Test with mobile

Use mobile when a person needs to review, approve, or sign something produced by a Gora app. There are two related flows:

Flow	Meaning
Mobile approval	User approves or rejects an app action
Mobile signing	User signs a native chain payload or transaction

Neither flow gives Gora the user’s private key.

When to use mobile

Use mobile for:

transfers
wallet actions
smart-wallet approvals
gateway fulfillment signatures
any result that moves value or changes chain state

For pure off-chain results, mobile is optional.

App output shape

A mobile-signing app can return:

{
  "type": "agent_mobile_signing",
  "schema_version": 1,
  "app_id": "my_agent",
  "chain": "base",
  "decision": "approve_native_transfer",
  "mobile_signing_request": {
    "schema_version": 1,
    "chain": "base",
    "kind": "native_transfer",
    "from": "user_wallet_address",
    "to": "recipient_wallet_address",
    "amount": "1000",
    "amount_unit": "wei",
    "human_summary": "Transfer 1000 wei on Base Devnet"
  }
}

The Gora node can fill missing request metadata such as request id, app id, and timestamps before publishing to a signing surface.

Local Dev Bridge

During development, a bridge service may expose pending actions to the mobile app.

Gora result → pending mobile inbox → user approves/signs → signed response → submitter/gateway

The bridge is a development helper. It is not a replacement for contract checks. gora devnet up starts the bridge by default and exposes it through ngrok:

VM-local bridge: http://127.0.0.1:8787
Mobile URL:      https://gora-bridge-dev.ngrok.app

Gora publishes signing requests to the VM-local bridge URL. The mobile app, running on another computer, should point at the public bridge URL. If you start gora node serve manually, configure a signing-request sink with:

gora node serve \
  --http 127.0.0.1:8080 \
  --signing-request-sink http://127.0.0.1:8787

Or set one of:

GORA_SIGNING_REQUEST_SINK_URL=http://127.0.0.1:8787
GORA_DEV_BRIDGE_URL=http://127.0.0.1:8787

What users should review

Mobile should show:

app name and app id
chain
sender
recipient
amount and unit
policy or package hash
attestation/result hash when available
risk notes

Users should reject anything unexpected.

Dev keys

For local tests, import only dev-only keys:

Base hex private key
Solana JSON/base58/base64/hex keypair
Algorand 25-word mnemonic or raw key format

See Devnet wallets and keys. Never import production keys into a local test build.

After approval or signing

After mobile signs, the signed response still needs to be submitted or fulfilled. Common submission modes:

Mode	What happens
`mock`	Devnet records a mock tx/proof for tests
`evm_raw`	Raw signed EVM tx is sent with `eth_sendRawTransaction`
`solana_raw`	Serialized Solana tx is submitted with `sendTransaction`
`algorand_raw`	Signed Algorand tx bytes are submitted to algod

Your contract or gateway should still verify:

Gora result or attestation
app id
output hash
user signature
policy limits
replay protection

Quick test flow

gora init mobile-test --template agent-mobile-signing --chain base --yes
cd mobile-test

gora config set node.url https://gora-dev.ngrok.app
gora contract deploy --chain base --node https://gora-dev.ngrok.app
gora contract link --chain base

gora build
gora validate
gora deploy
gora invoke --app mobile_test --input fixtures/request.json --wait

Then open the mobile app, review the pending request, and sign with a Devnet key. Next: Troubleshooting.

​Test with mobile

​When to use mobile

​App output shape

​Local Dev Bridge

​What users should review

​Dev keys

​After approval or signing

​Quick test flow