Confidential
Encrypted guardrails, FHE proposals, and the policy decryption flow.
The confidential domain stores spending guardrails as FHE ciphertexts and
evaluates policy over the encrypted values through the Ika Encrypt network.
Access it via instructions.confidential.*.
Requires the Ika Encrypt network
Every instruction here except disable/close takes ciphertext accounts and
the Encrypt CPI accounts. Derive the AURA-side authority with
deriveEncryptCpiAuthorityAddress() and the event authority with
deriveEncryptEventAuthorityAddress(encryptProgramId). These flows are
covered by the Rust smoke tests in smoke/aura-devnet/.
Examples assume:
import BN from "bn.js";
import { SystemProgram } from "@solana/web3.js";
import { instructions, pda } from "@aura-protocol/sdk-ts";
const now = () => new BN(Math.floor(Date.now() / 1000));
const [guardrails] = pda.deriveConfidentialGuardrailsAddress(treasury);
// Encrypt CPI accounts (from the Ika Encrypt deployment + your ciphertexts).
const encryptCpi = {
encryptProgram,
config,
deposit,
callerProgram,
cpiAuthority,
networkEncryptionKey,
eventAuthority,
};initConfidentialGuardrails
Creates the encrypted guardrails account for an epoch. Accounts: owner (s, w),
treasury, guardrails (w), the three limit ciphertexts, systemProgram.
await instructions.confidential.sendInitConfidentialGuardrails(client, owner, {
accounts: {
owner: owner.publicKey,
treasury,
guardrails,
dailyLimitCiphertext,
perTxLimitCiphertext,
spentTodayCiphertext,
systemProgram: SystemProgram.programId,
},
args: { epochId: new BN(1), now: now() },
});configureConfidentialGuardrails
Sets the encrypted daily/per-tx limits. Accounts: owner (s), treasury (w),
dailyLimitCiphertext, perTxLimitCiphertext, spentTodayCiphertext (w).
await instructions.confidential.sendConfigureConfidentialGuardrails(client, owner, {
accounts: { owner: owner.publicKey, treasury, dailyLimitCiphertext, perTxLimitCiphertext, spentTodayCiphertext },
args: { now: now() },
});updateConfidentialGuardrails
Updates limit ciphertexts. Accounts: owner (s, w), treasury (w),
guardrails (w), plus the full set of optional limit/spend ciphertexts —
pass only the ones you're changing and null for the rest.
await instructions.confidential.sendUpdateConfidentialGuardrails(client, owner, {
accounts: {
owner: owner.publicKey,
treasury,
guardrails,
dailyLimitCiphertext,
perTxLimitCiphertext: null,
velocityLimitCiphertext: null,
hourlyLimitCiphertext: null,
weeklyLimitCiphertext: null,
spentTodayCiphertext: null,
weeklySpentCiphertext: null,
hourlySpentCiphertext: null,
velocityWindowCiphertext: null,
},
args: { now: now() },
});rotateConfidentialGuardrails
Rotates to a new encryption epoch (same optional-ciphertext account set as
update). Accounts: owner (s, w), treasury (w), guardrails (w), optional
ciphertexts.
await instructions.confidential.sendRotateConfidentialGuardrails(client, owner, {
accounts: { owner: owner.publicKey, treasury, guardrails, /* …optional ciphertexts: null */ },
args: { newEpochId: new BN(2), now: now() },
});resetConfidentialCounters
Resets the encrypted spend counters (same optional-ciphertext account set).
Accounts: owner (s, w), treasury (w), guardrails (w), optional ciphertexts.
await instructions.confidential.sendResetConfidentialCounters(client, owner, {
accounts: { owner: owner.publicKey, treasury, guardrails, /* …optional ciphertexts: null */ },
args: { now: now() },
});disableConfidentialGuardrails
Disables confidential guardrails while keeping the account. Accounts: owner
(s, w), treasury (w), guardrails (w). No Encrypt CPI.
await instructions.confidential.sendDisableConfidentialGuardrails(client, owner, {
accounts: { owner: owner.publicKey, treasury, guardrails },
args: { now: now() },
});closeConfidentialGuardrails
Closes the guardrails account and reclaims rent. Accounts: owner (s, w),
treasury, guardrails (w). No arguments, no Encrypt CPI.
await instructions.confidential.sendCloseConfidentialGuardrails(client, owner, {
accounts: { owner: owner.publicKey, treasury, guardrails },
});proposeConfidentialTransaction
Proposes a spend evaluated against encrypted limits via the Encrypt CPI,
producing an encrypted policy-output ciphertext. Accounts: aiAuthority (s),
treasury (w), the limit/amount/output ciphertexts, the Encrypt CPI accounts,
and optional sidecars.
await instructions.confidential.sendProposeConfidentialTransaction(client, ai, {
accounts: {
aiAuthority: ai.publicKey,
treasury,
dailyLimitCiphertext,
perTxLimitCiphertext,
spentTodayCiphertext,
amountCiphertext,
policyOutputCiphertext,
...encryptCpi,
externalLiveness: null,
weeklyLimitCiphertext: null,
weeklySpentCiphertext: null,
confidentialGuardrails: null,
systemProgram: SystemProgram.programId,
},
args: {
amountUsd: new BN(100),
targetChain: 2,
txType: 0,
protocolId: null,
currentTimestamp: now(),
expectedOutputUsd: null,
actualOutputUsd: null,
quoteAgeSecs: null,
counterpartyRiskScore: null,
recipientOrContract: "0x000000000000000000000000000000000000dead",
},
});requestPolicyDecryption
Requests decryption of an encrypted policy result. Accounts: operator (s),
treasury (w), requestAccount (w), ciphertext, the Encrypt CPI accounts,
confidentialGuardrails?, systemProgram.
await instructions.confidential.sendRequestPolicyDecryption(client, operator, {
accounts: {
operator: operator.publicKey,
treasury,
requestAccount,
ciphertext,
...encryptCpi,
confidentialGuardrails: null,
systemProgram: SystemProgram.programId,
},
args: { now: now(), currentEpochId: new BN(1) },
});confirmPolicyDecryption
Confirms a completed decryption once the network returns the plaintext.
Accounts: operator (s), treasury (w), requestAccount,
confidentialGuardrails?.
await instructions.confidential.sendConfirmPolicyDecryption(client, operator, {
accounts: { operator: operator.publicKey, treasury, requestAccount, confidentialGuardrails: null },
args: { now: now(), currentEpochId: new BN(1) },
});