Programmable Block Policy (PBP)
Programmable Block Policy is Flowra's core feature. It answers the question every institutional operator eventually asks and no existing pipeline can: who decides what goes into my blocks?
With PBP, the answer is the validator. You declare composition rules in a policy file that you own; the Flowra Block Engine can only auction and forward what your policy allows.
The authority model
- The validator is the policy authority. Your policy lives in a TOML file on your machine, referenced by the
FLOWRA_PBP_CONFIGenvironment variable. - The client pushes policy to the engine. On connect, your validator client sends the policy to the Block Engine over the
ProvidePbpPolicyRPC. Whenever the file changes, the client detects it and re-pushes automatically. No restart required. - The engine enforces before the auction. Non-conforming bundles are filtered out before selection, so they never compete for your blocks in the first place.
What you can express
Scope
PBP is deterministic, address- and structure-level screening at auction time, designed to fit Solana's 400 ms slot budget. It gives compliance programs something no off-chain process can: enforcement before inclusion.
Example policy
# flowra-pbp.toml
[policy]
allow_aggressive_mev = false # block sandwich-pattern bundles
[searcher_whitelist]
pubkeys = [] # empty = permissionless (default)
[address_blacklist]
addresses = [ # operator-managed screening list
# "<base58-address>",
]
[program_blacklist]
program_ids = []
[program_allowlist]
program_ids = [] # non-empty = bundles must reference one
[force_priority]
searchers = [] # pinned to the top of the block
[[category_quotas]]
name = "amm"
pct = 40 # max 40% of block CU budget
program_ids = ["<amm-program-id>"]
Omitting the file entirely runs the default policy: open access, standard inclusion, no filters.
Operational behavior
- Hot reload. Edit the file and save; the client re-pushes the policy on the next heartbeat. The engine also refreshes its own local policy file every two seconds.
- Logged enforcement. Policy pushes and rejections are visible in client and engine logs, giving operators a local record of what was enforced and when.
- Independent of liveness. Policy applies to auction bundles only. If the Block Engine is unreachable, your validator builds blocks locally and nothing about your block production depends on the policy path. See Architecture.
Reporting (planned)
On the roadmap, Flowra adds a policy reporting suite: signed auction records plus packaged enforcement reports that combine your declared policy, engine decisions, and on-chain outcomes into a single document for risk teams, delegators, and reviewers.