Policy builder interface

apps/authz/src/opa/rego/__test__/criteria/accumulation_test.rego

@@ -18,33 +18,39 @@ test_checkAccCondition {
 }
 
 test_checkAccStartDate {
-	conditions = {"start": secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60))}
-	checkAccStartDate(elevenHoursAgo, conditions.start)
+	conditions = {"startDate": secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60))}
+	checkAccStartDate(elevenHoursAgo, conditions.startDate)
 }
 
-test_checkSpendingsByAmount {
+test_checkSpendingLimitByAmount {
 	conditions = {
-		"tokens": {
-			"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
-			"eip155:1/erc20:0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
+		"limit": "1000000000000000000",
+		"filters": {
+			"tokens": {
+				"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+				"eip155:1/erc20:0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
+			},
+			"users": {"test-alice-uid"},
+			"startDate": secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60)),
 		},
-		"users": {"test-alice-uid"},
-		"startDate": secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60)),
 	}
 
-	checkSpendings("1000000000000000000", conditions) with input as request with data.entities as entities
+	checkSpendingLimit(conditions) with input as request with data.entities as entities
 }
 
-test_checkSpendingsByValue {
+test_checkSpendingLimitByValue {
 	conditions = {
+		"limit": "900000000000000000",
 		"currency": "fiat:usd",
-		"tokens": {
-			"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
-			"eip155:1/erc20:0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
+		"filters": {
+			"tokens": {
+				"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+				"eip155:1/erc20:0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
+			},
+			"users": {"test-alice-uid"},
+			"startDate": secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60)),
 		},
-		"users": {"test-alice-uid"},
-		"startDate": secondsToNanoSeconds(nowSeconds - ((12 * 60) * 60)),
 	}
 
-	checkSpendings("900000000000000000", conditions) with input as request with data.entities as entities
+	checkSpendingLimit(conditions) with input as request with data.entities as entities
 }

apps/authz/src/opa/rego/__test__/criteria/approval_test.rego

@@ -14,7 +14,7 @@ test_approversGroups {
 	groups == {"test-user-group-one-uid", "test-user-group-two-uid"}
 }
 
-test_checkApproval {
+test_checkApprovalByUserId {
 	requiredApproval = {
 		"approvalCount": 2,
 		"countPrincipal": true,
@@ -26,7 +26,7 @@ test_checkApproval {
 	res == 1
 }
 
-test_checkApproval {
+test_checkApprovalByUserId {
 	requiredApproval = {
 		"approvalCount": 1,
 		"countPrincipal": false,
@@ -39,7 +39,7 @@ test_checkApproval {
 	res == 0
 }
 
-test_checkApproval {
+test_checkApprovalByUserGroup {
 	requiredApproval = {
 		"approvalCount": 2,
 		"countPrincipal": true,
@@ -52,7 +52,7 @@ test_checkApproval {
 	res == 1
 }
 
-test_checkApproval {
+test_checkApprovalByUserGroup {
 	requiredApproval = {
 		"approvalCount": 1,
 		"countPrincipal": false,
@@ -65,7 +65,7 @@ test_checkApproval {
 	res == 0
 }
 
-test_checkApproval {
+test_checkApprovalByUserRole {
 	requiredApproval = {
 		"approvalCount": 2,
 		"countPrincipal": false,
@@ -78,7 +78,7 @@ test_checkApproval {
 	res == 2
 }
 
-test_checkApproval {
+test_checkApprovalByUserRole {
 	requiredApproval = {
 		"approvalCount": 2,
 		"countPrincipal": true,
@@ -91,7 +91,41 @@ test_checkApproval {
 	res == 3
 }
 
-test_getApprovalsResult {
+test_checkApprovalWithoutCountingDuplicates {
+	requestWithDuplicates = object.union(request, {"principal": {"userId": "test-alice-uid"}, "approvals": [
+		{
+			"userId": "test-bar-uid",
+			"alg": "ES256K",
+			"pubKey": "test-bar-pub-key",
+			"sig": "test-bar-wallet-sig",
+		},
+		{
+			"userId": "test-bar-uid",
+			"alg": "ES256K",
+			"pubKey": "test-bar-pub-key",
+			"sig": "test-bar-device-sig",
+		},
+		{
+			"userId": "test-bar-uid",
+			"alg": "ES256K",
+			"pubKey": "test-bar-pub-key",
+			"sig": "test-bar-device-sig",
+		},
+	]})
+
+	requiredApproval = {
+		"approvalCount": 2,
+		"countPrincipal": false,
+		"approvalEntityType": "Narval::User",
+		"entityIds": ["test-bar-uid"],
+	}
+
+	res = checkApproval(requiredApproval) with input as requestWithDuplicates with data.entities as entities
+
+	res == 1
+}
+
+test_checkApprovals {
 	satisfied = {
 		"approvalCount": 1,
 		"countPrincipal": true,
@@ -106,7 +140,7 @@ test_getApprovalsResult {
 		"entityIds": ["test-bob-uid", "test-bar-uid", "test-approver-uid"],
 	}
 
-	res = getApprovalsResult([satisfied, missing]) with input as request with data.entities as entities
+	res = checkApprovals([satisfied, missing]) with input as request with data.entities as entities
 
 	res == {
 		"approvalsSatisfied": [satisfied],

apps/authz/src/opa/rego/__test__/criteria/intent/amount_test.rego

@@ -13,41 +13,41 @@ test_intentAmount {
 }
 
 test_checkIntentAmount {
-	checkIntentAmount({"currency": wildcard, "operator": "eq", "value": one_matic}) with input as request
+	checkIntentAmount({"currency": wildcard, "operator": operators.equal, "value": one_matic}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": wildcard, "operator": "neq", "value": ten_matic}) with input as request
+	checkIntentAmount({"currency": wildcard, "operator": operators.notEqual, "value": ten_matic}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": wildcard, "operator": "gt", "value": half_matic}) with input as request
+	checkIntentAmount({"currency": wildcard, "operator": operators.greaterThan, "value": half_matic}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": wildcard, "operator": "lt", "value": ten_matic}) with input as request
+	checkIntentAmount({"currency": wildcard, "operator": operators.lessThan, "value": ten_matic}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": wildcard, "operator": "gte", "value": one_matic}) with input as request
+	checkIntentAmount({"currency": wildcard, "operator": operators.greaterThanOrEqual, "value": one_matic}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": wildcard, "operator": "lte", "value": one_matic}) with input as request
+	checkIntentAmount({"currency": wildcard, "operator": operators.lessThanOrEqual, "value": one_matic}) with input as request
 		with data.entities as entities
 }
 
 test_checkTokenValue {
-	checkIntentAmount({"currency": "fiat:usd", "operator": "eq", "value": one_matic_value}) with input as request
+	checkIntentAmount({"currency": "fiat:usd", "operator": operators.equal, "value": one_matic_value}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": "fiat:usd", "operator": "neq", "value": ten_matic_value}) with input as request
+	checkIntentAmount({"currency": "fiat:usd", "operator": operators.notEqual, "value": ten_matic_value}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": "fiat:usd", "operator": "gt", "value": half_matic_value}) with input as request
+	checkIntentAmount({"currency": "fiat:usd", "operator": operators.greaterThan, "value": half_matic_value}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": "fiat:usd", "operator": "lt", "value": ten_matic_value}) with input as request
+	checkIntentAmount({"currency": "fiat:usd", "operator": operators.lessThan, "value": ten_matic_value}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": "fiat:usd", "operator": "gte", "value": one_matic_value}) with input as request
+	checkIntentAmount({"currency": "fiat:usd", "operator": operators.greaterThanOrEqual, "value": one_matic_value}) with input as request
 		with data.entities as entities
 
-	checkIntentAmount({"currency": "fiat:usd", "operator": "lte", "value": one_matic_value}) with input as request
+	checkIntentAmount({"currency": "fiat:usd", "operator": operators.lessThanOrEqual, "value": one_matic_value}) with input as request
 		with data.entities as entities
 }

apps/authz/src/opa/rego/__test__/criteria/intent/contractCall_test.rego

@@ -3,6 +3,7 @@ package main
 test_contractCall {
 	contractCallRequest = {
 		"action": "signTransaction",
+		"resource": {"uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"},
 		"intent": {
 			"from": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
 			"to": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3",
@@ -15,13 +16,13 @@ test_contractCall {
 	checkIntentType({"contractCall"}) with input as contractCallRequest
 		with data.entities as entities
 
-	checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as contractCallRequest
+	checkWalletId({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as contractCallRequest
 		with data.entities as entities
 
-	checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as contractCallRequest
+	checkDestinationId({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as contractCallRequest
 		with data.entities as entities
 
-	checkIntentContractAddress({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as contractCallRequest
+	checkIntentContract({"eip155:137/erc721:0x08a08d0504d4f3363a5b7fda1f5fff1c7bca8ad4"}) with input as contractCallRequest
 		with data.entities as entities
 
 	checkIntentHexSignature({"0x12345"}) with input as contractCallRequest

apps/authz/src/opa/rego/__test__/criteria/intent/contractDeploy_test.rego

@@ -3,18 +3,19 @@ package main
 test_contractDeploy {
 	contractDeployRequest = {
 		"action": "signTransaction",
+		"resource": {"uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"},
 		"intent": {
 			"from": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
 			"type": "deployContract",
-			"chainId": 137,
+			"chainId": "137",
 		},
 	}
 
 	checkIntentType({"deployContract", "deployErc4337Wallet", "deploySafeWallet"}) with input as contractDeployRequest
 		with data.entities as entities
 
-	checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as contractDeployRequest
+	checkWalletId({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as contractDeployRequest
 		with data.entities as entities
 
-	checkIntentChainId({1, 137}) with input as contractDeployRequest with data.entities as entities
+	checkIntentChainId({"137"}) with input as contractDeployRequest with data.entities as entities
 }

apps/authz/src/opa/rego/__test__/criteria/intent/destination_test.rego

@@ -11,7 +11,10 @@ test_destination {
 		"classification": "internal",
 	}
 
-	checkDestinationAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as request
+	checkDestinationId({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as request
+		with data.entities as entities
+
+	checkDestinationAddress({"0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as request
 		with data.entities as entities
 
 	checkDestinationClassification({"internal"}) with input as request

apps/authz/src/opa/rego/__test__/criteria/intent/permit_test.rego

@@ -3,6 +3,7 @@ package main
 test_permit {
 	permitRequest = {
 		"action": "signTransaction",
+		"resource": {"uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"},
 		"intent": {
 			"type": "permit",
 			"from": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
@@ -16,33 +17,33 @@ test_permit {
 	checkIntentType({"permit", "permit2"}) with input as permitRequest
 		with data.entities as entities
 
-	checkSourceAddress({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as permitRequest
+	checkWalletId({"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}) with input as permitRequest
 		with data.entities as entities
 
-	checkIntentSpenderAddress({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as permitRequest
+	checkIntentSpender({"eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"}) with input as permitRequest
 		with data.entities as entities
 
-	checkIntentTokenAddress({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}) with input as permitRequest
+	checkIntentToken({"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}) with input as permitRequest
 		with data.entities as entities
 
-	checkIntentAmount({"currency": wildcard, "operator": "lte", "value": "1000000000000000000"}) with input as permitRequest
+	checkIntentAmount({"currency": wildcard, "operator": operators.lessThanOrEqual, "value": "1000000000000000000"}) with input as permitRequest
 		with data.entities as entities
 
-	checkPermitDeadline({"operator": "eq", "value": "1634025600"}) with input as permitRequest
+	checkPermitDeadline({"operator": operators.equal, "value": "1634025600"}) with input as permitRequest
 		with data.entities as entities
 
-	checkPermitDeadline({"operator": "neq", "value": "111111111"}) with input as permitRequest
+	checkPermitDeadline({"operator": operators.notEqual, "value": "111111111"}) with input as permitRequest
 		with data.entities as entities
 
-	checkPermitDeadline({"operator": "lte", "value": "1634025600"}) with input as permitRequest
+	checkPermitDeadline({"operator": operators.lessThanOrEqual, "value": "1634025600"}) with input as permitRequest
 		with data.entities as entities
 
-	checkPermitDeadline({"operator": "gte", "value": "1634025600"}) with input as permitRequest
+	checkPermitDeadline({"operator": operators.greaterThanOrEqual, "value": "1634025600"}) with input as permitRequest
 		with data.entities as entities
 
-	checkPermitDeadline({"operator": "lt", "value": "16340256000"}) with input as permitRequest
+	checkPermitDeadline({"operator": operators.lessThan, "value": "16340256000"}) with input as permitRequest
 		with data.entities as entities
 
-	checkPermitDeadline({"operator": "gt", "value": "163402560"}) with input as permitRequest
+	checkPermitDeadline({"operator": operators.greaterThan, "value": "163402560"}) with input as permitRequest
 		with data.entities as entities
 }