@openfort/openfort-node 0.7.7 → 0.8.1

package/examples/policies/createTypedDataPolicy.ts

@@ -0,0 +1,159 @@
+// Usage: npx tsx policies/createTypedDataPolicy.ts
+//
+// Creates policies for EVM typed-data signing (EIP-712) and message signing
+// operations.
+
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+// ---------------------------------------------------------------------------
+// 1. Restrict typed-data signing to specific verifying contracts
+// ---------------------------------------------------------------------------
+
+const verifyingContractBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow signing typed data from known contracts",
+  rules: [
+    {
+      action: "accept",
+      operation: "signEvmTypedData",
+      criteria: [
+        {
+          type: "evmTypedDataVerifyingContract",
+          operator: "in",
+          addresses: [
+            "0x000000000000000000000000000000000000dEaD",
+            "0x1234567890abcdef1234567890abcdef12345678",
+          ],
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(verifyingContractBody);
+
+const verifyingPolicy = await openfort.policies.create(
+  verifyingContractBody,
+);
+console.log("Created verifying-contract typed-data policy:");
+console.log("  ID:", verifyingPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 2. Restrict typed-data field values (e.g. limit order amount)
+// ---------------------------------------------------------------------------
+
+const fieldBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Restrict Order.amount to known values",
+  rules: [
+    {
+      action: "accept",
+      operation: "signEvmTypedData",
+      criteria: [
+        {
+          type: "evmTypedDataField",
+          operator: "in",
+          fieldPath: "Order.amount",
+          values: ["100", "200", "500"],
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(fieldBody);
+
+const fieldPolicy = await openfort.policies.create(fieldBody);
+console.log("\nCreated typed-data field restriction policy:");
+console.log("  ID:", fieldPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 3. Combined: verifying contract + field constraint
+// ---------------------------------------------------------------------------
+
+const combinedBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Accept orders from known contract with capped amount",
+  rules: [
+    {
+      action: "accept",
+      operation: "signEvmTypedData",
+      criteria: [
+        {
+          type: "evmTypedDataVerifyingContract",
+          operator: "in",
+          addresses: ["0x000000000000000000000000000000000000dEaD"],
+        },
+        {
+          type: "evmTypedDataField",
+          operator: "<=",
+          fieldPath: "Order.amount",
+          value: "1000",
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(combinedBody);
+
+const combinedPolicy = await openfort.policies.create(combinedBody);
+console.log("\nCreated combined typed-data policy:");
+console.log("  ID:", combinedPolicy.id);
+
+// ---------------------------------------------------------------------------
+// 4. EVM message signing — restrict to known pattern
+// ---------------------------------------------------------------------------
+
+const messageBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Only allow signing messages that match the login format",
+  rules: [
+    {
+      action: "accept",
+      operation: "signEvmMessage",
+      criteria: [
+        {
+          type: "evmMessage",
+          operator: "match",
+          pattern: "^Sign in to MyApp: nonce=",
+        },
+      ],
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(messageBody);
+
+const messagePolicy = await openfort.policies.create(messageBody);
+console.log("\nCreated EVM message signing policy:");
+console.log("  ID:", messagePolicy.id);
+
+// ---------------------------------------------------------------------------
+// 5. Reject all raw hash signing (no criteria = blanket rule)
+// ---------------------------------------------------------------------------
+
+const hashBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Reject all raw hash signing operations",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmHash",
+    },
+  ],
+};
+
+CreatePolicyBodySchema.parse(hashBody);
+
+const hashPolicy = await openfort.policies.create(hashBody);
+console.log("\nCreated hash signing rejection policy:");
+console.log("  ID:", hashPolicy.id);

package/examples/policies/deletePolicy.ts

@@ -0,0 +1,34 @@
+// Usage: npx tsx policies/deletePolicy.ts
+
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+// Create a policy to delete
+const body: CreatePolicyBody = {
+  scope: "project",
+  description: "Temporary policy to be deleted",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmHash",
+    },
+  ],
+};
+CreatePolicyBodySchema.parse(body);
+
+const policy = await openfort.policies.create(body);
+console.log("Created policy:", policy.id);
+
+// Delete the policy (soft delete)
+const result = await openfort.policies.delete(policy.id);
+
+console.log("\nDeleted policy:");
+console.log("  ID:", result.id);
+console.log("  Deleted:", result.deleted);

package/examples/policies/getPolicy.ts

@@ -1,22 +1,29 @@
 // Usage: npx tsx policies/getPolicy.ts
 
-import Openfort from "@openfort/openfort-node";
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
 import "dotenv/config";
 
 const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
   basePath: process.env.OPENFORT_BASE_URL,
 });
 
-const chainId = Number(process.env.CHAIN_ID) || 80002;
-
 // Create a policy first
-const created = await openfort.policies.create({
-  name: `TestPolicy-${Date.now()}`,
-  chainId,
-  strategy: {
-    sponsorSchema: "pay_for_user",
-  },
-});
+const body: CreatePolicyBody = {
+  scope: "project",
+  description: "Test policy to retrieve",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmHash",
+    },
+  ],
+};
+CreatePolicyBodySchema.parse(body);
+
+const created = await openfort.policies.create(body);
 console.log("Created policy:", created.id);
 
 // Retrieve the policy by ID
@@ -24,7 +31,11 @@ const policy = await openfort.policies.get(created.id);
 
 console.log("\nRetrieved policy:");
 console.log("  ID:", policy.id);
-console.log("  Name:", policy.name);
-console.log("  Chain ID:", policy.chainId);
-console.log("  Strategy:", policy.strategy.sponsorSchema);
+console.log("  Scope:", policy.scope);
+console.log("  Description:", policy.description);
 console.log("  Enabled:", policy.enabled);
+console.log("  Priority:", policy.priority);
+console.log("  Rules:");
+for (const rule of policy.rules) {
+  console.log(`    - Action: ${rule.action}, Operation: ${rule.operation}`);
+}

package/examples/policies/listPolicies.ts

@@ -12,6 +12,23 @@ const result = await openfort.policies.list({ limit: 10 });
 
 console.log(`Found ${result.total} policies:`);
 for (const policy of result.data) {
-  console.log(`  - ${policy.name} (${policy.id})`);
-  console.log(`    Chain: ${policy.chainId}, Strategy: ${policy.strategy.sponsorSchema}`);
+  console.log(`  - ${policy.id}`);
+  console.log(`    Scope: ${policy.scope}`);
+  console.log(`    Description: ${policy.description ?? "(none)"}`);
+  console.log(`    Enabled: ${policy.enabled}`);
+  console.log(`    Rules: ${policy.rules.length}`);
 }
+
+// List only project-scoped policies
+console.log("\nProject-scoped policies:");
+const projectPolicies = await openfort.policies.list({
+  scope: "project",
+});
+console.log(`  Found: ${projectPolicies.total}`);
+
+// List only account-scoped policies
+console.log("\nAccount-scoped policies:");
+const accountPolicies = await openfort.policies.list({
+  scope: "account",
+});
+console.log(`  Found: ${accountPolicies.total}`);

package/examples/policies/multiRulePolicy.ts

@@ -0,0 +1,133 @@
+// Usage: npx tsx policies/multiRulePolicy.ts
+//
+// Creates a comprehensive policy with multiple rules covering different
+// operations (EVM + Solana) in a single policy.
+
+import Openfort, {
+  CreatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import "dotenv/config";
+
+const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
+  basePath: process.env.OPENFORT_BASE_URL,
+});
+
+const body: CreatePolicyBody = {
+  scope: "project",
+  description: "Comprehensive cross-chain policy",
+  priority: 100,
+  rules: [
+    // Rule 1: Accept EVM transactions under 1 ETH to known addresses
+    {
+      action: "accept",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "ethValue",
+          operator: "<=",
+          ethValue: "1000000000000000000",
+        },
+        {
+          type: "evmAddress",
+          operator: "in",
+          addresses: ["0x000000000000000000000000000000000000dEaD"],
+        },
+      ],
+    },
+
+    // Rule 2: Accept EVM sends on specific networks
+    {
+      action: "accept",
+      operation: "sendEvmTransaction",
+      criteria: [
+        {
+          type: "evmNetwork",
+          operator: "in",
+          chainIds: [1, 137, 8453], // Ethereum, Polygon, Base
+        },
+        {
+          type: "ethValue",
+          operator: "<=",
+          ethValue: "500000000000000000",
+        },
+      ],
+    },
+
+    // Rule 3: Accept EVM message signing matching login pattern
+    {
+      action: "accept",
+      operation: "signEvmMessage",
+      criteria: [
+        {
+          type: "evmMessage",
+          operator: "match",
+          pattern: "^Sign in to",
+        },
+      ],
+    },
+
+    // Rule 4: Reject all raw hash signing
+    {
+      action: "reject",
+      operation: "signEvmHash",
+    },
+
+    // Rule 5: Accept SOL transfers under 5 SOL to known addresses
+    {
+      action: "accept",
+      operation: "signSolTransaction",
+      criteria: [
+        {
+          type: "solValue",
+          operator: "<=",
+          value: "5000000000", // 5 SOL
+        },
+        {
+          type: "solAddress",
+          operator: "in",
+          addresses: ["DtdSSG8ZJRZVv5Jx7K1MeWp7Zxcu19GD5wQRGRpQ9uMF"],
+        },
+      ],
+    },
+
+    // Rule 6: Accept Solana sends on mainnet only
+    {
+      action: "accept",
+      operation: "sendSolTransaction",
+      criteria: [
+        {
+          type: "solNetwork",
+          operator: "in",
+          networks: ["mainnet-beta"],
+        },
+      ],
+    },
+
+    // Rule 7: Accept SOL message signing with known prefix
+    {
+      action: "accept",
+      operation: "signSolMessage",
+      criteria: [
+        {
+          type: "solMessage",
+          operator: "match",
+          pattern: "^Verify ownership:",
+        },
+      ],
+    },
+  ],
+};
+
+// Validate locally before sending
+CreatePolicyBodySchema.parse(body);
+
+const policy = await openfort.policies.create(body);
+
+console.log("Created multi-rule policy:");
+console.log("  ID:", policy.id);
+console.log("  Priority:", policy.priority);
+console.log("  Rules:", policy.rules.length);
+for (const rule of policy.rules) {
+  console.log(`    - ${rule.action} ${rule.operation}`);
+}

package/examples/policies/updatePolicy.ts

@@ -1,29 +1,77 @@
 // Usage: npx tsx policies/updatePolicy.ts
 
-import Openfort from "@openfort/openfort-node";
+import Openfort, {
+  CreatePolicyBodySchema,
+  UpdatePolicyBodySchema,
+  type CreatePolicyBody,
+  type UpdatePolicyBody,
+} from "@openfort/openfort-node";
 import "dotenv/config";
 
 const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
   basePath: process.env.OPENFORT_BASE_URL,
 });
 
-const chainId = Number(process.env.CHAIN_ID) || 80002;
-
 // Create a policy first
-const policy = await openfort.policies.create({
-  name: "Original Policy Name",
-  chainId,
-  strategy: {
-    sponsorSchema: "pay_for_user",
-  },
-});
-console.log("Created policy:", policy.name);
+const createBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Original policy — reject high-value transactions",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "ethValue",
+          operator: ">",
+          ethValue: "1000000000000000000", // 1 ETH
+        },
+      ],
+    },
+  ],
+};
+CreatePolicyBodySchema.parse(createBody);
 
-// Update the policy
-const updated = await openfort.policies.update(policy.id, {
-  name: "Updated Policy Name",
-});
+const policy = await openfort.policies.create(createBody);
+console.log("Created policy:", policy.id);
+console.log("  Description:", policy.description);
+
+// ---------------------------------------------------------------------------
+// Update the policy — lower the threshold and add an address denylist
+// ---------------------------------------------------------------------------
+
+const updateBody: UpdatePolicyBody = {
+  description: "Updated — reject high-value or denylist transactions",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "ethValue",
+          operator: ">",
+          ethValue: "500000000000000000", // 0.5 ETH (lowered)
+        },
+      ],
+    },
+    {
+      action: "reject",
+      operation: "sendEvmTransaction",
+      criteria: [
+        {
+          type: "evmAddress",
+          operator: "in",
+          addresses: ["0x000000000000000000000000000000000000dEaD"],
+        },
+      ],
+    },
+  ],
+};
+UpdatePolicyBodySchema.parse(updateBody);
+
+const updated = await openfort.policies.update(policy.id, updateBody);
 
 console.log("\nUpdated policy:");
 console.log("  ID:", updated.id);
-console.log("  Name:", updated.name);
+console.log("  Description:", updated.description);
+console.log("  Rules:", updated.rules.length);

package/examples/policies/validatePolicy.ts

@@ -0,0 +1,176 @@
+// Usage: npx tsx policies/validatePolicy.ts
+//
+// Demonstrates client-side validation of policy bodies using the exported
+// Zod schemas. This catches invalid payloads before they reach the API —
+// no network request required.
+
+import {
+  CreatePolicyBodySchema,
+  UpdatePolicyBodySchema,
+  type CreatePolicyBody,
+} from "@openfort/openfort-node";
+import { ZodError } from "zod";
+
+// ---------------------------------------------------------------------------
+// 1. Valid policy — validation passes
+// ---------------------------------------------------------------------------
+
+const validBody: CreatePolicyBody = {
+  scope: "project",
+  description: "Reject high-value transactions",
+  rules: [
+    {
+      action: "reject",
+      operation: "signEvmTransaction",
+      criteria: [
+        {
+          type: "ethValue",
+          operator: ">",
+          ethValue: "1000000000000000000",
+        },
+      ],
+    },
+  ],
+};
+
+const parsed = CreatePolicyBodySchema.parse(validBody);
+console.log("Valid policy parsed successfully!");
+console.log("  Scope:", parsed.scope);
+console.log("  Rules:", parsed.rules.length);
+
+// ---------------------------------------------------------------------------
+// 2. Invalid criterion type — validation fails
+// ---------------------------------------------------------------------------
+
+console.log("\n--- Invalid criterion type ---");
+try {
+  CreatePolicyBodySchema.parse({
+    scope: "project",
+    rules: [
+      {
+        action: "reject",
+        operation: "signEvmTransaction",
+        criteria: [
+          {
+            type: "INVALID_TYPE", // not a valid criterion
+            operator: ">",
+            ethValue: "100",
+          },
+        ],
+      },
+    ],
+  });
+} catch (e) {
+  if (e instanceof ZodError) {
+    console.log("Caught ZodError:", e.issues[0].message);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// 3. Invalid EVM address format — validation fails
+// ---------------------------------------------------------------------------
+
+console.log("\n--- Invalid EVM address ---");
+try {
+  CreatePolicyBodySchema.parse({
+    scope: "project",
+    rules: [
+      {
+        action: "accept",
+        operation: "sendEvmTransaction",
+        criteria: [
+          {
+            type: "evmAddress",
+            operator: "in",
+            addresses: ["not-a-hex-address"], // bad format
+          },
+        ],
+      },
+    ],
+  });
+} catch (e) {
+  if (e instanceof ZodError) {
+    console.log("Caught ZodError:", e.issues[0].message);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// 4. Wrong criterion for operation — validation fails
+// ---------------------------------------------------------------------------
+
+console.log("\n--- Wrong criterion for operation ---");
+try {
+  CreatePolicyBodySchema.parse({
+    scope: "project",
+    rules: [
+      {
+        action: "accept",
+        operation: "signEvmMessage",
+        criteria: [
+          {
+            type: "ethValue", // ethValue is not valid for signEvmMessage
+            operator: ">",
+            ethValue: "100",
+          },
+        ],
+      },
+    ],
+  });
+} catch (e) {
+  if (e instanceof ZodError) {
+    console.log("Caught ZodError:", e.issues[0].message);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// 5. Missing required fields — validation fails
+// ---------------------------------------------------------------------------
+
+console.log("\n--- Missing scope ---");
+try {
+  CreatePolicyBodySchema.parse({
+    // scope is missing
+    rules: [
+      {
+        action: "reject",
+        operation: "signEvmHash",
+      },
+    ],
+  });
+} catch (e) {
+  if (e instanceof ZodError) {
+    console.log("Caught ZodError:", e.issues[0].message);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// 6. Validate update body
+// ---------------------------------------------------------------------------
+
+console.log("\n--- Valid update body ---");
+const updateParsed = UpdatePolicyBodySchema.parse({
+  description: "Updated description",
+  enabled: false,
+});
+console.log("Update body parsed successfully!");
+console.log("  Description:", updateParsed.description);
+console.log("  Enabled:", updateParsed.enabled);
+
+// ---------------------------------------------------------------------------
+// 7. Too many rules — validation fails
+// ---------------------------------------------------------------------------
+
+console.log("\n--- Too many rules (> 10) ---");
+try {
+  CreatePolicyBodySchema.parse({
+    scope: "project",
+    rules: Array.from({ length: 11 }, () => ({
+      action: "reject",
+      operation: "signEvmHash",
+    })),
+  });
+} catch (e) {
+  if (e instanceof ZodError) {
+    console.log("Caught ZodError:", e.issues[0].message);
+  }
+}

package/examples/transactions/createTransactionIntent.ts

@@ -10,7 +10,7 @@ const openfort = new Openfort(process.env.OPENFORT_API_KEY!, {
 const chainId = Number(process.env.CHAIN_ID) || 80002;
 
 // Create a policy for gas sponsorship
-const policy = await openfort.policies.create({
+const policy = await openfort.feeSponsorship.create({
   name: `TxPolicy-${Date.now()}`,
   chainId,
   strategy: {
@@ -27,7 +27,7 @@ const contract = await openfort.contracts.create({
 });
 
 // Create a policy rule to allow all account functions
-await openfort.policyRules.create({
+await openfort.feeSponsorship.rules.create({
   type: "contract_functions",
   functionName: "All functions",
   wildcard: true,