GLAMIDL Reference
SPL Integration StagingStaging

set_token_transfer_policy

Sets SPL token transfer allowlist policy for vault token movement.

gstgs9nJgX8PmRHWAAEP9H7xT3ZkaPWSGPYbj3mXdTa

Handler narrative

  1. Load the GLAM state or program account required by the instruction and verify the signer.
  2. Verify that the integration is enabled on the vault and that the caller has the required delegate permission or owner authority.
  3. Validate the instruction-specific policy, then invoke the external protocol with the vault authority where required.

Required conditions

  • The submitted accounts must match the declared account list, signer requirements, writable requirements, fixed program addresses, and account relationships shown below.
  • The GLAM state account is the source of truth for owner, enabled integrations, delegate permissions, policies, assets, borrowable assets, timelock settings, mint linkage, and pricing records.
  • The vault integration ACL must enable this integration before the instruction is accepted; that enablement is defined on the GLAM state account.
  • If the signer is not the owner, the delegate ACL on the GLAM state must contain the exact protocol permission required by this instruction; registering a delegate alone is insufficient.
  • Instruction-specific destination accounts must satisfy the external protocol's own account model; GLAM validates the accounts it needs for authorization and policy enforcement, then passes the remaining protocol accounts through CPI.
  • Configuration changes must pass owner or authorized-manager checks and, when the state or mint timelock is active, must follow the propose/apply timing model instead of taking effect immediately.
  • Asset, amount, and destination restrictions must satisfy the configured transfer or destination policy when that policy is present.

Accounts

Uses the standard Big Seven account pattern; no instruction-specific accounts beyond it.

Arguments

ArgumentTypeNotes
policyTransferPolicyPolicy object written to GLAM state for this program or integration. Fields: allowlist: vec<pubkey> - Allowed destination accounts for vault asset transfers.

Policy & permissions

  • The SPL Integration Staging integration must be enabled on the vault before this instruction can run.
  • Only the owner is expected. Delegates do not receive this capability by being added; it must be granted explicitly if supported.
  • Destination and asset restrictions must satisfy the configured transfer or destination policy when one is set.
  • Policy changes should be governed by owner controls and timelock settings.

TypeScript SDK usage

import { TransferPolicy } from "@glamsystems/glam-sdk";

const policy = new TransferPolicy([approvedDestination]);
await glamClient.access.setProtocolPolicy(
  glamClient.extSplProgram.programId,
  0b01,
  policy.encode(),
);

Cross-instruction constraints

  • No additional cross-instruction constraint is documented beyond account initialization, authority checks, and policy validation.