From cf8b53c5edd2fd9dc19656adf4f5664414e1347d Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Fri, 11 Jul 2025 02:18:35 +0000 Subject: [PATCH] Documentation edits made through Mintlify web editor --- concepts/policies/language.mdx | 169 +++++++++++++++++---------------- 1 file changed, 85 insertions(+), 84 deletions(-) diff --git a/concepts/policies/language.mdx b/concepts/policies/language.mdx index 1a3d09bd..9b2950bc 100644 --- a/concepts/policies/language.mdx +++ b/concepts/policies/language.mdx @@ -2,28 +2,29 @@ title: "Policy language" description: "This page provides an overview of how to author policies using our policy language. To begin, we'll need to get familiar with the language's grammar, keywords, and types." sidebarTitle: "Language" +mode: "wide" --- ## Grammar The grammar has been designed for flexibility and expressiveness. We currently support the following operations: -| Operation | Operators | Example | Types | -| ---------- | ---------------------------- | ---------------------------- | ------------------------ | -| logical | &&, \|\| | "true && false" | (bool, bool) -> bool | -| comparison | ==, !=, \<, >, \<=, >= | "1 \< 2" | (int, int) -> bool | -| comparison | ==, != | "'a' != 'b'" | (string, string) -> bool | -| comparison | in | "1 in \[1, 2, 3]" | (T, list\) -> bool | -| access | x\[\] | \[1,2,3]\[0] | (list\) -> T | -| access | x\[\] | "'abc'\[0]" | (string) -> string | -| access | x\[\..\] | \[1,2,3]\[0..2] | (list\) -> (list\) | -| access | x\[\..\] | "'abc'\[0..2]" | (string) -> string | -| access | x.\ | "user.tags" | (struct) -> T | -| function | x.all(item, \) | "\[1,1,1].all(x, x == 1)" | (list\) -> bool | -| function | x.any(item, \) | "\[1,2,3].any(x, x == 1)" | (list\) -> bool | -| function | x.contains(\) | "\[1,2,3].contains(1)" | (list\) -> bool | -| function | x.count() | "\[1,2,3].count()" | (list\) -> int | -| function | x.filter(item, \) | "\[1,2,3].filter(x, x == 1)" | (list\) -> (list\) | +| Operation | Operators | Example | Types | +| ---------- | ----------------------------- | --------------------------- | --------------------------- | +| logical | &&, \|\| | "true && false" | (bool, bool) -\> bool | +| comparison | ==, \!=, \<, \>, \<=, \>= | "1 \< 2" | (int, int) -\> bool | +| comparison | ==, \!= | "'a' \!= 'b'" | (string, string) -\> bool | +| comparison | in | "1 in [1, 2, 3]" | (T, list\) -\> bool | +| access | x[\] | [1,2,3][0] | (list\) -\> T | +| access | x[\] | "'abc'[0]" | (string) -\> string | +| access | x[\..\] | [1,2,3][0..2] | (list\) -\> (list\) | +| access | x[\..\] | "'abc'[0..2]" | (string) -\> string | +| access | x.\ | "user.tags" | (struct) -\> T | +| function | x.all(item, \) | "[1,1,1].all(x, x == 1)" | (list\) -\> bool | +| function | x.any(item, \) | "[1,2,3].any(x, x == 1)" | (list\) -\> bool | +| function | x.contains(\) | "[1,2,3].contains(1)" | (list\) -\> bool | +| function | x.count() | "[1,2,3].count()" | (list\) -\> int | +| function | x.filter(item, \) | "[1,2,3].filter(x, x == 1)" | (list\) -\> (list\) | ## Keywords @@ -52,13 +53,13 @@ The language is strongly typed which makes policies easy to author and maintain. ### Primitive -| Type | Example | Notes | -| ------------- | --------------- | ------------------------------------------------ | -| **bool** | true | | -| **int** | 256 | i128 | -| **string** | 'a' | only single quotes are supported | -| **list\** | \[1, 2, 3] | a list of type T | -| **struct** | \{ id: 'abc' \} | a key-value map of \{ field:T \} (defined below) | +| Type | Example | Notes | +| ------------- | ------------- | ---------------------------------------------- | +| **bool** | true | | +| **int** | 256 | i128 | +| **string** | 'a' | only single quotes are supported | +| **list\** | [1, 2, 3] | a list of type T | +| **struct** | { id: 'abc' } | a key-value map of { field:T } (defined below) | ### Struct @@ -69,7 +70,7 @@ The language is strongly typed which makes policies easy to author and maintain. | | email | string | The email address of the user | | | alias | string | The alias of the user | | **Activity** | type | string | The type of the activity (e.g. ACTIVITY_TYPE_SIGN_TRANSACTION_V2) | -| | resource | string | The resource type the activity targets: `USER`, `PRIVATE_KEY`, `POLICY`, `WALLET`, `ORGANIZATION`, `INVITATION`, `CREDENTIAL`, `CONFIG`, `RECOVERY`, `AUTH`, `OTP`, `PAYMENT_METHOD`, `SUBSCRIPTION` | +| | resource | string | The resource type the activity targets: `USER`, `PRIVATE_KEY`, `POLICY`, `WALLET`, `ORGANIZATION`, `INVITATION`, `CREDENTIAL`, `CONFIG`, `RECOVERY`, `AUTH`, `OTP`, `PAYMENT_METHOD`, `SUBSCRIPTION` | | | action | string | The action of the activity: `CREATE`, `UPDATE`, `DELETE`, `SIGN`, `EXPORT`, `IMPORT` | | **Wallet** | id | string | The identifier of the wallet | | | imported | bool | Boolean indicating whether or not this wallet has been imported | @@ -104,7 +105,7 @@ The language is strongly typed which makes policies easy to author and maintain. | | ref_block_hash | string | The hash of the transaction reference block | | | expiration | int | Transaction expiration time in milliseconds | | | timestamp | int | Transaction timestamp in milliseconds | -| | data | string | Transaction memo (not the call data!) | +| | data | string | Transaction memo (not the call data\!) | | | fee_limit | int | The maximum energy cost allowed for the execution of smart contract transactions | | | contract | list\ | A list of TronContract. This is the main content of a Tron transaction. This determines the type of transaction being executed and its parameters (see below) | @@ -123,7 +124,7 @@ The language is strongly typed which makes policies easy to author and maintain. | | to | string | A Solana account (public key) representing the token account that is receiving tokens in this SPL transfer | | | amount | int | The amount (noted in raw atomic units) of this SPL transfer | | | owner | string | A Solana account (public key) representing the owner of the sending token account for this SPL transfer | -| | signers | list\ | A list of Solana accounts (public keys) representing the multisig signers (if they exist) for this SPL transfer | +| | signers | list\ | A list of Solana accounts (public keys) representing the multisig signers (if they exist) for this SPL transfer | | | token_mint | string | A Solana account (public key) representing the token mint of the token being transferred in this SPL transfer | | **Account** | account_key | string | A Solana account (public key) | | | signer | boolean | An indicator of whether or not the account is a signer | @@ -152,73 +153,73 @@ The language is strongly typed which makes policies easy to author and maintain. | | witness | TronPermission | The witness permission of the account (Only available for AccountPermissionUpdateContract's) | | | actives | list\ | A list of active permissions for the account (Only available for AccountPermissionUpdateContract's) | | **TronPermission** | type | string | The permission type either "Owner", "Witness", or "Active" | -| | id | int | The permission id Owner = 0, Witness = 1, Active = 2+n where n is the 0 indexed active permission number | +| | id | int | The permission id Owner = 0, Witness = 1, Active = 2\+n where n is the 0 indexed active permission number | | | permission_name | string | The name of the permission | | | threshold | int | The operation is allowed only when the sum of the weights of the participating signatures exceeds the domain value. Requires a maximum value less than the Long type (int64). | | | parent_id | int | The parent id, currently always 0 | | | operations | String | Hex encoded 32 bytes (256 bits), each bit represents the authority of a contract, a 1 means the authority to own the contract | -| | keys | TronKey | A list of address's and weight's that jointly own the permission can be up to 5 keys. | +| | keys | TronKey | A list of address's and weight's that jointly own the permission can be up to 5 keys. | | **TronKey** | address | string | The address authorized for a specific TronPermission | | | weight | int | The weight of this address's signature for this permission, used to reach "threshold" in a TronPermission | ## Activity Breakdown -| Resource Type | Action | Activity Type | +| Resource Type | Action | Activity Type | | ------------------ | ------ | -----------------------------------------: | -| **ORGANIZATION** | CREATE | ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V7 | -| | DELETE | ACTIVITY_TYPE_DELETE_ORGANIZATION | -| | DELETE | ACTIVITY_TYPE_DELETE_SUB_ORGANIZATION | -| **INVITATION** | CREATE | ACTIVITY_TYPE_CREATE_INVITATIONS | -| | DELETE | ACTIVITY_TYPE_DELETE_INVITATION | -| **POLICY** | CREATE | ACTIVITY_TYPE_CREATE_POLICY_V3 | -| | CREATE | ACTIVITY_TYPE_CREATE_POLICIES | -| | UPDATE | ACTIVITY_TYPE_UPDATE_POLICY_V2 | -| | DELETE | ACTIVITY_TYPE_DELETE_POLICY | -| **WALLET** | CREATE | ACTIVITY_TYPE_CREATE_WALLET | -| | CREATE | ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS | -| | EXPORT | ACTIVITY_TYPE_EXPORT_WALLET | -| | EXPORT | ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT | -| | IMPORT | ACTIVITY_TYPE_INIT_IMPORT_WALLET | -| | IMPORT | ACTIVITY_TYPE_IMPORT_WALLET | -| | DELETE | ACTIVITY_TYPE_DELETE_WALLETS | -| | UPDATE | ACTIVITY_TYPE_UPDATE_WALLET | -| **PRIVATE_KEY** | CREATE | ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2 | -| | CREATE | ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG | -| | UPDATE | ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG | -| | DELETE | ACTIVITY_TYPE_DISABLE_PRIVATE_KEY | -| | DELETE | ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS | -| | DELETE | ACTIVITY_TYPE_DELETE_PRIVATE_KEYS | -| | EXPORT | ACTIVITY_TYPE_EXPORT_PRIVATE_KEY | -| | IMPORT | ACTIVITY_TYPE_INIT_IMPORT_PRIVATE_KEY | -| | IMPORT | ACTIVITY_TYPE_IMPORT_PRIVATE_KEY | -| | SIGN | ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2 | -| | SIGN | ACTIVITY_TYPE_SIGN_RAW_PAYLOADS | -| | SIGN | ACTIVITY_TYPE_SIGN_TRANSACTION_V2 | -| **USER** | CREATE | ACTIVITY_TYPE_CREATE_USERS_V2 | -| | CREATE | ACTIVITY_TYPE_CREATE_USER_TAG | -| | CREATE | ACTIVITY_TYPE_CREATE_API_ONLY_USERS | -| | UPDATE | ACTIVITY_TYPE_UPDATE_USER | -| | UPDATE | ACTIVITY_TYPE_UPDATE_USER_TAG | -| | DELETE | ACTIVITY_TYPE_DELETE_USERS | -| | DELETE | ACTIVITY_TYPE_DELETE_USER_TAGS | -| **CREDENTIAL** | CREATE | ACTIVITY_TYPE_CREATE_API_KEYS_V2 | -| | CREATE | ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2 | -| | DELETE | ACTIVITY_TYPE_DELETE_API_KEYS | -| | DELETE | ACTIVITY_TYPE_DELETE_AUTHENTICATORS | -| | CREATE | ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS | -| | DELETE | ACTIVITY_TYPE_DELETE_OAUTH_PROVIDERS | -| **PAYMENT_METHOD** | UPDATE | ACTIVITY_TYPE_SET_PAYMENT_METHOD_V2 | -| | DELETE | ACTIVITY_TYPE_DELETE_PAYMENT_METHOD | -| **SUBSCRIPTION** | CREATE | ACTIVITY_TYPE_ACTIVATE_BILLING_TIER | -| **CONFIG** | UPDATE | ACTIVITY_TYPE_UPDATE_ALLOWED_ORIGINS | -| **RECOVERY** | CREATE | ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY | -| **AUTH** | CREATE | ACTIVITY_TYPE_EMAIL_AUTH_V2 | -| | CREATE | ACTIVITY_TYPE_INIT_OTP_AUTH | -| | CREATE | ACTIVITY_TYPE_OTP_AUTH | -| | CREATE | ACTIVITY_TYPE_OAUTH | +| **ORGANIZATION** | CREATE | ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V7 | +| | DELETE | ACTIVITY_TYPE_DELETE_ORGANIZATION | +| | DELETE | ACTIVITY_TYPE_DELETE_SUB_ORGANIZATION | +| **INVITATION** | CREATE | ACTIVITY_TYPE_CREATE_INVITATIONS | +| | DELETE | ACTIVITY_TYPE_DELETE_INVITATION | +| **POLICY** | CREATE | ACTIVITY_TYPE_CREATE_POLICY_V3 | +| | CREATE | ACTIVITY_TYPE_CREATE_POLICIES | +| | UPDATE | ACTIVITY_TYPE_UPDATE_POLICY_V2 | +| | DELETE | ACTIVITY_TYPE_DELETE_POLICY | +| **WALLET** | CREATE | ACTIVITY_TYPE_CREATE_WALLET | +| | CREATE | ACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS | +| | EXPORT | ACTIVITY_TYPE_EXPORT_WALLET | +| | EXPORT | ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT | +| | IMPORT | ACTIVITY_TYPE_INIT_IMPORT_WALLET | +| | IMPORT | ACTIVITY_TYPE_IMPORT_WALLET | +| | DELETE | ACTIVITY_TYPE_DELETE_WALLETS | +| | UPDATE | ACTIVITY_TYPE_UPDATE_WALLET | +| **PRIVATE_KEY** | CREATE | ACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2 | +| | CREATE | ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG | +| | UPDATE | ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG | +| | DELETE | ACTIVITY_TYPE_DISABLE_PRIVATE_KEY | +| | DELETE | ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS | +| | DELETE | ACTIVITY_TYPE_DELETE_PRIVATE_KEYS | +| | EXPORT | ACTIVITY_TYPE_EXPORT_PRIVATE_KEY | +| | IMPORT | ACTIVITY_TYPE_INIT_IMPORT_PRIVATE_KEY | +| | IMPORT | ACTIVITY_TYPE_IMPORT_PRIVATE_KEY | +| | SIGN | ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2 | +| | SIGN | ACTIVITY_TYPE_SIGN_RAW_PAYLOADS | +| | SIGN | ACTIVITY_TYPE_SIGN_TRANSACTION_V2 | +| **USER** | CREATE | ACTIVITY_TYPE_CREATE_USERS_V2 | +| | CREATE | ACTIVITY_TYPE_CREATE_USER_TAG | +| | CREATE | ACTIVITY_TYPE_CREATE_API_ONLY_USERS | +| | UPDATE | ACTIVITY_TYPE_UPDATE_USER | +| | UPDATE | ACTIVITY_TYPE_UPDATE_USER_TAG | +| | DELETE | ACTIVITY_TYPE_DELETE_USERS | +| | DELETE | ACTIVITY_TYPE_DELETE_USER_TAGS | +| **CREDENTIAL** | CREATE | ACTIVITY_TYPE_CREATE_API_KEYS_V2 | +| | CREATE | ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2 | +| | DELETE | ACTIVITY_TYPE_DELETE_API_KEYS | +| | DELETE | ACTIVITY_TYPE_DELETE_AUTHENTICATORS | +| | CREATE | ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS | +| | DELETE | ACTIVITY_TYPE_DELETE_OAUTH_PROVIDERS | +| **PAYMENT_METHOD** | UPDATE | ACTIVITY_TYPE_SET_PAYMENT_METHOD_V2 | +| | DELETE | ACTIVITY_TYPE_DELETE_PAYMENT_METHOD | +| **SUBSCRIPTION** | CREATE | ACTIVITY_TYPE_ACTIVATE_BILLING_TIER | +| **CONFIG** | UPDATE | ACTIVITY_TYPE_UPDATE_ALLOWED_ORIGINS | +| **RECOVERY** | CREATE | ACTIVITY_TYPE_INIT_USER_EMAIL_RECOVERY | +| **AUTH** | CREATE | ACTIVITY_TYPE_EMAIL_AUTH_V2 | +| | CREATE | ACTIVITY_TYPE_INIT_OTP_AUTH | +| | CREATE | ACTIVITY_TYPE_OTP_AUTH | +| | CREATE | ACTIVITY_TYPE_OAUTH | | | CREATE | ACTIVITY_TYPE_CREATE_READ_WRITE_SESSION_V2 | -| **OTP** | CREATE | ACTIVITY_TYPE_INIT_OTP | -| | VERIFY | ACTIVITY_TYPE_VERIFY_OTP | +| **OTP** | CREATE | ACTIVITY_TYPE_INIT_OTP | +| | VERIFY | ACTIVITY_TYPE_VERIFY_OTP | ## Appendix @@ -244,9 +245,9 @@ See the [Solana policy examples](/concepts/policies/examples#solana) for sample ### Tron -Our Tron policy language (accessible via `tron.tx`) allows for policy control over signing Tron transactions. Our policy language supports the standard fields in a Tron transaction: https://developers.tron.network/docs/tron-protocol-transaction. To reference a Contract within a Transaction you should use `tron.tx.contract[0].field_name` in your policy where field_name is some field of the contract used in your transaction. While Tron only currently supports 1 contract per transaction this could change in the future, and were ready for it if it does! The policy engine currently supports the following Tron contract types: +Our Tron policy language (accessible via `tron.tx`) allows for policy control over signing Tron transactions. Our policy language supports the standard fields in a Tron transaction: https://developers.tron.network/docs/tron-protocol-transaction. To reference a Contract within a Transaction you should use `tron.tx.contract[0].field_name` in your policy where field_name is some field of the contract used in your transaction. While Tron only currently supports 1 contract per transaction this could change in the future, and were ready for it if it does\! The policy engine currently supports the following Tron contract types: - TransferContract (TRX transfers) - TriggerSmartContract (Smart contract, including, but not limited to TRC-20, invocations) -See the [Tron policy examples](/concepts/policies/examples#tron) for sample scenarios. +See the [Tron policy examples](/concepts/policies/examples#tron) for sample scenarios. \ No newline at end of file