# Introduction ## Overview The Manager Splitter module provides a permissioned proxy system for managing token collections. It allows collection managers to delegate specific permissions to approved addresses while maintaining control over the collection. ### Manager Splitter Entity A Manager Splitter is a permissioned proxy that: * **Address**: A module-derived address (derived from module name + ID) that serves as the collection manager. This is to be set as the actual manager in x/tokenization. * **Admin**: A permanent admin address with full control over the splitter and all permissions * **Permissions**: A mapping of collection permission types to execution criteria Then, any token collection updates must be handled through this module and through the proxied address. ### Permission System The module mirrors the tokenization module's `CollectionPermissions` structure but maps each permission to `PermissionCriteria`: * **CanDeleteCollection**: Permission to delete the collection * **CanArchiveCollection**: Permission to archive the collection * **CanUpdateStandards**: Permission to update collection standards * **CanUpdateCustomData**: Permission to update custom data * **CanUpdateManager**: Permission to update the manager * **CanUpdateCollectionMetadata**: Permission to update collection metadata * **CanUpdateValidTokenIds**: Permission to update valid token IDs * **CanUpdateTokenMetadata**: Permission to update token metadata * **CanUpdateCollectionApprovals**: Permission to update collection approvals ### Permission Criteria Each permission can specify: * **Approved Addresses**: A whitelist of addresses that can execute this permission If a permission has no criteria set, it is denied by default (except for the admin). ### Admin Privileges The admin address: * Has full control over the manager splitter * Can always execute all permissions * Can create, update, and delete the manager splitter * Cannot be changed after creation ## Use Cases 1. **Multi-sig Management**: Multiple addresses can manage different aspects of a collection 2. **Role-based Access**: Different addresses can have different permission levels 3. **Delegated Management**: Delegate specific management tasks to trusted addresses 4. **Governance Integration**: Use manager splitters for governance-controlled collections ## Security Model 1. **Admin Control**: Only the admin can create, update, or delete the manager splitter 2. **Permission Checks**: All actions check permissions before execution 3. **Address Validation**: All addresses are validated before use 4. **Atomic Execution**: Permission checks and execution are atomic 5. **Immutable Admin**: The admin address cannot be changed after creation ## Limitations 1. **Single Admin**: Each manager splitter has one permanent admin 2. **Approved Addresses Only**: Currently supports whitelist-based permissions only 3. **UniversalUpdateCollection Only**: Currently only supports executing `UniversalUpdateCollection` messages 4. **No Permission Inheritance**: Permissions must be explicitly set for each action type ## Alternative This is an alternative to standard single manager approach. You can also explore setting up managerial systems with: * x/group - Cosmos SDK module for multisigs / DAOs and voting * DAO tooling * Custom EVM contracts --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bitbadges.io/other-modules/x-managersplitter/overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.