Roadmap

v1 shipped. Here's what's next.

Onleash v1 is a policy primitive for Token-2022 mints. The same PDA pattern is backwards-compatible — v1 mints stay valid forever as we extend the protocol.

13/13 tests · devnet

Mainnet target · Q3 2026

✓Done

Hook program — 6 checks

Allowlist, per-tx cap, daily cap, pause, cooldown, transfer count. All atomic.

Per-mint Policy PDA

Seeds: ["policy", mint]. One policy per mint, authority-controlled.

init_policy + update_policy

Admin instructions. All 6 policy fields updatable in one tx.

TypeScript SDK

deployProtectedMint, mintTo, transfer, fetchPolicy, ixInitPolicy, ixUpdatePolicy.

AI agent actions

5 Zod-schema actions for solana-agent-kit, Vercel AI, LangChain.

pay.sh x402 integration

ONLEASH_PAY_SH_PAYMENT action — blocks payment hijack via 402 redirect.

solana-agent-kit PR #565

Plugin open for review. Drop-in for every agent on the kit.

Devnet deploy — 13/13 tests

Program ID: 7vJ2fa6dr3Tnx8whNAepUMmpytAnEZxcASMyH2jAuG7v

Orca Whirlpools compatible

Protected tokens work in Orca pools via TokenBadge.

●In progress

Mainnet deployment

Anchor deploy to mainnet-beta. Smoke test: 1 pass + 1 revert tx on Explorer.

Squads upgrade authority

Moving from single deployer key to 2-of-3 multisig before GA.

Security threat model

Documented attack scenarios, honest scope, and v1 limitations.

Live demo — /demo page

Real devnet reverts end-to-end, no mocks, <10s round trip.

○Planned

OtterSec / Neodyme audit

Full program audit before mainnet GA recommendation to projects.

Spend-log webhook

POST to dev-configured URL on every TransferHookViolation.

Pyth USD-denominated caps

'$10/tx, $50/day' instead of raw token units. Oracle-backed at transfer time.

Per-counterparty caps

Granular per-destination limits within the same policy.

Ephemeral time-locked approvals

One-off approvals that expire on-chain without admin action.

Policy composer UI

Plain-English rule compiled to Policy PDA. No code required.

Companion guards

Policy-gated burn, close-account guard — closes honest scope gaps.

CI/CD + SDK publish

GitHub Actions: Anchor test on PR, SDK publish on tag.

mainnet timeline

What gates mainnet GA.

Gate 1

13/13 devnet tests

All 6 policy checks verified with real on-chain transactions on devnet.

✓ complete

Gate 2

Mainnet smoke test

1 passing + 1 reverting transfer on mainnet-beta, both signatures on Explorer.

ETA: Q2 2026

Gate 3

Security audit

OtterSec or Neodyme review of the hook program before GA recommendation.

ETA: Q3 2026

test results · devnet · 13/13

onleash-hook
  13 passing (11s)
  ✔ creates mint with transfer-hook extension
  ✔ creates source + destination ATAs and mints supply
  ✔ initializes ExtraAccountMetaList
  ✔ initializes Policy
  ✔ PASS: transfer to allowlisted destination
  ✔ FAIL: attacker dest → DestinationNotAllowed (6001)
  ✔ FAIL: amount > per_tx_max → ExceedsPerTxMax (6002)
  ✔ FAIL: cumulative > daily_cap → ExceedsDailyCap (6003)
  ✔ FAIL: non-authority update → Unauthorized (6005)
  ✔ PASS: authority raises daily_cap
  ✔ FAIL: paused → PolicyPaused (6007)
  ✔ FAIL: too soon → CooldownActive (6008)
  ✔ FAIL: count exceeded → ExceedsTransferCount (6009)