Policies

.gitignore

@@ -9,5 +9,8 @@ node_modules
 test-ledger
 .yarn-error
 
+# Yarn - ignore entire yarn directories
+.yarn/
+
 lib
 .crates

.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules

Anchor.toml

@@ -23,5 +23,9 @@ url = "https://api.devnet.solana.com"
 address = "8UuqDAqe9UQx9e9Sjj4Gs3msrWGfzb4CJHGK3U3tcCEX"
 filename = "tests/fixtures/pre-rent-collector/multisig-account.json"
 
+[[test.genesis]]
+address = "noopb9bkMVfRPU8AsbpTUg8AQkHtKwMYZiFUjNRtMmV"
+program = "tests/fixtures/noop.so"
+
 [scripts]
 test = "npx mocha --node-option require=ts-node/register --extension ts -t 1000000 tests/index.ts"

package.json

@@ -1,33 +1,34 @@
 {
-	"private": true,
-	"workspaces": [
-		"sdk/*"
-	],
-	"scripts": {
-		"build": "turbo run build",
-		"test:detached": "turbo run build && anchor test --detach -- --features=testing && echo \"\n⚠️ Don't forget to recompile the .so file before deployment\n\"",
-		"test": "turbo run build && anchor test -- --features=testing && echo \"\n⚠️ Don't forget to recompile the .so file before deployment\n\"",
-		"pretest": "mkdir -p target/deploy && cp ./test-program-keypair.json ./target/deploy/squads_smart_account_program-keypair.json",
-		"ts": "turbo run ts && yarn tsc --noEmit"
-	},
-	"devDependencies": {
-		"@solana/spl-memo": "^0.2.3",
-		"@solana/spl-token": "*",
-		"@types/bn.js": "5.1.0",
-		"@types/mocha": "10.0.1",
-		"@types/node-fetch": "2.6.2",
-		"mocha": "10.2.0",
-		"prettier": "2.6.2",
-		"ts-node": "10.9.1",
-		"turbo": "1.6.3",
-		"typescript": "*"
-	},
-	"resolutions": {
-		"@solana/web3.js": "1.70.3",
-		"@solana/spl-token": "0.3.6",
-		"typescript": "4.9.4"
-	},
-	"dependencies": {
-		"@solana/web3.js": "^1.95.5"
-	}
+  "private": true,
+  "workspaces": [
+    "sdk/*"
+  ],
+  "scripts": {
+    "build": "turbo run build",
+    "test:detached": "turbo run build && anchor test --detach -- --features=testing && echo \"\n⚠️ Don't forget to recompile the .so file before deployment\n\"",
+    "test:detached:nb": "anchor test --detach -- --features=testing && echo \"\n⚠️ Don't forget to recompile the .so file before deployment\n\"",
+    "test": "turbo run build && anchor test -- --features=testing && echo \"\n⚠️ Don't forget to recompile the .so file before deployment\n\"",
+    "pretest": "mkdir -p target/deploy && cp ./test-program-keypair.json ./target/deploy/squads_smart_account_program-keypair.json",
+    "ts": "turbo run ts && yarn tsc --noEmit"
+  },
+  "devDependencies": {
+    "@solana/spl-memo": "^0.2.3",
+    "@solana/spl-token": "*",
+    "@types/mocha": "10.0.1",
+    "@types/node-fetch": "2.6.2",
+    "mocha": "10.2.0",
+    "prettier": "2.6.2",
+    "ts-node": "10.9.1",
+    "turbo": "1.6.3",
+    "typescript": "*"
+  },
+  "resolutions": {
+    "@solana/web3.js": "1.70.3",
+    "@solana/spl-token": "0.3.6",
+    "typescript": "4.9.4"
+  },
+  "dependencies": {
+    "@solana/web3.js": "^1.95.5"
+  },
+  "packageManager": "yarn@1.22.22"
 }

programs/squads_smart_account_program/src/allocator.rs

@@ -129,5 +129,6 @@ unsafe impl std::alloc::GlobalAlloc for BumpAllocator {
 
 // Only use the allocator if we're not in a no-entrypoint context
 #[cfg(not(feature = "no-entrypoint"))]
+#[cfg(not(test))]
 #[global_allocator]
 static A: BumpAllocator = BumpAllocator;

programs/squads_smart_account_program/src/errors.rs

@@ -60,8 +60,6 @@ pub enum SmartAccountError {
     SpendingLimitExceeded,
     #[msg("Decimals don't match the mint")]
     DecimalsMismatch,
-    #[msg("Spending limit is expired")]
-    SpendingLimitExpired,
     #[msg("Signer has unknown permission")]
     UnknownPermission,
     #[msg("Account is protected, it cannot be passed into a CPI as writable")]
@@ -110,4 +108,186 @@ pub enum SmartAccountError {
     TimeLockNotZero,
     #[msg("Feature not implemented")]
     NotImplemented,
+    #[msg("Invalid cadence configuration")]
+    SpendingLimitInvalidCadenceConfiguration,
+    #[msg("Invalid data constraint")]
+    InvalidDataConstraint,
+
+
+    #[msg("Invalid payload")]
+    InvalidPayload,
+    #[msg("Protected instruction")]
+    ProtectedInstruction,
+    #[msg("Placeholder error")]
+    PlaceholderError,
+
+    // ===============================================
+    // Overall Policy Errors
+    // ===============================================
+    #[msg("Invalid policy payload")]
+    InvalidPolicyPayload,
+    #[msg("Invalid empty policy")]
+    InvalidEmptyPolicy,
+    #[msg("Transaction is for another policy")]
+    TransactionForAnotherPolicy,
+
+    // ===============================================
+    // Program Interaction Policy Errors
+    // ===============================================
+    #[msg("Program interaction sync payload not allowed with async transaction")]
+    ProgramInteractionAsyncPayloadNotAllowedWithSyncTransaction,
+    #[msg("Program interaction sync payload not allowed with sync transaction")]
+    ProgramInteractionSyncPayloadNotAllowedWithAsyncTransaction,
+    #[msg("Program interaction data constraint failed: instruction data too short")]
+    ProgramInteractionDataTooShort,
+    #[msg("Program interaction data constraint failed: invalid numeric value")]
+    ProgramInteractionInvalidNumericValue,
+    #[msg("Program interaction data constraint failed: invalid byte sequence")]
+    ProgramInteractionInvalidByteSequence,
+    #[msg("Program interaction data constraint failed: unsupported operator for byte slice")]
+    ProgramInteractionUnsupportedSliceOperator,
+    #[msg("Program interaction constraint failed: instruction data parsing error")]
+    ProgramInteractionDataParsingError,
+    #[msg("Program interaction constraint failed: program ID mismatch")]
+    ProgramInteractionProgramIdMismatch,
+    #[msg("Program interaction constraint violation: account constraint")]
+    ProgramInteractionAccountConstraintViolated,
+    #[msg("Program interaction constraint violation: instruction constraint index out of bounds")]
+    ProgramInteractionConstraintIndexOutOfBounds,
+    #[msg("Program interaction constraint violation: instruction count mismatch")]
+    ProgramInteractionInstructionCountMismatch,
+    #[msg("Program interaction constraint violation: insufficient remaining lamport allowance")]
+    ProgramInteractionInsufficientLamportAllowance,
+    #[msg("Program interaction constraint violation: insufficient remaining token allowance")]
+    ProgramInteractionInsufficientTokenAllowance,
+    #[msg("Program interaction constraint violation: modified illegal balance")]
+    ProgramInteractionModifiedIllegalBalance,
+    #[msg("Program interaction constraint violation: illegal token account modification")]
+    ProgramInteractionIllegalTokenAccountModification,
+    #[msg("Program interaction invariant violation: duplicate spending limit for the same mint")]
+    ProgramInteractionDuplicateSpendingLimit,
+    #[msg("Program interaction constraint violation: too many instruction constraints. Max is 20")]
+    ProgramInteractionTooManyInstructionConstraints,
+    #[msg("Program interaction constraint violation: too many spending limits. Max is 10")]
+    ProgramInteractionTooManySpendingLimits,
+    #[msg("Program interaction constraint violation: invalid pubkey table index")]
+    ProgramInteractionInvalidPubkeyTableIndex,
+    #[msg("Program interaction constraint violation: too many unique pubkeys. Max is 240 (indices 240-255 reserved for builtin programs)")]
+    ProgramInteractionTooManyUniquePubkeys,
+    #[msg("Program interaction hook violation: template hook error")]
+    ProgramInteractionTemplateHookError,
+    #[msg("Program interaction hook violation: hook authority cannot be part of hook accounts")]
+    ProgramInteractionHookAuthorityCannotBePartOfHookAccounts,
+
+    // ===============================================
+    // Spending Limit Policy Errors
+    // ===============================================
+    #[msg("Spending limit is not active")]
+    SpendingLimitNotActive,
+    #[msg("Spending limit is expired")]
+    SpendingLimitExpired,
+    #[msg("Spending limit policy invariant violation: usage state cannot be Some() if accumulate_unused is true")]
+    SpendingLimitPolicyInvariantAccumulateUnused,
+    #[msg("Amount violates exact quantity constraint")]
+    SpendingLimitViolatesExactQuantityConstraint,
+    #[msg("Amount violates max per use constraint")]
+    SpendingLimitViolatesMaxPerUseConstraint,
+    #[msg("Spending limit is insufficient")]
+    SpendingLimitInsufficientRemainingAmount,
+    #[msg("Spending limit invariant violation: max per period must be non-zero")]
+    SpendingLimitInvariantMaxPerPeriodZero,
+    #[msg("Spending limit invariant violation: start time must be positive")]
+    SpendingLimitInvariantStartTimePositive,
+    #[msg("Spending limit invariant violation: expiration must be greater than start")]
+    SpendingLimitInvariantExpirationSmallerThanStart,
+    #[msg("Spending limit invariant violation: overflow enabled must have expiration")]
+    SpendingLimitInvariantOverflowEnabledMustHaveExpiration,
+    #[msg("Spending limit invariant violation: one time period cannot have overflow enabled")]
+    SpendingLimitInvariantOneTimePeriodCannotHaveOverflowEnabled,
+    #[msg("Spending limit invariant violation: remaining amount must be less than max amount")]
+    SpendingLimitInvariantOverflowRemainingAmountGreaterThanMaxAmount,
+    #[msg("Spending limit invariant violation: remaining amount must be less than or equal to max per period")]
+    SpendingLimitInvariantRemainingAmountGreaterThanMaxPerPeriod,
+    #[msg("Spending limit invariant violation: exact quantity must have max per use non-zero")]
+    SpendingLimitInvariantExactQuantityMaxPerUseZero,
+    #[msg("Spending limit invariant violation: max per use must be less than or equal to max per period")]
+    SpendingLimitInvariantMaxPerUseGreaterThanMaxPerPeriod,
+    #[msg("Spending limit invariant violation: custom period must be positive")]
+    SpendingLimitInvariantCustomPeriodNegative,
+    #[msg("Spending limit policy invariant violation: cannot have duplicate destinations for the same mint")]
+    SpendingLimitPolicyInvariantDuplicateDestinations,
+    #[msg("Spending limit invariant violation: last reset must be between start and expiration")]
+    SpendingLimitInvariantLastResetOutOfBounds,
+    #[msg("Spending limit invariant violation: last reset must be greater than start")]
+    SpendingLimitInvariantLastResetSmallerThanStart,
+
+    // ===============================================
+    // Internal Fund Transfer Policy Errors
+    // ===============================================
+    #[msg("Internal fund transfer policy invariant violation: source account index is not allowed")]
+    InternalFundTransferPolicyInvariantSourceAccountIndexNotAllowed,
+    #[msg("Internal fund transfer policy invariant violation: destination account index is not allowed")]
+    InternalFundTransferPolicyInvariantDestinationAccountIndexNotAllowed,
+    #[msg("Internal fund transfer policy invariant violation: source and destination cannot be the same")]
+    InternalFundTransferPolicyInvariantSourceAndDestinationCannotBeTheSame,
+    #[msg("Internal fund transfer policy invariant violation: mint is not allowed")]
+    InternalFundTransferPolicyInvariantMintNotAllowed,
+    #[msg("Internal fund transfer policy invariant violation: amount must be greater than 0")]
+    InternalFundTransferPolicyInvariantAmountZero,
+    #[msg("Internal fund transfer policy invariant violation: cannot have duplicate mints")]
+    InternalFundTransferPolicyInvariantDuplicateMints,
+
+    // ===============================================
+    // Consensus Account Errors
+    // ===============================================
+    #[msg("Consensus account is not a settings")]
+    ConsensusAccountNotSettings,
+    #[msg("Consensus account is not a policy")]
+    ConsensusAccountNotPolicy,
+
+    // ===============================================
+    // Settings Change Policy Errors
+    // ===============================================
+    #[msg("Settings change policy invariant violation: actions must be non-zero")]
+    SettingsChangePolicyActionsMustBeNonZero,
+    #[msg("Settings change policy violation: submitted settings account must match policy settings key")]
+    SettingsChangeInvalidSettingsKey,
+    #[msg("Settings change policy violation: submitted settings account must be writable")]
+    SettingsChangeInvalidSettingsAccount,
+    #[msg("Settings change policy violation: rent payer must be writable and signer")]
+    SettingsChangeInvalidRentPayer,
+    #[msg("Settings change policy violation: system program must be the system program")]
+    SettingsChangeInvalidSystemProgram,
+    #[msg("Settings change policy violation: signer does not match allowed signer")]
+    SettingsChangeAddSignerViolation,
+    #[msg("Settings change policy violation: signer permissions does not match allowed signer permissions")]
+    SettingsChangeAddSignerPermissionsViolation,
+    #[msg("Settings change policy violation: signer removal does not mach allowed signer removal")]
+    SettingsChangeRemoveSignerViolation,
+    #[msg("Settings change policy violation: time lock does not match allowed time lock")]
+    SettingsChangeChangeTimelockViolation,
+    #[msg("Settings change policy violation: action does not match allowed action")]
+    SettingsChangeActionMismatch,
+    #[msg("Settings change policy invariant violation: cannot have duplicate actions")]
+    SettingsChangePolicyInvariantDuplicateActions,
+    #[msg("Settings change policy invariant violation: action indices must match actions length")]
+    SettingsChangePolicyInvariantActionIndicesActionsLengthMismatch,
+    #[msg("Settings change policy invariant violation: action index out of bounds")]
+    SettingsChangePolicyInvariantActionIndexOutOfBounds,
+
+    // ===============================================
+    // Policy Expiration Errors
+    // ===============================================
+    #[msg("Policy is not active yet")]
+    PolicyNotActiveYet,
+    #[msg("Policy invariant violation: invalid policy expiration")]
+    PolicyInvariantInvalidExpiration,
+    #[msg("Policy expiration violation: submitted settings key does not match policy settings key")]
+    PolicyExpirationViolationPolicySettingsKeyMismatch,
+    #[msg("Policy expiration violation: state expiration requires the settings to be submitted")]
+    PolicyExpirationViolationSettingsAccountNotPresent,
+    #[msg("Policy expiration violation: state hash has expired")]
+    PolicyExpirationViolationHashExpired,
+    #[msg("Policy expiration violation: timestamp has expired")]
+    PolicyExpirationViolationTimestampExpired,
 }