near · r-near · Jun 18, 2026 · Jun 22, 2026 · Jun 22, 2026 · Jun 22, 2026
diff --git a/api/rpc/contracts.mdx b/api/rpc/contracts.mdx
@@ -12,6 +12,8 @@
 |--------|---------|
 | [`view_account`](#view-account) | Get basic account information |
 | [`view_account_changes`](#view-account-changes) | Monitor account state changes |
+| [`view_access_key`](#view-access-key) | Get the nonce and permissions of a single access key |
+| [`view_access_key_list`](#view-access-key-list) | List all access keys on an account |
 | [`view_code`](#view-contract-code) | Get deployed contract WASM code |
 | [`view_state`](#view-contract-state) | Get contract storage data |
 | [`data_changes`](#view-contract-state-changes) | Monitor contract state changes |
@@ -70,13 +72,13 @@
  "jsonrpc": "2.0",
  "result": {
    "amount": "999788200694421800000000",
    "block_hash": "56xEo2LorUFVNbkFhCncFSWNiobdp1kzm14nZ47b5JVW",
    "block_height": 187440904,
    "code_hash": "11111111111111111111111111111111",
    "locked": "0",
    "storage_usage": 410
  },
  "id": "dontcare"
 }
 ```
 </Accordion>
@@ -95,7 +97,7 @@
    ```json
    {
      "jsonrpc": "2.0",
      "id": "dontcare",
      "method": "changes",
      "params": {
        "changes_type": "account_changes",
@@ -128,9 +130,167 @@
 
 ---
 
+## View Access Key
+
+Returns the nonce and permissions of a single [access key](/protocol/accounts-contracts/access-keys), given the account and the key's public key.
+
+- **method**: `query`
+- **params**: `request_type: view_access_key`, `finality` OR `block_id`, `account_id`, `public_key`
+
+<Tabs>
+  <Tab title="JSON">
+    ```json
+    {
+      "jsonrpc": "2.0",
+      "id": "dontcare",
+      "method": "query",
+      "params": {
+        "request_type": "view_access_key",
+        "finality": "final",
+        "account_id": "account.rpc-examples.testnet",
+        "public_key": "ed25519:DCkbTMS8s4kqV4nGvz5kRBdNbY9YwjjvNGNXKpAg2eFa"
+      }
+    }
+    ```
+  </Tab>
+  <Tab title="JavaScript">
+    ```js
+    import { JsonRpcProvider } from "near-api-js";
+
+    const provider = new JsonRpcProvider({ url: "https://test.rpc.fastnear.com" });
+
+    const response = await provider.query({
+      request_type: 'view_access_key',
+      finality: 'final',
+      account_id: 'account.rpc-examples.testnet',
+      public_key: 'ed25519:DCkbTMS8s4kqV4nGvz5kRBdNbY9YwjjvNGNXKpAg2eFa',
+    });
+    ```
+  </Tab>
+  <Tab title="HTTPie">
+    ```bash
+    http POST https://rpc.testnet.near.org \
+      jsonrpc=2.0 id=dontcare method=query \
+      params:='{"request_type":"view_access_key","finality":"final","account_id":"account.rpc-examples.testnet","public_key":"ed25519:DCkbTMS8s4kqV4nGvz5kRBdNbY9YwjjvNGNXKpAg2eFa"}'
+    ```
+  </Tab>
+</Tabs>
+
+<Accordion title="Example response">
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "nonce": 187310139000001,
+    "permission": "FullAccess",
+    "block_hash": "56xEo2LorUFVNbkFhCncFSWNiobdp1kzm14nZ47b5JVW",
+    "block_height": 187440904
+  },
+  "id": "dontcare"
+}
+```
+
+For a function-call key, `permission` is an object instead of the `"FullAccess"` string:
+
+```json
+"permission": {
+  "FunctionCall": {
+    "allowance": "250000000000000000000000",
+    "receiver_id": "contract.rpc-examples.testnet",
+    "method_names": ["get_greeting"]
+  }
+}
+```
+</Accordion>
+
+<Note>
+For a post-quantum [`ml-dsa-65`](/protocol/accounts-contracts/access-keys#signature-schemes) key, pass the **full** `ml-dsa-65:` public key in `public_key`. The network hashes it to locate the on-chain entry, so you query it exactly like an `ed25519` or `secp256k1` key.
+</Note>
+
+---
+
+## View Access Key List
+
+Returns all [access keys](/protocol/accounts-contracts/access-keys) for an account, each with its nonce and permissions.
+
+- **method**: `query`
+- **params**: `request_type: view_access_key_list`, `finality` OR `block_id`, `account_id`
+
+<Tabs>
+  <Tab title="JSON">
+    ```json
+    {
+      "jsonrpc": "2.0",
+      "id": "dontcare",
+      "method": "query",
+      "params": {
+        "request_type": "view_access_key_list",
+        "finality": "final",
+        "account_id": "account.rpc-examples.testnet"
+      }
+    }
+    ```
+  </Tab>
+  <Tab title="JavaScript">
+    ```js
+    import { JsonRpcProvider } from "near-api-js";
+
+    const provider = new JsonRpcProvider({ url: "https://test.rpc.fastnear.com" });
+
+    const response = await provider.query({
+      request_type: 'view_access_key_list',
+      finality: 'final',
+      account_id: 'account.rpc-examples.testnet',
+    });
+    ```
+  </Tab>
+  <Tab title="HTTPie">
+    ```bash
+    http POST https://rpc.testnet.near.org \
+      jsonrpc=2.0 id=dontcare method=query \
+      params:='{"request_type":"view_access_key_list","finality":"final","account_id":"account.rpc-examples.testnet"}'
+    ```
+  </Tab>
+</Tabs>
+
+<Accordion title="Example response">
+```json
+{
+  "jsonrpc": "2.0",
+  "result": {
+    "keys": [
+      {
+        "public_key": "ed25519:DCkbTMS8s4kqV4nGvz5kRBdNbY9YwjjvNGNXKpAg2eFa",
+        "access_key": {
+          "nonce": 187310139000001,
+          "permission": "FullAccess"
+        }
+      },
+      {
+        "public_key": "ml-dsa-65-hash:7Xx2X4vHb9dG8pJ5tZqD3mN6kRfWcA1sLuYoP2eB4hT",
+        "access_key": {
+          "nonce": 187420021000003,
+          "permission": "FullAccess"
+        }
+      }
+    ],
+    "block_hash": "56xEo2LorUFVNbkFhCncFSWNiobdp1kzm14nZ47b5JVW",
+    "block_height": 187440904
+  },
+  "id": "dontcare"
+}
+```
+</Accordion>
+
+<Note>
+Post-quantum [`ml-dsa-65`](/protocol/accounts-contracts/access-keys#signature-schemes) keys are stored on-chain by hash, so they appear here with an `ml-dsa-65-hash:` prefix (a base58-encoded 48-byte SHA3-384 digest) rather than the full `ml-dsa-65:` key. To match an entry to one of your own keys, hash your public key and compare it against the returned value.
+</Note>
+
+---
+
 ## View Contract Code
 
 Returns the contract code (Wasm binary) deployed to the account. The returned code is encoded in base64.

 - **method**: `query`
 - **params**: `request_type: view_code`, `finality` OR `block_id`, `account_id`

diff --git a/protocol/accounts-contracts/access-keys.mdx b/protocol/accounts-contracts/access-keys.mdx
@@ -1,6 +1,6 @@
 ---
 title: Access Keys
 description: "Learn about NEAR's access key system with Full-Access Keys for complete account control and Function-Call Keys for restricted, shareable permissions to specific contracts."
 ---

 In NEAR, users control their accounts using access keys, which can be full-access keys or function-call keys. Full-access keys allow complete control over the account, while function-call keys restrict actions to specific contracts. This system enables secure sharing of permissions and simplifies user interactions with applications.
@@ -10,7 +10,7 @@

 ## Access Keys

 In most blockchains, users control their accounts by holding a single [`private key`](https://en.wikipedia.org/wiki/Public-key_cryptography) (a secret only they know) and using it to sign [transactions](/protocol/transactions).

 ![Access keys](/assets/docs/welcome-pages/access-keys.png)

@@ -58,6 +58,44 @@
 
 ---
 
+## Signature Schemes
+
+Independently of its permission level, every access key is a cryptographic key pair belonging to one of NEAR's supported **signature schemes**. A public key is written as `<scheme>:<base58-data>`, where the prefix identifies the scheme — for example `ed25519:CQLP1o1F3Jbdttek3GoRJYhzfT...`.
+
+| Scheme | Public key prefix | Public key size | Quantum-resistant |
+| --------- | ----------------- | --------------- | ----------------- |
+| Ed25519 | `ed25519:` | 32 bytes | No |
+| secp256k1 | `secp256k1:` | 64 bytes | No |
+| ML-DSA-65 | `ml-dsa-65:` | 1952 bytes | Yes |
+
+`ed25519` is the default scheme, used by most wallets and tooling and by NEAR [implicit accounts](./account-id#implicit-address). `secp256k1` is used mainly for [chain signatures](/chain-abstraction/chain-signatures) and Ethereum-compatible flows. A single account can hold keys from different schemes at the same time.
+
+### Post-Quantum Keys (ML-DSA-65)
+
+`ml-dsa-65` is a **post-quantum** signature scheme, standardized by NIST as [FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) (Module-Lattice-Based Digital Signature Algorithm, security category 3). Unlike `ed25519` and `secp256k1` — whose security a large enough quantum computer could break — `ml-dsa-65` is designed to stay secure against quantum attacks, so an account protected by an `ml-dsa-65` key cannot be taken over by forging its signature.
+
+You add and use an `ml-dsa-65` key exactly like any other key: it can be a [full-access](#full-access-keys) or a [function-call](#function-call-keys) key, and it signs transactions the same way.
+
+<Note>
+**Post-quantum keys are stored by hash**
+
+An `ml-dsa-65` public key is large — **1952 bytes**, versus 32 for `ed25519` — and its signatures are **3309 bytes**. To keep accounts cheap to store, NEAR does **not** keep the full public key on-chain; instead it stores a 48-byte [SHA3-384](https://en.wikipedia.org/wiki/SHA-3) hash of it, which keeps the per-key [storage cost](/protocol/storage/storage-staking) close to that of a classical key.
+</Note>
+
+Because only the hash is stored, listing an account's keys returns the **hash**, not the full key, for `ml-dsa-65` entries. When you query an account's keys (for example with [`view_access_key_list`](/api/rpc/contracts#view-access-key-list)), `ml-dsa-65` keys appear with an `ml-dsa-65-hash:` prefix instead of `ml-dsa-65:`:
+
+```
+ml-dsa-65-hash:7Xx2X...   # base58-encoded 48-byte SHA3-384 digest
+```
+
+To recognize one of your own post-quantum keys in such a list, hash your known public key and compare it against the returned value. To look up a specific key directly with [`view_access_key`](/api/rpc/contracts#view-access-key), pass the **full** `ml-dsa-65:` public key and the network hashes it for you.
+
+<Tip>
+Post-quantum support currently covers **transaction signing and access keys**. Validator (staking) keys, block production, and [implicit account](./account-id#implicit-address) addresses continue to use `ed25519`.
+</Tip>
+
+---
+
 ## Limited Access Key Caveats
 
 ### Account with Only Function-Call Keys

diff --git a/smart-contracts/anatomy/actions.mdx b/smart-contracts/anatomy/actions.mdx
@@ -593,6 +593,10 @@
 
 Notice that what you actually add is a "public key". Whoever holds its private counterpart, i.e. the private-key, will be able to use the newly access key.
 
+<Note>
+The `public_key` can use any of NEAR's [signature schemes](/protocol/accounts-contracts/access-keys#signature-schemes) — `ed25519`, `secp256k1`, or the post-quantum `ml-dsa-65`. Adding an `ml-dsa-65` key needs no code changes: pass an `ml-dsa-65:...` key exactly like the examples above.
+</Note>
+
 <Tip>
 If an account with a contract deployed does **not** have any access keys, this is known as a locked contract. When the account is locked, it cannot sign transactions therefore, actions can **only** be performed from **within** the contract code.
 </Tip>

diff --git a/smart-contracts/anatomy/environment.mdx b/smart-contracts/anatomy/environment.mdx
@@ -29,7 +29,7 @@
 | Account Balance        | `env::account_balance()`        | Balance of this smart contract (including Attached Deposit)                          |
 | Prepaid Gas            | `env::prepaid_gas()`            | Amount of gas available for execution                                                |
 | Timestamp              | `env::block_timestamp()`        | Current timestamp (number of non-leap-nanoseconds since January 1, 1970 0:00:00 UTC) |
 | Current Epoch          | `env::epoch_height()`           | Current epoch in the blockchain                                                      |
 | Block Index            | `env::block_index()`            | Current block index (a.k.a. block height)                                            |
 | Storage Used           | `env::storage_usage()`          | Current storage used by this smart contract in bytes                                 |
 | Storage Byte Cost      | `env::storage_byte_cost()`      | Current storage cost per byte in yoctoNEAR                                           |
@@ -50,7 +50,7 @@
 | Account Balance        | `near.accountBalance()`       | Balance of this smart contract (including Attached Deposit)                          |
 | Prepaid Gas            | `near.prepaidGas()`           | Amount of gas available for execution                                                |
 | Timestamp              | `near.blockTimestamp()`       | Current timestamp (number of non-leap-nanoseconds since January 1, 1970 0:00:00 UTC) |
 | Current Epoch          | `near.epochHeight()`          | Current epoch in the blockchain                                                      |
 | Block Index            | `near.blockIndex()`           | Current block index (a.k.a. block height)                                            |
 | Storage Used           | `near.storageUsage()`         | Current storage used by this smart contract                                          |
 | Used Gas               | `near.usedGas()`              | Amount of gas used for execution                                                     |
@@ -71,7 +71,7 @@
 | Used Gas               | `Context.used_gas()`               | Amount of gas used for execution                                                     |
 | Block Height           | `Context.block_height()`           | Current block height                                                                 |
 | Timestamp              | `Context.block_timestamp()`        | Current timestamp (number of non-leap-nanoseconds since January 1, 1970 0:00:00 UTC) |
 | Current Epoch          | `Context.epoch_height()`           | Current epoch in the blockchain                                                      |

 </Tab>
 <Tab title="🐹 GO">
@@ -85,7 +85,7 @@
 | Account Balance        | `env.GetAccountBalance()`        | Balance of this smart contract (including Attached Deposit)                          |
 | Prepaid Gas            | `env.GetPrepaidGas()`            | Amount of gas available for execution                                                |
 | Timestamp              | `env.GetBlockTimeMs()`        | Current timestamp (number of non-leap-nanoseconds since January 1, 1970 0:00:00 UTC) |
 | Current Epoch          | `env.GetEpochHeight()`           | Current epoch in the blockchain                                                      |
 | Block Index            | `env.GetCurrentBlockHeight()`            | Current block index (a.k.a. block height)                                            |
 | Storage Used           | `env.GetStorageUsage()`          | Current storage used by this smart contract in bytes                                 |
 | Used Gas               | `env.GetUsedGas()`               | Amount of gas used for execution                                                     |
@@ -112,13 +112,17 @@

 During a simple transaction (no [cross-contract calls](../anatomy/crosscontract)) the `predecessor` is the same as the `signer`. For example, if **alice.near** calls **contract.near**, from the contract's perspective, **alice.near** is both the `signer` and the `predecessor`. However, if **contract.near** creates a [cross-contract call](../anatomy/crosscontract), then the `predecessor` changes down the line. In the example below, when **pool.near** executes, it would see **contract.near** as the `predecessor` and **alice.near** as the `signer`.

 ![img](https://miro.medium.com/max/1400/1*LquSNOoRyXpITQF9ugsDpQ.png)
 *You can access information about the users interacting with your smart contract*

 <Tip>
 In most scenarios you will **only need to know the predecessor**. However, there are situations in which the signer is very useful. For example, when adding [NFTs](../../primitives/nft/nft) into [this marketplace](https://github.com/near-examples/nft-tutorial/blob/7fb267b83899d1f65f1bceb71804430fab62c7a7/market-contract/src/nft_callbacks.rs#L42), the contract checks that the `signer`, i.e. the person who generated the transaction chain, is the NFT owner.
 </Tip>
 
+<Note>
+`signer_account_pk` returns the signer's public key in the same `<scheme>:<base58>` format used elsewhere. If the transaction was signed with a post-quantum [`ml-dsa-65`](/protocol/accounts-contracts/access-keys#signature-schemes) key, the returned key is correspondingly larger (1952 bytes) — keep that in mind if your contract stores or compares signer public keys.
+</Note>
+
 ---
 
 ## Balances and Attached NEAR
@@ -155,7 +159,7 @@

 ## Telling the Time

 The environment exposes three different ways to tell the pass of time, each representing a different dimension of the underlying blockchain.

 ### Timestamp

@@ -163,11 +167,11 @@

 ### Current Epoch

 The NEAR blockchain groups blocks in [Epochs](../../protocol/network/epoch). The `current_epoch` attribute measures how many epochs have passed so far. It is very useful to coordinate with other contracts that measure time in epochs, such as the [validators](../../protocol/network/validators).

 ### Block Index

 The `block_index` represents the index of the block in which this transaction will be added to the blockchain.

 ---

@@ -175,7 +179,7 @@

 Your contract has a **limited number of computational resources** to use on each call. Such resources are measured in [Gas](/protocol/transactions/gas).

 Gas can be thought of as wall time, where 1 PetaGas (1_000 TGas) is ~1 second of compute time.

 Each code instruction costs a certain amount of Gas, and if you run out of it, the execution halts with the error message `Exceeded the prepaid gas`.

@@ -250,17 +254,17 @@
 | Function Name         | SDK method                                              | Description                                                                                                                                                                                                                                                                                                                      |
 |-----------------------|---------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | SHA 256               | `env::sha256(value)`                                    | Hashes a sequence of bytes using sha256.                                                                                                                                                                                                                                                                                         |
 | Keccak 256            | `env::keccak256(value)`                                 | Hashes a sequence of bytes using keccak256.                                                                                                                                                                                                                                                                                      |
 | Keccak 512            | `env::keccak512(value)`                                 | Hashes a sequence of bytes using keccak512.                                                                                                                                                                                                                                                                                      |
 | SHA 256 (Array)       | `env::sha256_array(value)`                              | Hashes the bytes using the SHA-256 hash function. This returns a 32 byte hash.                                                                                                                                                                                                                                                   |
 | Keccak 256 (Array)    | `env::keccak256_array(value)`                           | Hashes the bytes using the Keccak-256 hash function. This returns a 32 byte hash.                                                                                                                                                                                                                                                |
 | Keccak 512 (Array)    | `env::keccak512_array(value)`                           | Hashes the bytes using the Keccak-512 hash function. This returns a 64 byte hash.                                                                                                                                                                                                                                                |
 | RIPEMD 160 (Array)    | `env::ripemd160_array(value)`                           | Hashes the bytes using the RIPEMD-160 hash function. This returns a 20 byte hash.                                                                                                                                                                                                                                                |
 | EC Recover            | `env::ecrecover(hash, signature, v, malleability_flag)` | Recovers an ECDSA signer address from a 32-byte message `hash` and a corresponding `signature` along with `v` recovery byte. Takes in an additional flag to check for malleability of the signature which is generally only ideal for transactions. Returns 64 bytes representing the public key if the recovery was successful. |
 | Panic String          | `env::panic_str(message)`                               | Terminates the execution of the program with the UTF-8 encoded message.                                                                                                                                                                                                                                                          |
 | Log String            | `env::log_str(message)`                                 | Logs the string message. This message is stored on chain.                                                                                                                                                                                                                                                                        |
 | Validator Stake       | `env::validator_stake(account_id)`                      | For a given account return its current stake. If the account is not a validator, returns 0.                                                                                                                                                                                                                                      |
 | Validator Total Stake | `env::validator_total_stake()`                          | Returns the total stake of validators in the current epoch.                                                                                                                                                                                                                                                                      |

 </Tab>

@@ -269,13 +273,13 @@
 | Function Name         | SDK method                                       | Description                                                                                                                                                                                                                                                                                                                      |
 |-----------------------|--------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | SHA 256               | `near.sha256(value)`                             | Hashes a sequence of bytes using sha256.                                                                                                                                                                                                                                                                                         |
 | Keccak 256            | `near.keccak256(value)`                          | Hashes a sequence of bytes using keccak256.                                                                                                                                                                                                                                                                                      |
 | Keccak 512            | `near.keccak512(value)`                          | Hashes a sequence of bytes using keccak512.                                                                                                                                                                                                                                                                                      |
 | RIPEMD 160            | `near.ripemd160(value)`                          | Hashes the bytes using the RIPEMD-160 hash function.                                                                                                                                                                                                                                                                             |
 | EC Recover            | `near.ecrecover(hash, sig, v, malleabilityFlag)` | Recovers an ECDSA signer address from a 32-byte message `hash` and a corresponding `signature` along with `v` recovery byte. Takes in an additional flag to check for malleability of the signature which is generally only ideal for transactions. Returns 64 bytes representing the public key if the recovery was successful. |
 | Log String            | `near.log(msg)`                                  | Logs the string message. This message is stored on chain.                                                                                                                                                                                                                                                                        |
 | Validator Stake       | `near.validatorStake(accountId)`                 | For a given account return its current stake. If the account is not a validator, returns 0.                                                                                                                                                                                                                                      |
 | Validator Total Stake | `near.validatorTotalStake()`                     | Returns the total stake of validators in the current epoch.                                                                                                                                                                                                                                                                      |

 </Tab>

@@ -284,8 +288,8 @@
 | Function Name         | SDK method                               | Description                                                                                                                                                                                                                                                                                                                      |
 |-----------------------|------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | SHA 256               | `near.sha256(value)`                     | Hashes a sequence of bytes using sha256.                                                                                                                                                                                                                                                                                         |
 | Keccak 256            | `near.keccak256(value)`                  | Hashes a sequence of bytes using keccak256.                                                                                                                                                                                                                                                                                      |
 | Keccak 512            | `near.keccak512(value)`                  | Hashes a sequence of bytes using keccak512.                                                                                                                                                                                                                                                                                      |
 | Log Info              | `Log.info(message)`                      | Logs an informational message. This message is stored on chain.                                                                                                                                                                                                                                                                 |
 | Log Warning           | `Log.warning(message)`                   | Logs a warning message. This message is stored on chain.                                                                                                                                                                                                                                                                      |
 | Log Error             | `Log.error(message)`                     | Logs an error message. This message is stored on chain.                                                                                                                                                                                                                                                                       |
@@ -298,14 +302,14 @@
 | Function Name         | SDK method                                              | Description                                                                                                                                                                                                                                                                                                                      |
 |-----------------------|---------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | SHA 256               | `env.Sha256Hash(value)`                                      | Hashes a sequence of bytes using sha256.                                                                                                                                                                                                                                                                                         |
 | Keccak 256            | `env.Keccak256Hash(value)`                                   | Hashes a sequence of bytes using keccak256.                                                                                                                                                                                                                                                                                      |
 | Keccak 512            | `env.Keccak512Hash(value)`                                   | Hashes a sequence of bytes using keccak512.                                                                                                                                                                                                                                                                                      |
 | RIPEMD 160            | `env.Ripemd160Hash(value)`                                   | Hashes the bytes using the RIPEMD-160 hash function. This returns a 20 byte hash.                                                                                                                                                                                                                                                |
 | EC Recover            | `env.EcrecoverPubKey(hash, signature, v, malleability_flag)` | Recovers an ECDSA signer address from a 32-byte message `hash` and a corresponding `signature` along with `v` recovery byte. Takes in an additional flag to check for malleability of the signature which is generally only ideal for transactions. Returns 64 bytes representing the public key if the recovery was successful. |
 | Panic String          | `env.PanicStr(message)`                               | Terminates the execution of the program with the UTF-8 encoded message.                                                                                                                                                                                                                                                          |
 | Log String            | `env.LogString(message)`                                 | Logs the string message. This message is stored on chain.                                                                                                                                                                                                                                                                        |
 | Validator Stake       | `env.ValidatorStakeAmount(account_id)`                      | For a given account return its current stake. If the account is not a validator, returns 0.                                                                                                                                                                                                                                      |
 | Validator Total Stake | `env.ValidatorTotalStakeAmount()`                          | Returns the total stake of validators in the current epoch.                                                                                                                                                                                                                                                                      |

 </Tab>


diff --git a/tools/cli.mdx b/tools/cli.mdx
@@ -4,7 +4,7 @@
 description: "Interact with NEAR through the terminal."
 ---

 The NEAR [Command Line Interface](https://github.com/near/near-cli-rs) (CLI) is a tool that enables you to interact with the NEAR network directly from the shell. Among other things, the NEAR CLI enables you to create and manage accounts, send tokens such as NEAR, FTs and NFTs, deploy smart contracts, call functions on those contracts, and manage access keys.

 ## Installation

@@ -26,7 +26,7 @@
  </Tab>
  <Tab title="Windows (binaries)">
    ```bash
    irm https://github.com/near/near-cli-rs/releases/latest/download/near-cli-rs-installer.ps1 | iex
    ```
  </Tab>
 </Tabs>
@@ -49,13 +49,13 @@
 ```
 </Tip>

 ### Localnet configuration values

 When setting up a localnet connection with `near config add-connection`, several optional fields can be configured. Most of them can be skipped or set to placeholder URLs — they are only used for specific commands and are not required for basic localnet usage.

 | Field | Purpose | Localnet recommendation |
 |---|---|---|
 | `rpc_url` | RPC endpoint for all blockchain interactions | `http://localhost:3030/` |
 | `wallet_url` | Used to construct a URL for importing accounts from a Web wallet | Any URL (e.g. `http://localhost`) or a local wallet if available |
 | `explorer_transaction_url` | Printed after a transaction is signed as `<url>/<tx-hash>` | Any URL (e.g. `http://localhost`) or omit |
 | `linkdrop_account_id` | Account with the [near-linkdrop](https://github.com/near/near-linkdrop) contract, used by `account create-account fund-myself` | Can be skipped; use `testnet` as a placeholder if needed |
@@ -65,7 +65,7 @@
 | `staking_pools_factory_account_id` | Fallback to FastNEAR — queries all staking pools individually; used by `account view-account-summary` | Can be skipped |
 | `mpc_contract_account_id` | MPC signing service contract, used to sign payloads and control other accounts | Can be skipped unless running a local MPC node |

 A minimal localnet connection requires only `rpc_url`. The other values are only needed when using the specific commands listed above.

 ```bash
 near config add-connection \
@@ -103,13 +103,13 @@
 <Tabs>
  <Tab title="Full">
    ```bash
    export ACCOUNT_ID=bob.testnet
    near account view-account-summary $ACCOUNT_ID network-config testnet now
    ```
  </Tab>
  <Tab title="Short">
    ```bash
    export ACCOUNT_ID=bob.testnet
    near state $ACCOUNT_ID --networkId testnet
    ```
  </Tab>
@@ -148,13 +148,13 @@
 <Tabs>
  <Tab title="Full">
    ```bash
    export ACCOUNT_ID=bob.testnet
    near account create-account sponsor-by-faucet-service $ACCOUNT_ID autogenerate-new-keypair save-to-keychain network-config testnet create
    ```
  </Tab>
  <Tab title="Short">
    ```bash
    export ACCOUNT_ID=bob.testnet
    near create-account $ACCOUNT_ID --useFaucet --networkId testnet
    ```
  </Tab>
@@ -185,7 +185,36 @@
 
 ## Keys
 
-Showing, adding and removing account keys.
+Generating, showing, adding and removing account keys. NEAR keys can use any of the supported [signature schemes](/protocol/accounts-contracts/access-keys#signature-schemes): `ed25519` (default), `secp256k1`, or the post-quantum `ml-dsa-65`.
+
+### Generate a key pair
+
+`generate-keypair` - create a fresh key pair offline, without touching an account or the network. Use `--signature-scheme` to choose the scheme (defaults to `ed25519`).
+
+<Tabs>
+  <Tab title="Ed25519">
+    ```bash
+    # Print a new key pair to the terminal
+    near generate-keypair print-to-terminal
+
+    # ...or save it to a JSON file
+    near generate-keypair save-to-file ./my-key.json
+    ```
+  </Tab>
+  <Tab title="ML-DSA-65 (post-quantum)">
+    ```bash
+    # Print a new post-quantum key pair to the terminal
+    near generate-keypair --signature-scheme ml-dsa-65 print-to-terminal
+
+    # ...or save it to a JSON file
+    near generate-keypair --signature-scheme ml-dsa-65 save-to-file ./pq-key.json
+    ```
+  </Tab>
+</Tabs>
+
+<Note>
+Run in an interactive terminal without `--signature-scheme` and the CLI prompts you to pick a scheme; otherwise it defaults to `ed25519`. Unlike `ed25519`, `ml-dsa-65` key pairs are generated randomly and have no seed phrase or implicit-account address — be sure to back up the saved key file.
+</Note>
 
 ### List keys
 
@@ -225,6 +254,27 @@
   </Tab>
 </Tabs>
 
+Instead of providing a key, you can have the CLI **autogenerate** one and add it in a single step with `autogenerate-new-keypair --signature-scheme <scheme>`:
+
+<Tabs>
+  <Tab title="Ed25519">
+    ```bash
+    export ACCOUNT_ID=bob.testnet
+    near account add-key $ACCOUNT_ID grant-full-access autogenerate-new-keypair save-to-keychain network-config testnet sign-with-keychain send
+    ```
+  </Tab>
+  <Tab title="ML-DSA-65 (post-quantum)">
+    ```bash
+    export ACCOUNT_ID=bob.testnet
+    near account add-key $ACCOUNT_ID grant-full-access autogenerate-new-keypair --signature-scheme ml-dsa-65 save-to-keychain network-config testnet sign-with-keychain send
+    ```
+  </Tab>
+</Tabs>
+
+<Note>
+The same `--signature-scheme` flag is available on the `account create-account fund-myself` and `sponsor-by-faucet-service` autogenerate flows. You can also add an externally generated `ml-dsa-65:<base58>` key through the `use-manually-provided-public-key` flow shown above. Post-quantum keys can be added to **named** accounts only — they have no implicit-account form.
+</Note>
+
 ### Delete key
 
 `delete-keys` - delete an access key from an account.
@@ -244,9 +294,13 @@
   </Tab>
 </Tabs>
 
+<Note>
+The interactive key picker only lists `ed25519` and `secp256k1` keys. A post-quantum `ml-dsa-65` key is stored on-chain only as a hash, so its full public key can't be read back from the network — to delete one, pass the full `ml-dsa-65:<base58>` key explicitly with `public-keys`, exactly as in the example above.
+</Note>
+
 ## Tokens
 
 This will allow you to manage your token assets such as NEAR, FTs and NFTs.

 ### Send NEAR

@@ -284,7 +338,7 @@

 ### Send NFT

 `send-nft` - transfers NFTs between accounts.

 ```bash
 export ACCOUNT_ID=bob.testnet
@@ -336,7 +390,7 @@
    ```bash
    # View method
    export CONTRACT_ID=nft.examples.testnet
    near contract call-function as-read-only $CONTRACT_ID nft_tokens json-args '{"from_index": "0", "limit": 2}' network-config testnet now

    # Call method
    export ACCOUNT_ID=bob.testnet
@@ -347,7 +401,7 @@
    ```bash
    # View method
    export CONTRACT_ID=nft.examples.testnet
    near view $CONTRACT_ID nft_tokens '{"from_index": "0", "limit": 2}' --networkId testnet

    # Call method
    export ACCOUNT_ID=bob.testnet
@@ -441,19 +495,19 @@
 We provide examples only of the most used commands. If you want to explore all options provided by `near-cli`, use the [interactive mode](#interactive-mode).
 </Note>

 ## Validators

 You can use the following commands to interact with the blockchain and view validator stats. There are three reports used to monitor validator status:

 - [Proposals](#proposals)
 - [Current validators](#current-validators)
 - [Next validators](#next-validators)

 <Tip>
 To use these commands, you **must** install the CLI [validator extension](#validator-extension).
 </Tip>

 ### Validator extension

 If you want to interact with [NEAR Validators](https://pages.near.org/papers/economics-in-sharded-blockchain/#validators) from command line, you can install the [NEAR Validator CLI Extension](https://github.com/near-cli-rs/near-validator-cli-rs):

@@ -475,30 +529,30 @@
  </Tab>
  <Tab title="Windows (binaries)">
    ```bash
    irm https://github.com/near-cli-rs/near-validator-cli-rs/releases/latest/download/near-validator-installer.ps1 | iex
    ```
  </Tab>
 </Tabs>

 ### Proposals

 A proposal by a validator indicates they would like to enter the validator set. In order for a proposal to be accepted it must meet the minimum seat price.

 ```bash
 near-validator proposals network-config mainnet
 ```

 ### Current validators

 This shows a list of active validators in the current epoch, the number of blocks produced, number of blocks expected, and online rate. Used to monitor if a validator is having issues.

 ```bash
 near-validator validators network-config mainnet now
 ```

 ### Next validators

 This shows validators whose proposal was accepted one epoch ago, and that will enter the validator set in the next epoch.

 ```bash
 near-validator validators network-config mainnet next
@@ -506,11 +560,11 @@

 ### Staking

 For validators, there's also an option to stake NEAR tokens without deploying a staking pool smart contract.

 #### View validator stake

 To view the validator's stake on the last block:

 ```bash
 near-validator staking view-stake examples.testnet network-config testnet now
@@ -524,9 +578,9 @@
 near-validator staking stake-proposal examples.testnet ed25519:AiEo5xepXjY7ChihZJ6AsfoDAaUowhPgvQp997qnFuRP '1500 NEAR' network-config testnet sign-with-keychain send
 ```

 #### Unstake directly without a staking pool

 To unstake:

 ```bash
 near-validator staking unstake-proposal examples.testnet ed25519:AiEo5xepXjY7ChihZJ6AsfoDAaUowhPgvQp997qnFuRP network-config testnet sign-with-keychain send
-Original file line number
+Diff line change
@@ Expand Up / @@ -593,6 +593,10 @@ @@
     Notice that what you actually add is a "public key". Whoever holds its private counterpart, i.e. the private-key, will be able to use the newly access key.
+    <Note>
+    The `public_key` can use any of NEAR's [signature schemes](/protocol/accounts-contracts/access-keys#signature-schemes) — `ed25519`, `secp256k1`, or the post-quantum `ml-dsa-65`. Adding an `ml-dsa-65` key needs no code changes: pass an `ml-dsa-65:...` key exactly like the examples above.
+    </Note>
     <Tip>
     If an account with a contract deployed does **not** have any access keys, this is known as a locked contract. When the account is locked, it cannot sign transactions therefore, actions can **only** be performed from **within** the contract code.
     </Tip>
@@ Expand Down @@