What's available to your app on Passport Prime today, what's coming, and what's intentionally not supported.
Capability matrix
| Capability | API | Status |
|---|---|---|
| Bitcoin signing (BDK) | lib/keyos/api/* | ✅ Stable |
| QuantumLink Bluetooth | os/quantum-link | ✅ Stable |
| NFC read / write | os/nfc | ✅ Stable |
| Camera / QR / UR scanning | os/camera | ✅ Stable |
| File storage (Airlock, User, USB scopes) | os/fs | ✅ Stable |
| Secure element access | os/security | ✅ Stable |
| FIDO2 / U2F / CTAP-HID | os/fido | ✅ Stable |
Slint UI (@ui/... library) | sdk/ui/ui | ✅ Stable |
| Haptics, RGB LED, power management | os/haptics, os/rgb-led, os/power-manager | ✅ Stable |
| GPIO / I²C / SPI / DMA | os/gpio, os/i2c, os/spi, os/dma | ✅ Stable |
Hosted simulator (foundation sim) | SDK | ✅ Stable |
Live UI preview (foundation preview) | SDK | ✅ Stable |
| USB HID / HWI / keyboard driver | - | 🚧 Coming |
| Public SDK release | - | 🟢 Public beta — feedback to hello@foundation.xyz |
| App catalog & store | - | 🚧 Roadmap |
| App-to-app MCP / messaging API | os/mcp | 🚧 Coming — see note below |
| Developer certificate trust store | Settings → Apps | 🚧 Coming |
| Network / internet access | - | ❌ By design (Prime is offline) |
🚧 MCP server. A new app-to-app messaging surface (replacing the "Light" GUI server API for sideloaded apps) is landing with the public SDK. Exact API and control-plane toggle (enable/disable MCP-over-USB) are still being finalized — this page will be updated when the surface stabilizes.
Per-API summaries
Bitcoin signing - lib/keyos/api/*
First-class BDK integration. Same robust hardware wallet capabilities as Passport Core: multisig, passphrases, temporary seeds, and wide software wallet support.
QuantumLink Bluetooth - os/quantum-link
Continuous secure comms with paired phones and desktops, with post-quantum encryption (CRYSTALS-Kyber) built in. The right channel for interactive protocols like Lightning, Nostr, Ark, swaps, and Coinjoins.
NFC read / write - os/nfc
Read and write NDEF and custom tag formats. Useful for Magic Backups–style flows, contactless pairing, and hardware token interactions.
Camera / QR scanning - os/camera
Scan QR codes, UR codes, and animated QRs via the on-device Omnivision camera.
File storage - os/fs
Three distinct scopes:
- Airlock - quarantined incoming files from USB or NFC, sandboxed until the user moves them.
- User - your app's private storage. Other apps cannot read it.
- USB - files exposed when Prime is connected as USB mass storage.
Secure element - os/security
Cryptographic key storage and operations gated by the Microchip ATECC608C secure element. Sensitive operations (e.g. seed retrieval) require user confirmation on the trusted display. Seeds never leave the secure element unencrypted.
FIDO2 / U2F - os/fido
Full CTAP-HID stack - Prime can replace a YubiKey for hardware-backed second-factor and passkey flows.
Slint UI library - sdk/ui/ui
70+ curated Foundation-designed components, theme tokens, fonts, and icons. Import from @ui/... and you get a polished, on-brand starting point that you're free to fully restyle. See Building Apps - UI
for the component list.
Peripherals - os/haptics, os/rgb-led, os/power-manager, GPIO, I²C, SPI, DMA
Direct access to the device's lower-level peripherals when you need them.
Why no network?
Prime is intentionally offline. There is no IP stack and no Wi-Fi. The only outbound paths are USB-C, NFC, camera, and QuantumLink Bluetooth - all user-initiated, all visible. This is a security choice, not a limitation we plan to remove.
If your app needs internet data, the pattern is to have a companion phone or desktop app fetch it and pass it to Prime over QuantumLink or QR.