Supported Criteria

On this page, you can find all the criteria supported by the Armory Policy Engine. These will be used to build policy conditions.

Have a use-case not supported? Additional criteria can be created to model nearly any scenario.

checkAction

{
  "criterion": "checkAction",
  "args": ["signTransaction"]
}

args
signTransaction
signRaw
signMessage
signUserOperation
signTypedData
grantPermission

args

signTransaction

signRaw

signMessage

signUserOperation

signTypedData

grantPermission

checkResource

{
  "criterion": "checkResource",
  "args": ["vault"]
}

checkPermission

{
  "criterion": "checkPermission",
  "args": ["wallet:read"]
}

This criterion applies an AND between each argument in the array

args
wallet:import
wallet:create
wallet:read

args

wallet:import

wallet:create

wallet:read

checkPrincipalId

{
  "criterion": "checkPrincipalId",
  "args": ["bob"]
}

checkPrincipalRole

{
  "criterion": "checkPrincipalRole",
  "args": ["admin"]
}

args
root
admin
member
manager

args

root

admin

member

manager

checkPrincipalGroup

{
  "criterion": "checkPrincipalGroup",
  "args": ["developers"]
}

checkAccountId

{
  "criterion": "checkAccountId",
  "args": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkAccountAddress

{
  "criterion": "checkAccountAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkAccountType

{
  "criterion": "checkAccountType",
  "args": ["eoa"]
}

args
eoa
4337

args

eoa

4337

checkAccountGroup

{
  "criterion": "checkAccountGroup",
  "args": ["engineering-dev-wallet"]
}

checkAccountAssigned

{
  "criterion": "checkAccountAssigned",
  "args": null
}

checkSourceId

{
  "criterion": "checkSourceId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkSourceAddress

{
  "criterion": "checkSourceAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkSourceAccountType

{
  "criterion": "checkSourceAccountType",
  "args": ["eoa"]
}

args
eoa
4337

args

eoa

4337

checkSourceClassification

{
  "criterion": "checkSourceClassification",
  "args": ["internal"]
}

args
internal
external
counterparty
managed

args

internal

external

counterparty

managed

checkDestinationId

{
  "criterion": "checkDestinationId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkDestinationAddress

{
  "criterion": "checkDestinationAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkDestinationAccountType

{
  "criterion": "checkDestinationAccountType",
  "args": ["eoa"]
}

args
eoa
4337

args

eoa

4337

checkDestinationClassification

{
  "criterion": "checkDestinationClassification",
  "args": ["external"]
}

args
internal
external
counterparty
managed

args

internal

external

counterparty

managed

checkIntentType

{
  "criterion": "checkIntentType",
  "args": ["transferNative"]
}

args
transferNative
transferErc20
transferErc721
transferErc1155
approveTokenAllowance
permit
permit2
callContract
retryTransaction
cancelTransaction
deployContract
deployErc4337Account
deploySafeAccount
signMessage
signRaw
signTypedData
userOperation

args

transferNative

transferErc20

transferErc721

transferErc1155

approveTokenAllowance

permit

permit2

callContract

retryTransaction

cancelTransaction

deployContract

deployErc4337Account

deploySafeAccount

signMessage

signRaw

signTypedData

userOperation

checkIntentChainId

{
  "criterion": "checkIntentChainId",
  "args": ["137"] 
}

checkIntentAmount

Intent amount by currency is not supported yet.

{
  "criterion": "checkIntentAmount",
  "args": {
    "currency": "fiat:usd",
    "operator": "lte",
    "value": "1000000000000000000" // Wei
  }
}

currency (*optional)
fiat:usd
fiat:eur

currency (*optional)

fiat:usd

fiat:eur

operator	description
gt	greater than
gte	greater than or equal
lt	lower than
lte	lower than or equal
eq	equal
ne	not equal

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkIntentContract

{
  "criterion": "checkIntentContract",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentSpender

{
  "criterion": "checkIntentSpender",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentToken

{
  "criterion": "checkIntentToken",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentHexSignature

{
  "criterion": "checkIntentHexSignature",
  "args": ["0xe8e33700"]
}

checkIntentMessage

{
  "criterion": "checkIntentMessage",
  "args": {
    "operator": "contains"
    "value": "Welcome to Opensea!"
  }
}

operator
eq
contains

operator

contains

checkIntentPayload

{
  "criterion": "checkIntentPayload",
  "args": []
}

checkIntentAlgorithm

{
  "criterion": "checkIntentAlgorithm",
  "args": ["ES256K"]
}

args	description
ES256K	secp256k1 - an Ethereum EOA
ES256	secp256r1 - ecdsa but not ethereum
RS256

args

description

ES256K

secp256k1 - an Ethereum EOA

ES256

secp256r1 - ecdsa but not ethereum

RS256

checkIntentDomain

{
  "criterion": "checkIntentDomain",
  "args": {
    "version": [], // optional
    "chainId": [], // optional
    "name": [], // optional
    "verifyingContract": [] // optional
  }
}

checkErc1155TokenId

{
  "criterion": "checkErc1155TokenId",
  "args": ["eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/12345"]
}

checkErc1155Transfers

{
  "criterion": "checkErc1155Transfers",
  "args": [{
     "tokenId": "eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/12345", 
     "operator": "lte", 
     "value": "2"
  }]
}

operator	description
gt	greater than
gte	greater than or equal
lt	lower than
lte	lower than or equal
eq	equal
ne	not equal

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkPermitDeadline

{
  "criterion": "checkPermitDeadline",
  "args": {
    "operator": "lte",
    "value": ""
  }
}

operator	description
gt	greater than
gte	greater than or equal
lt	lower than
lte	lower than or equal
eq	equal
ne	not equal

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkGasFeeAmount

Gas fee by currency is not supported yet.

{
  "criterion": "checkGasFeeAmount",
  "args": {
    "currency": "fiat:usd",
    "operator": "lte",
    "value": "1000000000000000000" // Wei
  }
}

currency (*optional)
fiat:usd
fiat:eur

currency (*optional)

fiat:usd

fiat:eur

operator	description
gt	greater than
gte	greater than or equal
lt	lower than
lte	lower than or equal
eq	equal
ne	not equal

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkNonceExists

{
  "criterion": "checkNonceExists",
  "args": null
}

checkNonceNotExists

{
  "criterion": "checkNonceNotExists",
  "args": null
}

checkApprovals

// Require approvals of 3 admins and count the principal signature (if he is an admin)

{
  "criterion": "checkApprovals",
  "args": [
    {
      "approvalCount": 3,
      "countPrincipal": true,
      "approvalEntityType": "Narval::UserRole"
      "entityIds": ["admin"]
    }
  ]
}

approvalEntityType
Narval::User
Narval::UserRole
Narval::UserGroup

approvalEntityType

Narval::User

Narval::UserRole

Narval::UserGroup

checkSpendingLimit

Only Native Transfers and ERC20 Transfers are supported. So this criterion can only be combined with checkIntentType({"transferNative"}) OR checkIntentType({"transferErc20"})

Spending limit by currency is not supported yet.

{
  "criterion": "checkSpendingLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "operator": "lte",
    "currency": "fiat:usd",
    "timeWindow": {
      "type": "fixed", // "rolling", "fixed"
      "period": "1d", // "1d", "1m", "1y"
      "value": 86400, // in seconds
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}

operator	description
gt	greater than
gte	greater than or equal
lt	lower than
lte	lower than or equal
eq	equal
ne	not equal

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

currency (*optional)
fiat:usd
fiat:eur

currency (*optional)

fiat:usd

fiat:eur

Each timeWindow property is optional

timeWindow	values	description
type	rolling, fixed
period	1d, 1m, 1y	this can be combined only with fixed type window
value	number	time window length in seconds
startDate	number	timestamp in ms
endDate	number	timestamp in ms

timeWindow

values

description

type

rolling, fixed

period

1d, 1m, 1y

this can be combined only with fixed type window

value

number

time window length in seconds

startDate

number

timestamp in ms

endDate

number

timestamp in ms

Each filters property is optional

filters	values	description
perPrincipal	boolean	filter spendings by principal id
tokens		filter spendings by asset ids
users		filter spendings by user ids
resources		filter spendings by resource ids
destinations	CAIP-10	filter spendings by destination ids
chains		filter spendings by chain ids
userGroups		filter spendings by user group ids
accountGroups		filter spendings by account group ids

filters

values

description

perPrincipal

boolean

filter spendings by principal id

tokens

filter spendings by asset ids

users

filter spendings by user ids

resources

filter spendings by resource ids

destinations

CAIP-10

filter spendings by destination ids

chains

filter spendings by chain ids

userGroups

filter spendings by user group ids

accountGroups

filter spendings by account group ids

checkRateLimit

Only Native Transfers and Erc20 Transfers are supported. So this criterion can only be combined with checkIntentType({"transferNative"}) OR checkIntentType({"transferERC20"})

{
  "criterion": "checkRateLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "timeWindow": {
      "type": "fixed", // "rolling", "fixed"
      "period": "1d", // "1d", "1m", "1y"
      "value": 86400, // in seconds
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}

User Operation

checkEntryPointId

{
  "criterion": "checkEntryPointId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkEntryPointAddress

{
  "criterion": "checkEntryPointAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkEntryPointAccountType

{
  "criterion": "checkEntryPointAccountType",
  "args": ["eoa"]
}

args
eoa
4337

args

eoa

4337

checkEntryPointClassification

{
  "criterion": "checkEntryPointClassification",
  "args": ["internal"]
}

args
internal
external
counterparty
managed

args

internal

external

counterparty

managed

checkUserOperationIntents

{
  "criterion": "checkUserOperationIntents",
  "args": []
}

args	values
type	checkIntentType
contract	checkIntentContract
token	checkIntentToken
spender	checkIntentSpender
chainId	checkIntentChainId
hexSignature	checkIntentHexSignature
algorithm	checkIntentAlgorithm
source	id: checkSourceId address: checkSourceAddress accountType: checkSourceAccountType classification: checkSourceClassification
destination	id: checkDestinationId address: checkDestinationAddress accountType: checkDestinationAccountType classification: checkDestinationClassification
transfers	tokens: checkErc1155TokenId amounts: checkErc1155Transfers
amount	checkIntentAmount
message	checkIntentMessage
payload	checkIntentPayload
domain	checkIntentDomain
deadline	checkPermitDeadline

args

values

type

contract

token

spender

chainId