xolosArmy — Canonical Technical Document

WalletConnect v2 Infrastructure in the xolosArmy Ecosystem

A canonical engineering overview of the WalletConnect v2 (WCv2) integration between Xolo Legend (dApp) and RMZWallet / Tonalli (non-custodial wallet controller) on eCash (XEC), grounded in chain-agnostic CAIP standards (CAIP-25 / CAIP-10) to deliver secure, sovereign, and durable session-based UX.

Network: eCash (XEC) Protocol: WalletConnect v2 Identity: CAIP-25 / CAIP-10 Wallet: RMZWallet (Tonalli) dApp: Xolo Legend
Non-custodial signing Session negotiation Namespaces & methods Error handling Origin verification Tokens (ALP) & NFTs
Purpose

This document describes how WalletConnect v2 is used as a secure interoperability layer in xolosArmy: Xolo Legend builds intent and transactions, while RMZWallet (Tonalli) preserves custody, enforces user consent, and produces cryptographic signatures locally.

Design principle: the dApp constructs intent; the wallet owns keys.

1. Overview: Why WalletConnect v2 for xolosArmy

The xolosArmy ecosystem is built on eCash (XEC), leveraging fast, low-fee transactions and a modern token/NFT experience via eCash-compatible standards (including ALP eTokens). To connect sovereign, non-custodial custody with rich dApp interactions, xolosArmy adopts WalletConnect v2 as the canonical transport and session layer between Xolo Legend and RMZWallet / Tonalli.

WCv2 upgrades the interaction model from ad-hoc connections into a session-based protocol with robust permission negotiation, persistence, granular capabilities, and a standards-driven identity model through CAIP (Chain Agnostic Improvement Proposals). This enables a secure and chain-agnostic integration without inheriting EVM-centric assumptions.

2. eCash Foundation and the Role of RMZWallet (Tonalli)

RMZWallet (Tonalli) is the custodial boundary for users in xolosArmy. It is a modern web wallet (PWA-friendly) designed to keep the user’s seed phrase and private keys local, encrypted, and never exposed to external applications or relays.

Sovereignty Guarantee

RMZWallet signs locally. Keys do not leave the device. WalletConnect transmits only requests and responses through encrypted channels.

2.1 Tokens and NFTs

The ecosystem token $RMZ operates as an ALP eToken. RMZWallet also supports xolosArmy NFTs, including metadata retrieval (e.g., via IPFS/Pinning infrastructure) and user-level asset visualization. WalletConnect sessions can authorize dApps like Xolo Legend to request account visibility and transaction signing for these assets without ever obtaining custody.

3. CAIP-25 Sessions: Namespace Negotiation as the Core Contract

The security contract between Xolo Legend and RMZWallet is expressed through CAIP-25 session negotiation. The dApp sends a session proposal describing required capabilities. The wallet validates that proposal, prompts the user for consent, and returns the approved session namespaces with CAIP-10 formatted accounts.

3.1 Structure of a Session Proposal

WCv2 organizes permissions into namespaces. Each namespace specifies: chains, methods, and events. The proposal is split into: requiredNamespaces and optionalNamespaces.

Field Technical function Importance
requiredNamespaces Capabilities the wallet must support for the session to be created. Critical
optionalNamespaces Capabilities the wallet may support if available, without blocking the session. High
chains List of CAIP-2 chain identifiers requested by the dApp (e.g., an eCash CAIP-2 id). Mandatory
methods JSON-RPC methods the dApp wants to call (e.g., signing, transaction requests). High
events Real-time notifications expected by the dApp (e.g., account changes). Moderate
Validation Rule

If a required namespace has an empty or unsupported chains list, RMZWallet must reject the proposal with an appropriate WCv2 error (commonly in the 5100–5102 range).

3.2 Approval and Session Creation

After validation and explicit user consent, RMZWallet returns the session namespaces confirming exactly what is approved. Accounts are expressed using CAIP-10. 

{
  "namespaces": {
    "ecash": {
      "accounts": [
        "ecash:<chain-id>:<address-or-account-identifier>"
      ],
      "methods": [
        "ecash_signTransaction",
        "ecash_signMessage"
      ],
      "events": [
        "accountsChanged",
        "chainChanged"
      ]
    }
  }
}

Note: chain identifiers and method naming should reflect the canonical choices in xolosArmy’s implementation. The example above illustrates the structure, not a mandated naming convention.

3.3 wallet_* Methods and Chain-Optional Requests

Some requests (notably methods prefixed with wallet_) can be defined as chain-optional in WCv2. This enables future expansion—such as adding chains or environments—without forcing a chain target at request time. For xolosArmy, this creates a forward-compatible path for additional layers and ecosystem growth.

4. Implementation in RMZWallet (Tonalli)

RMZWallet is built with a modern web stack (TypeScript + Vite) and integrates WCv2 through dedicated components responsible for pairing, session lifecycle, request routing, and user consent.

4.1 Chain Data: Chronik + ecash-lib

As a WalletConnect controller, RMZWallet must maintain reliable chain state visibility: balances, UTXOs, token ownership, and transaction confirmation. This is achieved through:

  • Chronik for index-backed chain queries and real-time balance/UTXO tracking.
  • ecash-lib for local transaction construction and signing.
Rescan & UTXO Consistency

A “rescan” capability (UTXO/balance refresh) is critical during active WC sessions to reduce risks of stale state, invalid inputs, double-spend conflicts, or failed broadcasts.

4.2 Core Components: Lifecycle and Request Queueing

In a typical controller architecture, WCv2 responsibilities are split into:

Component Role in the integration Notes
WcWallet.ts WalletConnect v2 lifecycle: pairing, session proposals, approvals, request handling. TypeScript + WC SDK
offerQueue.ts Asynchronous queue for inbound signing/transaction requests and user prompts. Prevents UX collisions
ChronikClient.ts Chain index queries for XEC/ALP/NFT state; keeps app state consistent. Real-time reliability
PWA / Manifest Offline-friendly wallet UX + controlled session reconnection patterns. Service workers

5. Xolo Legend dApp: Bridge, Persistence, and Events

On the dApp side, Xolo Legend initiates pairing and manages session persistence via its WalletConnect bridge modules (for example: WcBridge.tsx and walletconnect.ts). The dApp typically generates a QR code or a deep link that the user opens with RMZWallet.

5.1 Session Persistence

One of WCv2’s strongest UX benefits is persistent sessions. Xolo Legend can reconnect using a session identifier stored locally, reducing repeated QR scans while keeping the permission scope explicit and auditable.

5.2 Event Tunnels: Reactive UX

The dApp subscribes to wallet events (e.g., accountsChanged) so that account switching within Tonalli is reflected instantly in Xolo Legend’s UI. This enables real-time reactivity without polling or insecure custom transports.

6. Signing Flow and Cryptographic Security

When a user triggers an on-chain action in Xolo Legend (e.g., purchasing an item, interacting with a token module, or publishing a cultural on-chain message), the dApp sends a JSON-RPC request through WCv2. RMZWallet validates, prompts the user, then signs locally and returns the signed transaction for broadcast.

Security Model

RMZWallet retains the private key. Only the signed artifact returns to the dApp. The verification concept can be modeled as:

$V(S, M) \rightarrow \{True, False\}$ where $S$ is the signature, $M$ is the message (transaction), and $V$ is the public key.

7. Validation and Error Handling

WCv2 defines standardized error codes that both wallet and dApp should handle to preserve reliability and user trust. Errors can originate from technical failures, malformed requests, unsupported capabilities, or explicit user rejection.

Error range / code Category Meaning
5001 User rejection User explicitly rejected the request or proposed permissions.
5100–5102 Unsupported capability Chains, methods, or events requested are not supported by the wallet.
5201–5302 Malformed request Invalid structure or payload error from the dApp side.
1006 Invalid namespace Namespace structure does not conform to SDK requirements.
Common Integration Pitfall

Non-conforming namespaces typically occur when the dApp requests a chain identifier or method set the wallet has not enabled. For eCash, ensuring that RMZWallet responds consistently to the chosen CAIP-2 chain id(s) is essential for stable connectivity.

8. Observability and Origin Verification

8.1 Telemetry (Non-sensitive)

WCv2 SDKs can expose telemetry signals about runtime behavior and error codes. Properly configured, telemetry can help identify bottlenecks in session approval flows without collecting sensitive user data such as balances, addresses, or holdings.

8.2 VerifyContext: Preventing Phishing

The VerifyContext feature allows RMZWallet to assess the origin of a session request and classify it as valid, invalid, or unknown. This helps prevent phishing attempts where a malicious site imitates Xolo Legend to capture permissions.

Recommended UX

If origin is unknown, RMZWallet should clearly warn the user and require explicit confirmation. If invalid, it should block by default.

9. Tokens, NFTs, and On-Chain Culture via WalletConnect

The integration is not limited to XEC transfers. xolosArmy leverages on-chain primitives to support:

  • ALP eTokens such as $RMZ for community economics and incentives.
  • NFT collections that represent identity, access, culture, and digital artifacts.
  • OP_RETURN messages to anchor proposals, events, and cultural signals on-chain.

9.1 Storage and Visualization

RMZWallet can integrate NFT metadata retrieval (e.g., IPFS + pinning), enabling Xolo Legend to request permission to view and incorporate user-owned NFTs into gameplay, social layers, or access modules—without compromising custody.

NFT feature Implementation User impact
Custody Local to RMZWallet (Tonalli) Total sovereignty over the asset
Metadata IPFS + pinning infrastructure Durable, decentralized media
Visualization Xolo Legend via WCv2 session permissions Unified user experience
Transfer eCash transaction layer via ecash-lib Fast, low-cost movement

10. Evolution and Roadmap: Extensible Sessions

WalletConnect v2 is intentionally modular. This allows xolosArmy to expand supported namespaces, methods, and session patterns as new modules arrive—without redesigning the communication layer.

Near-term growth areas may include crowdfunding modules, native payment flows for ecosystem services, and richer transaction intents exposed as wallet-approved JSON-RPC methods—while keeping the wallet’s security boundary intact.

11. Conclusion: Secure Interoperability as the Ecosystem Backbone

The WCv2 integration between Xolo Legend and RMZWallet (Tonalli) is a cornerstone of xolosArmy engineering: it balances security, interoperability, and user sovereignty through CAIP-based session negotiation and local signing.

With strict namespace validation, standardized error handling, origin verification, and a chain-aware state layer (Chronik + ecash-lib), the ecosystem achieves a durable and scalable communication fabric—capable of supporting tokens, NFTs, and the broader cultural/utility vision of xolosArmy on eCash.

Canonical note: This article describes the architectural contract and integration patterns. Exact method names, chain identifiers, and module paths should reflect the current xolosArmy codebase conventions.

© xolosArmy — “Your keys never move. Your intent does.”