Yellowstone Shield is a Solana program that manages on-chain allowlists and blocklists of identities. An identity can be any addressable account in Solana, such as a validator, wallet, or program. This program allows transaction senders, like Agave STS, Helius' Atlas, Mango's lite-rpc, Jito's blockEngine, and Triton's Jet, to effectively control transaction forwarding policies.
| Network | Program ID |
|---|---|
| Mainnet | b1ockYL7X6sGtJzueDbxRVBEEPN4YeqoLW276R3MX8W |
| Devnet | b1ockYL7X6sGtJzueDbxRVBEEPN4YeqoLW276R3MX8W |
- On-chain management allows retrieval and updates via standard Solana RPC methods.
- Supports updates via websocket/gRPC.
- Overcomes limitations of Solana's ALTs and Config programs.
Yellowstone Shield integrates with Solana RPC by introducing:
- A new parameter,
forwardingPolicies, in thesendTransactionRPC method, enabling users to specify allow/blocklists. - An optional
Solana-ForwardingPoliciesHTTP header to support legacy clients.
Transaction senders interpret these policies to determine validator forwarding behavior, ensuring consistent enforcement of allow/blocklists across different RPC providers.
Clients are available for interacting with Yellowstone Shield:
These SDKs facilitate easy integration and use of Yellowstone Shield in various applications and services.
A CLI tool is provided for convenient management of Yellowstone Shield policies, available in the ./cli directory:
This CLI allows creating policies, adding or removing identites, and managing configurations directly via terminal commands.
The Rust Policy Store provides efficient caching and quick retrieval of Yellowstone Shield policies, enabling real-time identity permission checks in transaction forwarders and RPC services. It ensures thread-safe access and updates with atomic snapshots. See the Policy Store README for detailed integration and usage instructions.
Policies are bound to a Token Extensions (TE) asset. Token holders can update identities tracked by the policy. The TE asset also contains metadata describing the policy:
- Name: Identifier of the policy.
- Symbol: Short representation of the policy.
- URI: Link to additional policy information.
The policy account uses a Program Derived Address (PDA), derived with the seed:
["shield", "policy", {mint_address}]
Install dependencies:
pnpm installpnpm programs:build
pnpm programs:test
pnpm programs:format
pnpm programs:lintpnpm generate:idls
pnpm generate:clientspnpm validator:start
pnpm validator:restart
pnpm validator:stopAGPL-3.0
This project is developed by Triton One.