GithubHome

Supported Criteria

On this page, you can find all the criteria supported by the Armory Policy Engine. These will be used to build policy conditions.

Have a use-case not supported? Additional criteria can be created to model nearly any scenario.

checkAction

{
  "criterion": "checkAction",
  "args": ["signTransaction"]
}
args

signTransaction

signRaw

signMessage

signUserOperation

signTypedData

grantPermission

checkResource

{
  "criterion": "checkResource",
  "args": ["vault"]
}

checkPermission

{
  "criterion": "checkPermission",
  "args": ["wallet:read"]
}

This criterion applies an AND between each argument in the array

args

wallet:import

wallet:create

wallet:read

checkPrincipalId

{
  "criterion": "checkPrincipalId",
  "args": ["bob"]
}

checkPrincipalRole

{
  "criterion": "checkPrincipalRole",
  "args": ["admin"]
}
args

root

admin

member

manager

checkPrincipalGroup

{
  "criterion": "checkPrincipalGroup",
  "args": ["developers"]
}

checkAccountId

{
  "criterion": "checkAccountId",
  "args": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkAccountAddress

{
  "criterion": "checkAccountAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkAccountType

{
  "criterion": "checkAccountType",
  "args": ["eoa"]
}
args

eoa

4337

checkAccountGroup

{
  "criterion": "checkAccountGroup",
  "args": ["engineering-dev-wallet"]
}

checkAccountAssigned

{
  "criterion": "checkAccountAssigned",
  "args": null
}

checkSourceId

{
  "criterion": "checkSourceId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkSourceAddress

{
  "criterion": "checkSourceAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkSourceAccountType

{
  "criterion": "checkSourceAccountType",
  "args": ["eoa"]
}
args

eoa

4337

checkSourceClassification

{
  "criterion": "checkSourceClassification",
  "args": ["internal"]
}
args

internal

external

counterparty

managed

checkDestinationId

{
  "criterion": "checkDestinationId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkDestinationAddress

{
  "criterion": "checkDestinationAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkDestinationAccountType

{
  "criterion": "checkDestinationAccountType",
  "args": ["eoa"]
}
args

eoa

4337

checkDestinationClassification

{
  "criterion": "checkDestinationClassification",
  "args": ["external"]
}
args

internal

external

counterparty

managed

checkIntentType

{
  "criterion": "checkIntentType",
  "args": ["transferNative"]
}
args

transferNative

transferErc20

transferErc721

transferErc1155

approveTokenAllowance

permit

permit2

callContract

cancelTransaction

deployContract

signTypedData

userOperation

checkIntentChainId

{
  "criterion": "checkIntentChainId",
  "args": ["137"] 
}

checkIntentAmount

Intent amount by currency is not supported yet.

{
  "criterion": "checkIntentAmount",
  "args": {
    "currency": "fiat:usd",
    "operator": "lte",
    "value": "1000000000000000000" // Wei
  }
}
currency (*optional)

fiat:usd

fiat:eur

operator
description

gt

greater than

gte

greater than or equal

lt

lower than

lte

lower than or equal

eq

equal

ne

not equal

checkIntentContract

{
  "criterion": "checkIntentContract",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentSpender

{
  "criterion": "checkIntentSpender",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentToken

{
  "criterion": "checkIntentToken",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentHexSignature

{
  "criterion": "checkIntentHexSignature",
  "args": ["0xe8e33700"]
}

checkIntentMessage

{
  "criterion": "checkIntentMessage",
  "args": {
    "operator": "contains"
    "value": "Welcome to Opensea!"
  }
}
operator

eq

contains

checkIntentPayload

{
  "criterion": "checkIntentPayload",
  "args": []
}

checkIntentAlgorithm

{
  "criterion": "checkIntentAlgorithm",
  "args": ["ES256K"]
}
args
description

ES256K

secp256k1 - an Ethereum EOA

ES256

secp256r1 - ecdsa but not ethereum

RS256

checkIntentDomain

{
  "criterion": "checkIntentDomain",
  "args": {
    "version": [], // optional
    "chainId": [], // optional
    "name": [], // optional
    "verifyingContract": [] // optional
  }
}

checkErc1155TokenId

{
  "criterion": "checkErc1155TokenId",
  "args": ["eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/12345"]
}

checkErc1155Transfers

{
  "criterion": "checkErc1155Transfers",
  "args": [{
     "tokenId": "eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/12345", 
     "operator": "lte", 
     "value": "2"
  }]
}
operator
description

gt

greater than

gte

greater than or equal

lt

lower than

lte

lower than or equal

eq

equal

ne

not equal

checkPermitDeadline

{
  "criterion": "checkPermitDeadline",
  "args": {
    "operator": "lte",
    "value": ""
  }
}
operator
description

gt

greater than

gte

greater than or equal

lt

lower than

lte

lower than or equal

eq

equal

ne

not equal

checkGasFeeAmount

Gas fee by currency is not supported yet.

{
  "criterion": "checkGasFeeAmount",
  "args": {
    "currency": "fiat:usd",
    "operator": "lte",
    "value": "1000000000000000000" // Wei
  }
}
currency (*optional)

fiat:usd

fiat:eur

operator
description

gt

greater than

gte

greater than or equal

lt

lower than

lte

lower than or equal

eq

equal

ne

not equal

checkNonceExists

{
  "criterion": "checkNonceExists",
  "args": null
}

checkNonceNotExists

{
  "criterion": "checkNonceNotExists",
  "args": null
}

checkApprovals

// Require approvals of 3 admins and count the principal signature (if he is an admin)

{
  "criterion": "checkApprovals",
  "args": [
    {
      "approvalCount": 3,
      "countPrincipal": true,
      "approvalEntityType": "Narval::UserRole"
      "entityIds": ["admin"]
    }
  ]
}
approvalEntityType

Narval::User

Narval::UserRole

Narval::UserGroup

checkSpendingLimit

Only Native Transfers and ERC20 Transfers are supported. So this criterion can only be combined with checkIntentType({"transferNative"}) OR checkIntentType({"transferErc20"})

Spending limit by currency is not supported yet.

{
  "criterion": "checkSpendingLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "operator": "lte",
    "currency": "fiat:usd",
    "timeWindow": {
      "type": "fixed", // "rolling", "fixed"
      "period": "1d", // "1d", "1m", "1y"
      "value": 86400, // in seconds
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}
operator
description

gt

greater than

gte

greater than or equal

lt

lower than

lte

lower than or equal

eq

equal

ne

not equal

currency (*optional)

fiat:usd

fiat:eur

Each timeWindow property is optional.

fixed time windows take a period, and rolling time windows take a value

timeWindow
values
description

type

rolling, fixed

period

1d, 1m, 1y

this can be combined only with fixed type window

value

number

time window length in seconds

startDate

number

timestamp in ms

endDate

number

timestamp in ms

Each filters property is optional

filters
values
description

perPrincipal

boolean

filter spendings by principal id

tokens

filter spendings by asset ids

users

filter spendings by user ids

resources

filter spendings by resource ids

destinations

CAIP-10

filter spendings by destination ids

chains

filter spendings by chain ids

userGroups

filter spendings by user group ids

accountGroups

filter spendings by account group ids

checkRateLimit

Only Native Transfers and Erc20 Transfers are supported. So this criterion can only be combined with checkIntentType({"transferNative"}) OR checkIntentType({"transferERC20"})

{
  "criterion": "checkRateLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "timeWindow": {
      "type": "fixed", // "rolling", "fixed"
      "period": "1d", // "1d", "1m", "1y"
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}
{
  "criterion": "checkRateLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "timeWindow": {
      "type": "rolling", // "rolling", "fixed"
      "value": 86400 // In seconds
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}

User Operation

checkEntryPointId

{
  "criterion": "checkEntryPointId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkEntryPointAddress

{
  "criterion": "checkEntryPointAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkEntryPointAccountType

{
  "criterion": "checkEntryPointAccountType",
  "args": ["eoa"]
}
args

eoa

4337

checkEntryPointClassification

{
  "criterion": "checkEntryPointClassification",
  "args": ["internal"]
}
args

internal

external

counterparty

managed

checkUserOperationIntents

{
  "criterion": "checkUserOperationIntents",
  "args": []
}

args
values

type

contract

token

spender

chainId

hexSignature

algorithm

source

destination

transfers

amount

message

payload

domain

deadline

PreviousRecipesNextEntities

Last updated