Policy Engine
The Policy Engine is the rules layer for Embedded Wallets. It defines what actions are allowed, under which conditions, and at what time, so security and recovery logic lives in one place instead of being fragmented across UI code, backend services, and smart contracts.
At a high level, the Policy Engine combines two complementary layers:
- Off-chain decisioning tied to the user’s root account—used for limits, step-up requirements, cooldowns, and auditability.
- On-chain enforcement hooks that make critical constraints non-bypassable—such as timelocks, approval thresholds, and hard denies.
What the Policy Engine controls
Policies apply to both day-to-day wallet actions and wallet configuration.
Limits and risk controls
- Per-transaction and daily spending limits
- Restrictions for new devices or fresh sessions
- Chain-, token-, or contract-level allowlists
Step-up requirements
- When passkey confirmation is required
- When higher-assurance checks (for example, liveness) are enforced
- Additional verification for sensitive recovery operations
Recovery configuration
- Timelocks before recovery can execute
- Approval thresholds (for example, guardian-based recovery)
- Cooldowns, cancellation windows, and validity periods
Account-abstraction behavior
- When gas sponsorship is permitted
- Which actions may be batched together
- Safety guardrails for relaying and transaction simulation
Operational constraints
- Audit logging and monitoring hooks
- Expiration and renewal reminders
- Safe-by-default behavior (deny unless explicitly allowed)
Core policy primitives
Policies are composed from a small, explicit set of building blocks:
- Limits (amounts and time windows)
- Step-up prompts (passkeys, liveness)
- Cooldowns for risky changes
- Timelocks for delayed recovery
- Thresholds for multi-party approval
- Validity and expiration rules
- Scope restrictions (chains, tokens, contracts)
- Gas sponsorship rules
This structure keeps policies readable, auditable, and easy to evolve as wallet requirements change.