Mycelium

Pick a role, let the little guide walk you through 选个角色,让卡通向导带你走一遍

Cos72 is an account-abstraction wallet & community OS built on WebAuthn (Face ID), BLS aggregate signatures, and ERC-4337. Below, in comics: what each role can do, the tech behind it, and why it matters to you. Cos72 是一套基于 WebAuthn(刷脸)BLS 聚合签名ERC-4337 的账户抽象钱包与社区操作系统。下面用漫画讲清楚:每个角色能做什么、背后是什么技术、对你有什么价值。

🎒 Xiao J guides «Individual User»: The full journey: verify email, create the account with Face ID, set guardians, transfer, recover, and join a community. 带你看「个人用户」:从邮箱验证、刷脸建账户,到设守护人、转账、社交恢复、进社区的完整旅程。

1 Start with your email (a code, not a password)

Start with your email (a code, not a password)第一步:用邮箱开始(验证码,不是密码)

Registration starts with your email: we send a 6-digit code to confirm it's you. Email is just a simple way to reach you — it is not your password and not your security.注册从邮箱开始:我们给你发一个 6 位验证码确认是你本人。邮箱只是一个简单的联系/通知方式 —— 它不是你的密码,也不是你的安全凭证。

⚙️ How it works: ⚙️ 技术原理: A one-time code (OTP) verifies you and creates the account record (a JWT); no password is ever stored.一次性验证码(OTP)核验后创建账户记录(签发 JWT);全程不存任何密码。

💡 Why it matters: 💡 业务价值: A familiar first step — nothing to memorize or invent.熟悉的第一步 —— 没有要背、要编的东西。

AUTH-01
2 Create your passkey (Face ID or Passkey)

Create your passkey (Face ID or Passkey)第二步:创建你的 passkey(Face ID 或 Passkey)

Next you create a passkey with Face ID / Touch ID (or a security key). This passkey becomes the key that signs for your on-chain account.接着你用 Face ID / 指纹(或安全密钥)创建一个 passkey。这个 passkey 就是之后给你链上账户签名的那把钥匙。

⚙️ How it works: ⚙️ 技术原理: WebAuthn generates a P-256 credential (key held in KMS), bound as the signer of your AirAccount — no password, no seed phrase.WebAuthn 生成 P-256 凭证(私钥经 KMS 托管),并绑定为你 AirAccount 的签名者 —— 无密码、无助记词。

💡 Why it matters: 💡 业务价值: Your face or fingerprint is your wallet key.你的脸 / 指纹就是你的钱包钥匙。

AUTH-02
3 Go on-chain: deploy your account + set guardians

Go on-chain: deploy your account + set guardians第三步:上链部署账户 + 设置守护人

Your address exists from day one as a 'counterfactual' address; your first transaction deploys it for real. At that moment you set guardians: 2 of your own + 1 community guardian (2-of-3).你的地址从第一天就以「反事实地址」存在;你的首笔交易才把它真正部署上链。就在这一刻,你设置守护人:你自己的 2 个 + 社区默认的 1 个(2-of-3)。

⚙️ How it works: ⚙️ 技术原理: An ERC-4337 counterfactual account, deployed on the first UserOp (create-with-guardians); a guardian can be a passkey, an EOA wallet (e.g. MetaMask), a friend's account, or the community — flexible by design.ERC-4337 反事实账户,首笔 UserOp 部署(create-with-guardians);guardian 可以是 passkey、EOA 钱包(如 MetaMask)、朋友的账户,或社区 —— 设计上灵活混搭。

💡 Why it matters: 💡 业务价值: Recovery is wired in from the start — no separate setup, and you can't 'forget' to protect yourself.恢复机制在创建时就内置好了 —— 不用单独设置,也不会「忘了保护自己」。

AUTH-03REC-01
4 Add a spending Guard Policy

Add a spending Guard Policy设置消费守卫策略(Guard Policy)

This step is NOT adding guardians (those were set when your account was created) — here you set spending policies: a daily cap, plus amount-based verification tiers. The daily limit can only be lowered, never raised.这一步不是再加 guardian(守护人在创建账户时就设好了)——这里你设的是消费策略:每日上限,以及按金额分层的验证档位。每日限额只能调低、不能调高。

⚙️ How it works: ⚙️ 技术原理: Security is layered (verification escalates with amount): small transfers need only your passkey (Tier 1); larger ones add a DVT co-signature (Tier 2); large ones additionally require a guardian's signature (Tier 3) — the bigger the amount, the more factors it takes. On top sits the monotonic daily cap (raising it reverts on-chain).安全是分层的(按金额升级验证):小额只需你的 passkey(Tier 1);更大金额加 DVT 协签(Tier 2);大额还需再加一个 guardian 的签名(Tier 3)——金额越大、要的因子越多。叠加每日限额这道总闸(合约单调约束,调高会 revert)。

💡 Why it matters: 💡 业务价值: Even if your key is stolen: the daily cap limits one-day damage, and big transfers simply can't go through without extra guardian approval.就算 key 被盗:日限额锁住单日损失,而大额转账没有 guardian 额外签名根本走不了。

GRD-03GRD-07XFER-02XFER-03
5 Transfer with a fingerprint

Transfer with a fingerprint指纹确认转账

Every transfer needs your own Face ID / fingerprint: prepare → sign → submit on-chain.每一笔转账都要你本人刷脸/指纹确认:准备 → 刷脸签名 → 提交上链。

⚙️ How it works: ⚙️ 技术原理: Two-phase ceremony (prepare/submit); released only after passkey assertion + BLS aggregate signature verify.两阶段 ceremony(prepare/submit),passkey 断言 + BLS 聚合签名验证后才放行。

💡 Why it matters: 💡 业务价值: Mandatory per-transaction verification makes phishing / forged signing very hard.强制逐笔验证,钓鱼/盗签很难得逞。

🔗 Real Sepolia tx (XFER-01)
XFER-01
6 Social recovery — never fear a lost device

Social recovery — never fear a lost device社交恢复,不怕丢设备

Lost your phone? Recovery needs any 2 of your 3 guardians. The default community guardian is only 1 of 3 — so it can never act alone, it can only help you.手机丢了?恢复只需要你 3 个守护人里的任意 2 个。默认的社区守护人只占 3 个里的 1 个 —— 所以它永远无法单独行动,只能帮你。

⚙️ How it works: ⚙️ 技术原理: 2-of-3 social recovery swaps the signer; the community guardian is a public multisig that re-confirms it's really you through real, in-person social memories — anchored in relationships, not a key.2-of-3 社交恢复更换 signer;社区守护人是一个公开多签,靠当面真实社交回忆确认「你是你」—— 身份锚在关系上,不是某把钥匙。

💡 Why it matters: 💡 业务价值: Lose a device or even one guardian and you still recover; and a rogue community still can't steal your funds (1 < 2).丢一个设备、甚至丢一个守护人,照样能恢复;而社区就算作恶也偷不走你的钱(1 < 2)。

REC-06
7 Stake for one ticket, join any permissionless community

Stake for one ticket, join any permissionless community质押一张门票,加入任意无许可社区

Stake GToken for one ticket (SBT); with that single ticket you can join any permissionless community — from 'using a wallet' to 'joining a community'.质押 GToken 换一张门票(SBT),凭这一张票就能加入任意无许可(permissionless)社区,从'用钱包'升级为'进社区'。

⚙️ How it works: ⚙️ 技术原理: Staking mints a non-transferable SBT ticket as proof of membership; communities are aggregated in the plaza.质押铸造不可转让的 SBT 门票,作为加入社区的凭证;社区聚合在广场展示。

💡 Why it matters: 💡 业务价值: Turns a wallet into a community gateway — the meaning-economy base Cos72 is built for.把钱包变成社区入口 —— 这正是 Cos72 的意义经济底座。

COM-U-01COM-U-03

🎒 Xiao J guides «Visitor»: Not signed up yet — look around, then step in. 带你看「访客」:还没注册,先逛逛能看到什么、怎么一步进来。

1 Browse the community plaza freely

Browse the community plaza freely自由浏览社区广场

No account needed to browse the community plaza: every community's name, ENS, token and logo is aggregated for you to see.不用注册,就能浏览社区广场:所有社区的名称、ENS、token、logo 都聚合展示。

⚙️ How it works: ⚙️ 技术原理: A public read-only endpoint (community/list) aggregates on-chain communities; even search engines can index it.公开只读接口(community/list)聚合链上社区数据,搜索引擎也能索引。

💡 Why it matters: 💡 业务价值: See what's there before deciding to join.先看清楚有什么,再决定要不要进来。

COM-U-02
2 Want to act? Sign in first

Want to act? Sign in first想动手?先登录

When a visitor taps an action that needs identity (transfer / manage / join), they're gently redirected to sign in — never a blank error.访客点到「转账 / 管理 / 加入」这类需要身份的操作时,会被引导去登录,不会白屏报错。

⚙️ How it works: ⚙️ 技术原理: Protected routes redirect to /auth/login (and the backend returns 401); public pages stay open.受保护路由前端跳 /auth/login、后端 401;公开页仍可看。

💡 Why it matters: 💡 业务价值: Clear boundary: read freely, but prove who you are before you act.边界清晰:能看的随便看,要动的先证明你是你。

AUTH-10AUTH-05
3 Become a user in one step

Become a user in one step一步成为用户

Ready to join? Enter your email and create a passkey — you go from visitor to Individual User (see the Individual tour).想参与?填邮箱、刷脸建 passkey,就从访客变成个人用户(见个人用户漫游)。

⚙️ How it works: ⚙️ 技术原理: Email OTP + a WebAuthn passkey — no password, no seed phrase, account created counterfactually.邮箱 OTP + WebAuthn passkey,无密码、无助记词,账户反事实创建。

💡 Why it matters: 💡 业务价值: From onlooker to member is just one Face-ID away.从「看客」到「成员」,只隔一次刷脸。

AUTH-01AUTH-02

🍄 Xiao M guides «Community Admin»: Open a community: register on-chain, issue your own points, set a gas strategy, run it. 带你看「社区管理员」:开一个社区:注册上链、发自己的积分、定 Gas 策略、日常运营。

1 Register your community (stake + on-chain)

Register your community (stake + on-chain)注册社区(质押 + 上链)

Buy GToken as a prerequisite, then stake + registerCommunity with your ENS / domain / description / logo (on IPFS). Your community is now on-chain and discoverable.先买 GToken 作前置,然后质押 + registerCommunity,附上 ENS / 域名 / 描述 / logo(存 IPFS),社区就上链可查。

⚙️ How it works: ⚙️ 技术原理: A registry contract records the community; addresses come from the @aastar/sdk canonical table, never hard-coded.registry 合约登记社区;地址以 @aastar/sdk canonical 表为准,不硬编码。

💡 Why it matters: 💡 业务价值: What used to cost a lot to build is now a stake + one registration.传统要花大钱搭框架,这里质押+一键注册就有了。

COM-A-01COM-A-02
2 Issue community points (xPNTs)

Issue community points (xPNTs)发行社区积分 xPNTs

On creation you issue your own community points, xPNTs (deployxPNTs + bind to the community) — for rewards, redemption and governance.创建即发行你自己的社区积分 xPNTs(deployxPNTs + 绑定到社区),用于激励、兑换、治理。

⚙️ How it works: ⚙️ 技术原理: The xPNTs contract is deployed and bound to the community; it can price gas sponsorship via SuperPaymaster.xPNTs 合约部署并与社区绑定;可被 SuperPaymaster 用作代付 gas 的计价。

💡 Why it matters: 💡 业务价值: Each community gets its own 'currency' — the incentive loop is yours.每个社区有自己的「货币」,激励闭环在自己手里。

COM-A-03
3 Pick a gas strategy — sponsor members' gas

Pick a gas strategy — sponsor members' gas选 Gas 策略,替成员付 gas

Two strategies: A) self-deploy PaymasterV4 (free, self-run); B) join SuperPaymaster (register your points and it sponsors). Members can now transact gasless.两种策略:A 自部署 PaymasterV4(免费、自维护);B 接入 SuperPaymaster(把 points 注册即可代付)。成员从此可 gasless。

⚙️ How it works: ⚙️ 技术原理: Self-deploy PaymasterV4 + EntryPoint depositTo; or register xPNTs into the SuperPaymaster ecosystem.PaymasterV4 自部署 + EntryPoint depositTo;或把 xPNTs 注册到 SuperPaymaster 生态。

💡 Why it matters: 💡 业务价值: New members never need to learn about gas — a Web2-like experience.新成员不必先懂 gas,体验像 Web2。

COM-A-04COM-A-05
4 Daily ops: redeem · goods · reputation · members

Daily ops: redeem · goods · reputation · members日常运营:兑换台 · 商品 · 声誉 · 成员

Set up a redeem counter, issue NFT goods, mint non-transferable reputation NFTs (SBTs), and view / approve / remove members.架兑换台(redeem counter)、发 NFT 商品、发不可转让的声誉 NFT(SBT),以及查看/批准/移除成员。

⚙️ How it works: ⚙️ 技术原理: ERC-1155/721 goods + reputation SBTs; member status is verifiable on-chain and in the console.ERC-1155/721 商品 + 声誉 SBT;成员状态在链上与后台可查。

💡 Why it matters: 💡 业务价值: One console to run the community's money, goods, people and reputation.一套面板把社区的钱、货、人、声誉都管起来。

COM-A-06COM-A-07COM-A-08COM-A-09

🍄 Xiao M guides «Operator (gas node)»: Run a gas-sponsoring node in the SuperPaymaster ecosystem — pay others' gas, earn reputation. 带你看「运营者(Gas 代付节点)」:在 SuperPaymaster 生态里当 Gas 代付节点,替别人付 gas、赚声誉。

1 Operator onboarding (AOA)

Operator onboarding (AOA)运营者准入向导(AOA)

One wizard end-to-end: stake → register role → deploy xPNTs → deploy Paymaster → deposit. Every step goes on-chain.一个向导走完:质押 → 注册角色 → 部署 xPNTs → 部署 Paymaster → 充值。每一步都上链。

⚙️ How it works: ⚙️ 技术原理: Register an operator role (ROLE_ANODE / DVT / Paymaster…); after EntryPoint deposit you can sponsor gas.注册运营者角色(ROLE_ANODE / DVT / Paymaster 等),EntryPoint 充值后即可代付。

💡 Why it matters: 💡 业务价值: Turns 'pay gas for others' into a service you can operate.把「为他人代付 gas」变成一条可运营的服务。

OPR-01
2 Choice A: join SuperPaymaster (if no tech staff)

Choice A: join SuperPaymaster (if no tech staff)选择 A:没有技术团队?接入 SuperPaymaster

The advanced path: lockForSuperPaymaster → registerOperator → depositAPNTs, becoming a sponsor in the SuperPaymaster ecosystem.进阶路径:lockForSuperPaymaster → registerOperator → depositAPNTs,成为 SuperPaymaster 生态的代付方。

⚙️ How it works: ⚙️ 技术原理: Lock + register operator + deposit aPNTs; unlike D6's community self-deploy, this is protocol-level admission.锁仓 + 注册运营者 + 充 aPNTs;与 D6「社区自部署 PaymasterV4」不同,这是协议级准入。

💡 Why it matters: 💡 业务价值: From serving just your community to serving the whole ecosystem.从「只服务自己社区」升级为「服务整个生态」。

OPR-02
3 Choice B: manage Paymaster & funding by yourself

Choice B: manage Paymaster & funding by yourself选择 B:自己管理 Paymaster 与充值

ManagePaymaster: read/write PaymasterV4 config and top up the EntryPoint; SuperPaymasterConfig: account status, aPNTs deposit, reputation.ManagePaymaster:读写 PaymasterV4 配置、给 EntryPoint 充值;SuperPaymasterConfig:看账户状态、充 aPNTs、查声誉。

⚙️ How it works: ⚙️ 技术原理: Config changes affect sponsorship limits/policy; a resource pre-check (checkResources) clearly blocks + guides when short.配置生效即影响代付额度与策略;资源前置检查(checkResources)不足会明确阻断 + 指引。

💡 Why it matters: 💡 业务价值: Sponsorship isn't a black box: limits, balance and reputation are visible and adjustable.代付不是黑箱:额度、余额、声誉都看得见、调得动。

OPR-03OPR-04OPR-06

🐱 Baobao guides «Guardian»: Be someone's guardian: help them recover when they lose a device. 带你看「Guardian 守护人」:做别人的守护人:在他丢设备时,帮他把账户找回来。

1 Become 1 of someone's 3 guardians

Become 1 of someone's 3 guardians成为某人 3 个守护人之一

A friend sets you as one of their 3 guardians (2-of-3) at account creation. You don't need special protection — a normal AirAccount can be a guardian.朋友创建账户时把你设为 3 个守护人之一(2-of-3)。你不需要被特别保护——一个普通 AirAccount 就能当守护人。

⚙️ How it works: ⚙️ 技术原理: A guardian is just 'a party who can sign', borrowing a signing identity; non-recursive, not tied to any single device.守护人只是「能签名的一方」,借用一个可签名身份;不递归、不绑定任何单一设备。

💡 Why it matters: 💡 业务价值: Guard each other — a social safety net, not yet another key to keep.互为守护人——一张人际安全网,而不是又一把要保管的钥匙。

REC-01
2 Co-sign through whatever channel suits you

Co-sign through whatever channel suits you用你方便的渠道签名

Many channels: an existing AirAccount passkey, a new email+FaceID (KMS ECDSA), MetaMask (personal_sign), or a pure-client P-256 passkey (iCloud/Google).支持多种渠道:已有 AirAccount 的 passkey、新建 email+FaceID(KMS ECDSA)、MetaMask(personal_sign)、或纯客户端 P-256 passkey(iCloud/Google)。

⚙️ How it works: ⚙️ 技术原理: The backend encodes the assertion (encodeWebAuthnAssertion) and relays proposeRecoveryWithSig on-chain; EOA / passkey / hybrid all work.后端把断言编码(encodeWebAuthnAssertion)后 relay proposeRecoveryWithSig 上链;EOA/passkey/混合都行。

💡 Why it matters: 💡 业务价值: Guardians sign the way that's easiest for them — almost no barrier.守护人用自己最顺手的方式签,门槛极低。

REC-02REC-03REC-04REC-05
3 2-of-3 reached, account restored

2-of-3 reached, account restored2-of-3 达成,账户找回

Recovery is initiated → you and one more guardian support → execute to swap the owner. Any 2 suffice; the account address stays the same and Guard config is untouched.发起恢复 → 你和另一个守护人支持 → 执行换 owner。任意 2 个就够;账户地址不变,Guard 配置不受影响。

⚙️ How it works: ⚙️ 技术原理: Below threshold it can't execute (contract reverts); the community multisig guardian is only 1 of 3 and can never reach the threshold alone.门限不足无法执行(合约 revert);社区多签守护人只占 1/3,单独永远够不到门限。

💡 Why it matters: 💡 业务价值: Lose one guardian and recovery still works; no single point can steal the account.丢一个守护人也能恢复;任何单点都偷不走账户。

REC-06REC-07

🐱 Baobao guides «Protocol Admin»: Tend the protocol itself: status, config and permission boundaries — with the SDK as the single source of truth. 带你看「协议管理员」:看护协议本身:状态、配置、权限边界,全部以 SDK 为单一事实源。

1 Protocol dashboard

Protocol dashboard协议总览面板

At /admin, view protocol status and config: the active chain (e.g. Sepolia 11155111), contract addresses, paymaster presets, and more.在 /admin 查看协议状态与配置:当前链(如 Sepolia 11155111)、各合约地址、paymaster presets 等。

⚙️ How it works: ⚙️ 技术原理: Addresses come from the @aastar/sdk canonical table, not .env, to avoid mis-pointing (cf. the historical 0x1f0D incident).地址优先取 @aastar/sdk canonical 表,而非 .env,避免指错(参考历史 0x1f0D 事故)。

💡 Why it matters: 💡 业务价值: One panel to see the protocol's real, current state.一个面板看清协议此刻的真实状态。

ADM-01
2 Writes are permission-gated

Writes are permission-gated写操作有权限闸门

Only admins can perform protocol writes; a non-admin hitting a write op is clearly rejected (403), never silently allowed.只有管理员能做协议写操作;非管理员访问写操作会被明确拒绝(403),不会静默放行。

⚙️ How it works: ⚙️ 技术原理: Backend auth guards + role checks (ROLE_* / SBT); the frontend also hides actions you can't use.后端鉴权守卫 + 角色校验(ROLE_* / SBT);前端也按角色隐藏不可用入口。

💡 Why it matters: 💡 业务价值: Clear permission boundaries; governance actions are traceable and auditable.权限边界清晰,治理动作可追溯、可审计。

ADM-02ROLE-01
3 One chain-consistent source of truth

One chain-consistent source of truth全链一致,单一事实源

On network switch, chainId stays consistent across publicClient / SDK / explorer; addresses, community aggregation and permissions all defer to the SDK.网络切换时 chainId 贯穿 publicClient / SDK / 浏览器一致;地址、社区聚合、权限都以 SDK 为准。

⚙️ How it works: ⚙️ 技术原理: No hard-coded addresses; SDK canonical > .env, eliminating environment drift at the root.禁止硬编码地址;SDK canonical > .env,从根上避免环境漂移。

💡 Why it matters: 💡 业务价值: The protocol behaves consistently across chains and environments — no drift.协议在多链多环境下行为一致、不漂移。

X-06ADM-01
小J · Jason Jiao
Founder创始人
小J · Jason Jiao

An idealist founding the Mycelium collaboration network — using digital public goods to lift the digital wellbeing of ordinary people. 理想主义者,致力于创立 Mycelium 协作网络,用数字公共物品提升普通人的数字福祉。

理想之士也。志在立菌丝协作之网(Mycelium),以数字公器,济庶民数字之福。