> ## Documentation Index > Fetch the complete documentation index at: https://docs.cdp.coinbase.com/llms.txt > Use this file to discover all available pages before exploring further. # Policy Engine > Define rules that accept or reject wallet signing operations based on transaction parameters like destination and value. Policies let you govern wallet behavior by defining rules that accept or reject operations based on transaction parameters like destination address, value, and network. ## Policy fields | Field | Description | Valid values | | ----------- | --------------------------------------------------- | ------------------------------------------------- | | `scope` | Level at which the policy applies | `project` or `account` (API key auth only) | | `rules` | Ordered list of rules | Array of rules | | `action` | What to do when criteria match | `accept` or `reject` | | `operation` | The wallet operation being governed | See [Supported operations](#supported-operations) | | `criteria` | Logical expressions evaluated against the operation | Array of criteria | ## Evaluation Rules are processed in order. The first matching rule's `action` is applied. If no rule matches, the request is **rejected** (fail-secure default). For API key auth wallets, a `project`-level policy is evaluated first, followed by any `account`-level policy. ## API key configuration To manage policies via SDK or API, your API key must have the **Non-custodial > Manage (modify policies)** scope enabled under **API restrictions > API-specific restrictions**. ## Create a policy Policies can be created from the CDP Portal or via the SDK. ### CDP Portal In the Portal, navigate to [Non-custodial Wallet > Security](https://portal.cdp.coinbase.com/wallets/non-custodial/security) and click **Create project policy** to open the JSON editor. ### SDK User authentication wallets support **project-scope** policies only. ```typescript theme={null} const policy = await cdp.policies.createPolicy({ policy: { scope: "project", description: "Accept EVM txs to allowlisted addresses", rules: [ { action: "accept", operation: "signEndUserEvmTransaction", criteria: [ { type: "evmAddress", addresses: ["0x000000000000000000000000000000000000dEaD"], operator: "in", }, ], }, ], }, }); console.log("Created policy:", policy.id); ``` ```python theme={null} policy = await cdp.policies.create_policy({ "scope": "project", "description": "Accept EVM txs to allowlisted addresses", "rules": [ { "action": "accept", "operation": "signEndUserEvmTransaction", "criteria": [ { "type": "evmAddress", "addresses": ["0x000000000000000000000000000000000000dEaD"], "operator": "in", }, ], } ], }) print(f"Created policy: {policy.id}") ``` API key auth wallets support both **project-scope** and **account-scope** policies. ```typescript theme={null} const account = await cdp.evm.getOrCreateAccount({ name: "PolicyAccount" }); // Create an account-level policy const policy = await cdp.policies.createPolicy({ policy: { scope: "account", description: "Account Allowlist Example", rules: [ { action: "accept", operation: "signEvmTransaction", criteria: [ { type: "ethValue", ethValue: "1000000000000000000", // 1 ETH in wei operator: "<=", }, { type: "evmAddress", addresses: ["0x000000000000000000000000000000000000dEaD"], operator: "in", }, ], }, ], }, }); // Apply the policy to the account await cdp.evm.updateAccount({ address: account.address, update: { accountPolicy: policy.id }, }); console.log("Applied policy:", policy.id); ``` ```python theme={null} from cdp.policies.types import CreatePolicyOptions, EthValueCriterion, EvmAddressCriterion, SignEvmTransactionRule from cdp.update_account_types import UpdateAccountOptions account = await cdp.evm.get_or_create_account(name="PolicyAccount") policy = await cdp.policies.create_policy( policy=CreatePolicyOptions( scope="account", description="Account Allowlist Example", rules=[ SignEvmTransactionRule( action="accept", criteria=[ EthValueCriterion(ethValue="1000000000000000000", operator="<="), EvmAddressCriterion( addresses=["0x000000000000000000000000000000000000dEaD"], operator="in", ), ], ) ], ) ) await cdp.evm.update_account( address=account.address, update=UpdateAccountOptions(account_policy=policy.id), ) print(f"Applied policy: {policy.id}") ``` ## Supported operations ### User authentication | Operation | Description | | --------------------------- | ------------------------------------------------- | | `signEndUserEvmTransaction` | End-user EVM transaction signing | | `sendEndUserEvmTransaction` | End-user EVM transaction signing and sending | | `signEndUserEvmMessage` | End-user EIP-191 message signing | | `signEndUserEvmTypedData` | End-user EIP-712 typed data signing | | `signEndUserEvmHash` | End-user EVM hash signing (no criteria) | | `signEndUserSolTransaction` | End-user Solana transaction signing | | `sendEndUserSolTransaction` | End-user Solana transaction signing and broadcast | | `signEndUserSolMessage` | End-user Solana message signing | | `sendEndUserOperation` | End-user smart wallet user operation sending | | `sendEndUserEvmAsset` | End-user EVM asset send | | `sendEndUserSolAsset` | End-user Solana asset send | | `createEndUserEvmSwap` | End-user EVM swap creation | ### API key authentication | Operation | Description | | ---------------------- | ---------------------------------------- | | `signEvmTransaction` | EVM transaction signing | | `sendEvmTransaction` | EVM transaction signing and sending | | `signEvmMessage` | EIP-191 message signing | | `signEvmTypedData` | EIP-712 typed data signing | | `signEvmHash` | Hash signing | | `prepareUserOperation` | Smart account user operation preparation | | `sendUserOperation` | Smart account user operation sending | | `signSolTransaction` | Solana transaction signing | | `sendSolTransaction` | Solana transaction signing and sending | | `signSolMessage` | Solana message signing |