Supported Criteria

On this page, you can find all the criteria supported by the Armory Policy Engine. These will be used to build policy conditions.

Have a use-case not supported? Additional criteria can be created to model nearly any scenario.

checkAction

{
  "criterion": "checkAction",
  "args": ["signTransaction"]
}

args

signTransaction

signRaw

signMessage

signUserOperation

signTypedData

grantPermission

checkResource

{
  "criterion": "checkResource",
  "args": ["vault"]
}

checkPermission

{
  "criterion": "checkPermission",
  "args": ["wallet:read"]
}

This criterion applies an AND between each argument in the array

args

wallet:import

wallet:create

wallet:read

checkPrincipalId

{
  "criterion": "checkPrincipalId",
  "args": ["bob"]
}

checkPrincipalRole

{
  "criterion": "checkPrincipalRole",
  "args": ["admin"]
}

args

root

admin

member

manager

checkPrincipalGroup

{
  "criterion": "checkPrincipalGroup",
  "args": ["developers"]
}

checkAccountId

{
  "criterion": "checkAccountId",
  "args": ["eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkAccountAddress

{
  "criterion": "checkAccountAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkAccountType

{
  "criterion": "checkAccountType",
  "args": ["eoa"]
}

args

eoa

4337

checkAccountGroup

{
  "criterion": "checkAccountGroup",
  "args": ["engineering-dev-wallet"]
}

checkAccountAssigned

{
  "criterion": "checkAccountAssigned",
  "args": null
}

checkSourceId

{
  "criterion": "checkSourceId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkSourceAddress

{
  "criterion": "checkSourceAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkSourceAccountType

{
  "criterion": "checkSourceAccountType",
  "args": ["eoa"]
}

args

eoa

4337

checkSourceClassification

{
  "criterion": "checkSourceClassification",
  "args": ["internal"]
}

args

internal

external

counterparty

managed

checkDestinationId

{
  "criterion": "checkDestinationId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkDestinationAddress

{
  "criterion": "checkDestinationAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkDestinationAccountType

{
  "criterion": "checkDestinationAccountType",
  "args": ["eoa"]
}

args

eoa

4337

checkDestinationClassification

{
  "criterion": "checkDestinationClassification",
  "args": ["external"]
}

args

internal

external

counterparty

managed

checkIntentType

{
  "criterion": "checkIntentType",
  "args": ["transferNative"]
}

args

transferNative

transferErc20

transferErc721

transferErc1155

approveTokenAllowance

permit

permit2

callContract

cancelTransaction

deployContract

signTypedData

userOperation

checkIntentChainId

{
  "criterion": "checkIntentChainId",
  "args": ["137"] 
}

checkIntentAmount

Intent amount by currency is not supported yet.

{
  "criterion": "checkIntentAmount",
  "args": {
    "currency": "fiat:usd",
    "operator": "lte",
    "value": "1000000000000000000" // Wei
  }
}

currency (*optional)

fiat:usd

fiat:eur

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkIntentContract

{
  "criterion": "checkIntentContract",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentSpender

{
  "criterion": "checkIntentSpender",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentToken

{
  "criterion": "checkIntentToken",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkIntentHexSignature

{
  "criterion": "checkIntentHexSignature",
  "args": ["0xe8e33700"]
}

checkIntentMessage

{
  "criterion": "checkIntentMessage",
  "args": {
    "operator": "contains"
    "value": "Welcome to Opensea!"
  }
}

operator

contains

checkIntentPayload

{
  "criterion": "checkIntentPayload",
  "args": []
}

checkIntentAlgorithm

{
  "criterion": "checkIntentAlgorithm",
  "args": ["ES256K"]
}

args

description

ES256K

secp256k1 - an Ethereum EOA

ES256

secp256r1 - ecdsa but not ethereum

RS256

checkIntentDomain

{
  "criterion": "checkIntentDomain",
  "args": {
    "version": [], // optional
    "chainId": [], // optional
    "name": [], // optional
    "verifyingContract": [] // optional
  }
}

checkErc1155TokenId

{
  "criterion": "checkErc1155TokenId",
  "args": ["eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/12345"]
}

checkErc1155Transfers

{
  "criterion": "checkErc1155Transfers",
  "args": [{
     "tokenId": "eip155:137/erc1155:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4/12345", 
     "operator": "lte", 
     "value": "2"
  }]
}

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkPermitDeadline

{
  "criterion": "checkPermitDeadline",
  "args": {
    "operator": "lte",
    "value": ""
  }
}

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkGasFeeAmount

Gas fee by currency is not supported yet.

{
  "criterion": "checkGasFeeAmount",
  "args": {
    "currency": "fiat:usd",
    "operator": "lte",
    "value": "1000000000000000000" // Wei
  }
}

currency (*optional)

fiat:usd

fiat:eur

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

checkNonceExists

{
  "criterion": "checkNonceExists",
  "args": null
}

checkNonceNotExists

{
  "criterion": "checkNonceNotExists",
  "args": null
}

checkApprovals

// Require approvals of 3 admins and count the principal signature (if he is an admin)

{
  "criterion": "checkApprovals",
  "args": [
    {
      "approvalCount": 3,
      "countPrincipal": true,
      "approvalEntityType": "Narval::UserRole"
      "entityIds": ["admin"]
    }
  ]
}

approvalEntityType

Narval::User

Narval::UserRole

Narval::UserGroup

checkSpendingLimit

Only Native Transfers and ERC20 Transfers are supported. So this criterion can only be combined with checkIntentType({"transferNative"}) OR checkIntentType({"transferErc20"})

Spending limit by currency is not supported yet.

{
  "criterion": "checkSpendingLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "operator": "lte",
    "currency": "fiat:usd",
    "timeWindow": {
      "type": "fixed", // "rolling", "fixed"
      "period": "1d", // "1d", "1m", "1y"
      "value": 86400, // in seconds
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}

operator

description

greater than

gte

greater than or equal

lower than

lte

lower than or equal

equal

not equal

currency (*optional)

fiat:usd

fiat:eur

Each timeWindow property is optional.

fixed time windows take a period, and rolling time windows take a value

timeWindow

values

description

type

rolling, fixed

period

1d, 1m, 1y

this can be combined only with fixed type window

value

number

time window length in seconds

startDate

number

timestamp in ms

endDate

number

timestamp in ms

Each filters property is optional

filters

values

description

perPrincipal

boolean

filter spendings by principal id

tokens

filter spendings by asset ids

users

filter spendings by user ids

resources

filter spendings by resource ids

destinations

CAIP-10

filter spendings by destination ids

chains

filter spendings by chain ids

userGroups

filter spendings by user group ids

accountGroups

filter spendings by account group ids

checkRateLimit

Only Native Transfers and Erc20 Transfers are supported. So this criterion can only be combined with checkIntentType({"transferNative"}) OR checkIntentType({"transferERC20"})

{
  "criterion": "checkRateLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "timeWindow": {
      "type": "fixed", // "rolling", "fixed"
      "period": "1d", // "1d", "1m", "1y"
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}

{
  "criterion": "checkRateLimit",
  "args": {
    "limit": "1000000000000000000", // Wei
    "timeWindow": {
      "type": "rolling", // "rolling", "fixed"
      "value": 86400 // In seconds
      "startDate": 1702418817 // timestamp in ms
      "endDate": 1722418817 // timestamp in ms
    },
    "filters": {
      "perPrincipal": true,
      "tokens": [],
      "users": [],
      "resources": [],
      "destinations": [],
      "chains": [],
      "userGroups": [],
      "accountGroups": []
    }
  }
}

User Operation

checkEntryPointId

{
  "criterion": "checkEntryPointId",
  "args": ["eip155:137:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"] // CAIP-10
}

checkEntryPointAddress

{
  "criterion": "checkEntryPointAddress",
  "args": ["0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"]
}

checkEntryPointAccountType

{
  "criterion": "checkEntryPointAccountType",
  "args": ["eoa"]
}

args

eoa

4337

checkEntryPointClassification

{
  "criterion": "checkEntryPointClassification",
  "args": ["internal"]
}

args

internal

external

counterparty

managed

checkUserOperationIntents

{
  "criterion": "checkUserOperationIntents",
  "args": []
}

args

values

type

contract

token

spender

chainId

hexSignature

checkIntentHexSignature

algorithm

checkIntentAlgorithm

source

id: checkSourceId address: checkSourceAddress accountType: checkSourceAccountType classification: checkSourceClassification

destination

id: checkDestinationId address: checkDestinationAddress accountType: checkDestinationAccountType classification: checkDestinationClassification

transfers

tokens: checkErc1155TokenId amounts: checkErc1155Transfers

amount

message

payload

domain

deadline

Last updated 8 months ago