Skip to main content
Newton Protocol is a three-layer system that separates policy definition, policy evaluation, and policy enforcement. This modular architecture allows each layer to evolve independently while maintaining strong security guarantees.

System Overview

Policy Layer

The Policy Layer defines what rules exist and how they are configured.
ComponentPurpose
Policy RegistryOn-chain registry of all deployed policies, referenced by CID
Policy LibraryReusable policy templates (spend limits, sanctions checks, KYC gates)
PolicyData OraclesWASM components that fetch external data at evaluation time
Developers publish policies to the registry by:
  1. Writing a Rego policy and WASM oracle
  2. Uploading to IPFS via newton-cli
  3. Deploying PolicyData and Policy contracts on-chain
Users configure policies by deploying a PolicyClient contract with specific parameters (thresholds, allowlists, expiration).

Compute & Consensus Layer

The Compute Layer handles offchain policy evaluation by the Newton AVS operator network.
ComponentPurpose
GatewayJSON-RPC endpoint that receives tasks and routes them to operators
OperatorsEigenLayer nodes that independently evaluate policies
AggregatorCollects individual BLS signatures into a single consensus proof
When a task is submitted:
  1. The Gateway receives the intent and identifies the target policy
  2. Available operators fetch PolicyData (run WASM oracles)
  3. Each operator evaluates the Rego policy independently
  4. Each operator produces a BLS signature over the result
  5. The Aggregator collects signatures and produces a consensus proof once quorum is reached

Verification & Execution Layer

The Verification Layer handles onchain proof verification and transaction execution.
ComponentPurpose
NewtonProverTaskManagerCore task management — creates tasks, stores responses, manages challenge windows
AttestationValidatorValidates BLS aggregate signatures against the operator set
PolicyClientDeveloper’s smart contract that calls validation before executing transactions
PolicyClientRegistryTracks registered PolicyClient contracts

Key Smart Contracts

ContractPurpose
NewtonProverTaskManagerTask creation, response storage, challenge management
NewtonPolicyFactoryCreates and registers new policies
PolicyClientRegistryTracks registered PolicyClient contracts
IdentityRegistryMaps identities for policy evaluation
AttestationValidatorValidates BLS attestation proofs on-chain
See Contract Addresses for deployed addresses on each network.

Contract Relationships

Data Flow

A complete evaluation cycle:
  1. Intent submitted — caller sends intent + PolicyClient address to Gateway
  2. Task created — Gateway creates a task pairing the intent with the policy
  3. Data fetched — operators execute PolicyData WASM oracles
  4. Policy evaluated — operators run Rego policy with intent + oracle data + params
  5. Signatures produced — each operator signs the result with their BLS key
  6. Proof aggregated — Aggregator combines signatures into consensus proof
  7. Proof returned — caller receives the attestation
  8. On-chain verification — PolicyClient validates the proof via AttestationValidator
  9. Transaction executes — if valid, the guarded transaction proceeds

Next Steps

Privacy Layer

How Newton protects sensitive data during evaluation

Consensus & Security

BLS aggregation, quorum thresholds, and the security model