Migrating from OpenZeppelin Defender
OpenZeppelin Defender is shutting down on July 1, 2026. IMAA is a purpose-built migration target for the monitoring and alerting half of Defender (Sentinels, notification channels, and the lighter Autotasks).
🚀 Import your Safe in 60 seconds
Don't paste 50 addresses one by one. Drop your multisig address into Contracts → Import from wallet and IMAA discovers every contract the Safe deployed, interacts with, holds tokens in, or has approved — with one-click bulk import.
For a step-by-step walkthrough including export scripts and rule conversion examples, see the full guide on GitHub: oz-defender-to-imaa.md.
Concept mapping
| OZ Defender | IMAA equivalent |
|---|---|
| Sentinel | Alert rule (against a monitor target) |
| Notification Channel | Channel |
| Autotask | Webhook channel + your own code (Cloud Run, Lambda, Vercel function, whatever) |
| Contract | Contract |
Key differences to know up front
- One channel per rule. Defender lets a single sentinel notify many channels. In IMAA, each alert rule has exactly one channel — fan out by creating parallel rules, or by routing through a single webhook channel that distributes downstream.
- Window-based thresholds, not per-event triggers. Defender fires per matching event by default. IMAA evaluates a metric (count, rate, latency) over a rolling window, then compares against a threshold. This eliminates noisy bursts but means you need to translate "notify on every Transfer" into "notify when Transfer count > 0 in a 30-second window" (or similar).
- No in-platform code execution. IMAA does signed webhooks — you host the logic. This is intentional: it's cheaper, easier to test, and avoids vendor lock-in.
- Idempotency is built in. Once a rule fires, it's suppressed for the window length. No more wrapping Defender Autotasks in your own dedupe layer.
What you gain with IMAA API keys
Defender API keys are organisation-wide credentials with full permissions. IMAA keys add scoping that Defender never supported:
- Read-only mode. Mint a key that can query alert history and contracts but can't mutate anything. Useful for analytics warehouses and public status pages.
- Per-contract restriction. A CI key that deploys monitoring for one product team only gets access to that team's contracts. Compromise blast radius is scoped to what the key was allowed to touch.
- Per-chain restriction. Automation specific to Base or Solana can be locked to that chain.
- Optional expiry. 90-day rotation is a one-click default. A forgotten Defender key was forever; an expired IMAA key fails closed.
- Per-key usage visibility. Every key has a 30-day request/error chart. Notice a spike or a silent drop without instrumenting it yourself.
See Managing API Keys for the full UX and Public API for curl examples including scoped-key creation.
Migrating? Free tier is enough to validate the concept. Talk to us if you have more than 25 sentinels — we'll help with bulk import.