> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/on-chain-programs/overview.md).

# Overview

Andromeda's policy and recovery logic lives in eight Solana programs, built with the Quasar framework, deployed on Solana devnet. Each one can hold the signing authority of a dWallet and decide, on-chain, whether a given signature is allowed. Because the program is the authority, the Andromeda API cannot bypass it.

| Program                | Address (devnet)                               | Purpose                                                                         |
| ---------------------- | ---------------------------------------------- | ------------------------------------------------------------------------------- |
| rules-policy           | `6TX7qG47Fsocuwmgsgo2q3NLCHrbomoQxQLifapU8Thr` | Recovery: primary owner bypass, or M-of-N quorum, plus daily limit and cooldown |
| allowlist-destinations | `91hycWu3sTbRELUDBTkqbyaEse1fVFDX3RmW9uPNQqFx` | Sign only for whitelisted destination programs                                  |
| velocity-guard         | `DVAkrYe4SWzihvbh94GC6aB7ESf1h4yxiSDyetq1jkdW` | At most N signatures per slot window                                            |
| time-lock              | `2i4bE6s7oc8kkziQETy55SGWQXxwotkpERr9XMv7Q7qs` | Sign only inside allowed slot ranges                                            |
| oracle-conditional     | `Wi6x2Y4YTYcv4aMz7AQRF2UELE36fZNKhsAoCFq2ssM`  | Pyth price circuit breaker                                                      |
| passkey-step-up        | `7xNwfNHtN11kf5JFNhsQTuciBskmWmZ8XcHSAeNdvorC` | Require a passkey proof above a threshold                                       |
| fhe-gated              | `6NhfKThEydSHH6R7gBm94reo3simopRJmb4nDzkKU7np` | Require a signed confidential decision first                                    |
| session-keys           | `3Y2QaXiJH3aSiooDnGQsZQhYN72r47mYYbHp9YWyiASm` | Scoped, time-boxed delegation with on-chain limits                              |

You interact with these through the Andromeda API ([Deploy a policy](/hub/andromeda/guides/deploy-policy.md), [Configure recovery](/hub/andromeda/guides/configure-recovery.md)), but the details below are relevant if you build clients that assemble or verify the transactions, or if you want to audit the behaviour.

## Properties shared by all eight

* **Init-authority-hash seeded PDA.** A policy account's address is derived from a hash that includes the init authority, so a third party cannot front-run the deployment and occupy the address. See [RulesPolicy](/hub/andromeda/on-chain-programs/rules-policy.md).
* **The Solana clock is the only time source.** No client timestamps. Daily limits, cooldowns, expiries and time windows all read the on-chain clock.
* **Strict on-chain input validation.** For example, the WebAuthn challenge field is pattern-matched, not loosely accepted.
* **Per-flow replay nonces.** Each kind of action (admin change, primary recovery, quorum session) has its own monotonic counter on-chain.
* **Precompile-validated signatures, zero attestor.** Every user signature a program acts on is verified by a Solana runtime precompile inside the same transaction. Andromeda assembles and submits but does not vouch. See [Precompile validation](/hub/andromeda/on-chain-programs/precompiles.md) and [Zero attestor](/hub/andromeda/concepts/zero-attestor.md).

## Where to go next

* [RulesPolicy](/hub/andromeda/on-chain-programs/rules-policy.md): the recovery program in detail.
* [Precompile validation](/hub/andromeda/on-chain-programs/precompiles.md): how signatures are checked on-chain.
* [Domain-separated challenges](/hub/andromeda/on-chain-programs/challenges.md): how the 32-byte challenges are constructed.
* [Quorum via PDA staging](/hub/andromeda/on-chain-programs/quorum-staging.md): how unbounded-size quorums work.
* [Audit summary](/hub/andromeda/on-chain-programs/audit.md): what was reviewed in the internal audit.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://shinkalabs.gitbook.io/hub/andromeda/on-chain-programs/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.