operation (the signing action to govern), criteria (conditions that must all match), and an action (accept or reject).
Rules are evaluated in order before any signing operation executes. If no rule matches, the request is rejected by default.
Policy structure
A policy defines a set of rules that govern specific signing operations. Each policy contains:| Field | Description | Valid values |
|---|---|---|
scope | The level at which the policy is applied | project (embedded wallets only support project scope) |
description | A human-readable description of the policy | Any string |
rules | A list of rules that govern signing behavior | An array of rules |
| Field | Description | Valid values |
|---|---|---|
action | The action to take when a rule matches | accept or reject |
operation | The signing operation this rule applies to | See Supported operations below |
criteria | Conditions that must all be true for the rule to match | An array of criteria (logical AND) |
Scope
Policies apply at the project or account level. Project-level policies cover all accounts in a CDP project; account-level policies apply to a single account. A single account can have at most one of each.Embedded Wallets only support project-level policies.
Operations by product
Theoperation field in each rule determines which signing action and product surface the rule applies to.
Use this table to find the right operation name for your wallet type.
Network-based criteria (
evmNetwork, solNetwork) only apply to send operations, not sign-only operations.EVM
| Action | Server Wallet | Embedded Wallet | |
|---|---|---|---|
| Sign | Transaction | signEvmTransaction | signEndUserEvmTransaction |
| Message (EIP-191) | signEvmMessage | signEndUserEvmMessage | |
| Typed data (EIP-712) | signEvmTypedData | signEndUserEvmTypedData | |
| Hash | signEvmHash | — | |
| Send | Transaction | sendEvmTransaction | sendEndUserEvmTransaction |
| Smart account (prepare) | prepareUserOperation | — | |
| Smart account (send) | sendUserOperation | — |
Solana
| Action | Server Wallet | Embedded Wallet | |
|---|---|---|---|
| Sign | Transaction | signSolTransaction | signEndUserSolTransaction |
| Message | signSolMessage | signEndUserSolMessage | |
| Send | Transaction | sendSolTransaction | sendEndUserSolTransaction |
Policies by product
Server Wallets
Govern developer-controlled EVM and Solana account signing, including smart account user operations. Supports both project-level and account-level scope.
Embedded Wallets
Govern end-user signing operations in your app. Supports project-level scope only.
API Reference
Full Policy Engine REST API reference including all criteria types and request schemas.