@openfort/openfort-node 0.7.7 → 0.8.0

package/examples/README.md

@@ -101,17 +101,34 @@ pnpm example evm/accounts/createAccount.ts
 | `signTransaction.ts` | Sign a Solana transaction            |
 
 
-### Policies
-
-| Example                           | Description                     |
-| --------------------------------- | ------------------------------- |
-| `policies/createPolicy.ts`        | Create a gas sponsorship policy |
-| `policies/getPolicy.ts`           | Get a policy by ID              |
-| `policies/listPolicies.ts`        | List all policies               |
-| `policies/updatePolicy.ts`        | Update a policy                 |
-| `policies/disableEnablePolicy.ts` | Enable/disable a policy         |
-| `policies/createPolicyRule.ts`    | Create a policy rule            |
-| `policies/listPolicyRules.ts`     | List policy rules               |
+### Policies (`policies/`)
+
+Policies provide fine-grained control over signing operations using Zod-validated rules with type-safe criteria.
+
+| Example                     | Description                                            |
+| --------------------------- | ------------------------------------------------------ |
+| `createEvmPolicy.ts`        | EVM policies: value caps, address allowlists, ABI data |
+| `createSolanaPolicy.ts`     | Solana policies: SOL/SPL limits, program IDs, messages |
+| `createTypedDataPolicy.ts`  | EIP-712 typed-data and message signing policies        |
+| `createAccountPolicy.ts`    | Account-scoped policy (vs project-scoped)              |
+| `multiRulePolicy.ts`        | Multi-rule policy covering EVM + Solana operations     |
+| `listPolicies.ts`           | List policies with scope filtering                     |
+| `getPolicy.ts`              | Retrieve a policy by ID                                |
+| `updatePolicy.ts`           | Update a policy's rules and description                |
+| `deletePolicy.ts`           | Delete a policy                                        |
+| `validatePolicy.ts`         | Client-side Zod validation without API calls           |
+
+### Fee Sponsorship (`fee-sponsorship/`)
+
+| Example                                  | Description                     |
+| ---------------------------------------- | ------------------------------- |
+| `fee-sponsorship/createPolicy.ts`        | Create a gas sponsorship policy |
+| `fee-sponsorship/getPolicy.ts`           | Get a policy by ID              |
+| `fee-sponsorship/listPolicies.ts`        | List all policies               |
+| `fee-sponsorship/updatePolicy.ts`        | Update a policy                 |
+| `fee-sponsorship/disableEnablePolicy.ts` | Enable/disable a policy         |
+| `fee-sponsorship/createPolicyRule.ts`    | Create a policy rule            |
+| `fee-sponsorship/listPolicyRules.ts`     | List policy rules               |
 
 ### Contracts
 

package/examples/{policies → fee-sponsorship}/createPolicy.ts

@@ -1,4 +1,4 @@
-// Usage: npx tsx policies/createPolicy.ts
+// Usage: npx tsx fee-sponsorship/createPolicy.ts
 
 import Openfort from "@openfort/openfort-node";
 import "dotenv/config";
@@ -10,7 +10,7 @@ const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
 const chainId = Number(process.env.CHAIN_ID) || 80002;
 
 // Create a gas sponsorship policy
-const policy = await openfort.policies.create({
+const policy = await openfort.feeSponsorship.create({
   name: "Gas Sponsorship Policy",
   chainId,
   strategy: {

package/examples/{policies → fee-sponsorship}/createPolicyRule.ts

@@ -1,4 +1,4 @@
-// Usage: npx tsx policies/createPolicyRule.ts
+// Usage: npx tsx fee-sponsorship/createPolicyRule.ts
 
 import Openfort from "@openfort/openfort-node";
 import "dotenv/config";
@@ -10,7 +10,7 @@ const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
 const chainId = Number(process.env.CHAIN_ID) || 80002;
 
 // Create a policy first
-const policy = await openfort.policies.create({
+const policy = await openfort.feeSponsorship.create({
   name: `PolicyWithRules-${Date.now()}`,
   chainId,
   strategy: {
@@ -28,7 +28,7 @@ const contract = await openfort.contracts.create({
 console.log("Created contract:", contract.id);
 
 // Create a policy rule for account functions
-const rule = await openfort.policyRules.create({
+const rule = await openfort.feeSponsorship.rules.create({
   type: "account_functions",
   policy: policy.id,
   functionName: "transfer",

package/examples/{policies → fee-sponsorship}/disableEnablePolicy.ts

@@ -1,4 +1,4 @@
-// Usage: npx tsx policies/disableEnablePolicy.ts
+// Usage: npx tsx fee-sponsorship/disableEnablePolicy.ts
 
 import Openfort from "@openfort/openfort-node";
 import "dotenv/config";
@@ -10,7 +10,7 @@ const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
 const chainId = Number(process.env.CHAIN_ID) || 80002;
 
 // Create a policy first
-const policy = await openfort.policies.create({
+const policy = await openfort.feeSponsorship.create({
   name: `TogglePolicy-${Date.now()}`,
   chainId,
   strategy: {
@@ -21,9 +21,9 @@ console.log("Created policy:", policy.id);
 console.log("Initial state - Enabled:", policy.enabled);
 
 // Disable the policy
-const disabled = await openfort.policies.disable(policy.id);
+const disabled = await openfort.feeSponsorship.disable(policy.id);
 console.log("\nAfter disable - Enabled:", disabled.enabled);
 
 // Enable the policy again
-const enabled = await openfort.policies.enable(policy.id);
+const enabled = await openfort.feeSponsorship.enable(policy.id);
 console.log("After enable - Enabled:", enabled.enabled);

package/examples/fee-sponsorship/getPolicy.ts

@@ -0,0 +1,30 @@
+// Usage: npx tsx fee-sponsorship/getPolicy.ts
+
+import Openfort from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+const chainId = Number(process.env.CHAIN_ID) || 80002;
+
+// Create a policy first
+const created = await openfort.feeSponsorship.create({
+  name: `TestPolicy-${Date.now()}`,
+  chainId,
+  strategy: {
+    sponsorSchema: "pay_for_user",
+  },
+});
+console.log("Created policy:", created.id);
+
+// Retrieve the policy by ID
+const policy = await openfort.feeSponsorship.get(created.id);
+
+console.log("\nRetrieved policy:");
+console.log("  ID:", policy.id);
+console.log("  Name:", policy.name);
+console.log("  Chain ID:", policy.chainId);
+console.log("  Strategy:", policy.strategy.sponsorSchema);
+console.log("  Enabled:", policy.enabled);

package/examples/fee-sponsorship/listPolicies.ts

@@ -0,0 +1,17 @@
+// Usage: npx tsx fee-sponsorship/listPolicies.ts
+
+import Openfort from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+// List all policies
+const result = await openfort.feeSponsorship.list({ limit: 10 });
+
+console.log(`Found ${result.total} policies:`);
+for (const policy of result.data) {
+  console.log(`  - ${policy.name} (${policy.id})`);
+  console.log(`    Chain: ${policy.chainId}, Strategy: ${policy.strategy.sponsorSchema}`);
+}

package/examples/{policies → fee-sponsorship}/listPolicyRules.ts

@@ -1,4 +1,4 @@
-// Usage: npx tsx policies/listPolicyRules.ts
+// Usage: npx tsx fee-sponsorship/listPolicyRules.ts
 
 import Openfort from "@openfort/openfort-node";
 import "dotenv/config";
@@ -10,7 +10,7 @@ const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
 const chainId = Number(process.env.CHAIN_ID) || 80002;
 
 // Create a policy with rules
-const policy = await openfort.policies.create({
+const policy = await openfort.feeSponsorship.create({
   name: `PolicyWithRules-${Date.now()}`,
   chainId,
   strategy: {
@@ -19,13 +19,13 @@ const policy = await openfort.policies.create({
 });
 
 // Add some rules
-await openfort.policyRules.create({
+await openfort.feeSponsorship.rules.create({
   type: "account_functions",
   policy: policy.id,
 });
 
 // List rules for this policy
-const result = await openfort.policyRules.list({ policy: policy.id });
+const result = await openfort.feeSponsorship.rules.list({ policy: policy.id });
 
 console.log(`Found ${result.total} rules for policy ${policy.id}:`);
 for (const rule of result.data) {

package/examples/fee-sponsorship/updatePolicy.ts

@@ -0,0 +1,29 @@
+// Usage: npx tsx fee-sponsorship/updatePolicy.ts
+
+import Openfort from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+const chainId = Number(process.env.CHAIN_ID) || 80002;
+
+// Create a policy first
+const policy = await openfort.feeSponsorship.create({
+  name: "Original Policy Name",
+  chainId,
+  strategy: {
+    sponsorSchema: "pay_for_user",
+  },
+});
+console.log("Created policy:", policy.name);
+
+// Update the policy
+const updated = await openfort.feeSponsorship.update(policy.id, {
+  name: "Updated Policy Name",
+});
+
+console.log("\nUpdated policy:");
+console.log("  ID:", updated.id);
+console.log("  Name:", updated.name);

package/examples/policies/createAccountPolicy.ts

@@ -0,0 +1,73 @@
+// Usage: npx tsx policies/createAccountPolicy.ts
+//
+// Creates an account-scoped policy (as opposed to project-scoped).
+// Account policies apply only to a specific wallet account.
+
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+  walletSecret: process.env.OPENFORT_WALLET_SECRET,
+});
+
+// Create an EVM backend wallet to attach the policy to
+const account = await openfort.accounts.evm.backend.create({
+  name: `PolicyAccount-${Date.now()}`,
+});
+console.log("Created account:", account.id);
+
+// ---------------------------------------------------------------------------
+// Create an account-scoped policy
+// ---------------------------------------------------------------------------
+
+const body: CreatePolicyBody = {
+  scope: "account",
+  accountId: account.id,
+  description: "Account-level allowlist for this specific wallet",
+  enabled: true,
+  priority: 10,
+  rules: [
+    {
+      action: "accept",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "evmAddress",
+          operator: "in",
+          addresses: ["0x000000000000000000000000000000000000dEaD"],
+        },
+        {
+          type: "ethValue",
+          operator: "<=",
+          ethValue: "500000000000000000", // 0.5 ETH
+        },
+      ],
+    },
+    {
+      action: "accept",
+      operation: "signEvmMessage",
+      criteria: [
+        {
+          type: "evmMessage",
+          operator: "match",
+          pattern: "^Sign in to",
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(body);
+
+const policy = await openfort.policies.create(body);
+
+console.log("\nCreated account-scoped policy:");
+console.log("  ID:", policy.id);
+console.log("  Scope:", policy.scope);
+console.log("  Account:", policy.accountId);
+console.log("  Priority:", policy.priority);
+console.log("  Rules:", policy.rules.length);

package/examples/policies/createEvmPolicy.ts

@@ -0,0 +1,149 @@
+// Usage: npx tsx policies/createEvmPolicy.ts
+//
+// Creates policies that control EVM signing operations.
+// Demonstrates: ethValue limits, address allowlists, network restrictions,
+// and combined criteria.
+
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+// ---------------------------------------------------------------------------
+// 1. Reject high-value EVM transactions (> 1 ETH)
+// ---------------------------------------------------------------------------
+
+const highValueBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Reject transactions above 1 ETH",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "ethValue",
+          operator: ">",
+          ethValue: "1000000000000000000", // 1 ETH in wei
+        },
+      ],
+    },
+  ],
+};
+
+// Validate with Zod before sending
+CreatePolicyBodySchema.parse(highValueBody);
+
+const highValuePolicy = await openfort.policies.create(highValueBody);
+console.log("Created high-value rejection policy:");
+console.log("  ID:", highValuePolicy.id);
+console.log("  Scope:", highValuePolicy.scope);
+console.log("  Rules:", highValuePolicy.rules.length);
+
+// ---------------------------------------------------------------------------
+// 2. Address allowlist — only allow transactions to known addresses
+// ---------------------------------------------------------------------------
+
+const allowlistBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow transfers to treasury and vault",
+  rules: [
+    {
+      action: "accept",
+      operation: "sendEvmTransaction",
+      criteria: [
+        {
+          type: "evmAddress",
+          operator: "in",
+          addresses: [
+            "0x000000000000000000000000000000000000dEaD",
+            "0x1234567890abcdef1234567890abcdef12345678",
+          ],
+        },
+        {
+          type: "evmNetwork",
+          operator: "in",
+          chainIds: [1, 137, 8453], // Ethereum, Polygon, Base
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(allowlistBody);
+
+const allowlistPolicy = await openfort.policies.create(allowlistBody);
+console.log("\nCreated address allowlist policy:");
+console.log("  ID:", allowlistPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 3. Restrict EVM contract calls by ABI function
+// ---------------------------------------------------------------------------
+
+const dataBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow ERC-20 transfer calls",
+  rules: [
+    {
+      action: "accept",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "evmData",
+          operator: "==",
+          abi: '[{"type":"function","name":"transfer","inputs":[{"name":"to","type":"address"},{"name":"amount","type":"uint256"}],"outputs":[{"type":"bool"}]}]',
+          functionName: "transfer",
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(dataBody);
+
+const dataPolicy = await openfort.policies.create(dataBody);
+console.log("\nCreated ERC-20 transfer-only policy:");
+console.log("  ID:", dataPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 4. Combined: value cap + address allowlist + network restriction
+// ---------------------------------------------------------------------------
+
+const combinedBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Accept low-value sends to known addresses on mainnet only",
+  rules: [
+    {
+      action: "accept",
+      operation: "sendEvmTransaction",
+      criteria: [
+        {
+          type: "ethValue",
+          operator: "<=",
+          ethValue: "500000000000000000", // 0.5 ETH
+        },
+        {
+          type: "evmAddress",
+          operator: "in",
+          addresses: ["0x000000000000000000000000000000000000dEaD"],
+        },
+        {
+          type: "evmNetwork",
+          operator: "in",
+          chainIds: [1], // Ethereum mainnet only
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(combinedBody);
+
+const combinedPolicy = await openfort.policies.create(combinedBody);
+console.log("\nCreated combined EVM policy:");
+console.log("  ID:", combinedPolicy.id);

package/examples/policies/createSolanaPolicy.ts

@@ -0,0 +1,176 @@
+// Usage: npx tsx policies/createSolanaPolicy.ts
+//
+// Creates policies that control Solana signing operations.
+// Demonstrates: SOL value limits, address allowlists, SPL token criteria,
+// program ID restrictions, and Solana network constraints.
+
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+// ---------------------------------------------------------------------------
+// 1. Reject high-value SOL transfers (> 10 SOL)
+// ---------------------------------------------------------------------------
+
+const solValueBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Reject SOL transfers above 10 SOL",
+  rules: [
+    {
+      action: "reject",
+      operation: "signSolTransaction",
+      criteria: [
+        {
+          type: "solValue",
+          operator: ">=",
+          value: "10000000000", // 10 SOL in lamports
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(solValueBody);
+
+const solValuePolicy = await openfort.policies.create(solValueBody);
+console.log("Created SOL value limit policy:");
+console.log("  ID:", solValuePolicy.id);
+
+// ---------------------------------------------------------------------------
+// 2. SOL address allowlist
+// ---------------------------------------------------------------------------
+
+const addressBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow transfers to known Solana addresses",
+  rules: [
+    {
+      action: "accept",
+      operation: "sendSolTransaction",
+      criteria: [
+        {
+          type: "solAddress",
+          operator: "in",
+          addresses: [
+            "DtdSSG8ZJRZVv5Jx7K1MeWp7Zxcu19GD5wQRGRpQ9uMF",
+            "5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d",
+          ],
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(addressBody);
+
+const addressPolicy = await openfort.policies.create(addressBody);
+console.log("\nCreated SOL address allowlist policy:");
+console.log("  ID:", addressPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 3. SPL token transfer restrictions (e.g. USDC mint)
+// ---------------------------------------------------------------------------
+
+const splBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Restrict SPL transfers to specific USDC mint and recipients",
+  rules: [
+    {
+      action: "accept",
+      operation: "signSolTransaction",
+      criteria: [
+        {
+          type: "mintAddress",
+          operator: "==",
+          addresses: ["EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"], // USDC
+        },
+        {
+          type: "splAddress",
+          operator: "in",
+          addresses: ["DtdSSG8ZJRZVv5Jx7K1MeWp7Zxcu19GD5wQRGRpQ9uMF"],
+        },
+        {
+          type: "splValue",
+          operator: "<=",
+          value: "1000000000", // 1000 USDC (6 decimals)
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(splBody);
+
+const splPolicy = await openfort.policies.create(splBody);
+console.log("\nCreated SPL token policy:");
+console.log("  ID:", splPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 4. Program ID restriction with network constraint
+// ---------------------------------------------------------------------------
+
+const programBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow interactions with specific programs on mainnet",
+  rules: [
+    {
+      action: "accept",
+      operation: "sendSolTransaction",
+      criteria: [
+        {
+          type: "programId",
+          operator: "in",
+          programIds: [
+            "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA", // Token Program
+            "11111111111111111111111111111111", // System Program
+          ],
+        },
+        {
+          type: "solNetwork",
+          operator: "in",
+          networks: ["mainnet-beta"],
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(programBody);
+
+const programPolicy = await openfort.policies.create(programBody);
+console.log("\nCreated program ID + network policy:");
+console.log("  ID:", programPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 5. Sign Solana message — restrict to matching pattern
+// ---------------------------------------------------------------------------
+
+const messageBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow signing messages that match a known format",
+  rules: [
+    {
+      action: "accept",
+      operation: "signSolMessage",
+      criteria: [
+        {
+          type: "solMessage",
+          operator: "match",
+          pattern: "^Sign in to MyApp:",
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(messageBody);
+
+const messagePolicy = await openfort.policies.create(messageBody);
+console.log("\nCreated Solana message policy:");
+console.log("  ID:", messagePolicy.id);