Skip to main content
AccessPolicy objects gate decryption of Walrus-stored intent blobs. With v0.3’s pivot to vault-based privacy (k-anonymity), Seal-encrypted intent records are gone, but AccessPolicy survives as the opaque gate argument that dark_pool::deposit takes.

Type

public struct AccessPolicy has key, store {
    id: UID,
    owner: address,
    members: vector<address>,    // always contains owner; owner can add / remove
    label: vector<u8>,            // "my positions", "agent X delegation", …
}

Public functions

public fun new_policy(
    label: vector<u8>,
    additional_members: vector<address>,
    ctx: &mut TxContext,
): AccessPolicy

public fun add_member(policy: &mut AccessPolicy, member: address, ctx: &TxContext)
public fun remove_member(policy: &mut AccessPolicy, member: address, ctx: &TxContext)
Both add_member / remove_member abort with ENotAuthorized if the caller is not the policy owner.

Views

public fun owner(p: &AccessPolicy): address
public fun members(p: &AccessPolicy): &vector<address>
public fun is_member(p: &AccessPolicy, addr: address): bool

Wired via

scripts/create-seal-policy.ts. Creates + shares a fresh AccessPolicy on the current package. dark_pool::deposit takes &AccessPolicy of the deployed package’s type, so every republish needs a fresh one (→ AGENT_SEAL_POLICY_ID in .env, DEFAULT_SEAL_POLICY_ID in frontend env.ts).

Tests

tests/seal_policy_tests.move: policy includes owner; add_member / remove_member happy path; non-owner add aborts with ENotAuthorized.