Skip to content

Introduction to Policy

In the Dew vault, all executable actions by vault managers are called policies. This includes actions that create or update policies themselves. To invoke a policy, a vault manager must receive sufficient approvals from the required role as specified in the required_role and required_vote_count fields of the policy.

#[near(serializers=[json, borsh])]
#[derive(Clone)]
pub struct Policy {
    pub id: String,
    pub description: Option<String>,
    pub required_role: String,
    pub required_vote_count: u32,
    pub policy_type: PolicyType,
    pub policy_details: PolicyDetails,
    /// Nano timestamp when this policy becomes active (for activation delays)
    pub activation_time: U128,
    /// Proposal expiry duration in nanoseconds (how long proposals for this policy remain active)
    pub proposal_expiry_time_nanosec: U128,
    /// Follow-up actions that must be completed after this policy executes
    pub required_pending_actions: Vec<String>,
}
 
#[near(serializers=[json, borsh])]
#[derive(Clone)]
pub enum PolicyDetails {
    ChainSigTransaction(ChainSigTransactionConfig),
    NearNativeTransaction(NearNativeTransactionConfig),
    ChainSigMessage(ChainSigMessageConfig),
    KernelConfiguration,
}
 
#[near(serializers = [json, borsh])]
#[derive(Clone)]
pub struct NearNativeTransactionConfig {
    pub chain_environment: ChainEnvironment,
    pub restrictions: Vec<Restriction>,
}
 
#[near(serializers = [json, borsh])]
#[derive(Clone)]
pub struct ChainSigTransactionConfig {
    pub derivation_path: String,
    pub chain_environment: ChainEnvironment,
    pub restrictions: Vec<Restriction>,
}
 
#[near(serializers=[json, borsh])]
#[derive(Clone)]
pub struct ChainSigMessageConfig {
    pub derivation_path: String,
    pub sign_method: ChainSigSignMethod,
}
 
#[near(serializers = [json, borsh])]
#[derive(Clone)]
pub struct Restriction {
    // method and contract is now part of the schema
    // pub method: String,
    // pub contract_id: String,
    pub schema: String,
    // ABI (evm), IDL (svm), encoded in base 64
    pub interface: String,
    // for svm, the instructions have a wide range of possibility
    // eg: Transferring USDC from account A to account B
    // possible instructions set:
    // 1. [create_account, transfer]
    // 2. [transfer]
    // both are valid, strategist can utilize this prop to
    // skip first instruction if required
    pub go_to_index_if_not_found: Option<i8>,
}
 
#[near(serializers = [json, borsh])]
#[derive(Clone)]
pub enum ChainEnvironment {
    SVM,
    EVM,
    NearWasm,
}

Policies fall into 4 main categories:

  1. VaultConfiguration Policy
  2. ChainsigTransaction Policy
  3. NearNativeTransaction Policy
  4. ChainsigMessage Policy

We will explore these policy types in more detail in the following sections.