Use the artifacts you need:
implementation 'org.exploit:verdict:0.1.0'
implementation 'org.exploit:verdict-intent-evm:0.1.0'
implementation 'org.exploit:verdict-authority:0.1.0'Verdict requires Java 21+.
Policy policy = Policy.denyByDefault("access")
.allow("admin", rule -> rule
.where("subject.role == 'admin'")
.unless("subject.suspended"))
.denyWhen("blocked-country", "request.country in blockedCountries")
.build();
PolicyEvaluator evaluator = new PolicyEvaluator();
CompiledPolicy compiled = evaluator.compile(policy);
PolicyEvaluation result = evaluator.evaluate(compiled, Map.of(
"subject", Map.of(
"role", "admin",
"suspended", false
),
"request", Map.of("country", "DE"),
"blockedCountries", List.of("IR", "KP")
));
result.decision(); // ALLOWEvmIntentConfig config = EvmIntentConfig.fromMap(authority.config());
EvmTransactionIntent intent = EvmTransactionIntent.fromBase64(serializedTransaction64, config);
PolicyEvaluation result = evaluator.evaluate(compiledAuthority.policy(), intent);- Load an authority by id.
- Build the intent config from
authority.config(). - Decode the request into an intent.
- Evaluate the authority policy over the intent.
- Sign or issue only if the verdict is
ALLOW.
Policies should normally approve effects, not raw request fields:
effect.one(effects, 'erc20.transfer') &&
effect.any(effects, 'erc20.transfer', {
'to': subject.wallet,
'amount': '1000'
})