Skip to main content
Spiral’s execution tools are non-custodial. The server never signs, sends, or holds keys — it only constructs the transaction the user’s own wallet will sign.

The output of a build

build_leverage_tx and build_manage_tx return:

Two ways to execute

Sign the payload (agents)

Send approvals[] first (if any), then tx, from userAddress — with any wallet, signer library, or Safe. This is the canonical path.

Hand off the link (humans)

Open meta.signingUrl — a one-click link into the Spiral app, prefilled, so a person reviews and signs in their own wallet.

Safety built into every bundle

  • Approvals are exact — scoped to the precise contract that pulls the funds, for the exact amount (never infinite).
  • Every swap carries a minTokenOut floor (≥ 99% of the quote; slippage capped at 1%) — it can’t be sandwiched to zero.
  • The tx targets the market you chose and onBehalfOf is the signer’s address.
  • meta.expiresAt — the embedded swap calldata is time-sensitive (~60s). Rebuild if it lapses before signing.
Building a transaction for an address you don’t control is inert — it can’t be signed without that wallet’s key, and it reveals only on-chain-public data.