> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy.md). # Deploy a policy A policy is a Solana program that holds a dWallet's signing authority and only lets a signature through if its rule is satisfied. Andromeda ships eight audited templates. This guide covers the shared lifecycle; each template page covers its specific configuration. {% hint style="info" %} Policy endpoints require an API key with the `admin` scope. The exact path prefix per template, and the request and response bodies, are in the [OpenAPI spec](https://api.andromedainfra.pro/openapi.json). {% endhint %} ## The lifecycle ### 1. Preview `POST .../preview` resolves your configuration, returns the normalised settings, and tells you the program-derived address (PDA) the policy will occupy. Nothing is created. Use this to validate inputs and to learn the PDA before you commit. ### 2. Deploy A `.../deploy` step returns an unsigned transaction. You sign it client-side and submit it. The PDA is seeded with an init-authority hash, so a third party cannot front-run the deployment and grab the address. After this, the policy program holds the dWallet's authority. See [RulesPolicy](/hub/andromeda/on-chain-programs/rules-policy.md) for the seeding details. ### 3. Read `GET .../{dwalletAddress}` returns the policy's current on-chain state: its configuration, nonces, and any pending change. ### 4. Change Configuration changes are challenge-based admin actions: a `.../challenge` step returns a 32-byte challenge and the expected nonce, the current owner signs it, and a `.../submit` step applies it. Some changes are staged as pending so they take effect in a second, separate step (`.../apply-pending`) rather than instantly. Each admin action carries a replay nonce. ### 5. Revoke Revoking is itself an admin action: submit the `revoke` action through the same challenge/submit flow. The policy program returns the dWallet's authority to the owner, and the dWallet is no longer policy-gated. There is no separate "revoke" endpoint; it is one of the admin actions. ## The eight templates | Template | Page | | ---------------------- | ----------------------------------------------------------------------------------- | | rules-policy | [Recovery rules](/hub/andromeda/guides/deploy-policy/rules-policy.md) | | allowlist-destinations | [Destination allowlist](/hub/andromeda/guides/deploy-policy/allowlist.md) | | velocity-guard | [Velocity guard](/hub/andromeda/guides/deploy-policy/velocity-guard.md) | | time-lock | [Time lock](/hub/andromeda/guides/deploy-policy/time-lock.md) | | oracle-conditional | [Oracle circuit breaker](/hub/andromeda/guides/deploy-policy/oracle-conditional.md) | | passkey-step-up | [Passkey step-up](/hub/andromeda/guides/deploy-policy/passkey-step-up.md) | | fhe-gated | [FHE-gated](/hub/andromeda/guides/deploy-policy/fhe-gated.md) | | session-keys | [Session keys](/hub/andromeda/guides/deploy-policy/session-keys.md) | ## A typed client for your policy After a policy is deployed, Andromeda can hand you a typed TypeScript client tailored to it. See [Typed TypeScript client](/hub/andromeda/sdks-and-tooling/ts-client.md). ## What you cannot do You cannot configure a policy to let the Andromeda API override it. The program is the authority; the API is a client of it. That is the point. See [Zero attestor](/hub/andromeda/concepts/zero-attestor.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.