Your auditor surface area
Every signal you publish or share gives auditors more visibility into your shielded activity, and you control each independently. Nothing here is set by default; you opt into each layer when you want it.
SNS subdomain registered
Not setSenders can resolve a memorable name (e.g. alice.utxopia.sol) to your stealth address. Without this, only people who copy-paste your `utxo:` string can pay you.
Auditor-disclosable bit
OffPublic signal on your SNS record that you're OK receiving outgoing audit memos. Senders see an 'auditor-disclosable' chip when they enter your name.
Designated auditor pubkey
Not setOptional 32-byte Solana pubkey on your SNS record, telling senders who you've granted read-only access to. It is a hint; the actual viewing key share is still out-of-band.
Delegated view keys issued
None issuedEncrypted, slot-scoped viewing keys you've handed to specific auditors. Each one lets the recipient scan your IN (+ OUT, once sender memos populate) records over the chosen slot range, but never spend.
Next step
Register an SNS subdomain first. Every other signal hangs off it. Head to Settings.
What auditors with your viewing key still can't see
- Your spending key. They read but never sign on your behalf.
- Your funds. Issuing a viewing key doesn't move anything.
- Outgoing flows from before sender-memos shipped, or transfers with sender memos disabled (NEXT_PUBLIC_DISABLE_SENDER_MEMOS=1).
- Activity outside the slot range you scoped the delegation to.