Permissions and Policy
This lens is for systems that market an open surface while keeping decisive authority in admission rules, registries, quotas, and emergency controls.
Questions worth asking:
- Who decides which chains, assets, bridges, operators, or users are allowed in?
- Where do rate limits, mint caps, bridge quotas, freezes, and pauses actually live?
- Which parts are genuinely permissionless, and which still require governance or operator approval?
- Can policy change faster than users expect from the decentralization story?
Curated comparison set
- Governance and signer-policy baseline: governor-bravo and safe
- Bridge and interop admission policy: hyperbridge, snowbridge, and cctp
- Issuer policy over asset movement: circle-usdc and erc-7281
- Treasury and workflow policy: aera and fireblocks
- Chain and operator policy: optimism and base
Keep the boundary explicit
- Open interfaces do not remove policy if one governance body still controls admission or quotas.
- Emergency paths matter because they reveal who can override the ordinary decentralization story.
- Issuer and operator policy often dominates the user experience long before a contract-level permission check fires.
Focused traversal notes
Useful comparison question
Which part of the public decentralization story still depends on a policy layer that can say yes, no, slower, or not yet?