controller-setup
Controller Setup
Cartridge Controller is a gaming-focused smart contract wallet for Starknet with session keys, passkeys, and paymaster support.
Installation
# Basic Controller usage
pnpm add @cartridge/controller starknet
# With framework connectors (React, native apps)
pnpm add @cartridge/controller @cartridge/connector starknet
Quick Start
import Controller from "@cartridge/controller";
const controller = new Controller();
const account = await controller.connect();
// Ready to execute transactions
Session Policies
Session policies are required for session-based transaction execution.
Without policies, execute() fails with error code 130 because the Controller's session validation needs a merkle proof per call.
Without policies, Controller falls back to manual approval via the hosted keychain modal. On local Katana, policies are required because new Controller accounts cannot be properly deployed without them.
Choosing a Connector
| Use Case | Connector | Key Difference |
|---|---|---|
| Web apps with starknet-react | ControllerConnector |
Keys managed via browser cookies & localStorage |
| Native/mobile apps | SessionConnector |
App generates local keypair, authenticates via browser redirect |
ControllerConnector (Web)
import { ControllerConnector } from "@cartridge/connector";
const connector = new ControllerConnector({
policies, // Session policies (required for session-based execution)
signupOptions, // Optional auth methods to show
});
SessionConnector (Native/Mobile)
import { SessionConnector } from "@cartridge/connector";
import { constants } from "starknet";
const connector = new SessionConnector({
policies,
rpc: "https://api.cartridge.gg/x/starknet/mainnet",
chainId: constants.StarknetChainId.SN_MAIN,
redirectUrl: "myapp://auth-callback",
disconnectRedirectUrl: "myapp://logout", // Optional logout redirect
signupOptions: ["webauthn", "google"], // Optional auth methods
});
Session flow: App generates keypair → User authenticates in browser → Browser redirects back → App signs transactions locally.
Chain Configuration
Default RPC endpoints are provided. Override with custom chains:
import { constants } from "starknet";
const controller = new Controller({
chains: [
{ rpcUrl: "https://api.cartridge.gg/x/starknet/mainnet" },
{ rpcUrl: "https://api.cartridge.gg/x/starknet/sepolia" },
{ rpcUrl: "http://localhost:5050" }, // Local Katana
],
defaultChainId: constants.StarknetChainId.SN_MAIN,
});
Local Development with Katana
When using Controller with a local Katana instance, the Katana config must deploy Controller contracts at genesis. Without this, transactions fail with "Requested contract address ... is not deployed".
Required katana.toml config:
[dev]
dev = true
no_fee = true
[cartridge]
paymaster = true # Enables paymaster AND deploys Controller contracts at genesis
[server]
http_cors_origins = "*"
Note: paymaster = true implicitly enables controllers = true.
Start Katana with config:
katana --config katana.toml
See the Katana configuration guide for all TOML options.
Performance: Lazy Loading
Defer iframe mounting until connect() is called:
const controller = new Controller({
lazyload: true,
});
ControllerOptions Reference
type ControllerOptions = {
chains?: Chain[]; // Custom RPC endpoints
defaultChainId?: string; // Default chain (hex encoded)
policies?: SessionPolicies; // Session policies
propagateSessionErrors?: boolean; // Return errors to caller
errorDisplayMode?: "modal" | "notification" | "silent";
lazyload?: boolean; // Defer iframe mount
preset?: string; // Theme preset name
signupOptions?: AuthOptions; // Auth methods to show
};
Package Compatibility
{
"@cartridge/connector": "0.11.3-alpha.1",
"@cartridge/controller": "0.11.3-alpha.1",
"@starknet-react/core": "^5.0.1",
"@starknet-react/chains": "^5.0.1",
"starknet": "^8.1.2"
}
Common Issues
Cookies required: Controller sets essential cookies for initialization.
HTTPS required in dev: Use vite-plugin-mkcert for local HTTPS.
Connector outside components: Create ControllerConnector outside React components to avoid recreation on re-render.
More from cartridge-gg/docs
controller-sessions
Configure session keys and policies for Cartridge Controller to enable gasless, pre-approved transactions. Use when defining contract interaction policies, setting spending limits, configuring signed message policies, or implementing error handling for session-based transactions. Covers SessionPolicies type, policy definitions, verified sessions, and error display modes.
68controller-react
Integrate Cartridge Controller into React applications using starknet-react. Use when building React/Next.js web apps with Controller, setting up StarknetConfig provider, using hooks like useConnect/useAccount, or implementing wallet connection components. Covers ControllerConnector setup, provider configuration, and transaction execution patterns.
67controller-signers
Configure authentication methods for Cartridge Controller including passkeys, social login, and external wallets. Use when implementing user authentication, adding multiple signers for account recovery, customizing signup options, or integrating external wallets like MetaMask or Phantom. Covers WebAuthn passkeys, Google/Discord/Twitter OAuth, wallet connections, and dynamic authentication flows.
65controller-backend
Integrate Cartridge Controller into backend services using Node.js, Rust, or headless mode. Use when building server-side applications, game backends, automated bots, or any non-browser environment that needs to execute Starknet transactions. Covers SessionProvider for Node.js, Rust SDK setup, and headless Controller with custom signing keys.
61slot-vrng
Integrate Cartridge's verifiable random number generator (vRNG) into onchain games.
59slot-rpc
Configure Cartridge RPC endpoints with API token authentication and CORS whitelisting.
58