Keycat is a non-custodial smart wallet that lives in one encrypted file and comes back with just your email. No seed phrase, gasless transactions, and a plain-language review before you sign.
Self custody has one terrifying rule: lose your secret, lose everything. Keycat fixes that.
Your whole wallet is a single encrypted file, protected by your password and optionally your device biometric. There is no seed phrase to write down. Every wallet is a MetaMask smart account, so transactions are gasless (fees settle in stablecoins through the 1Shot permissionless relayer, no ETH required) and the signing key is rotatable. Before you sign anything, Venice AI reads the transaction and explains it in plain language, flagging risks like unlimited approvals, paid per use over x402 through a scoped ERC-7710 delegation from your own account.
The part no other wallet does: if you lose your file, you recover the wallet with just your email. Recovery is verified entirely on chain by a zero knowledge proof of a signed email, with a safety timelock you can cancel. Your account rotates to a fresh key. Same wallet, same balance.
Keycat runs zero backend. No server, no database, no API keys. It cannot take, freeze, see, or track anything, because there is nothing on our side to do it with. It ships both as a one script embeddable widget for any dApp and as a full standalone wallet.
Built from scratch during the hackathon:
- Keystore crypto library (Argon2id + AES-256-GCM, optional WebAuthn PRF device factor) with a self describing file format.
- Full wallet UI and an EIP-1193 / EIP-6963 embed SDK, plus a standalone wallet app and a KittySwap demo dApp.
- MetaMask smart accounts with a fresh-deploy path and an EIP-7702 instant upgrade path.
- Gasless transactions via scoped ERC-7710 delegations relayed through the 1Shot permissionless relayer, with stablecoin fees and webhook status.
- AI transaction review paid per request over x402 plus ERC-7710, with Venice AI inference.
- On chain email recovery: a KeycatRecoveryController over ZK Email, with client side account salt derivation so the email never hits a third party API, plus a timelock and cancel window.
Honest notes on what is real versus a documented stand in are kept in BLOCKERS.md.
Not currently raising. Built during the hackathon and open to grants. Runs at zero infrastructure cost by design, since there is no backend to host.