SignerPolicies

Offchain Policy Configuration

Offchain policies are a set of rules enforced by our secure wallet infrastructure that define the allowed or denied transactions on a smart wallet.

An offchain policy is defined by the following schema:

1type Policy = {
2  version: "1.0";
3  // Allows you to assign a human readable name
4  // for your policy
5  name: string;
6  vm_kind: "EVM" | "SVM";
7  // This is the account that this policy targets
8  account: string;
9  // This is the list of rules that will be enforced
10  // when the policy is evaluated
11  // The supported rules differ based on the network
12  rules: Rule[];
13};

Rules

A rule defines the specific conditions that must be met for a given Wallet API method.

1type Rule =
2  | {
3      name: string;
4      type: "methods";
5      action: "ALLOW" | "DENY";
6      method:
7        | "eth_signTransaction" // EVM only
8        | "sign_operation" // EVM only
9        | "wallet_prepareCalls" // EVM only https://github.com/ethereum/ERCs/pull/758
10        | "wallet_sendPreparedCalls" // EVM only https://github.com/ethereum/ERCs/pull/758
11        | "signAndSendTransaction" // SVM only
12        | "sendTransaction"; // SVM only
13      conditions: Condition[];
14    }
15  | {
16      type: "recipients";
17      action: "ALLOW" | "DENY";
18      address: string[];
19    }
20  | {
21      type: "contracts";
22      action: "ALLOW" | "DENY";
23      address: string[];
24    };

Conditions

Conditions give you the flexibility to compose multiple requirements that must be met for a given Rule. All conditions must be met in order for the Rule to be enforced.

1type Condition =
2  | {
3      type: "field";
4      // This specifies where to evaluate the condition
5      // for EVM. `call` gives you the most flexibility
6      // on enforcement.
7      field_source:
8        | "call" // EVM only
9        | "user_operation" // EVM only
10        | "eth_transaction" // EVM only
11        | "solana_transaction" // Solana only
12        | "solana_instruction" // Solana only
13        | "spl_transaction"; // Solana only
14      field: string;
15      // should only be set when the field_source is `call`
16      // and field is `data`
17      abi?: JSON;
18      comparator: "==" | "!=" | "<" | "<=" | ">" | ">=" | "in";
19      // the value to compare the field against
20      value: string | number | string[];
21    }
22  | {
23      type: "batch_value";
24      max_batch_value: string;
25    }
26  | {
27      type: "gas_limit";
28      max_gas_limit: string;
29    };

The following Fields are supported for a given field_source

Field SourceSupported Fields
callto, data, value
user_operationThe fields here are all of the fields that are defined in a User Operation Request that would be submitted to the bundler. This depends on the EntryPoint version. Most Conditions can be defined by using the above call source instead though. This field_source is useful for enforcing gas limits, fee limits, etc
eth_transactionAny of the fields that are included in an Ethereum Transaction
solana_transactionAny of the fields that are included in a Solana Transaction
solana_instructionAny of the fields defined in a Solana instruction
spl_transactionWhen a Solana transaction is detected to include an SPL token transaction, this allows enforcing the token transaction based on the spl_transfer_recipient, spl_transfer_value, spl_token_address