fix(app): restrict guided policies to mainnet-whitelisted selectors

Author: jarrodwatts

app/src/components/SessionWizard/steps/SelectPolicy.tsx

@@ -30,18 +30,16 @@ const INTENT_ORDER: BuiltInSessionPolicyPresetId[] = [
   'payments',
   'trading',
   'contract_write',
-  'deploy',
   'signing',
-  'full_app_control',
 ];
 
 const INTENT_DESCRIPTIONS: Record<BuiltInSessionPolicyPresetId, string> = {
   payments: 'Send funds for payouts and transfers.',
   trading: 'Buy, sell, and claim in selected apps.',
   gaming: 'Repeat gameplay actions in supported apps.',
   contract_write: 'Run advanced app actions in selected apps.',
-  deploy: 'Create and launch contracts.',
   signing: 'Sign messages and transactions when needed.',
+  deploy: 'Create and launch contracts.',
   full_app_control: 'Give broad control in selected apps.',
 };
 
@@ -106,6 +104,9 @@ function buildCombinedPolicyPreview(
   }
 
   const selectedIntents = INTENT_ORDER.filter(intent => intentIds.includes(intent));
+  if (selectedIntents.length === 0) {
+    throw new Error('Select at least one supported intent.');
+  }
   const defaultLimits = selectedIntents.map(intent => BUILT_IN_POLICY_PRESETS[intent].defaultLimits);
 
   const expiresInSeconds = Math.max(...defaultLimits.map(limits => limits.expiresInSeconds));
@@ -176,16 +177,18 @@ export default function SelectPolicy() {
   } = useSessionWizardState();
 
   const [stage, setStage] = useState<PolicyStage>('intent');
+  const isSelectableIntent = (intent: BuiltInSessionPolicyPresetId): boolean => INTENT_ORDER.includes(intent);
+
   const [selectedIntentIds, setSelectedIntentIds] = useState<BuiltInSessionPolicyPresetId[]>(() => {
-    if (selectedPreset !== 'custom' && selectedPreset !== 'gaming') {
+    if (selectedPreset !== 'custom' && selectedPreset !== 'gaming' && isSelectableIntent(selectedPreset)) {
       return [selectedPreset];
     }
     return ['payments'];
   });
 
   useEffect(() => {
     setPolicyMode('guided');
-    if (selectedPreset === 'custom' || selectedPreset === 'gaming') {
+    if (selectedPreset === 'custom' || selectedPreset === 'gaming' || !isSelectableIntent(selectedPreset)) {
       selectPreset('payments');
     }
   }, [selectedPreset, selectPreset, setPolicyMode]);
@@ -213,7 +216,6 @@ export default function SelectPolicy() {
 
   const selectedIntentPresets = selectedIntentIds.map(intentId => BUILT_IN_POLICY_PRESETS[intentId]);
   const policyWarnings = composite.preview?.policyPayload.policyMeta?.warnings ?? [];
-  const riskReasons = composite.risk?.reasons ?? [];
   const requiresDangerAcknowledgement =
     selectedIntentPresets.some(preset => preset.requiresDangerAcknowledgement) ||
     (composite.risk?.requiresConfirmation ?? false) ||
@@ -376,38 +378,14 @@ export default function SelectPolicy() {
                 })}
               </div>
               <p className={styles.appScopeSubhint}>More options coming soon.</p>
-              {composite.risk ? (
-                <div className={styles.riskSummary}>
-                  <p className={styles.riskHeading}>Risk: {composite.risk.level.toUpperCase()}</p>
-                  {riskReasons.length === 0 ? (
-                    <p className={styles.riskMuted}>No elevated-risk signals were detected for this selection.</p>
-                  ) : (
-                    <ul className={styles.riskList}>
-                      {riskReasons.map(reason => (
-                        <li key={reason}>{reason}</li>
-                      ))}
-                    </ul>
-                  )}
-                  {policyWarnings.length > 0 ? (
-                    <>
-                      <p className={styles.warningHeading}>Policy warnings</p>
-                      <ul className={styles.warningList}>
-                        {policyWarnings.map(warning => (
-                          <li key={warning}>{warning}</li>
-                        ))}
-                      </ul>
-                    </>
-                  ) : null}
-                </div>
-              ) : null}
               {requiresDangerAcknowledgement ? (
                 <label className={styles.dangerAck}>
                   <input
                     type="checkbox"
                     checked={dangerAcknowledged}
                     onChange={event => setDangerAcknowledged(event.target.checked)}
                   />
-                  <span>I understand these permissions are high-risk and can move real funds.</span>
+                  <span>I understand these permissions can move real funds.</span>
                 </label>
               ) : null}
             </div>

app/src/lib/__tests__/policy-compiler.test.ts

@@ -0,0 +1,36 @@
+import { describe, expect, it } from 'vitest';
+import { compileGuidedPolicy } from '../policy-compiler';
+
+describe('policy compiler', () => {
+  it('builds selector-scoped call policies for curated app selectors', () => {
+    const compiled = compileGuidedPolicy({
+      presetId: 'trading',
+      expiresInSeconds: 3600,
+      feeLimit: '2000000000000000',
+      maxValuePerUse: '5000000000000000',
+      selectedAppIds: ['136'],
+      transferTargets: [],
+    });
+
+    expect(compiled.sessionConfig.callPolicies).toEqual([
+      { target: '0x3272596F776470D2D7C3f7dfF3dc50888b7D8967', selector: '0x5d7a2f89' },
+      { target: '0x3272596F776470D2D7C3f7dfF3dc50888b7D8967', selector: '0x379607f5' },
+      { target: '0x3272596F776470D2D7C3f7dfF3dc50888b7D8967', selector: '0x83a84ba9' },
+      { target: '0xe6765C9cb1B42D3CC36Fcd3D2B4fc938db456EaD', selector: '0x4a5eafef' },
+    ]);
+    expect(compiled.sessionConfig.callPolicies.every(policy => Boolean(policy.selector))).toBe(true);
+  });
+
+  it('does not emit unscoped call policies for legacy high-risk presets', () => {
+    const compiled = compileGuidedPolicy({
+      presetId: 'full_app_control',
+      expiresInSeconds: 3600,
+      feeLimit: '2000000000000000',
+      maxValuePerUse: '5000000000000000',
+      selectedAppIds: ['136'],
+      transferTargets: [],
+    });
+
+    expect(compiled.sessionConfig.callPolicies.every(policy => Boolean(policy.selector))).toBe(true);
+  });
+});

app/src/lib/app-registry.ts

@@ -79,13 +79,7 @@ export const APP_REGISTRY: ReadonlyArray<AppRegistryEntry> = [
         address: '0xe6765C9cb1B42D3CC36Fcd3D2B4fc938db456EaD',
         label: 'Batch purchase',
         verified: true,
-        selectors: [],
-      },
-      {
-        address: '0xe90e33162d31004996F14ED6463EA1F610d4d3Ab',
-        label: 'Ticket Drop',
-        verified: true,
-        selectors: [],
+        selectors: [{ selector: '0x4a5eafef', label: 'Purchase', enabledByDefault: true }],
       },
     ],
   },

app/src/lib/policy-compiler.ts

@@ -80,7 +80,6 @@ function buildCallPolicies(
   }
 
   const calls: SessionCallPolicy[] = [];
-  const allowUnscopedByPreset = presetId === 'full_app_control' || presetId === 'deploy';
 
   for (const app of selectedApps) {
     if (!app.verified) {
@@ -90,16 +89,10 @@ function buildCallPolicies(
     }
 
     for (const contract of app.contracts) {
-      if (allowUnscopedByPreset) {
-        calls.push({ target: contract.address });
-        continue;
-      }
-
       const defaultSelectors = contract.selectors.filter(selector => selector.enabledByDefault);
       if (defaultSelectors.length === 0) {
-        calls.push({ target: contract.address });
         warnings.push(
-          `${app.name} / ${contract.label} has no curated selectors. Added contract-level call scope.`,
+          `${app.name} / ${contract.label} has no mainnet-approved selectors. Skipped from call policies.`,
         );
         continue;
       }