A JavaScript CLI demonstration of sRFC37 - a permissioned token mechanism for Solana using Token-2022's Default Account State extension with delegated freeze authority.
sRFC37 enables permissioned tokens where:
- New token accounts are frozen by default
- Freeze authority is delegated to the Token ACL program
- A gating program controls who can thaw/freeze accounts
- Users on an allow list can unfreeze their own accounts
- Node.js >= 18.0.0
- Solana CLI configured with a funded devnet wallet
npm installnode src/index.js create-mint [options]
Options:
-k, --keypair <path> Path to payer keypair (default: ~/.config/solana/id.json)
-u, --url <url> Solana RPC URL (default: https://api.devnet.solana.com)
-d, --decimals <num> Token decimals (default: 9)Note: After this step, the freeze authority is the payer's keypair. Run
delegate-freezeto transfer it to the Token ACL program.
node src/index.js delegate-freeze -m <mint> [options]
Options:
-m, --mint <address> Mint address (required)
-k, --keypair <path> Path to authority keypair
-u, --url <url> Solana RPC URL
-g, --gating-program <addr> Initial gating programnode src/index.js set-gate -m <mint> [options]
Options:
-m, --mint <address> Mint address (required)
-k, --keypair <path> Path to authority keypair
-g, --gating-program <addr> Gating program (default: Token ACL Gate)node src/index.js enable-permissionless -m <mint> --thaw [--freeze]
Options:
-m, --mint <address> Mint address (required)
--thaw Enable permissionless thaw
--freeze Enable permissionless freezenode src/index.js infoWALLET=<user_keypair_path> MINT=<mint_address> node src/test-thaw.jsThis creates a token account and attempts to thaw it. The thaw should fail because the user is not on the allow list.
AUTHORITY=~/.config/solana/id.json \
USER=<user_pubkey> \
MINT=<mint_address> \
node src/allowlist.jsThis:
- Creates an allow list
- Adds the user to the allow list
- Sets up extra metas linking the list to the mint
WALLET=<user_keypair_path> MINT=<mint_address> node src/test-thaw-success.jsThis should succeed because the user is now on the allow list.
| Program | Address |
|---|---|
| Token ACL | TACLkU6CiCdkQN2MjoyDkVg2yAH9zkxiHDsiztQ52TP |
| Token ACL Gate | GATEzzqxhJnsWF6vHRsgtixxSB8PaQdcqGEVTEHWiULz |
| Token-2022 | TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb |
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Token-2022 │ │ Token ACL │ │ Token ACL Gate │
│ (Mint with │────>│ (Freeze │────>│ (Allow/Block │
│ frozen accts) │ │ Authority) │ │ List Logic) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│
▼
┌──────────────────┐
│ MintConfig │
│ - authority │
│ - gating_prog │
│ - permissions │
└──────────────────┘