Concepts
Policy PDA
A Policy PDA (Program Derived Address) is an on-chain account on Solana that stores your vault's spending rules. It is owned by the REIN Anchor program — not by a server or database.
Tamper-proof
Only the vault owner keypair can update the Policy PDA. A compromised REIN service cannot modify your rules.
Atomically enforced
Every rein_spend call reads the Policy PDA inside the same transaction. The rules are checked before any funds move.
Composable
Policy PDAs can be read by any Solana program. This enables future composition with Squads multisig and DAO treasuries.
Policy PDA structure
struct PolicyAccount {
owner: Pubkey,
daily_cap_usdc: u64, // in lamports × 10^6
per_tx_cap_usdc: u64,
step_up_threshold_usdc: u64,
allowlist_root: [u8; 32], // Merkle root, zero = disabled
blocklist_root: [u8; 32],
expires_at: i64, // Unix timestamp, 0 = never
paused: bool,
daily_spent_usdc: u64, // resets each UTC day
last_reset_day: i64,
}