Policies
Control transactions with custom rules using 256 Blocks's Rego-based policy engine
The 256 Blocks policy engine evaluates every request against your defined rules before execution. Policies are written in Rego, a declarative policy language that lets you define what should be blocked rather than how to block it.
Two Rules
Policies control two independent decisions:
| Rule | Controls | Default |
|---|---|---|
deny | Whether the request is allowed or blocked | false (allow) |
denyGasSponsor | Whether 256 Blocks sponsors the gas fee | false (sponsor) |
# Block transactions over $10,000
deny if {
input.usd_value > 10000
}
# Don't sponsor transactions over $100
denyGasSponsor if {
input.usd_value > 100
}Both rules are evaluated independently. A request can be allowed but not sponsored, or vice versa.
Policy Levels
Policies are evaluated at three levels:
- Platform policies - Managed by 256 Blocks, enforce baseline security (e.g., blocked RPC methods)
- Organization policies - Apply to all endpoints in your organization
- Endpoint policies - Apply to a specific endpoint only
Each level acts as a baseline. If a higher-level policy denies a request, no lower-level policy can allow it.
Common Use Cases
- Spending limits - Cap transaction values by USD amount
- Geographic restrictions - Block sanctioned countries
- Address allowlisting - Only allow specific contracts
- Method blocking - Restrict dangerous RPC methods
- Time-based rules - Business hours only
Learn More
- Introduction - Full policy documentation
- Input Fields - Available data for policy decisions
- Language Reference - Rego syntax guide
- Built-in Functions - Available functions
- Restrictions - Security limitations and best practices