start

Prerequisites

  • Node.js 18+
  • pnpm: npm install -g pnpm

Installation

Clone the repository and install dependencies:

gh repo clone thenamespace/namera
cd namera
pnpm install

Development

Start all apps in development mode:

pnpm run dev

Build all packages and apps:

pnpm run build

To build a specific package or app:

pnpm run build --filter=@namera-ai/sdk
# or
pnpm run build --filter=@namera-ai/cli

Lint and format:

pnpm run lint
pnpm run lint:check

Contributing

Contributions are welcome. Please read the guidelines below before submitting a PR.

Development Workflow

  1. Fork the repository and create a branch for your changes
  2. Install dependencies with pnpm install
  3. Make your changes and ensure tests pass
  4. Run linting with pnpm run lint
  5. Open a pull request against main

All PRs should:

  • Follow the existing code style (Biome enforces this)
  • Use Effect patterns (Effect.gen, @effect/schema for validation, tagged error classes)
  • Include tests where applicable
  • Pass CI checks

Commit Convention

This repo uses Conventional Commits. Commit messages should follow this format:

<type>(<scope>): <description>

Common types:

  • feat: new feature
  • fix: bug fix
  • docs: documentation changes
  • chore: tooling, config, or maintenance
  • refactor: code changes that do not fix bugs or add features
  • test: adding or updating tests

Example:

feat(sdk): add passkey session key support
fix(cli): resolve keystore decryption edge case
docs: update session key policy examples

Commitlint is configured via lefthook and will validate commits automatically.

Versioning and Releases

This repo uses Changesets for versioning and publishing.

To version packages:

pnpm run changeset

Changesets will guide you through selecting the version bump (major, minor, patch) for each package. The CI pipeline handles publishing when a release PR is merged, and approved by a maintainer.

Security

Please report security issues via GitHub Security Advisories: https://github.com/thenamespace/namera/security

Do not open a public issue for security vulnerabilities.

License

Apache 2.0. See LICENSE.

Yorumlar (0)

Sonuc bulunamadi