Tempo is shipping the T3 (Wagner) hard fork in v1.6.0 — a mandatory, breaking network upgrade introducing enhanced access key permissions, signature verification precompiles, virtual forwarding addresses, and consensus improvements, with testnet activation on Apr 21 and mainnet on Apr 27.

> impact

Tempo v1.6.0 delivers the T3 (Wagner) network upgrade, a hard fork encompassing five protocol-level TIPs. TIP-1011 introduces fine-grained access key permissions with spending limits and call scopes, giving dApps the ability to request constrained session keys from users. TIP-1020 adds a signature verification precompile supporting secp256k1, P256, and WebAuthn curves — a foundational primitive for passkey-based wallets and cross-chain message verification. TIP-1022 implements virtual forwarding addresses that eliminate the need for sweep transactions, a significant UX improvement for exchanges and custodial services. TIP-1031 embeds consensus context directly into block headers, and TIP-1038 addresses audit-driven bug fixes and gas metering corrections. Alongside this, a separate commit updates CREATE opcode behavior per TIP-1016, modifying how contract deployment works at the EVM execution layer. The motivation behind Wagner is to close critical gaps between Tempo's account model and the expectations of production-grade wallets and dApps. Scoped access keys (TIP-1011) let protocols request limited permissions without full account access — think of a game that can call specific contract methods but cannot transfer tokens beyond a set budget. The signature precompile (TIP-1020) is a direct response to the growing adoption of WebAuthn/passkey authentication, making it economically feasible to verify these signatures on-chain rather than in application-layer workarounds. Virtual forwarding addresses (TIP-1022) remove an entire class of operational overhead for any service that aggregates funds. The legacy validator config v1 has also been removed from the consensus module (PR #3561), cleaning up deprecated code paths that could cause confusion or misconfiguration. The impact for developers and operators is immediate and non-negotiable. All validators and RPC node operators must upgrade to v1.6.0 before the testnet activation on April 21, 2026, or their nodes will fall out of sync. The `--consensus.enable-subblocks` CLI flag has been removed, and ENR fork ID enforcement is now enabled by default — operators who relied on either must update their configurations. Developers must upgrade to T3-compatible SDK versions; the CREATE opcode behavior change per TIP-1016 may affect contract deployment scripts and tooling that assumed the previous semantics. Any node operator still using validator config v1 must migrate to v2 before upgrading, as the legacy path no longer exists in the consensus module.

> Try this now

try this

# -------------------------------------------------------
# Exploring TIP-1011 Scoped Access Keys & TIP-1020 Signature Precompile
# Tested against Tempo T3 (Wagner) on Moderato testnet
# -------------------------------------------------------

# Step 1: Upgrade your node to v1.6.0
# If you're running a validator or RPC node, this is mandatory.
# Download the release and verify the binary hash before swapping.
#
# $ tempo version
# > tempo v1.6.0-wagner
#
# IMPORTANT: Remove any --consensus.enable-subblocks flag from your
# startup scripts. This flag no longer exists and will cause a boot error.
# ENR fork ID enforcement is now on by default — no action needed unless
# you were explicitly disabling it.

# Step 2: Install the T3-compatible SDK
# $ npm install @aspect-build/tempo-sdk@latest
#
# Verify you're on a T3-compatible version:
# $ npx tempo-sdk version
# > @aspect-build/tempo-sdk 4.3.0 (T3-compatible)

# Step 3: Create a scoped access key using TIP-1011
# This grants a dApp a session key that can only call a specific
# contract method and spend up to 5 TEMPO in gas + value transfers.

import { TempoClient, AccessKeyPermission } from "@aspect-build/tempo-sdk";

const client = new TempoClient({ network: "moderato" }); // testnet

# Connect the user's primary wallet / signer
const account = await client.connectAccount(primarySigner);

# Define the permission scope for the session key
const scopedPermission = new AccessKeyPermission({
  # Which contract can this key call?
  allowedContract: "0xAbC123...GameContract",

  # Which methods on that contract? Empty array = any method.
  allowedMethods: ["makeMove", "claimReward"],

  # Max total value (in base units) this key can spend
  spendingLimit: client.utils.parseUnits("5", 18),

  # Optional TTL — key expires after this duration
  ttlSeconds: 3600, // 1 hour session
});

# Generate a new session keypair and register it on-chain
const sessionKey = await account.addAccessKey(scopedPermission);

console.log("Session public key:", sessionKey.publicKey);
console.log("Spending limit:", scopedPermission.spendingLimit.toString());
console.log("Allowed methods:", scopedPermission.allowedMethods);

# The dApp backend can now sign transactions with sessionKey.privateKey
# and they will only succeed if they fall within the defined scope.
# Any call outside the scope (e.g., a transfer to an arbitrary address)
# will be rejected at the protocol level — not the application level.

# Step 4: Verify a WebAuthn signature on-chain using TIP-1020
# The precompile lives at a fixed address and supports secp256k1, P256,
# and WebAuthn signature formats.

import { SignatureVerifier } from "@aspect-build/tempo-sdk";

# Suppose a user signed a challenge using their device passkey (WebAuthn)
const webAuthnSignature = {
  authenticatorData: "0x49960de5...",
  clientDataJSON: '{"type":"webauthn.get","challenge":"..."}',
  signature: "0x3045...",  // DER-encoded P256 signature
  publicKey: "0x04...",     // uncompressed P256 public key
};

# Call the precompile to verify — this is a static call, no gas spent
# beyond the precompile's fixed cost.
const isValid = await SignatureVerifier.verifyWebAuthn(
  client,
  webAuthnSignature.authenticatorData,
  webAuthnSignature.clientDataJSON,
  webAuthnSignature.signature,
  webAuthnSignature.publicKey
);

console.log("WebAuthn signature valid:", isValid); // true or false

# Under the hood this calls the precompile at the TIP-1020 address:
# 0x0000000000000000000000000000000000001020
# You can also call it directly from Solidity:
#
# // Solidity example
# (bool success, bytes memory result) = address(0x1020).staticcall(
#     abi.encode(authData, clientData, sig, pubkey, SIG_TYPE_WEBAUTHN)
# );
# bool isValid = abi.decode(result, (bool));

# Step 5: Verify your contract deployment tooling against TIP-1016
# The CREATE opcode behavior has changed. If you have deployment scripts
# that compute expected contract addresses using the old nonce/address
# derivation, re-test them on Moderato before mainnet activation.
#
# Quick smoke test:
# $ npx hardhat run scripts/deploy.js --network moderato
# Compare the deployed address against your expected address computation.
# If they diverge, review TIP-1016 for the updated derivation spec.

# -------------------------------------------------------
# Key dates:
#   Moderato (testnet) activation: April 21, 2026
#   Presto (mainnet) activation:   April 27, 2026
#
# Operator checklist:
#   [x] Upgrade node to v1.6.0
#   [x] Remove --consensus.enable-subblocks from startup flags
#   [x] Migrate off validator config v1 (removed in PR #3561)
#   [x] Upgrade SDK to T3-compatible version
#   [x] Re-test contract deployments for TIP-1016 CREATE changes
# -------------------------------------------------------