The Radix Rust SDK (radixdlt-rust-sdk) is a set of native Rust building blocks for the Radix ledger — the off-ledger primitives that, until now, existed mainly in JavaScript/TypeScript. It lets developers build authentication backends, transaction tooling, and wallet integrations entirely in pure Rust. The project is authored and maintained by Luis Alberto Reoyo Bolaños (GitHub genkipool) and is dual-licensed under MIT or Apache-2.0.
Background
Radix's off-ledger toolkit — the code that runs in a dApp backend or client rather than on the network — has historically been distributed as the official TypeScript packages such as @radixdlt/rola and the Radix dApp Toolkit. The Radix Rust SDK reimplements these primitives for the Rust ecosystem, giving server, desktop, and embedded developers a way to derive addresses, verify signatures, manage keys, and talk to wallets without a JavaScript runtime. It emphasises modular transports, native ROLA verification, and integration with AI agents.
Crates
The workspace is organised as a set of focused crates that can be pulled in individually or through an umbrella crate:
- radixdlt-sdk — umbrella crate re-exporting the others behind feature flags.
- radixdlt-rola — off-ledger authentication matching
@radixdlt/rola("log in with Radix"). - radixdlt-address — virtual-account address derivation.
- radixdlt-keystore — encrypted Ed25519 keystore using scrypt + AES-256-GCM.
- radixdlt-gateway-tx — Gateway client with local transaction signing.
- radixdlt-connect — Radix Connect over WebRTC for mobile-wallet integration.
- radixdlt-connect-iroh — Radix Connect over iroh / QUIC for direct SDK-to-SDK communication.
- radixdlt-connector-mcp — a local MCP server that lets AI agents pair a wallet and sign transactions.
- radixdlt-i18n — system-locale detection with bilingual text support.
Radix Connect over iroh
The radixdlt-connect-iroh crate defines a transport protocol that lets two pure-Rust peers exchange Radix wallet-interaction messages over iroh (QUIC). It is a Rust-native alternative to the WebRTC transport used by Radix Connect, enabling server-to-signer and device-to-device flows — such as "log in with Radix" and transaction signing — without routing through a mobile wallet. The full specification is published in its PROTOCOL.md.
Transport and framing
Peers connect as iroh 1.x endpoints over QUIC, negotiating the ALPN identifier radixdlt-connect-iroh/0. Each interaction uses one bidirectional QUIC stream: the connecting dApp sends first and the accepting Wallet receives first, so request/response ordering is maintained without a separate handshake. Messages are length-prefixed JSON documents — a 4-byte big-endian u32 length followed by a UTF-8 JSON body.
Roles
The dApp initiates the connection, sends the request, and verifies responses (notably ROLA proofs). The Wallet (signer) accepts the connection, holds the Ed25519 signing keys, and responds to interactions. A request envelope carries an interactionId (UUID-v4), metadata (version, network ID, dApp definition address, origin), and discriminated items; the response envelope echoes the same interactionId as either success or failure.
Interaction flows
The protocol supports the same interaction families as Radix Connect:
- Account proof (ROLA) — the dApp sends a challenge and its context; the Wallet signs a message incorporating the challenge, dApp definition, and origin; the dApp verifies the returned proofs natively via
radixdlt-rola::verify_account_proof, independent of transport authentication. - Transaction — the dApp sends a manifest and blobs; the Wallet compiles it, builds a notarized transaction, submits it to the Gateway, and returns the intent hash (even if the confirmation wait times out).
- Pre-authorization — the dApp sends a subintent manifest and expiration window; the Wallet signs a subintent with an epoch-based validity window (~5 minutes per epoch) and returns the signed partial transaction, which is not submitted.
Pairing, identity, and relays
A Wallet publishes a locator — a full ticket() (local addresses, for same-host or LAN pairing), an id_ticket() (endpoint ID only, for internet use with discovery), or an endpoint_id_string() (mDNS pairing). Identity can be ephemeral (a random key per run) or fixed (a 32-byte seed yields a stable EndpointId); reusing the Radix account key as the endpoint seed unifies channel and ledger identity. Relaying is configurable: Relay::Disabled keeps connections direct, while Relay::Enabled uses n0 public relays and discovery for NAT traversal. Errors surface through the IrohError enum (Bind, Connect, Accept, Stream, Protocol, Rejected).
Security properties
QUIC/TLS provides confidentiality and integrity, and the EndpointId authenticates peers at the transport layer. ROLA proofs are verified natively by the dApp, independent of that transport authentication. When the endpoint seed doubles as the account key, channel and ledger identity are tied together. A relay can observe connection metadata but never the encrypted stream contents.
AI-agent integration
The radixdlt-connector-mcp crate exposes a local Model Context Protocol server, letting AI agents pair a Radix wallet and request signatures through the SDK's transports. Combined with native ROLA verification and Gateway signing, this positions the Rust SDK as a foundation for agentic Radix tooling that runs entirely outside a browser.
