Module policy 

Policy-Aware Capabilities – tie instruction behavior to validation requirements.

A Capability declares what an instruction intends to do (mutate treasury, touch journal, call external programs, etc.). An InstructionPolicy binds capabilities to the validation rules they require.

How It Works

1. Declare which capabilities your instruction needs:

   const DEPOSIT_CAPS: CapabilitySet = CapabilitySet::new()
       .with(Capability::MutatesState)
       .with(Capability::TouchesJournal);

2. Define the policy that maps capabilities → validation requirements:

   const POLICY: InstructionPolicy<4> = InstructionPolicy::new()
       .when(Capability::MutatesState, PolicyRequirement::Authority)
       .when(Capability::TouchesJournal, PolicyRequirement::JournalCapacity)
       .when(Capability::ExternalCall, PolicyRequirement::PostMutationCheck);

3. At runtime, enforce the policy against the instruction’s declared caps:

   policy.enforce(&DEPOSIT_CAPS, &ctx)?;

This makes Hopper smart – capabilities automatically trigger the correct set of validation guards.

Structs

CapabilitySet

A set of capabilities declared for an instruction.

InstructionPolicy

Instruction policy – maps capabilities to validation requirements.

PolicyPackDescriptor

Descriptor for a named policy pack with full metadata.

PolicyRule

A policy rule: when capability C is active, requirement R must be met.

RequirementSet

A set of active policy requirements.

Enums

Capability

Instruction capability flags.

PolicyClass

High-level classification of what a policy governs.

PolicyRequirement

What validation is required when a capability is active.

Constants

ACCOUNT_CLOSE_CAPS

Capabilities for an account close instruction.

ACCOUNT_CLOSE_POLICY

Capabilities for an account close instruction.

ACCOUNT_INIT_CAPS

Capabilities for an account init instruction.

ACCOUNT_INIT_POLICY

Capabilities for an account initialization instruction.

AUTHORITY_CHANGE_CAPS

Capabilities for an authority change instruction.

AUTHORITY_CHANGE_POLICY

Capabilities for an instruction that modifies authority/permissions.

EXTERNAL_CALL_CAPS

Capabilities for a CPI-invoking instruction.

EXTERNAL_CALL_POLICY

Capabilities for an instruction that makes external calls via CPI.

JOURNAL_TOUCH_CAPS

Capabilities for a journal-writing instruction.

JOURNAL_TOUCH_POLICY

Capabilities for an instruction that appends to a journal segment.

MIGRATION_SENSITIVE_CAPS

Capabilities for a migration/realloc instruction.

MIGRATION_SENSITIVE_POLICY

Capabilities for an instruction that reallocates an account (migration-sensitive).

NAMED_POLICY_PACKS

All named policy packs with full descriptors, in order.

READ_ONLY_AUDIT_CAPS

Capabilities for a read-only audit instruction.

READ_ONLY_AUDIT_POLICY

Capabilities for a read-only audit/inspection instruction.

SHARD_MUTATION_CAPS

Capabilities for a shard-modifying instruction.

SHARD_MUTATION_POLICY

Capabilities for an instruction that modifies shard data in a sharded account.

TREASURY_WRITE_CAPS

Capabilities for a treasury write instruction.

TREASURY_WRITE_POLICY

Capabilities for an instruction that writes to treasury/vault balances.