Multisig and Governance

Rule	Account types	Status
Squads Multisig V4 Tracker	Multisig (Squads V4) + vaults	🟢 Active
Squads Multisig V3 Tracker	Multisig (Squads V3) + vaults	🟢 Active
Squads Multisig Member Change	Multisig (Squads V3/V4)	🟢 Active
Squads Risky Member Add Proposal	Multisig + screened member wallet	🟢 Active
Squads V4 Timelock Monitor	Multisig (Squads V4) + proposals	🟢 Active
Squads Multisig Member Active	Multisig member wallets	🟢 Active
Squads Multisig Large Transaction	Multisig + vault accounts	🟢 Active
Realms Governance Tracker	DAO / Governance + treasury	🟢 Active
Realms Proposal Monitor	DAO / Governance (proposals)	🟢 Active
Realms Council Member Change	DAO / Governance + member wallets	🟢 Active
Realms Council Member Active	Council member wallets	🟢 Active
Realms Risky Member Proposal	DAO / Governance + member wallet	🟢 Active
Safe Multisig Tx Executed	Safe (Gnosis) multisig	🟢 Active
Safe Multisig Member Change	Safe (Gnosis) multisig	🟢 Active
Safe Multisig Threshold Change	Safe (Gnosis) multisig	🟢 Active
Safe Multisig Config Change	Safe (Gnosis) multisig	🟢 Active
Safe Multisig Module Change	Safe (Gnosis) multisig	🟢 Active
Safe Multisig Approve	Safe (Gnosis) multisig	🟢 Active
Safe Multisig Pending Approvals	Safe (Gnosis) multisig	🟢 Active
New Squads Multisig Created (V3 / V4)	Multisig (Squads)	⚪ Deprecated

🟢 Squads Multisig V4 Tracker

Detects. Full lifecycle monitoring of a Squads V4 multisig — one rule that covers governance, proposals, batch execution, spending limits, and treasury flows.


Trigger	Any V4 multisig activity: member add/remove (with risk scoring), threshold changes, proposal create/approve/reject/execute/cancel, batch transactions, spending-limit use, and vault transfers (USD thresholds for financial movements).
Account types	Multisig (Squads V4) + vaults
Status	Active

🟢 Squads Multisig V3 Tracker

Detects. Full lifecycle monitoring of a Squads V3 multisig — governance, proposals, authority changes, and treasury flows.


Trigger	Any V3 multisig activity: member additions/removals, threshold modifications, proposal create/approve/reject/execute, authority changes, and vault transfers (USD thresholds for financial movements).
Account types	Multisig (Squads V3) + vaults
Status	Active

🟢 Squads Multisig Member Change

Detects. A member is added to or removed from a monitored Squads multisig.


Trigger	A membership change (addition or removal) on the monitored multisig. Supports both V3 and V4.
Account types	Multisig (Squads V3/V4)
Status	Active

🟢 Squads Risky Member Add Proposal

Detects. A proposal to add a member whose Range risk score is at or above a threshold — caught before it executes.


Trigger	A V4 proposal to add a member, where the proposed member’s Range risk score ≥ the configured minimum.
Account types	Multisig (Squads V4) + screened member wallet
Status	Active

🟢 Squads V4 Timelock Monitor

Detects. Approved-but-still-timelocked V4 proposals, with a countdown to when they can execute.


Trigger	A V4 proposal has passed its approval threshold and is in its timelock window; re-alerts on a configurable interval with the remaining time. (Scheduled — recommended 60-minute ticker.)
Account types	Multisig (Squads V4) + proposal accounts
Status	Active

🟢 Squads Multisig Member Active

Detects. A multisig member signs a transaction outside the Squads program — i.e. acting independently with their own wallet.


Trigger	A known multisig member is a signer on a non-Squads transaction. Specific members can be excluded. Supports V3 and V4.
Account types	Multisig member wallets
Status	Active

🟢 Squads Multisig Large Transaction

Detects. A large transfer in or out of a Squads multisig vault.


Trigger	A vault-executed transfer whose USD value exceeds the configured minimum. Vault accounts are derived automatically from the multisig.
Account types	Multisig + vault accounts
Status	Active

🟢 Realms Governance Tracker

Detects. A Realms (SPL Governance) proposal executes on-chain, or a realm / governance authority or config is changed.


Trigger	A proposal-executed instruction lands, or the realm authority/config or a governance config is updated; tracks associated treasury flows above a USD threshold.
Account types	DAO / Governance + program + treasury accounts
Status	Active

🟢 Realms Proposal Monitor

Detects. Every stage of a Realms proposal’s lifecycle, including timelock countdowns.


Trigger	New proposals and every state transition (Draft → Signing Off → Voting → Succeeded → Executing → Completed, plus Cancelled / Defeated / Vetoed / Executing-with-errors), and Succeeded-awaiting-execution with a timelock countdown. (Scheduled.)
Account types	DAO / Governance (proposals)
Status	Active

🟢 Realms Council Member Change

Detects. A wallet joins or leaves a Realms DAO council.


Trigger	SPL-Governance deposit/withdraw against the council holding account (ongoing membership), or `mintTo` / `burn` on the council mint (bootstrap / reset events).
Account types	DAO / Governance + member wallets + council mint
Status	Active

🟢 Realms Council Member Active

Detects. A known council member’s wallet acts outside the DAO governance program.


Trigger	A council member is a signer or writable account on a transaction that does not invoke the governance program. Specific members can be excluded.
Account types	Council member wallets
Status	Active

🟢 Realms Risky Member Proposal

Detects. A pending proposal that would add a high-risk wallet as a council member — caught before execution.


Trigger	A proposal whose action would mint the council token to a wallet whose Range risk score ≥ the configured minimum. (Scheduled.)
Account types	DAO / Governance + prospective member wallet + council mint
Status	Active

🟢 Safe Multisig Tx Executed

Detects. A transaction is executed (or fails) through a monitored Safe.


Trigger	`ExecutionSuccess` / `ExecutionFailure` on the Safe; includes value moved and flags risky `DelegateCall` use. Can escalate on large total transfers.
Account types	Safe (Gnosis) multisig
Status	Active

🟢 Safe Multisig Member Change

Detects. An owner is added, removed, or swapped on a monitored Safe.


Trigger	Owner add/remove/swap events; flags newly added owners that have a high Range risk score.
Account types	Safe (Gnosis) multisig
Status	Active

🟢 Safe Multisig Threshold Change

Detects. The number of required signatures on a monitored Safe changes.


Trigger	The signing threshold is changed — especially dangerous when lowered to 1.
Account types	Safe (Gnosis) multisig
Status	Active

🟢 Safe Multisig Config Change

Detects. A monitored Safe changes or removes its security Guard or Fallback Handler.


Trigger	`ChangedGuard` / `ChangedFallbackHandler` events (Safe ≥ 1.3.0). Removing a Guard removes a key safety control.
Account types	Safe (Gnosis) multisig
Status	Active

🟢 Safe Multisig Module Change

Detects. A module is enabled or disabled on a monitored Safe.


Trigger	`EnabledModule` / `DisabledModule` events. An enabled module can move funds bypassing the signing threshold, so additions warrant scrutiny.
Account types	Safe (Gnosis) multisig
Status	Active

🟢 Safe Multisig Approve

Detects. An owner signs / approves a pending Safe transaction.


Trigger	An on-chain approval for a transaction hash, including the count of confirmations collected so far.
Account types	Safe (Gnosis) multisig
Status	Active

🟢 Safe Multisig Pending Approvals

Detects. A monitored Safe has a new off-chain pending transaction awaiting signatures, and again when it’s ready to execute.


Trigger	Polls the Safe Transaction Service: fires when a new pending tx appears, then again when it reaches off-chain consensus (ready to execute). (Scheduled.)
Account types	Safe (Gnosis) multisig
Status	Active

⚪ Deprecated rules (migration context)

Retired from the current runner, kept for completeness:

New Squads Multisig Created (V3 / V4) — creation of a new Squads multisig account (separate V3 and V4 rules on the previous runner; the V4 variant could be filtered by member account).

Multisig and Governance

Summary

Rules

Deprecated

​Summary

​Rules

​Deprecated

Summary

Rules

Deprecated