> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy/rules-policy.md). # rules-policy The `rules-policy` program is the recovery policy: it holds a dWallet's authority and decides when a recovery is allowed. It is the one you attach to make a dWallet socially recoverable. See the concept in [Recovery](/hub/andromeda/concepts/recovery.md) and the on-chain detail in [RulesPolicy](/hub/andromeda/on-chain-programs/rules-policy.md). Program address (Solana devnet): `6TX7qG47Fsocuwmgsgo2q3NLCHrbomoQxQLifapU8Thr`. ## What it enforces A recovery succeeds if **either**: * the **primary owner** signs (the bypass, single step), or * an **M-of-N quorum** of recovery owners signs, **and** the action is within the configured **daily limit** and past the **cooldown** since the last recovery action. ## Configuration * **Primary owner**: one credential, identified by a 34-byte member slot (`[scheme, identifier, padding]`). Schemes: Ed25519, Secp256k1 (an Ethereum-style address), Secp256r1. * **Quorum roster**: N recovery owners, plus the threshold M. Members can use the same schemes as the primary, plus full WebAuthn (quorum members only, because a full assertion is large but fits in a member's own transaction). * **Daily limit**: how many recovery actions are allowed per day. The day boundary uses the Solana clock. * **Cooldown**: minimum slot gap between recovery actions. ## Deploy and change Follow the lifecycle (see [Configure recovery](/hub/andromeda/guides/configure-recovery.md) for the calls): `POST /v1/recovery/policy/preview` to see the resolved config and PDA, `POST /v1/recovery/policy/deploy` to install it, `GET /v1/recovery/policy/{dwalletAddress}` to read state, and `POST /v1/recovery/policy/admin/challenge` then `POST /v1/recovery/policy/admin/submit` for every change, including revoking the policy (submit the `revoke` admin action, which returns the authority to the owner). Changes that affect the roster or thresholds are staged as pending and finalised with `POST /v1/recovery/policy/apply-pending`, so a mistake is reversible before it takes effect. ## Running a recovery against it * Primary path: `POST /v1/recovery/primary/challenge` then `POST /v1/recovery/primary/submit`. See [Recovery flow](/hub/andromeda/getting-started/recovery.md). * Quorum path: open a session, collect member contributions, finalize, close. See [Run a recovery](/hub/andromeda/guides/run-recovery.md). ## On-chain guarantees * Every signature (primary or member) is verified by a Solana runtime precompile. Andromeda cannot forge it. See [Zero attestor](/hub/andromeda/concepts/zero-attestor.md). * The PDA is seeded with an init-authority hash, so the policy address cannot be front-run. * Per-flow replay nonces (`next_admin_nonce`, `next_primary_recover_nonce`, `next_session_nonce`) block replays. * The Solana clock is the only time source for the daily limit and cooldown. ## When to use it Any dWallet that an end user should be able to recover: consumer wallets, smart wallets, treasuries where the recovery set is a board or a guardian group. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy/rules-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.