Skip to main content
This guide walks through deploying your policy files to IPFS and registering them on-chain using newton-cli. By the end, you will have a deployed PolicyData contract, a deployed Policy contract, and a registered PolicyClient.

Prerequisites

Environment Variables

Create a .env file with deployment credentials: 
CHAIN_ID=11155111
PINATA_JWT=your_pinata_jwt
PINATA_GATEWAY=your_pinata_gateway
PRIVATE_KEY=0xYourDeploymentPK
RPC_URL=https://eth-sepolia.g.alchemy.com/v2/apiKey
Load the variables: 
set -a && source .env && set +a

Step 1: Generate CIDs and Upload to IPFS

newton-cli policy-files generate-cids \
  --directory policy-files \
  --output policy_cids.json \
  --entrypoint "your_policy.allow"
This uploads your policy files to IPFS via Pinata and generates policy_cids.json containing the content identifiers.
The --entrypoint value must match your Rego package name + rule name. For package your_policy with rule allow, use your_policy.allow.

Step 2: Deploy PolicyData

Deploy the WASM oracle on-chain: 
newton-cli policy-data deploy --policy-cids policy_cids.json
Save the output address: 
Policy data deployed successfully at address: 0xPolicyDataAddress

Step 3: Deploy Policy

Deploy the Rego policy on-chain, referencing the PolicyData: 
newton-cli policy deploy \
  --policy-cids policy_cids.json \
  --policy-data-address "0xPolicyDataAddress"
Save the output address — you will use it when deploying your PolicyClient contract.

Step 4: Deploy Your Smart Contract

Before registering a PolicyClient, you need a deployed contract that inherits NewtonPolicyClient. Follow the Smart Contract Integration guide, then return here with your deployed contract address.

Step 5: Register PolicyClient

Register your deployed contract with the PolicyClientRegistry: 
newton-cli policy-client register \
  --registry 0x0dbd6e44a1814f5efe4f67a00b7f28642e3064dd \
  --client "0xYourPolicyClientAddress"

Step 6: Set Policy on Client

Configure the policy and parameters on your PolicyClient: 
newton-cli policy-client set-policy \
  --policy-client "0xYourPolicyClientAddress" \
  --policy-address "0xPolicyAddress"
Set policy parameters and expiration: 
newton-cli policy-client set-policy-params \
  --policy-client "0xYourPolicyClientAddress" \
  --policy-params policy_params.json \
  --expire-after 1000
set-policy-params changes the policyId. Every call internally calls setPolicy(PolicyConfig) which re-registers with the Policy contract and returns a new policyId. Any previously recorded policyId becomes stale. Always verify the new policyId on-chain after updating params.

Policy Params Format

On-chain policy params must be flat JSON matching your params_schema.json. The gateway reads these bytes directly and passes them to Rego as data.params. Do not use the nested CLI format.
FilePurposeUse With
policy_params.jsonTemplate with VAULT_ADDRESS_PLACEHOLDERNever use directly
policy_params_live.jsonNested CLI format with real vault addressReference only
policy_params_onchain.jsonFlat JSON matching the params schemaset-policy-params
If on-chain params are in the nested CLI format instead of flat JSON, policy evaluation fails with Missing required property during schema validation.

Step 7: Verify

Check that your PolicyClient is registered and active: 
newton-cli policy-client status \
  --registry 0x0dbd6e44a1814f5efe4f67a00b7f28642e3064dd \
  --client "0xYourPolicyClientAddress"
You can also test the full policy via the Gateway: 
curl -X POST https://gateway.testnet.newton.xyz \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your_api_key>" \
  -d '{
    "jsonrpc": "2.0",
    "method": "newt_simulatePolicy",
    "params": {
      "policy_client": "0xYourPolicyClientAddress",
      "policy": "package your_policy\ndefault allow := false\nallow if { data.data.success }",
      "intent": {
        "from": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266",
        "to": "0xb1aD5f82407bC0f19f42b2614fb9083035a36b69",
        "value": "0x0",
        "data": "0x",
        "chain_id": "0xaa36a7",
        "function_signature": "0x"
      },
      "policy_data": [{"policy_data_address": "0xPolicyDataAddress"}],
      "policy_params": {}
    },
    "id": 1
  }'

Next Steps

Frontend SDK Integration

Build a frontend that submits tasks via the SDK