-
-
Save denniswon/e997c1073ad7af8c5521ed10b0ab787b to your computer and use it in GitHub Desktop.
| --- | |
| Rhinestone Chain Abstraction (Warp) — Technical Summary | |
| What It Is | |
| Rhinestone Warp is an intent-based cross-chain execution engine built on ERC-7579 smart account modules. Users express desired outcomes ("send 100 USDC | |
| from Optimism to Base and deposit into a vault"), and a competitive solver/relayer market fulfills them — handling bridging, swapping, and gas | |
| abstraction transparently. | |
| ★ Insight ───────────────────────────────────── | |
| 1. ERC-7683 standardization — Rhinestone implements the ERC-7683 cross-chain intent standard, which defines a generic order struct and settlement | |
| contract interface. This is the same standard that Across, UniswapX, and other intent protocols converge on. Newton's policy evaluation could validate | |
| ERC-7683 orders before they reach the solver market. | |
| 2. ERC-7579 modular accounts — The Intent Executor is installed as an ERC-7579 module on smart accounts. Newton could potentially ship as an adjacent | |
| ERC-7579 validator module that enforces policy checks before the Intent Executor fires. | |
| 3. Permit2-based signing — The EIP-712 signature scheme wraps PermitBatchWitnessTransferFrom with a nested Mandate struct. This means intent | |
| authorization is already structured data — perfect for Newton's Rego policy evaluation. | |
| ───────────────────────────────────────────────── | |
| Architecture Components | |
| ┌─────────────────────────┬─────────────────────────────────────────┬────────────────────────────────────────────────────────────────────────────────┐ | |
| │ Component │ Location │ Role │ | |
| ├─────────────────────────┼─────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤ | |
| │ Orchestrator │ Off-chain │ Routes intents, indexes balances, encodes transactions, enforces resource │ | |
| │ │ (v1.orchestrator.rhinestone.dev) │ locks, prevents double-spending │ | |
| ├─────────────────────────┼─────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤ | |
| │ Relayer/Solver Market │ Off-chain │ Competitive marketplace of solvers with cross-chain liquidity inventory │ | |
| ├─────────────────────────┼─────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤ | |
| │ Intent Router │ On-chain │ Entry point with dynamic dispatch adapters for multiple settlement layers │ | |
| ├─────────────────────────┼─────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤ | |
| │ Intent Executor │ On-chain (ERC-7579 module) │ Installed on smart accounts; handles destination chain execution + post-fill │ | |
| │ │ │ hooks │ | |
| ├─────────────────────────┼─────────────────────────────────────────┼────────────────────────────────────────────────────────────────────────────────┤ | |
| │ Resource Locks (The │ On-chain (ERC-6909) │ Optional escrow-based token locking for deterministic settlement │ | |
| │ Compact) │ │ │ | |
| └─────────────────────────┴─────────────────────────────────────────┴────────────────────────────────────────────────────────────────────────────────┘ | |
| Intent Lifecycle | |
| 1. Quote → POST /intents/route (get intentOp + cost + token requirements) | |
| 2. Prepare → Fulfill token requirements (ERC-20 approvals to Permit2, ETH→WETH wraps) | |
| 3. Sign → EIP-712 sign each element (per input chain), reuse final sig for destination | |
| 4. Submit → POST /intent-operations (signed intentOp → Orchestrator → solver market) | |
| 5. Fill → Solver fills on destination chain (tokens + calldata execution) | |
| 6. Claim → Origin chain settlement (repay solver via settlement layer) | |
| 7. Complete → Status transitions: PENDING → PRECONFIRMED → FILLED → CLAIMED → COMPLETED | |
| Each intent breaks into elements (one per input chain-token pair), each independently routable to different settlement layers. | |
| API Surface | |
| Base URL: https://v1.orchestrator.rhinestone.dev | |
| ┌────────────────────────────────────┬────────┬─────────────────────────────────────────────────────────────┐ | |
| │ Endpoint │ Method │ Purpose │ | |
| ├────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────────┤ | |
| │ /intents/route │ POST │ Get quote — returns intentOp, intentCost, tokenRequirements │ | |
| ├────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────────┤ | |
| │ /intent-operations │ POST │ Submit signed intent for execution │ | |
| ├────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────────┤ | |
| │ /intent-operation/{id} │ GET │ Poll status (PENDING→COMPLETED lifecycle) │ | |
| ├────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────────┤ | |
| │ /intents/split-intent-by-liquidity │ POST │ Split amounts based on solver liquidity │ | |
| ├────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────────┤ | |
| │ /portfolio │ GET │ User token balances across all chains │ | |
| ├────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────────┤ | |
| │ /withdrawals │ POST │ Batch/single withdrawal signatures │ | |
| └────────────────────────────────────┴────────┴─────────────────────────────────────────────────────────────┘ | |
| Auth: x-api-key header (testnets don't require a key). | |
| Key Data Structures | |
| Intent Route Request (the "quote"): | |
| { | |
| account: { address, accountType: "EOA"|"smartAccount"|"ERC7579", setupOps }, | |
| destinationChainId: 8453, // e.g. Base | |
| tokenRequests: [{ tokenAddress, amount }], | |
| destinationExecutions: [{ to, value, data }], // arbitrary calldata on dest chain | |
| destinationGasUnits: 500000, | |
| accountAccessList: { chainIds?, tokens?, chainTokens? }, // restrict funding sources | |
| options: { sponsorSettings: { gasSponsored, bridgeFeesSponsored, swapFeesSponsored } } | |
| } | |
| IntentOp Element (per input chain): | |
| { | |
| arbiter: address, | |
| chainId: number, | |
| idsAndAmounts: [{ id, amount }], // token ID = lowest 160 bits = token address | |
| mandate: { | |
| recipient, tokenOut, fillDeadline, | |
| destinationChainId, destinationOperations, | |
| originOperations | |
| }, | |
| qualifier: "ACROSS"|"ECO"|"RELAY"|"OFT"|"SAME_CHAIN"|"INTENT_EXECUTOR" | |
| } | |
| Settlement Layers | |
| ┌─────────────────┬─────────────────┬────────────────────────────────┐ | |
| │ Layer │ Type │ Notes │ | |
| ├─────────────────┼─────────────────┼────────────────────────────────┤ | |
| │ Across │ Bridge protocol │ Primary cross-chain settlement │ | |
| ├─────────────────┼─────────────────┼────────────────────────────────┤ | |
| │ Relay │ Fast relay │ Low-latency fills │ | |
| ├─────────────────┼─────────────────┼────────────────────────────────┤ | |
| │ Eco │ Intent network │ Alternative settlement │ | |
| ├─────────────────┼─────────────────┼────────────────────────────────┤ | |
| │ OFT │ LayerZero OFT │ Token-specific bridges │ | |
| ├─────────────────┼─────────────────┼────────────────────────────────┤ | |
| │ SAME_CHAIN │ Local │ No bridging needed │ | |
| ├─────────────────┼─────────────────┼────────────────────────────────┤ | |
| │ INTENT_EXECUTOR │ Module │ Direct smart account execution │ | |
| └─────────────────┴─────────────────┴────────────────────────────────┘ | |
| Supported Chains | |
| Mainnet (10): Ethereum (1), Base (8453), Optimism (10), Arbitrum (42161), Polygon (137), Avalanche (43114), Gnosis (100), Scroll (534352), BNB Chain | |
| (56), ZKsync Era (324) | |
| Testnet (9): Sepolia, Base Sepolia, OP Sepolia, Arb Sepolia, Polygon Amoy, Avalanche Fuji, Scroll Sepolia, BNB Testnet, ZKsync Sepolia | |
| EIP-712 Signing Scheme | |
| The signature wraps a Permit2 PermitBatchWitnessTransferFrom with a nested Mandate witness type. For multi-chain intents: | |
| - One signature per input chain element | |
| - Final signature is reused for destination chain validation | |
| - Domain separation ensures cross-chain safety | |
| - Qualifiers are keccak256-hashed before inclusion in typed data | |
| Smart Sessions (Policy Layer) | |
| Rhinestone has its own on-chain policy framework via Smart Sessions (ERC-7579 validator module): | |
| ┌────────────────┬────────────────────────────────────────────────┐ | |
| │ Policy Type │ Description │ | |
| ├────────────────┼────────────────────────────────────────────────┤ | |
| │ Sudo │ Unrestricted (no constraints) │ | |
| ├────────────────┼────────────────────────────────────────────────┤ | |
| │ Call │ Restrict by target address + function selector │ | |
| ├────────────────┼────────────────────────────────────────────────┤ | |
| │ Spending Limit │ Cap ERC-20 transfer/approve amounts │ | |
| ├────────────────┼────────────────────────────────────────────────┤ | |
| │ Timeframe │ Time-windowed access │ | |
| ├────────────────┼────────────────────────────────────────────────┤ | |
| │ Usage Limit │ Max transaction count │ | |
| ├────────────────┼────────────────────────────────────────────────┤ | |
| │ Value Limit │ Cap native ETH transfers │ | |
| └────────────────┴────────────────────────────────────────────────┘ | |
| Sessions combine Owners (ECDSA/multisig/passkey) + Actions (OR logic) + Policies (AND logic). | |
| Fee Structure | |
| - Core infra + SDK: Free, open source | |
| - Same-chain intents: No fee | |
| - Cross-chain: 3 bps during private beta | |
| - No API fee | |
| - Gas costs: Borne by client; solvers earn a small gas premium | |
| --- | |
| Integration Opportunities with Newton | |
| ★ Insight ───────────────────────────────────── | |
| 1. Newton as a pre-execution policy gate — Rhinestone's Orchestrator routes intents before solvers fill them. Newton could sit between the Orchestrator | |
| and the solver market, validating that each intent complies with policy (AML, spending limits, whitelisted counterparties) before it's broadcast. The | |
| destinationExecutions field (arbitrary calldata) is especially policy-relevant — it could encode DeFi interactions that need compliance checks. | |
| 2. Newton validator module for smart accounts — Rhinestone's Smart Sessions already has a policy framework, but it's limited to on-chain checks (spending | |
| limits, timeframes). Newton's Rego-based policies can express much richer logic (off-chain data, oracle feeds, identity checks) and provide BLS-attested | |
| proofs of compliance. A Newton ERC-7579 validator module could enforce policies that Smart Sessions can't express. | |
| 3. Overlapping chain coverage — Rhinestone supports all of Newton's target chains (Ethereum, Base, Optimism, Arbitrum, Polygon). Newton's multichain | |
| gateway architecture (Gateway::from_multi_chain_config()) already handles per-chain routing, which maps well to Rhinestone's per-chain intent elements. | |
| ───────────────────────────────────────────────── | |
| Concrete Integration Points | |
| ┌───────────────────────────┬─────────────────────────────────────────────────────────────────────────────────┬─────────────────────────────────────┐ | |
| │ Integration Point │ How It Works │ Newton Component │ | |
| ├───────────────────────────┼─────────────────────────────────────────────────────────────────────────────────┼─────────────────────────────────────┤ | |
| │ Intent policy validation │ Orchestrator calls Newton RPC before routing to solvers │ Gateway (newt_createTask) │ | |
| ├───────────────────────────┼─────────────────────────────────────────────────────────────────────────────────┼─────────────────────────────────────┤ | |
| │ Destination execution │ Validate destinationExecutions calldata against Rego policies │ Operator (policy eval + BLS sign) │ | |
| │ policy │ │ │ | |
| ├───────────────────────────┼─────────────────────────────────────────────────────────────────────────────────┼─────────────────────────────────────┤ | |
| │ ERC-7579 validator module │ On-chain module that requires Newton attestation before Intent Executor fires │ Smart contract (new) │ | |
| ├───────────────────────────┼─────────────────────────────────────────────────────────────────────────────────┼─────────────────────────────────────┤ | |
| │ Privacy-preserving │ HPKE-encrypt sensitive intent data (amounts, recipients), Newton decrypts for │ Privacy layer (existing) │ | |
| │ intents │ policy eval │ │ | |
| ├───────────────────────────┼─────────────────────────────────────────────────────────────────────────────────┼─────────────────────────────────────┤ | |
| │ Cross-chain attestation │ Newton BLS attestation travels with the intent to destination chain via │ Transporter + │ | |
| │ │ Rhinestone's settlement │ BN254CertificateVerifier │ | |
| └───────────────────────────┴─────────────────────────────────────────────────────────────────────────────────┴─────────────────────────────────────┘ | |
| What Newton Adds That Rhinestone Doesn't Have | |
| ┌─────────────────────────────────────┬───────────────────────────┬──────────────────────────────────────────────────────┐ | |
| │ Capability │ Rhinestone Smart Sessions │ Newton │ | |
| ├─────────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────┤ | |
| │ Off-chain data in policies │ No │ Yes (WASM data providers, oracle feeds) │ | |
| ├─────────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────┤ | |
| │ Rich policy language │ Fixed policy types only │ Rego (arbitrary logic) │ | |
| ├─────────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────┤ | |
| │ Cryptographic attestation │ No (just on-chain checks) │ BLS aggregate signatures + optional ZK proofs │ | |
| ├─────────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────┤ | |
| │ Privacy-preserving evaluation │ No │ HPKE encryption + threshold decryption │ | |
| ├─────────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────┤ | |
| │ Cross-chain attestation portability │ No │ BN254 certificate verification on destination chains │ | |
| ├─────────────────────────────────────┼───────────────────────────┼──────────────────────────────────────────────────────┤ | |
| │ Challengeable results │ No │ 100-block challenge window + slashing │ | |
| └─────────────────────────────────────┴───────────────────────────┴──────────────────────────────────────────────────────┘ |
★ Insight ─────────────────────────────────────
Key discovery: Newton's WASM data provider docs claim TypeScript support, but ALL existing examples are Rust compiled to wasm32-wasip2.
The WIT interface (newton:provider@0.1.0) defines run(input) -> result<string, string> with http.fetch() and secrets.get() imports. We'll
need to verify the TypeScript WASM compilation toolchain works with this WIT — if not, that's a newton-cli gap to track.
Stagef infrastructure is ready: PolicyFactory (0xcd2b28...), PolicyDataFactory (0x502d5d...), and PolicyClientRegistry (0x3cfef33...) are
all deployed on Base Sepolia stagef. We deploy our OWN policy + policy data through these factories — we don't reuse the sample ones.
─────────────────────────────────────────────────
Implementation Plan: Real Newton Policy for Agent NeoBank
Based on your answers and the research, here's the full plan broken into 6 workstreams:
Workstream 1: Infrastructure — Database + Docker
What: Add local Postgres + Redis via docker-compose, create newton_agent database.
┌─────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Task │ Detail │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Create │ Postgres 16 + Redis 7 (matches newton-prover-avs pattern) │
│ docker-compose.dev.yml │ │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Add Justfile targets │ local-dbs, local-dbs-stop, local-dbs-status, local-dbs-reset │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Update .env.example │ Add DATABASE_URL, REDIS_URL with local defaults │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Create DB migration │ newton_agent database with agent_spending table (agent_address, vault_address, daily_spent, │
│ │ period_start, last_tx_hash) │
└─────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────┘
Connection strings (from your answers):
- Local Redis: redis://:redis@127.0.0.1:6379
- Local Postgres: postgres://newton:newton@localhost:5432/newton_agent
- Remote Postgres: postgresql://postgres:SC2vHz6B8kPuFY2.TTX-H4%5Ee20cOvS@newtonindexercommonusw2-newtonindexerdb496793b7-g3hoz4zowzv1.cl
uster-cnwi4m0gkxcv.us-west-2.rds.amazonaws.com:5432/newton_agent - Remote Redis: rediss://master.newton-prover-avs-redis.ms2j0z.usw2.cache.amazonaws.com:6379
Workstream 2: Redeploy Contracts Against Stagef
What: Redeploy vault factory + vault using stagef TaskManager instead of prod.
┌───────────────────────────────┬─────────────────────────────────────────────────────────────────────────────────────┐
│ Task │ Detail │
├───────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────┤
│ Update .env │ NEWTON_TASK_MANAGER=0xda128a87412be6f2161bb87200f0f40e89744bd9 │
├───────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────┤
│ Update .env │ NEWTON_POLICY — initially use stagef sample, then swap after our policy is deployed │
├───────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────┤
│ Run just deploy-sepolia │ Redeploys factory proxy + vault impl against stagef TaskManager │
├───────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────┤
│ Deploy operator vault │ cast send $FACTORY "deployVault(...)" │
├───────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────┤
│ Register as PolicyClient │ newton-cli policy-client register --registry 0x3cfef33b... --client $VAULT │
├───────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────────┤
│ Update deployments/84532.json │ New addresses │
└───────────────────────────────┴─────────────────────────────────────────────────────────────────────────────────────┘
Stagef addresses to use:
TaskManager: 0xda128a87412be6f2161bb87200f0f40e89744bd9
PolicyClientRegistry: 0x3cfef33b37ee120bb0522dff77ed09fd97d4b40e
PolicyFactory: 0xcd2b28eed56b51f9aee4174a9301863a9dbde60e
PolicyDataFactory: 0x502d5d784548ce8b8c2ebb1542908d8a64fd64c4
Workstream 3: Agent NeoBank Rego Policy
What: Single composite Rego rule with 3 checks, all parameterized.
policies/
agent_neobank/
agent_neobank.rego # Composite entry point
policy_params_schema.json # JSON schema for params
policy_metadata.json # Name, version, description
Policy checks (all from policy params, NOT hardcoded):
- Token restriction — only USDC (0x036CbD53842c5426634e7929541eC2318f3dCF7e on Base Sepolia)
- Daily spend limit — intent.value <= (max_daily_spend - daily_spent), where max_daily_spend comes from policy params and daily_spent
from WASM data provider (Redis) - Receiver whitelist — intent.to must be in allowed_recipients from policy params
Policy params format (set by vault owner via newton-cli policy-client set-policy-params):
{
"84532": {
"<vault_address>": {
"agent_neobank": [
{ "name": "max_daily_spend", "type": "number", "value": 100000000, "description": "Max daily USDC spend (6 decimals)" },
{ "name": "allowed_recipients", "type": "string", "value": "0xabc...,0xdef...", "description": "Comma-separated allowed recipient
addresses" },
{ "name": "allowed_token", "type": "string", "value": "0x036CbD53842c5426634e7929541eC2318f3dCF7e", "description": "Allowed token
address (USDC)" }
]
}
}
}
Deployment via newton-cli:
1. Generate CIDs for policy files
newton-cli policy-files generate-cids --config policies/agent_neobank/policy_cids_config.json
2. Deploy PolicyData (WASM provider)
newton-cli policy-data deploy --chain-id 84532 --policy-cids policies/agent_neobank/policy_cids.json
3. Deploy Policy (Rego)
newton-cli policy deploy --chain-id 84532 --policy-data-address $POLICY_DATA --policy-cids policies/agent_neobank/policy_cids.json
4. Set policy on vault
newton-cli policy-client set-policy --chain-id 84532 --client $VAULT --policy $POLICY
5. Set policy params
newton-cli policy-client set-policy-params --chain-id 84532 --policy-client $VAULT --policy-params
policies/agent_neobank/policy_params.json --expire-after 300
Workstream 4: TypeScript WASM PolicyData Provider
What: WASM binary that reads agent spending state from Redis and returns it for Rego evaluation.
packages/policy-data/
src/
index.ts # Entry point implementing run(input) -> result<string, string>
wit/
newton-provider.wit # WIT interface (copied from newton-prover-avs)
package.json
tsconfig.json
run(input) function:
- Input: JSON string with { "policy_client": "0x...", "intent": { "from": "0x...", ... } }
- Calls secrets.get() to get Redis connection string
- Calls http.fetch() to query the indexer API for agent daily spending
- Returns: JSON string { "daily_spent": "50000000", "period_start": "2026-03-16T00:00:00Z" }
Open question: Does the Newton runtime actually support TypeScript-compiled WASM? The docs say yes, but all examples are Rust. If the
wasm32-wasip2 target from TypeScript toolchains (e.g., ComponentizeJS, jco) doesn't work with Newton's WasmExecutor, this becomes a gap.
Workstream 5: Off-Chain Indexer Service
What: Watches IntentExecuted events on-chain, writes spending data to Redis.
packages/indexer/
src/
index.ts # Service entry point
watcher.ts # Event watcher (viem watchContractEvent)
redis.ts # Redis client + spending accumulator
db.ts # PostgreSQL client for policy params storage
types.ts # Shared types
package.json
tsconfig.json
Event watched: IntentExecuted(address indexed from, address indexed to, uint256 value, bytes data)
Redis key structure:
spending:{vault}:{agent}:{YYYY-MM-DD} → cumulative USDC spent (string, 6 decimals)
PostgreSQL schema (newton_agent database):
CREATE TABLE policy_params (
vault_address TEXT NOT NULL,
chain_id INTEGER NOT NULL,
max_daily_spend BIGINT NOT NULL, -- USDC with 6 decimals
allowed_recipients TEXT[] NOT NULL, -- array of addresses
allowed_token TEXT NOT NULL DEFAULT '0x036CbD53842c5426634e7929541eC2318f3dCF7e',
updated_at TIMESTAMPTZ DEFAULT NOW(),
PRIMARY KEY (vault_address, chain_id)
);
Workstream 6: Newton CLI Gap Analysis + Linear Tasks
Identified capabilities needed:
┌─────────────────────────────────────┬────────────────────┬───────────────────────────┐
│ Capability │ newton-cli Status │ Gap? │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy deploy │ Exists │ No │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy-data deploy │ Exists │ No │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy-client register │ Exists │ No │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy-client set-policy │ Exists │ No │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy-client set-policy-params │ Exists │ No │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy-files generate-cids │ Exists │ No │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ TypeScript WASM compilation │ Docs say supported │ Needs verification │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ policy-data simulate (TS) │ Rust only? │ Needs verification │
├─────────────────────────────────────┼────────────────────┼───────────────────────────┤
│ Create PostgreSQL database remotely │ Not in CLI │ Manual / migration script │
└─────────────────────────────────────┴────────────────────┴───────────────────────────┘
Execution Order
- Infrastructure (Workstream 1) ← can start immediately
- Redeploy contracts (Workstream 2) ← can start immediately (parallel)
- Rego policy (Workstream 3) ← after understanding params format
- Indexer service (Workstream 5) ← after infrastructure
- WASM provider (Workstream 4) ← after indexer (needs API to query)
- CLI gaps (Workstream 6) ← ongoing, Linear tasks as discovered
Deployment succeeded! All 5 steps completed (step 6 status check just needs --registry flag, non-critical).
★ Insight ─────────────────────────────────────
What just happened — the full Newton policy deployment pipeline:
- IPFS Upload — All policy files (WASM binary, Rego policy, params schema, metadata) uploaded to IPFS via Pinata. Each got a unique CID
(Content IDentifier). - PolicyData Deploy — The WASM data provider was registered on-chain at 0x6f46D7eb... via the PolicyDataFactory. Newton automatically
set attestation info with all 13 registered attesters. - Policy Deploy — The Rego policy was registered on-chain at 0xEC8E048D... via the PolicyFactory, linked to the PolicyData contract.
- Set Policy on Vault — The vault at 0x97d4DC3e... now points to this policy via setPolicyAddress().
- Set Policy Params — Daily spend limit, allowed recipients, and allowed token configured. Got policyId: 0x972a5a03...
The vault is now fully wired to a real Newton policy. Any executeIntent() call will be evaluated against the Agent NeoBank Rego policy
with real BLS attestation.
─────────────────────────────────────────────────
Let me update the deployments file and mark NEWT-761 as Done.
typescript/python/rust. For this project, we already use typescript, so let's also use typescript for the policy data wasm as well. 2.
let's do it as a single composite rule. 3. An off-chain indexer/service watches vault events and writes to Redis. Place the indexer
code in this repo as well. 4. Whitelist is set as Policy Params that the NewtonPolicyClient owner (for us the vault owner) sets. Also,
one update: in addition to Whitelist, let's ALSO have the vault owner set the max daily spending limit amount instead of strictly
setting the max daily amount to 100 USDC at the policy level. The Max daily spend input should also be a part of policy params set by
the owner, along with the whitelist param. Let's store this in postgres. local -
postgres://newton:newton@localhost:5432/newton_gateway, testnet remote - postgresql://postgres:SC2vHz6B8kPuFY2.TTX-H4%5Ee20cOvS@newtoni
ndexercommonusw2-newtonindexerdb496793b7-g3hoz4zowzv1.cluster-cnwi4m0gkxcv.us-west-2.rds.amazonaws.com:5432/newton_agent. We might need
something like
make local-dbscommand like in @~/projects/newton-prover-avs/Makefilelocal-dbstarget that launches postgres andredis services locally, and we would also need to create a new database named "newton_agent" for both local and remote because the
postgres DB does not exist yet. 5. Yes, lets "REDPLOY" our contracts against stagef addresses (stagef is the default for now)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────